GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-11 00:46:45 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0 232,89GB Running: ipc0eqi1.exe; Driver: C:\Users\Klaudia\AppData\Local\Temp\fwldqpow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AB53480, 0x3C939, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AB94900, 0x3CA, 0x48000040] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E00F000, 0x1FB0FA, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1080] USER32.dll!InSendMessageEx + 4C9 76CBE7C8 7 Bytes JMP 674FB55A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1080] USER32.dll!CreateWindowExW + AA 76CC13AF 7 Bytes JMP 674FB5CB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1080] USER32.dll!GetWindowInfo 76CC428E 5 Bytes JMP 674FF36E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1080] USER32.dll!SetMenuItemBitmaps + 71 76CD14EE 7 Bytes JMP 674F8DFA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtCreateFile + 6 776E422A 4 Bytes [28, 50, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtCreateFile + B 776E422F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtCreateKey + 6 776E426A 4 Bytes [68, 51, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtCreateKey + B 776E426F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtCreateMutant + 6 776E429A 4 Bytes [28, 52, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtCreateMutant + B 776E429F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtCreateSection + 6 776E431A 4 Bytes [68, 52, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtCreateSection + B 776E431F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtMapViewOfSection + 6 776E497A 4 Bytes [A8, 54, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtMapViewOfSection + B 776E497F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenFile + 6 776E4A0A 4 Bytes [68, 50, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenFile + B 776E4A0F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenKey + 6 776E4A3A 4 Bytes [A8, 51, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenKey + B 776E4A3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenMutant + B 776E4A5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenProcess + 6 776E4A8A 4 Bytes [28, 53, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenProcess + B 776E4A8F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenProcessToken + 6 776E4A9A 4 Bytes [68, 53, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenProcessToken + B 776E4A9F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenProcessTokenEx + 6 776E4AAA 4 Bytes [28, 54, 06, 00] {SUB [ESI+EAX+0x0], DL} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenProcessTokenEx + B 776E4AAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenSection + 6 776E4ABA 4 Bytes [A8, 52, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenSection + B 776E4ABF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenThread + B 776E4AFF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenThreadToken + B 776E4B0F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenThreadTokenEx + 6 776E4B1A 4 Bytes [68, 54, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtOpenThreadTokenEx + B 776E4B1F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtQueryAttributesFile + 6 776E4BAA 4 Bytes [A8, 50, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtQueryAttributesFile + B 776E4BAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtQueryFullAttributesFile + B 776E4C5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtSetInformationFile + 6 776E513A 4 Bytes [28, 51, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtSetInformationFile + B 776E513F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtSetInformationThread + 6 776E518A 4 Bytes [A8, 53, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtSetInformationThread + B 776E518F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ntdll.dll!NtUnmapViewOfSection + B 776E542F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] kernel32.dll!CreateProcessW 76BD1BF3 5 Bytes JMP 000800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] kernel32.dll!CreateProcessA 76BD1C28 5 Bytes JMP 000800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] kernel32.dll!OpenEventW 76BEBF97 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] kernel32.dll!CreateEventW 76C1B65E 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!DeleteObject 777C5A37 5 Bytes JMP 000B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!GetDeviceCaps 777C617F 5 Bytes JMP 000B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!SelectObject 777C62A0 5 Bytes JMP 000B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!SetTextColor 777C666B 5 Bytes JMP 000B0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!SetBkMode 777C6716 5 Bytes JMP 000B08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!DeleteDC 777C68CD 5 Bytes JMP 000B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!GetCurrentObject 777C6B58 5 Bytes JMP 000B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!SetStretchBltMode 777C7206 5 Bytes JMP 000B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!SaveDC 777C75BA 5 Bytes JMP 000B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!RestoreDC 777C7675 5 Bytes JMP 000B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!StretchDIBits 777C78CF 5 Bytes JMP 000B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!ExtSelectClipRgn 777C79F8 5 Bytes JMP 000B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!SelectClipRgn 777C7AF9 5 Bytes JMP 000B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!MoveToEx 777C7C33 5 Bytes JMP 000B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!Rectangle 777C7EA9 5 Bytes JMP 000B09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!GetTextAlign 777C82E0 5 Bytes JMP 000B0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!SetTextAlign 777C85CB 5 Bytes JMP 000B09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!ExtTextOutW 777C872B 5 Bytes JMP 000B0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!GetTextMetricsW 777C8A81 5 Bytes JMP 000B0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!IntersectClipRect 777C8B64 5 Bytes JMP 000B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!GetClipBox 777C9071 5 Bytes JMP 000B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!SetICMMode 777C94E7 5 Bytes JMP 000B0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!CreateDCW 777CA91D 5 Bytes JMP 000B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!CreateDCA 777CAA49 5 Bytes JMP 000B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!CreateICW 777CB2E9 5 Bytes JMP 000B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!GetTextFaceW 777CB637 5 Bytes JMP 000B0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!GetFontData 777CBA6C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!GetFontData 777CBA6C 5 Bytes JMP 000B0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!GetTextExtentPoint32W 777CC01A 5 Bytes JMP 000B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!SetWorldTransform 777CC46A 5 Bytes JMP 000B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!LineTo 777CC65E 5 Bytes JMP 000B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!GetTextMetricsA 777CCCEB 5 Bytes JMP 000B0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!ExtTextOutA 777D00A5 5 Bytes JMP 000B0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!GetTextExtentPoint32A 777D0E58 5 Bytes JMP 000B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!ExtEscape 777D22A7 5 Bytes JMP 000B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!Escape 777D27F1 5 Bytes JMP 000B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!ResetDCW 777D3132 5 Bytes JMP 000B0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!EndPage 777D375E 5 Bytes JMP 000B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!SetPolyFillMode 777D61D3 5 Bytes JMP 000B0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!SetMiterLimit 777D62E2 5 Bytes JMP 000B0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!GetTextFaceA 777DF4C5 5 Bytes JMP 000B0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!GetGlyphOutlineW 777EA41F 5 Bytes JMP 000B0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!CreateScalableFontResourceW 777EC88B 5 Bytes JMP 000B0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!AddFontResourceW 777ECC93 5 Bytes JMP 000B0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!RemoveFontResourceW 777ED129 5 Bytes JMP 000B0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!AbortDoc 777F2CC4 3 Bytes JMP 000B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!AbortDoc + 4 777F2CC8 1 Byte [88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!EndDoc 777F30D8 3 Bytes JMP 000B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!EndDoc + 4 777F30DC 1 Byte [88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!StartPage 777F31C3 3 Bytes JMP 000B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!StartPage + 4 777F31C7 1 Byte [88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!StartDocW 777F3CA7 5 Bytes JMP 000B07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!BeginPath 777F4465 3 Bytes JMP 000B0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!BeginPath + 4 777F4469 1 Byte [88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!SelectClipPath 777F44BC 3 Bytes JMP 000B0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!SelectClipPath + 4 777F44C0 1 Byte [88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!CloseFigure 777F4517 3 Bytes JMP 000B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!CloseFigure + 4 777F451B 1 Byte [88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!EndPath 777F456E 3 Bytes JMP 000B0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!EndPath + 4 777F4572 1 Byte [88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!StrokePath 777F47A0 3 Bytes JMP 000B07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!StrokePath + 4 777F47A4 1 Byte [88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!FillPath 777F482C 3 Bytes JMP 000B0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!FillPath + 4 777F4830 1 Byte [88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!PolylineTo 777F4C95 3 Bytes JMP 000B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!PolylineTo + 4 777F4C99 1 Byte [88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!PolyBezierTo 777F4D25 3 Bytes JMP 000B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!PolyBezierTo + 4 777F4D29 1 Byte [88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!PolyDraw 777F4DD6 3 Bytes JMP 000B08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] GDI32.dll!PolyDraw + 4 777F4DDA 1 Byte [88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!SetCursor 76CBD37D 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!RegisterClipboardFormatW 76CBD6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!RegisterClipboardFormatW 76CBD6AC 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!ActivateKeyboardLayout 76CC478C 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!IsWindowVisible 76CC878A 5 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!IsWindowVisible + 6 76CC8790 1 Byte [CC] {INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!MonitorFromWindow 76CC88D4 4 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!MonitorFromWindow + 6 76CC88DA 1 Byte [CC] {INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!ScreenToClient 76CC8C56 5 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!ScreenToClient + 6 76CC8C5C 1 Byte [CC] {INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!GetClientRect 76CC8F0D 5 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!GetClientRect + 6 76CC8F13 1 Byte [CC] {INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!GetParent 76CC90AA 5 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!GetParent + 6 76CC90B0 1 Byte [CC] {INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!RegisterClipboardFormatA 76CCA111 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!PostMessageW 76CCA175 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!MapWindowPoints 76CCA30D 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!GetClipboardFormatNameA 76CCA552 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!GetOpenClipboardWindow 76CD26A6 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!SetClipboardViewer 76CDBA2D 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!IsClipboardFormatAvailable 76CDC2E3 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!CloseClipboard 76CDC2F7 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!OpenClipboard 76CDC31D 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!GetTopWindow 76CDCE0A 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!GetClipboardSequenceNumber 76CDD8B7 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!ChangeClipboardChain 76CDDF83 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!CountClipboardFormats 76CE0048 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!GetClipboardOwner 76CE26EF 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!SetClipboardData 76CF6410 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!EnumClipboardFormats 76CF6D16 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!SetCursorPos 76CF6FB2 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!GetClipboardData 76CF715A 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!GetClipboardFormatNameW 76CFA99F 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!EmptyClipboard 76D1398B 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!GetClipboardViewer 76D139ED 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] USER32.dll!GetPriorityClipboardFormat 76D13AEF 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] Secur32.dll!FreeContextBuffer 75D72D83 5 Bytes JMP 000E00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] Secur32.dll!DeleteSecurityContext 75D72F18 5 Bytes JMP 000E0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] Secur32.dll!FreeCredentialsHandle 75D73598 5 Bytes JMP 000E0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] Secur32.dll!EncryptMessage 75D73745 5 Bytes JMP 000E01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] Secur32.dll!DecryptMessage 75D73813 5 Bytes JMP 000E0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] Secur32.dll!InitializeSecurityContextA 75D787DF 5 Bytes JMP 000E0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] Secur32.dll!AcquireCredentialsHandleA 75D78A43 5 Bytes JMP 000E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] Secur32.dll!QueryContextAttributesA 75D78E77 5 Bytes JMP 000E0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] Secur32.dll!ApplyControlToken 75D7DE4F 5 Bytes JMP 000E01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] Secur32.dll!QueryCredentialsAttributesA 75D7E052 5 Bytes JMP 000E00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ole32.dll!OleGetClipboard 774F74C9 5 Bytes JMP 000F00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ole32.dll!OleSetClipboard 775211E3 5 Bytes JMP 000F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[3040] ole32.dll!OleIsCurrentClipboard 7752A8F9 5 Bytes JMP 000F0070 .text C:\Program Files\Mozilla Firefox\firefox.exe[3484] ntdll.dll!LdrLoadDll 776A93A8 5 Bytes JMP 671AB780 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3484] kernel32.dll!HeapSetInformation + 26 76BFA84A 7 Bytes JMP 671B0836 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3484] kernel32.dll!LockResource + C 76C168EB 7 Bytes JMP 679E6EDA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3484] kernel32.dll!VirtualAllocEx + 54 76C1AD50 7 Bytes JMP 679E6EFD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3484] GDI32.dll!SetStretchBltMode + 256 777C745C 7 Bytes JMP 679E6E5B C:\Program Files\Mozilla Firefox\xul.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [71F37817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [71F8A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [71F3BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [71F2F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [71F375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [71F2E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [71F68395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [71F3DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [71F2FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [71F2FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [71F271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [71FBCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [71F5C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [71F2D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [71F26853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [71F2687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [71F32AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys ---- EOF - GMER 2.1 ----