GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-17 18:03:45 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600BEVT-22ZCT0 rev.11.01A11 149,05GB Running: duxjybz2.exe; Driver: C:\Users\Renia\AppData\Local\Temp\ufddipow.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8B33FACC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8B3405AA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x8B34C692] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8B34C6DE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8B34C878] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x8B34C600] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwCreateSection [0x8B611426] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8B34C648] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x8B340AE0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x8B34C832] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8B341398] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8B33FB32] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8B344BE4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x8B33F71E] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8B611506] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8B33FB98] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8B344FDA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8B341EDE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x8B34C6BC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8B34C700] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8B34C89C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x8B34C626] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x8B3444DE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x8B34C7B0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8B34C670] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x8B3448C6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x8B34C856] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8B6112AA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x8B341CF4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThread [0x8B34184A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8B33FBFE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8B33FC64] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x8B611602] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8B33F7B8] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8B33F98A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8B33F918] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8B341562] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x8B3416C4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8B33FA12] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x8B611378] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x8B3411F2] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x8B33FCCA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8B340606] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8B340CFC] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 81EF27D0 4 Bytes [CC, FA, 33, 8B] .text ntkrnlpa.exe!KeSetEvent + 191 81EF2854 4 Bytes [AA, 05, 34, 8B] .text ntkrnlpa.exe!KeSetEvent + 1D1 81EF2894 8 Bytes [92, C6, 34, 8B, DE, C6, 34, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 81EF28A0 4 Bytes [78, C8, 34, 8B] {JS 0xffffffca; XOR AL, 0x8b} .text ntkrnlpa.exe!KeSetEvent + 1F5 81EF28B8 4 Bytes [00, C6, 34, 8B] {ADD DH, AL; XOR AL, 0x8b} .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8207FE68 4 Bytes CALL 8B3425C5 \??\C:\Windows\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82083ADC 4 Bytes CALL 8B3425DB \??\C:\Windows\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[468] KERNEL32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Windows\system32\wininit.exe[512] kernel32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Windows\system32\csrss.exe[524] KERNEL32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Windows\system32\services.exe[556] kernel32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Windows\system32\lsass.exe[568] kernel32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text ... .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtCreateFile + 6 77DE424A 4 Bytes [28, F0, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtCreateFile + B 77DE424F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtCreateKey + 6 77DE428A 4 Bytes [68, F1, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtCreateKey + B 77DE428F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtCreateMutant + 6 77DE42BA 4 Bytes [28, F2, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtCreateMutant + B 77DE42BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtCreateSection + 6 77DE433A 4 Bytes [68, F2, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtCreateSection + B 77DE433F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtMapViewOfSection + 6 77DE499A 4 Bytes [A8, F4, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtMapViewOfSection + B 77DE499F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenFile + 6 77DE4A2A 4 Bytes [68, F0, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenFile + B 77DE4A2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenKey + 6 77DE4A5A 4 Bytes [A8, F1, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenKey + B 77DE4A5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenMutant + B 77DE4A7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenProcess + 6 77DE4AAA 4 Bytes [28, F3, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenProcess + B 77DE4AAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenProcessToken + 6 77DE4ABA 4 Bytes [68, F3, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenProcessToken + B 77DE4ABF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenProcessTokenEx + 6 77DE4ACA 4 Bytes [28, F4, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenProcessTokenEx + B 77DE4ACF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenSection + 6 77DE4ADA 4 Bytes [A8, F2, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenSection + B 77DE4ADF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenThread + B 77DE4B1F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenThreadToken + B 77DE4B2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenThreadTokenEx + 6 77DE4B3A 4 Bytes [68, F4, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtOpenThreadTokenEx + B 77DE4B3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtQueryAttributesFile + 6 77DE4BCA 4 Bytes [A8, F0, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtQueryAttributesFile + B 77DE4BCF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtQueryFullAttributesFile + B 77DE4C7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtSetInformationFile + 6 77DE515A 4 Bytes [28, F1, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtSetInformationFile + B 77DE515F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtSetInformationThread + 6 77DE51AA 4 Bytes [A8, F3, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtSetInformationThread + B 77DE51AF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ntdll.dll!NtUnmapViewOfSection + B 77DE544F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] kernel32.dll!CreateProcessW 76E21BF3 5 Bytes JMP 000800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] kernel32.dll!CreateProcessA 76E21C28 5 Bytes JMP 000800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] kernel32.dll!OpenEventW 76E3BF97 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] kernel32.dll!CreateEventW 76E6B65E 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] kernel32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!DeleteObject 76915A37 5 Bytes JMP 000B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!GetDeviceCaps 7691617F 5 Bytes JMP 000B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!SelectObject 769162A0 5 Bytes JMP 000B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!SetTextColor 7691666B 5 Bytes JMP 000B0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!SetBkMode 76916716 5 Bytes JMP 000B08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!DeleteDC 769168CD 5 Bytes JMP 000B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!GetCurrentObject 76916B58 5 Bytes JMP 000B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!SetStretchBltMode 76917206 5 Bytes JMP 000B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!SaveDC 769175BA 5 Bytes JMP 000B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!RestoreDC 76917675 5 Bytes JMP 000B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!StretchDIBits 769178CF 5 Bytes JMP 000B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!ExtSelectClipRgn 769179F8 5 Bytes JMP 000B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!SelectClipRgn 76917AF9 5 Bytes JMP 000B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!MoveToEx 76917C33 5 Bytes JMP 000B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!Rectangle 76917EA9 5 Bytes JMP 000B09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!GetTextAlign 769182E0 5 Bytes JMP 000B0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!SetTextAlign 769185CB 5 Bytes JMP 000B09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!ExtTextOutW 7691872B 5 Bytes JMP 000B0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!GetTextMetricsW 76918A81 5 Bytes JMP 000B0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!IntersectClipRect 76918B64 5 Bytes JMP 000B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!GetClipBox 76919071 5 Bytes JMP 000B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!SetICMMode 769194E7 5 Bytes JMP 000B0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!CreateDCW 7691A91D 5 Bytes JMP 000B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!CreateDCA 7691AA49 5 Bytes JMP 000B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!CreateICW 7691B2E9 5 Bytes JMP 000B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!GetTextFaceW 7691B637 5 Bytes JMP 000B0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!GetFontData 7691BA6C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!GetFontData 7691BA6C 5 Bytes JMP 000B0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!GetTextExtentPoint32W 7691C01A 5 Bytes JMP 000B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!SetWorldTransform 7691C46A 5 Bytes JMP 000B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!LineTo 7691C65E 5 Bytes JMP 000B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!GetTextMetricsA 7691CCEB 5 Bytes JMP 000B0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!ExtTextOutA 769200A5 5 Bytes JMP 000B0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!GetTextExtentPoint32A 76920E58 5 Bytes JMP 000B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!ExtEscape 769222A7 5 Bytes JMP 000B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!Escape 769227F1 5 Bytes JMP 000B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!ResetDCW 76923132 5 Bytes JMP 000B0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!EndPage 7692375E 5 Bytes JMP 000B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!SetPolyFillMode 769261D3 5 Bytes JMP 000B0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!SetMiterLimit 769262E2 5 Bytes JMP 000B0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!GetTextFaceA 7692F4C5 5 Bytes JMP 000B0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!GetGlyphOutlineW 7693A41F 5 Bytes JMP 000B0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!CreateScalableFontResourceW 7693C88B 5 Bytes JMP 000B0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!AddFontResourceW 7693CC93 5 Bytes JMP 000B0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!RemoveFontResourceW 7693D129 5 Bytes JMP 000B0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!AbortDoc 76942CC4 5 Bytes JMP 000B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!EndDoc 769430D8 5 Bytes JMP 000B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!StartPage 769431C3 5 Bytes JMP 000B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!StartDocW 76943CA7 5 Bytes JMP 000B07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!BeginPath 76944465 5 Bytes JMP 000B0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!SelectClipPath 769444BC 5 Bytes JMP 000B0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!CloseFigure 76944517 5 Bytes JMP 000B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!EndPath 7694456E 5 Bytes JMP 000B0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!StrokePath 769447A0 5 Bytes JMP 000B07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!FillPath 7694482C 5 Bytes JMP 000B0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!PolylineTo 76944C95 5 Bytes JMP 000B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!PolyBezierTo 76944D25 5 Bytes JMP 000B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] GDI32.dll!PolyDraw 76944DD6 5 Bytes JMP 000B08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!SetCursor 76A5D37D 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!RegisterClipboardFormatW 76A5D6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!RegisterClipboardFormatW 76A5D6AC 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!ActivateKeyboardLayout 76A6478C 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!IsWindowVisible 76A6878A 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!MonitorFromWindow 76A688D4 4 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!MonitorFromWindow + 5 76A688D9 2 Bytes [CC, CC] {INT 3 ; INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!ScreenToClient 76A68C56 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!GetClientRect 76A68F0D 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!GetParent 76A690AA 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!RegisterClipboardFormatA 76A6A111 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!PostMessageW 76A6A175 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!MapWindowPoints 76A6A30D 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!GetClipboardFormatNameA 76A6A552 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!GetOpenClipboardWindow 76A726A6 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!SetClipboardViewer 76A7BA2D 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!IsClipboardFormatAvailable 76A7C2E3 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!CloseClipboard 76A7C2F7 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!OpenClipboard 76A7C31D 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!GetTopWindow 76A7CE0A 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!GetClipboardSequenceNumber 76A7D8B7 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!ChangeClipboardChain 76A7DF83 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!CountClipboardFormats 76A80048 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!GetClipboardOwner 76A826EF 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!SetClipboardData 76A96410 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!EnumClipboardFormats 76A96D16 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!SetCursorPos 76A96FB2 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!GetClipboardData 76A9715A 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!GetClipboardFormatNameW 76A9A99F 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!EmptyClipboard 76AB398B 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!GetClipboardViewer 76AB39ED 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] USER32.dll!GetPriorityClipboardFormat 76AB3AEF 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ole32.dll!OleGetClipboard 767474C9 5 Bytes JMP 000D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ole32.dll!OleSetClipboard 767711E3 5 Bytes JMP 000D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] ole32.dll!OleIsCurrentClipboard 7677A8F9 5 Bytes JMP 000D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] Secur32.dll!FreeContextBuffer 762B2D83 5 Bytes JMP 000F00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] Secur32.dll!DeleteSecurityContext 762B2F18 5 Bytes JMP 000F0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] Secur32.dll!FreeCredentialsHandle 762B3598 5 Bytes JMP 000F0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] Secur32.dll!EncryptMessage 762B3745 5 Bytes JMP 000F01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] Secur32.dll!DecryptMessage 762B3813 5 Bytes JMP 000F0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] Secur32.dll!InitializeSecurityContextA 762B87DF 5 Bytes JMP 000F0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] Secur32.dll!AcquireCredentialsHandleA 762B8A43 5 Bytes JMP 000F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] Secur32.dll!QueryContextAttributesA 762B8E77 5 Bytes JMP 000F0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] Secur32.dll!ApplyControlToken 762BDE4F 5 Bytes JMP 000F01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[3420] Secur32.dll!QueryCredentialsAttributesA 762BE052 5 Bytes JMP 000F00B0 .text C:\Windows\system32\Dwm.exe[3424] kernel32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Windows\Explorer.EXE[3460] kernel32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Windows\vsnp325.exe[3684] kernel32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Program Files\Windows Defender\MSASCui.exe[3788] kernel32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3840] kernel32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text ... .text C:\Program Files\Internet Explorer\iexplore.exe[4320] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4320] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[4320] KERNEL32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!CreateDialogParamW 76A572A2 5 Bytes JMP 6D1FDE60 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!GetAsyncKeyState 76A5863C 5 Bytes JMP 6D118F27 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!SetWindowsHookExW 76A587AD 5 Bytes JMP 6D1F9A65 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!CallNextHookEx 76A58E3B 5 Bytes JMP 6D1ED0DD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!UnhookWindowsHookEx 76A598DB 5 Bytes JMP 6D16466C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!EnableWindow 76A5CD8B 5 Bytes JMP 6D1FDCED C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!CreateWindowExW 76A61305 5 Bytes JMP 6D1FDAD4 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!GetKeyState 76A68CB1 5 Bytes JMP 6D1FD29B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!IsDialogMessageW 76A70745 5 Bytes JMP 6D125A17 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!CreateDialogParamA 76A717AA 5 Bytes JMP 6D2F7E73 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!IsDialogMessage 76A71847 5 Bytes JMP 6D2F770F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!CreateDialogIndirectParamA 76A726F1 5 Bytes JMP 6D2F7EAA C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!CreateDialogIndirectParamW 76A79A62 5 Bytes JMP 6D2F7EE1 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!SetKeyboardState 76A80987 5 Bytes JMP 6D2F7A7E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!DialogBoxParamW 76A810B0 5 Bytes JMP 6D125505 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!DialogBoxIndirectParamW 76A82EF5 5 Bytes JMP 6D2F7207 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!SendInput 76A82F75 5 Bytes JMP 6D2F863B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!EndDialog 76A8326E 5 Bytes JMP 6D127EC2 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!SetCursorPos 76A96FB2 5 Bytes JMP 6D2F868F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!DialogBoxParamA 76A98152 5 Bytes JMP 6D2F71A4 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!DialogBoxIndirectParamA 76A9847D 5 Bytes JMP 6D2F726A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!MessageBoxIndirectA 76AAD4D9 5 Bytes JMP 6D2F7139 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!MessageBoxIndirectW 76AAD5D3 5 Bytes JMP 6D2F70CE C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!MessageBoxExA 76AAD639 5 Bytes JMP 6D2F706C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!MessageBoxExW 76AAD65D 5 Bytes JMP 6D2F700A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] USER32.dll!keybd_event 76AAD972 5 Bytes JMP 6D2F89BF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] SHELL32.dll!SHRestricted + D95 76F889A8 4 Bytes [4D, 30, 39, 6F] {DEC EBP; XOR [ECX], BH; OUTS DX, DWORD [ESI]} .text C:\Program Files\Internet Explorer\iexplore.exe[4320] SHELL32.dll!SHRestricted + D9D 76F889B0 8 Bytes [57, 2F, 39, 6F, 9C, 5B, 38, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4320] ole32.dll!OleLoadFromStream 766F1E80 5 Bytes JMP 6D2F756F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4320] ole32.dll!CoCreateInstance 76729F3E 5 Bytes JMP 6D1FDB30 C:\Windows\system32\IEFRAME.dll .text C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe[4408] kernel32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Program Files\Gadu-Gadu\gg.exe[4488] kernel32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[5148] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 6ACF1FFD C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5148] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[5148] KERNEL32.dll!HeapSetInformation + 26 76E4A84A 7 Bytes JMP 5E8F5A06 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5148] KERNEL32.dll!LockResource + C 76E668EB 7 Bytes JMP 5ECE049D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5148] KERNEL32.dll!VirtualAllocEx + 54 76E6AD50 7 Bytes JMP 5ECE0455 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5148] KERNEL32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[5148] GDI32.dll!SetStretchBltMode + 256 7691745C 2 Bytes JMP 5ECE04C4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5148] GDI32.dll!SetStretchBltMode + 259 7691745F 4 Bytes CALL 01E76E4F .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5452] kernel32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5452] USER32.dll!GetWindowInfo 76A6428E 5 Bytes JMP 5EC3B2EA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5452] USER32.dll!SetMenuItemBitmaps + 71 76A714EE 7 Bytes JMP 5EC34E6D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5660] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5660] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[5660] KERNEL32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[5660] USER32.dll!CreateWindowExW 76A61305 5 Bytes JMP 6D1FDAD4 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5660] USER32.dll!DialogBoxParamW 76A810B0 5 Bytes JMP 6D125505 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5660] USER32.dll!DialogBoxIndirectParamW 76A82EF5 5 Bytes JMP 6D2F7207 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5660] USER32.dll!DialogBoxParamA 76A98152 5 Bytes JMP 6D2F71A4 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5660] USER32.dll!DialogBoxIndirectParamA 76A9847D 5 Bytes JMP 6D2F726A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5660] USER32.dll!MessageBoxIndirectA 76AAD4D9 5 Bytes JMP 6D2F7139 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5660] USER32.dll!MessageBoxIndirectW 76AAD5D3 5 Bytes JMP 6D2F70CE C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5660] USER32.dll!MessageBoxExA 76AAD639 5 Bytes JMP 6D2F706C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5660] USER32.dll!MessageBoxExW 76AAD65D 5 Bytes JMP 6D2F700A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[5972] KERNEL32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!CreateDialogParamW 76A572A2 5 Bytes JMP 6D1FDE60 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!GetAsyncKeyState 76A5863C 5 Bytes JMP 6D118F27 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!SetWindowsHookExW 76A587AD 5 Bytes JMP 6D1F9A65 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!CallNextHookEx 76A58E3B 5 Bytes JMP 6D1ED0DD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!UnhookWindowsHookEx 76A598DB 5 Bytes JMP 6D16466C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!EnableWindow 76A5CD8B 5 Bytes JMP 6D1FDCED C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!CreateWindowExW 76A61305 5 Bytes JMP 6D1FDAD4 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!GetKeyState 76A68CB1 5 Bytes JMP 6D1FD29B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!IsDialogMessageW 76A70745 5 Bytes JMP 6D125A17 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!CreateDialogParamA 76A717AA 5 Bytes JMP 6D2F7E73 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!IsDialogMessage 76A71847 5 Bytes JMP 6D2F770F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!CreateDialogIndirectParamA 76A726F1 5 Bytes JMP 6D2F7EAA C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!CreateDialogIndirectParamW 76A79A62 5 Bytes JMP 6D2F7EE1 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!SetKeyboardState 76A80987 5 Bytes JMP 6D2F7A7E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!DialogBoxParamW 76A810B0 5 Bytes JMP 6D125505 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!DialogBoxIndirectParamW 76A82EF5 5 Bytes JMP 6D2F7207 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!SendInput 76A82F75 5 Bytes JMP 6D2F863B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!EndDialog 76A8326E 5 Bytes JMP 6D127EC2 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!SetCursorPos 76A96FB2 5 Bytes JMP 6D2F868F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!DialogBoxParamA 76A98152 5 Bytes JMP 6D2F71A4 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!DialogBoxIndirectParamA 76A9847D 5 Bytes JMP 6D2F726A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!MessageBoxIndirectA 76AAD4D9 5 Bytes JMP 6D2F7139 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!MessageBoxIndirectW 76AAD5D3 5 Bytes JMP 6D2F70CE C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!MessageBoxExA 76AAD639 5 Bytes JMP 6D2F706C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!MessageBoxExW 76AAD65D 5 Bytes JMP 6D2F700A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!keybd_event 76AAD972 5 Bytes JMP 6D2F89BF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] SHELL32.dll!SHRestricted + D95 76F889A8 4 Bytes [4D, 30, 39, 6F] {DEC EBP; XOR [ECX], BH; OUTS DX, DWORD [ESI]} .text C:\Program Files\Internet Explorer\iexplore.exe[5972] SHELL32.dll!SHRestricted + D9D 76F889B0 8 Bytes [57, 2F, 39, 6F, 9C, 5B, 38, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ole32.dll!OleLoadFromStream 766F1E80 5 Bytes JMP 6D2F756F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ole32.dll!CoCreateInstance 76729F3E 5 Bytes JMP 6D1FDB30 C:\Windows\system32\IEFRAME.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6124] kernel32.dll!GetBinaryTypeW + 70 76E72247 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\services.exe[556] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001B0002 IAT C:\Windows\system32\services.exe[556] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001B0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@001fe43c0440 0x97 0x7D 0xF7 0xE9 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310@001fe43c0440 0x97 0x7D 0xF7 0xE9 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@001fe43c0440 0x97 0x7D 0xF7 0xE9 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a310@001fe43c0440 0x97 0x7D 0xF7 0xE9 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00158315a310@001fe43c0440 0x97 0x7D 0xF7 0xE9 ... ---- EOF - GMER 2.1 ----