GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-05 21:37:19 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0006SDM2 465,76GB Running: gmer.exe; Driver: C:\Users\Wisnia\AppData\Local\Temp\pwdiqpog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x9126FBA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x91270684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x9127C6F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x9127C744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x9127C8DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x9127C666] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x91326DF0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x9127C6AE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x91327080] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x9132716A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x9127C898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x91271472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x9126FC0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x91274C68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x9126F7F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x91326ED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x9126FC72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x9127505E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x91271F5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x9127C722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x9127C766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x9127C902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x9127C68C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x91274560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x9127C816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x9127C6D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x9127494C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x9127C8BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x91326C6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x91271DCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x91271ADC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x9126FCD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x9126FD3E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x91326FCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x9126F892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x9126FA64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x9126F9F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x9127163C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x9127179E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x9126FAEC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x91326D3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x912712CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x9126FDA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x91326BA0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A4AA15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A84212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82A8B460 4 Bytes [A6, FB, 26, 91] {CMPSB ; STI ; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82A8B4E8 4 Bytes [84, 06, 27, 91] {TEST [ESI], AL; DAA ; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82A8B53C 8 Bytes [F8, C6, 27, 91, 44, C7, 27, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82A8B548 4 Bytes [DE, C8, 27, 91] {FMULP ST0, ST0; DAA ; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82A8B564 4 Bytes [66, C6, 27, 91] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82C464EF 4 Bytes CALL 91272641 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82C60357 4 Bytes CALL 91272657 \SystemRoot\system32\drivers\aswSnx.sys .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91E0F000, 0x2C22CE, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\svchost.exe[356] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\system32\svchost.exe[400] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\system32\csrss.exe[420] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\system32\csrss.exe[480] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\system32\wininit.exe[488] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] kernel32.dll!SetUnhandledExceptionFilter 75C4F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1608] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\Explorer.EXE[1632] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1744] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text ... .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2152] USER32.dll!GetWindowInfo 763A4B5E 5 Bytes JMP 5955825D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2152] USER32.dll!ToUnicodeEx + 71 763B2223 7 Bytes JMP 59551BFA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2196] kernel32.dll!SetUnhandledExceptionFilter 75C4F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\avastui.exe[2196] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2216] KERNEL32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[2224] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\notepad.exe[2668] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2732] KERNEL32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text ... .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] ntdll.dll!NtCreateFile 77615608 5 Bytes JMP 59303D20 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] ntdll.dll!NtFlushBuffersFile 77615998 5 Bytes JMP 592EC661 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] ntdll.dll!NtQueryFullAttributesFile 77616028 5 Bytes JMP 59303820 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] ntdll.dll!NtReadFile 776162F8 5 Bytes JMP 592EC750 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] ntdll.dll!NtReadFileScatter 77616308 5 Bytes JMP 59B8E1FF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] ntdll.dll!NtWriteFile 77616AA8 5 Bytes JMP 593043D0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] ntdll.dll!NtWriteFileGather 77616AB8 5 Bytes JMP 59B8E1AE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] ntdll.dll!LdrUnloadDll 7762C8DE 5 Bytes JMP 000E03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] ntdll.dll!LdrLoadDll 776322AE 5 Bytes JMP 61981F4C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 75C494E6 7 Bytes JMP 59B2F55F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] KERNEL32.dll!QueryPerformanceCounter + 13 75C4C4E5 7 Bytes JMP 59B2F582 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] KERNEL32.dll!LoadAppInitDlls + 355 75C4F5A6 7 Bytes JMP 593006F3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] KERNEL32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] USER32.dll!GetWindowInfo 763A4B5E 5 Bytes JMP 59A3E5A9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] GDI32.dll!GetViewportOrgEx + 26C 762E884B 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[3780] GDI32.dll!GetViewportOrgEx + 26C 762E884B 7 Bytes JMP 59B2F4E0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\wbem\unsecapp.exe[3856] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3912] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3920] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\system32\svchost.exe[3972] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4292] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtCreateFile + 6 7761560E 4 Bytes [28, 48, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtCreateFile + B 77615613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtCreateKey + 6 7761564E 4 Bytes [68, 49, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtCreateKey + B 77615653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtCreateMutant + 6 7761568E 4 Bytes [68, 4A, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtCreateMutant + B 77615693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtCreateSection + 6 7761572E 4 Bytes [A8, 4A, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtCreateSection + B 77615733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtMapViewOfSection + 6 77615C6E 4 Bytes CALL 766173BF C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtMapViewOfSection + B 77615C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenFile + 6 77615D1E 4 Bytes [68, 48, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenFile + B 77615D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenKey + 6 77615D4E 4 Bytes [A8, 49, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenKey + B 77615D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenKeyEx + 6 77615D5E 4 Bytes CALL 766174AC C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenKeyEx + B 77615D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenMutant + 6 77615D9E 4 Bytes [28, 4A, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenMutant + B 77615DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenProcess + 6 77615DCE 4 Bytes [68, 4B, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenProcess + B 77615DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenProcessToken + 6 77615DDE 4 Bytes [A8, 4B, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenProcessToken + B 77615DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenProcessTokenEx + 6 77615DEE 4 Bytes [68, 4C, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenProcessTokenEx + B 77615DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenSection + 6 77615E0E 4 Bytes CALL 7661755D C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenSection + B 77615E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenThread + 6 77615E4E 4 Bytes [28, 4B, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenThread + B 77615E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenThreadToken + 6 77615E5E 4 Bytes [28, 4C, 17, 00] {SUB [EDI+EDX+0x0], CL} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenThreadToken + B 77615E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenThreadTokenEx + 6 77615E6E 4 Bytes [A8, 4C, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtOpenThreadTokenEx + B 77615E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtQueryAttributesFile + 6 77615F7E 4 Bytes [A8, 48, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtQueryAttributesFile + B 77615F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtQueryFullAttributesFile + 6 7761602E 4 Bytes CALL 7661777B C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtQueryFullAttributesFile + B 77616033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtSetInformationFile + 6 7761667E 4 Bytes [28, 49, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtSetInformationFile + B 77616683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtSetInformationThread + 6 776166DE 4 Bytes CALL 76617E2E C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtSetInformationThread + B 776166E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtUnmapViewOfSection + 6 776169FE 4 Bytes [28, 4D, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ntdll.dll!NtUnmapViewOfSection + B 77616A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 00180030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 00180070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!ActivateKeyboardLayout 76398203 5 Bytes JMP 002304F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!ScreenToClient 7639A506 7 Bytes JMP 00230670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!RegisterClipboardFormatA 7639C091 5 Bytes JMP 002302F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!RegisterClipboardFormatW 7639DF8D 5 Bytes JMP 002302B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!SetCursor 763A3075 5 Bytes JMP 00230530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!MonitorFromWindow 763A3622 7 Bytes JMP 00230630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!PostMessageW 763A447B 5 Bytes JMP 002305F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!IsWindowVisible 763A4D69 7 Bytes JMP 002306B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!GetClientRect 763A54DD 7 Bytes JMP 002305B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!MapWindowPoints 763A5CAA 5 Bytes JMP 00230570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!GetParent 763A6029 7 Bytes JMP 002306F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!EmptyClipboard 763B290C 5 Bytes JMP 00230130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!SetClipboardData 763B2962 5 Bytes JMP 00230170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!GetClipboardData 763B2BA7 5 Bytes JMP 00230030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!GetClipboardFormatNameW 763B5FD2 5 Bytes JMP 00230230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!SetClipboardViewer 763B6FF6 5 Bytes JMP 002304B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!GetClipboardFormatNameA 763B700A 5 Bytes JMP 00230270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!ChangeClipboardChain 763C147C 5 Bytes JMP 00230430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!GetTopWindow 763C24D9 7 Bytes JMP 00230730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!CloseClipboard 763C446C 5 Bytes JMP 002300B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!OpenClipboard 763C447E 5 Bytes JMP 00230070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!IsClipboardFormatAvailable 763C44FF 5 Bytes JMP 002300F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!GetClipboardSequenceNumber 763C4513 5 Bytes JMP 00230330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!GetClipboardOwner 763C4525 5 Bytes JMP 00230370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!CountClipboardFormats 763C470A 5 Bytes JMP 002301F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!EnumClipboardFormats 763C47EC 5 Bytes JMP 002301B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!GetOpenClipboardWindow 763C480B 5 Bytes JMP 002303F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!SetCursorPos 763DC1B0 5 Bytes JMP 00230770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!GetClipboardViewer 763F4AF7 5 Bytes JMP 00230470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] user32.DLL!GetPriorityClipboardFormat 763F4BF9 5 Bytes JMP 002303B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!DeleteObject 762E5F14 5 Bytes JMP 002401B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!SelectObject 762E6640 5 Bytes JMP 002405F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!SetTextColor 762E6906 5 Bytes JMP 00240A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!SetBkMode 762E69B1 5 Bytes JMP 002408F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!DeleteDC 762E6EAA 5 Bytes JMP 00240170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!GetDeviceCaps 762E6F7F 5 Bytes JMP 002403B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!ExtSelectClipRgn 762E7114 5 Bytes JMP 002402F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!SelectClipRgn 762E7242 5 Bytes JMP 002405B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!SetStretchBltMode 762E7705 5 Bytes JMP 002406B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!GetCurrentObject 762E7917 5 Bytes JMP 00240370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!GetTextMetricsW 762E7B8F 5 Bytes JMP 00240E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!GetTextAlign 762E7DAF 5 Bytes JMP 00240D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!IntersectClipRect 762E7DFE 5 Bytes JMP 002403F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!ExtTextOutW 762E8192 5 Bytes JMP 00240970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!SetTextAlign 762E828E 5 Bytes JMP 002409F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!GetClipBox 762E8525 5 Bytes JMP 00240330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!MoveToEx 762E8C21 5 Bytes JMP 00240470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!StretchDIBits 762EA53E 5 Bytes JMP 00240770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!RestoreDC 762EA67B 5 Bytes JMP 00240530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!SaveDC 762EA74B 5 Bytes JMP 00240570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!GetTextExtentPoint32W 762EB4B5 5 Bytes JMP 00240670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!GetTextFaceW 762EB73A 2 Bytes JMP 00240D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!GetTextFaceW + 3 762EB73D 2 Bytes [F5, 89] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!GetFontData 762EBCC4 5 Bytes JMP 00240C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!SetWorldTransform 762EC90A 5 Bytes JMP 002406F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!CreateDCA 762ECCA9 5 Bytes JMP 002400B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!CreateDCW 762ECF79 5 Bytes JMP 002400F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!CreateICW 762ECFD0 5 Bytes JMP 00240130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!GetTextMetricsA 762ED0F2 5 Bytes JMP 00240DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!Rectangle 762EF1FF 5 Bytes JMP 002409B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!LineTo 762EF59B 5 Bytes JMP 00240430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!SetICMMode 762EFAA4 5 Bytes JMP 00240DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!ExtTextOutA 762F0D20 5 Bytes JMP 00240930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!GetTextExtentPoint32A 762F117F 5 Bytes JMP 00240630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!ExtEscape 762F2D49 5 Bytes JMP 002402B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!Escape 762F3400 5 Bytes JMP 00240270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!ResetDCW 762F3A9B 5 Bytes JMP 00240AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!EndPage 762F40DA 5 Bytes JMP 00240230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!SetPolyFillMode 762F67E1 5 Bytes JMP 00240B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!SetMiterLimit 762F699D 5 Bytes JMP 00240B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!GetTextFaceA 76300D22 5 Bytes JMP 00240CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!GetGlyphOutlineW 7630C2DA 5 Bytes JMP 00240CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!CreateScalableFontResourceW 7630E937 5 Bytes JMP 00240BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!AddFontResourceW 7630ED33 5 Bytes JMP 00240BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!RemoveFontResourceW 7630F229 5 Bytes JMP 00240C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!AbortDoc 76314E29 5 Bytes JMP 00240030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!EndDoc 76315270 5 Bytes JMP 002401F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!StartPage 7631535B 5 Bytes JMP 00240730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!StartDocW 76315D76 5 Bytes JMP 002407F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!BeginPath 7631651D 5 Bytes JMP 00240830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!SelectClipPath 76316574 5 Bytes JMP 00240AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!CloseFigure 763165CF 5 Bytes JMP 00240070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!EndPath 76316626 5 Bytes JMP 00240A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!StrokePath 76316859 5 Bytes JMP 002407B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!FillPath 763168E6 5 Bytes JMP 00240870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!PolylineTo 76316D54 5 Bytes JMP 002404F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!PolyBezierTo 76316DE5 5 Bytes JMP 002404B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] GDI32.dll!PolyDraw 76316E97 5 Bytes JMP 002408B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ole32.dll!OleSetClipboard 77420045 5 Bytes JMP 00260030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ole32.dll!OleIsCurrentClipboard 774236B2 5 Bytes JMP 00260070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[5224] ole32.dll!OleGetClipboard 7744FDCD 5 Bytes JMP 002600B0 .text C:\Windows\system32\wuauclt.exe[5612] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] .text C:\Windows\notepad.exe[6004] kernel32.dll!GetBinaryTypeW + 70 75C66AAC 1 Byte [62] ---- Devices - GMER 2.1 ---- Device \Driver\BTHUSB \Device\00000072 bthport.sys Device \Driver\BTHUSB \Device\00000074 bthport.sys ---- EOF - GMER 2.1 ----