GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-23 12:24:22 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4 ST3120827AS rev.3.42 111,79GB Running: 4u79qrf0.exe; Driver: C:\Users\Ja\AppData\Local\Temp\uglcyaoc.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Users\Ja\AppData\Local\Temp\1CBB4FD25.sys ZwCreateSection [0xA64DAE8C] SSDT \??\C:\Users\Ja\AppData\Local\Temp\1CBB4FD25.sys ZwCreateThread [0xA64DB010] SSDT \??\C:\Users\Ja\AppData\Local\Temp\1CBB4FD25.sys ZwCreateThreadEx [0xA64DB09E] SSDT \??\C:\Users\Ja\AppData\Local\Temp\1CBB4FD25.sys ZwMakeTemporaryObject [0xA64DAE02] SSDT \??\C:\Users\Ja\AppData\Local\Temp\1CBB4FD25.sys ZwQueueApcThread [0xA64DB12E] SSDT \??\C:\Users\Ja\AppData\Local\Temp\1CBB4FD25.sys ZwQueueApcThreadEx [0xA64DB1BE] SSDT \??\C:\Users\Ja\AppData\Local\Temp\1CBB4FD25.sys ZwSetContextThread [0xA64DB24E] SSDT \??\C:\Users\Ja\AppData\Local\Temp\1CBB4FD25.sys ZwSetSystemInformation [0xA64D794C] SSDT \??\C:\Users\Ja\AppData\Local\Temp\1CBB4FD25.sys ZwSetSystemTime [0xA64D7B02] SSDT \??\C:\Users\Ja\AppData\Local\Temp\1CBB4FD25.sys ZwUnmapViewOfSection [0xA64DAD74] SSDT \??\C:\Users\Ja\AppData\Local\Temp\1CBB4FD25.sys ZwWriteVirtualMemory [0xA64D902E] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E88579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EACF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 340 82EB4840 4 Bytes [8C, AE, 4D, A6] .text ntkrnlpa.exe!RtlSidHashLookup + 34C 82EB484C 8 Bytes [10, B0, 4D, A6, 9E, B0, 4D, ...] {ADC [EAX-0x4f6159b3], DH; DEC EBP; CMPSB } .text ntkrnlpa.exe!RtlSidHashLookup + 480 82EB4980 4 Bytes [02, AE, 4D, A6] .text ntkrnlpa.exe!RtlSidHashLookup + 624 82EB4B24 8 Bytes [2E, B1, 4D, A6, BE, B1, 4D, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 6E0 82EB4BE0 4 Bytes [4E, B2, 4D, A6] {DEC ESI; MOV DL, 0x4d; CMPSB } .text ... ? System32\drivers\wphqr.sys System nie może odnaleźć określonej ścieżki. ! ? C:\Users\Ja\AppData\Local\Temp\1CBB4FD25.sys Nie można odnaleźć określonego pliku. ! ? C:\Users\Ja\AppData\Local\Temp\1D8BC0DD0.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtCreateFile + 6 76E54A16 4 Bytes [28, 58, 08, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtCreateFile + B 76E54A1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtCreateKey + 6 76E54A56 4 Bytes [68, 59, 08, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtCreateKey + B 76E54A5B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtCreateMutant + 6 76E54A96 4 Bytes [68, 5A, 08, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtCreateMutant + B 76E54A9B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtCreateSection + 6 76E54B36 4 Bytes [A8, 5A, 08, 00] {TEST AL, 0x5a; OR [EAX], AL} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtCreateSection + B 76E54B3B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtMapViewOfSection + 6 76E55076 4 Bytes CALL 75E558D7 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtMapViewOfSection + B 76E5507B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenFile + 6 76E55126 4 Bytes [68, 58, 08, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenFile + B 76E5512B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenKey + 6 76E55156 4 Bytes [A8, 59, 08, 00] {TEST AL, 0x59; OR [EAX], AL} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenKey + B 76E5515B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenKeyEx + 6 76E55166 4 Bytes CALL 75E559C4 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenKeyEx + B 76E5516B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenMutant + 6 76E551A6 4 Bytes [28, 5A, 08, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenMutant + B 76E551AB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenProcess + 6 76E551D6 4 Bytes [68, 5B, 08, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenProcess + B 76E551DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenProcessToken + 6 76E551E6 4 Bytes [A8, 5B, 08, 00] {TEST AL, 0x5b; OR [EAX], AL} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenProcessToken + B 76E551EB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenProcessTokenEx + 6 76E551F6 4 Bytes [68, 5C, 08, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenProcessTokenEx + B 76E551FB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenSection + 6 76E55216 4 Bytes CALL 75E55A75 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenSection + B 76E5521B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenThread + 6 76E55256 4 Bytes [28, 5B, 08, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenThread + B 76E5525B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenThreadToken + 6 76E55266 4 Bytes [28, 5C, 08, 00] {SUB [EAX+ECX+0x0], BL} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenThreadToken + B 76E5526B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenThreadTokenEx + 6 76E55276 4 Bytes [A8, 5C, 08, 00] {TEST AL, 0x5c; OR [EAX], AL} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtOpenThreadTokenEx + B 76E5527B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtQueryAttributesFile + 6 76E55386 4 Bytes [A8, 58, 08, 00] {TEST AL, 0x58; OR [EAX], AL} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtQueryAttributesFile + B 76E5538B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtQueryFullAttributesFile + 6 76E55436 4 Bytes CALL 75E55C93 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtQueryFullAttributesFile + B 76E5543B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtSetInformationFile + 6 76E55A86 4 Bytes [28, 59, 08, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtSetInformationFile + B 76E55A8B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtSetInformationThread + 6 76E55AE6 4 Bytes CALL 75E56346 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtSetInformationThread + B 76E55AEB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtUnmapViewOfSection + 6 76E55E06 4 Bytes [28, 5D, 08, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ntdll.dll!NtUnmapViewOfSection + B 76E55E0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] kernel32.dll!CreateProcessW 753E202D 5 Bytes JMP 00090030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] kernel32.dll!CreateProcessA 753E2062 5 Bytes JMP 00090070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!SelectObject 752661D0 5 Bytes JMP 001405F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!SetTextColor 75266622 5 Bytes JMP 00140A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!SetBkMode 752666CD 5 Bytes JMP 001408F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!DeleteObject 752668B4 5 Bytes JMP 001401B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!DeleteDC 75266A2C 5 Bytes JMP 00140170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!ExtSelectClipRgn 75266C72 5 Bytes JMP 001402F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!SelectClipRgn 75266D84 5 Bytes JMP 001405B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!GetDeviceCaps 75266E03 5 Bytes JMP 001403B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!SetStretchBltMode 752673CE 5 Bytes JMP 001406B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!GetCurrentObject 7526777C 5 Bytes JMP 00140370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!GetTextMetricsW 7526798F 5 Bytes JMP 00140E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!IntersectClipRect 75267CCA 5 Bytes JMP 001403F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!GetTextAlign 75267D15 5 Bytes JMP 00140D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!SetTextAlign 75267F92 5 Bytes JMP 001409F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!ExtTextOutW 75268053 5 Bytes JMP 00140970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!GetClipBox 752681F2 5 Bytes JMP 00140330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!MoveToEx 75268A16 5 Bytes JMP 00140470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!CreateDCA 75269975 5 Bytes JMP 001400B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!RestoreDC 75269A10 5 Bytes JMP 00140530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!SaveDC 75269AD2 5 Bytes JMP 00140570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!StretchDIBits 7526AC38 5 Bytes JMP 00140770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!GetTextFaceW 7526B4CC 5 Bytes JMP 00140D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!GetTextExtentPoint32W 7526B535 5 Bytes JMP 00140670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!GetFontData 7526B8E8 5 Bytes JMP 00140C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!CreateDCW 7526BD21 5 Bytes JMP 001400F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!CreateICW 7526C660 5 Bytes JMP 00140130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!LineTo 7526CA20 5 Bytes JMP 00140430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!SetWorldTransform 7526CB42 5 Bytes JMP 001406F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!GetTextMetricsA 7526CE46 5 Bytes JMP 00140DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!Rectangle 7526F5BE 5 Bytes JMP 001409B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!SetICMMode 7526F8D4 5 Bytes JMP 00140DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!ExtTextOutA 75270158 5 Bytes JMP 00140930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!GetTextExtentPoint32A 752708BB 5 Bytes JMP 00140630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!Escape 75270B0D 5 Bytes JMP 00140270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!ExtEscape 75273472 5 Bytes JMP 001402B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!GetTextFaceA 75273E49 5 Bytes JMP 00140CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!SetPolyFillMode 75276CE1 5 Bytes JMP 00140B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!SetMiterLimit 75276E54 5 Bytes JMP 00140B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!ResetDCW 7528031C 5 Bytes JMP 00140AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!EndPage 752807CD 5 Bytes JMP 00140230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!GetGlyphOutlineW 7528C292 5 Bytes JMP 00140CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!CreateScalableFontResourceW 7528E8EF 5 Bytes JMP 00140BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!AddFontResourceW 7528ECEB 5 Bytes JMP 00140BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!RemoveFontResourceW 7528F1E1 5 Bytes JMP 00140C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!AbortDoc 75294D37 5 Bytes JMP 00140030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!EndDoc 7529517E 5 Bytes JMP 001401F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!StartPage 75295269 5 Bytes JMP 00140730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!StartDocW 75295BB6 5 Bytes JMP 001407F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!BeginPath 7529635D 5 Bytes JMP 00140830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!SelectClipPath 752963B4 5 Bytes JMP 00140AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!CloseFigure 7529640F 5 Bytes JMP 00140070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!EndPath 75296466 5 Bytes JMP 00140A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!StrokePath 75296699 5 Bytes JMP 001407B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!FillPath 75296726 5 Bytes JMP 00140870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!PolylineTo 75296B94 5 Bytes JMP 001404F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!PolyBezierTo 75296C25 5 Bytes JMP 001404B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] GDI32.dll!PolyDraw 75296CD7 5 Bytes JMP 001408B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!ActivateKeyboardLayout 752B817D 5 Bytes JMP 001504F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!ScreenToClient 752BC1F2 7 Bytes JMP 00150670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!RegisterClipboardFormatA 752BE6B1 5 Bytes JMP 001502F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!RegisterClipboardFormatW 752BEDFD 5 Bytes JMP 001502B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!SetCursor 752C52EA 5 Bytes JMP 00150530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!MonitorFromWindow 752C590A 7 Bytes JMP 00150630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!PostMessageW 752C6225 5 Bytes JMP 001505F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!IsWindowVisible 752C6939 7 Bytes JMP 001506B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!GetClientRect 752C74B1 7 Bytes JMP 001505B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!MapWindowPoints 752C7915 5 Bytes JMP 00150570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!GetParent 752C7AB3 7 Bytes JMP 001506F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!SetClipboardData 752D4979 5 Bytes JMP 00150170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!EmptyClipboard 752D4A28 5 Bytes JMP 00150130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!GetClipboardData 752D4B47 5 Bytes JMP 00150030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!EnumClipboardFormats 752D4D98 5 Bytes JMP 001501B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!GetClipboardFormatNameW 752D7EB2 5 Bytes JMP 00150230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!SetClipboardViewer 752D8F4D 5 Bytes JMP 001504B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!GetClipboardFormatNameA 752D8F61 5 Bytes JMP 00150270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!GetOpenClipboardWindow 752D902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!GetOpenClipboardWindow 752D902F 5 Bytes JMP 001503F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!ChangeClipboardChain 752E3425 5 Bytes JMP 00150430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!GetTopWindow 752E3A5D 7 Bytes JMP 00150730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!CloseClipboard 752E5BA7 5 Bytes JMP 001500B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!OpenClipboard 752E5BB9 5 Bytes JMP 00150070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!IsClipboardFormatAvailable 752E5C3A 5 Bytes JMP 001500F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!GetClipboardSequenceNumber 752E5C4E 5 Bytes JMP 00150330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!GetClipboardOwner 752E5C60 5 Bytes JMP 00150370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!CountClipboardFormats 752E5DC9 5 Bytes JMP 001501F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!SetCursorPos 752FC1D8 5 Bytes JMP 00150770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!GetClipboardViewer 75314B57 5 Bytes JMP 00150470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] USER32.dll!GetPriorityClipboardFormat 75314C59 5 Bytes JMP 001503B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ole32.dll!OleSetClipboard 759DF1F6 5 Bytes JMP 00160030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ole32.dll!OleIsCurrentClipboard 759E2370 5 Bytes JMP 00160070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe[2940] ole32.dll!OleGetClipboard 75A0F71D 5 Bytes JMP 001600B0 .text C:\Program Files\Mozilla Firefox\firefox.exe[4344] ntdll.dll!NtCreateFile 76E54A10 5 Bytes JMP 55283D20 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4344] ntdll.dll!NtFlushBuffersFile 76E54DA0 5 Bytes JMP 5526C661 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4344] ntdll.dll!NtQueryFullAttributesFile 76E55430 5 Bytes JMP 55283820 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4344] ntdll.dll!NtReadFile 76E55700 5 Bytes JMP 5526C750 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4344] ntdll.dll!NtReadFileScatter 76E55710 5 Bytes JMP 55B0E1FF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4344] ntdll.dll!NtWriteFile 76E55EB0 5 Bytes JMP 552843D0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4344] ntdll.dll!NtWriteFileGather 76E55EC0 5 Bytes JMP 55B0E1AE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4344] ntdll.dll!LdrLoadDll 76E6F585 3 Bytes JMP 71721F4C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4344] ntdll.dll!LdrLoadDll + 4 76E6F589 1 Byte [FA] .text C:\Program Files\Mozilla Firefox\firefox.exe[4344] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 7542C0CF 7 Bytes JMP 55AAF55F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4344] kernel32.dll!CloseHandle + 38 754305EF 7 Bytes JMP 55AAF582 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4344] kernel32.dll!GetExitCodeProcess + 2C 7543313D 7 Bytes JMP 552806F3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4344] USER32.dll!GetWindowInfo 752C6A82 5 Bytes JMP 559BE5A9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4344] GDI32.dll!GetViewportOrgEx + 21C 752685EB 7 Bytes JMP 55AAF4E0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5200] USER32.dll!GetWindowInfo 752C6A82 5 Bytes JMP 554D825D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5200] USER32.dll!MenuItemFromPoint + F 752E4B36 7 Bytes JMP 554D1BFA C:\Program Files\Mozilla Firefox\xul.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B8250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B82494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B65624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B656E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B78573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B74D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B750CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B751A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73B766D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B782CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B78819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B7907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B7E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B74C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs 1CBB4FD25.sys Device \FileSystem\4598EEE6DC78E014 \Device\4598EEE6DC78E014 1CBB4FD25.sys AttachedDevice \Driver\tdx \Device\Tcp 1CBB4FD25.sys AttachedDevice \Driver\tdx \Device\Udp 1CBB4FD25.sys AttachedDevice \Driver\tdx \Device\RawIp 1CBB4FD25.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat 1CBB4FD25.sys ---- EOF - GMER 2.1 ----