GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-09 11:25:38 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\0000005e WDC_WD25 rev.10.0 232,89GB Running: gmer.exe; Driver: C:\Users\Grzegorz\AppData\Local\Temp\kwldqpog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwOpenProcess [0x81E087A0] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwTerminateProcess [0x81E08848] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwTerminateThread [0x81E088E4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwWriteVirtualMemory [0x81E08980] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82E898D9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EAE312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 518 82EB5DD8 4 Bytes [A0, 87, E0, 81] .text ntkrnlpa.exe!RtlSidHashLookup + 7E8 82EB60A8 8 Bytes [48, 88, E0, 81, E4, 88, E0, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 85C 82EB611C 4 Bytes [80, 89, E0, 81] .PAGE C:\Windows\system32\DRIVERS\avgldx86.sys unknown last section [0x94571600, 0x100, 0xC0000040] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94E31000, 0x349D76, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Microsoft Office\Office15\MsoSync.exe[5296] USER32.dll!RegisterClipboardFormatA 763AE6B1 5 Bytes JMP 5EE2A707 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll .text C:\Program Files\Microsoft Office\Office15\MsoSync.exe[5296] USER32.dll!RegisterClipboardFormatW 763AEDFD 5 Bytes JMP 5EE255F9 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll .text C:\Program Files\Microsoft Office\Office15\MsoSync.exe[5296] USER32.dll!BeginPaint 763B7B87 5 Bytes JMP 5EE39050 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll .text C:\Program Files\Microsoft Office\Office15\MsoSync.exe[5296] USER32.dll!ValidateRect 763D0D28 5 Bytes JMP 5EF6ED38 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5392] ntdll.dll!wcsncmp + 33B 775DF420 7 Bytes JMP 71D41FD9 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5392] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 75DDC0A7 7 Bytes JMP 5A8C40E1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5392] kernel32.dll!CloseHandle + 38 75DE05CF 7 Bytes JMP 5A8C4104 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5392] kernel32.dll!GetExitCodeProcess + 2C 75DE311D 7 Bytes JMP 59F93255 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5392] GDI32.dll!GetViewportOrgEx + 21C 759E85EB 7 Bytes JMP 5A8C4062 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5988] USER32.dll!CharToOemA + 3A 763AB1DE 7 Bytes JMP 5A1BE610 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5988] USER32.dll!AdjustWindowRectEx + 117 763B660F 7 Bytes JMP 5A1BE681 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5988] USER32.dll!GetWindowInfo 763B6A82 5 Bytes JMP 5A1C2366 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5988] USER32.dll!MenuItemFromPoint + F 763D4B36 7 Bytes JMP 5A1BBD82 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtCreateFile + 6 775C46B6 4 Bytes [28, E0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtCreateFile + B 775C46BB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtCreateKey + 6 775C46F6 4 Bytes [68, E1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtCreateKey + B 775C46FB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtCreateMutant + 6 775C4736 4 Bytes [68, E2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtCreateMutant + B 775C473B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtCreateSection + 6 775C47D6 4 Bytes [A8, E2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtCreateSection + B 775C47DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtMapViewOfSection + B 775C4D1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenFile + 6 775C4DC6 4 Bytes [68, E0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenFile + B 775C4DCB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenKey + 6 775C4DF6 4 Bytes [A8, E1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenKey + B 775C4DFB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenKeyEx + B 775C4E0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenMutant + 6 775C4E46 4 Bytes [28, E2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenMutant + B 775C4E4B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenProcess + 6 775C4E76 4 Bytes [68, E3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenProcess + B 775C4E7B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenProcessToken + 6 775C4E86 4 Bytes [A8, E3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenProcessToken + B 775C4E8B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenProcessTokenEx + 6 775C4E96 4 Bytes [68, E4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenProcessTokenEx + B 775C4E9B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenSection + B 775C4EBB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenThread + 6 775C4EF6 4 Bytes [28, E3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenThread + B 775C4EFB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenThreadToken + 6 775C4F06 4 Bytes [28, E4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenThreadToken + B 775C4F0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenThreadTokenEx + 6 775C4F16 4 Bytes [A8, E4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtOpenThreadTokenEx + B 775C4F1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtQueryAttributesFile + 6 775C5026 4 Bytes [A8, E0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtQueryAttributesFile + B 775C502B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtQueryFullAttributesFile + B 775C50DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtSetInformationFile + 6 775C5726 4 Bytes [28, E1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtSetInformationFile + B 775C572B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtSetInformationThread + B 775C578B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtUnmapViewOfSection + 6 775C5AA6 4 Bytes [28, E5, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ntdll.dll!NtUnmapViewOfSection + B 775C5AAB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] kernel32.dll!CreateProcessW 75D9202D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] kernel32.dll!CreateProcessA 75D92062 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!SelectObject 759E61D0 5 Bytes JMP 005005F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!SetTextColor 759E6622 5 Bytes JMP 00500A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!SetBkMode 759E66CD 5 Bytes JMP 005008F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!DeleteObject 759E68B4 5 Bytes JMP 005001B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!DeleteDC 759E6A2C 5 Bytes JMP 00500170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!ExtSelectClipRgn 759E6C72 5 Bytes JMP 005002F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!SelectClipRgn 759E6D84 5 Bytes JMP 005005B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!GetDeviceCaps 759E6E03 5 Bytes JMP 005003B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!SetStretchBltMode 759E73CE 5 Bytes JMP 005006B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!GetCurrentObject 759E777C 5 Bytes JMP 00500370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!GetTextMetricsW 759E798F 5 Bytes JMP 00500E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!IntersectClipRect 759E7CCA 5 Bytes JMP 005003F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!GetTextAlign 759E7D15 5 Bytes JMP 00500D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!SetTextAlign 759E7F92 5 Bytes JMP 005009F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!ExtTextOutW 759E8053 5 Bytes JMP 00500970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!GetClipBox 759E81F2 5 Bytes JMP 00500330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!MoveToEx 759E8A16 5 Bytes JMP 00500470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!CreateDCA 759E9975 5 Bytes JMP 005000B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!RestoreDC 759E9A10 5 Bytes JMP 00500530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!SaveDC 759E9AD2 5 Bytes JMP 00500570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!StretchDIBits 759EAC38 5 Bytes JMP 00500770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!GetTextFaceW 759EB4CC 5 Bytes JMP 00500D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!GetTextExtentPoint32W 759EB535 5 Bytes JMP 00500670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!GetFontData 759EB8E8 5 Bytes JMP 00500C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!CreateDCW 759EBD21 5 Bytes JMP 005000F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!CreateICW 759EC660 5 Bytes JMP 00500130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!LineTo 759ECA20 5 Bytes JMP 00500430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!SetWorldTransform 759ECB42 5 Bytes JMP 005006F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!GetTextMetricsA 759ECE46 5 Bytes JMP 00500DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!Rectangle 759EF5BE 5 Bytes JMP 005009B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!SetICMMode 759EF8D4 5 Bytes JMP 00500DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!ExtTextOutA 759F0158 5 Bytes JMP 00500930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!GetTextExtentPoint32A 759F08BB 5 Bytes JMP 00500630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!Escape 759F0B0D 5 Bytes JMP 00500270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!ExtEscape 759F3472 5 Bytes JMP 005002B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!GetTextFaceA 759F3E49 5 Bytes JMP 00500CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!SetPolyFillMode 759F6CE1 5 Bytes JMP 00500B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!SetMiterLimit 759F6E54 5 Bytes JMP 00500B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!ResetDCW 75A0031C 5 Bytes JMP 00500AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!EndPage 75A007CD 5 Bytes JMP 00500230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!GetGlyphOutlineW 75A0C292 5 Bytes JMP 00500CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!CreateScalableFontResourceW 75A0E8EF 5 Bytes JMP 00500BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!AddFontResourceW 75A0ECEB 5 Bytes JMP 00500BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!RemoveFontResourceW 75A0F1E1 5 Bytes JMP 00500C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!AbortDoc 75A14D37 5 Bytes JMP 00500030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!EndDoc 75A1517E 5 Bytes JMP 005001F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!StartPage 75A15269 5 Bytes JMP 00500730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!StartDocW 75A15BB6 5 Bytes JMP 005007F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!BeginPath 75A1635D 5 Bytes JMP 00500830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!SelectClipPath 75A163B4 5 Bytes JMP 00500AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!CloseFigure 75A1640F 5 Bytes JMP 00500070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!EndPath 75A16466 5 Bytes JMP 00500A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!StrokePath 75A16699 5 Bytes JMP 005007B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!FillPath 75A16726 5 Bytes JMP 00500870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!PolylineTo 75A16B94 5 Bytes JMP 005004F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!PolyBezierTo 75A16C25 5 Bytes JMP 005004B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] GDI32.dll!PolyDraw 75A16CD7 5 Bytes JMP 005008B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!ActivateKeyboardLayout 763A817D 5 Bytes JMP 005104F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!ScreenToClient 763AC1F2 7 Bytes JMP 00510670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!RegisterClipboardFormatA 763AE6B1 5 Bytes JMP 005102F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!RegisterClipboardFormatW 763AEDFD 5 Bytes JMP 005102B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!SetCursor 763B52EA 5 Bytes JMP 00510530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!MonitorFromWindow 763B590A 7 Bytes JMP 00510630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!PostMessageW 763B6225 5 Bytes JMP 005105F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!IsWindowVisible 763B6939 7 Bytes JMP 005106B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!GetClientRect 763B74B1 7 Bytes JMP 005105B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!MapWindowPoints 763B7915 5 Bytes JMP 00510570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!GetParent 763B7AB3 7 Bytes JMP 005106F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!SetClipboardData 763C4979 5 Bytes JMP 00510170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!EmptyClipboard 763C4A28 5 Bytes JMP 00510130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!GetClipboardData 763C4B47 5 Bytes JMP 00510030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!EnumClipboardFormats 763C4D98 5 Bytes JMP 005101B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!GetClipboardFormatNameW 763C7EB2 5 Bytes JMP 00510230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!SetClipboardViewer 763C8F4D 5 Bytes JMP 005104B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!GetClipboardFormatNameA 763C8F61 5 Bytes JMP 00510270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!GetOpenClipboardWindow 763C902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!GetOpenClipboardWindow 763C902F 5 Bytes JMP 005103F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!ChangeClipboardChain 763D3425 5 Bytes JMP 00510430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!GetTopWindow 763D3A5D 7 Bytes JMP 00510730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!CloseClipboard 763D5BA7 5 Bytes JMP 005100B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!OpenClipboard 763D5BB9 5 Bytes JMP 00510070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!IsClipboardFormatAvailable 763D5C3A 5 Bytes JMP 005100F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!GetClipboardSequenceNumber 763D5C4E 5 Bytes JMP 00510330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!GetClipboardOwner 763D5C60 5 Bytes JMP 00510370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!CountClipboardFormats 763D5DC9 5 Bytes JMP 005101F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!SetCursorPos 763EC1D8 5 Bytes JMP 00510770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!GetClipboardViewer 76404B57 5 Bytes JMP 00510470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] USER32.dll!GetPriorityClipboardFormat 76404C59 5 Bytes JMP 005103B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ole32.dll!OleSetClipboard 764CF2FE 5 Bytes JMP 00520030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ole32.dll!OleIsCurrentClipboard 764D2489 5 Bytes JMP 00520070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[6096] ole32.dll!OleGetClipboard 764FF825 5 Bytes JMP 005200B0 ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys Device \Driver\00000402 \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0 8665CB80 ---- Files - GMER 2.1 ---- File C:\Windows\$NtUninstallKB1963$\198705551 0 bytes File C:\Windows\$NtUninstallKB1963$\2216262733 0 bytes File C:\Windows\$NtUninstallKB1963$\2216262733\L 0 bytes File C:\Windows\$NtUninstallKB1963$\2216262733\U 0 bytes ADS C:\Windows\1299978628:2078704562.exe 816 bytes executable <-- ROOTKIT !!! ---- Services - GMER 2.1 ---- Service C:\Windows\1299978628:2078704562.exe [MANUAL] 84197c4d <-- ROOTKIT !!! ---- EOF - GMER 2.1 ----