GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-04 20:41:07 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4 SAMSUNG_HD753LJ rev.1AA01113 698,64GB Running: jhnmqgsg.exe; Driver: C:\Users\Mirek\AppData\Local\Temp\kwddikog.sys ---- System - GMER 2.1 ---- SSDT 866E9A08 ZwAlertResumeThread SSDT 866E9AA0 ZwAlertThread SSDT 866D03B8 ZwAllocateVirtualMemory SSDT 8657E6E0 ZwAlpcConnectPort SSDT 866E5C78 ZwAssignProcessToJobObject SSDT 866E5008 ZwCreateMutant SSDT 866E5A70 ZwCreateSymbolicLinkObject SSDT 8668A788 ZwCreateThread SSDT 866E5B18 ZwCreateThreadEx SSDT 866E5D10 ZwDebugActiveProcess SSDT 866E6528 ZwDuplicateObject SSDT 866C9D78 ZwFreeVirtualMemory SSDT 866E98D8 ZwImpersonateAnonymousToken SSDT 866E9970 ZwImpersonateThread SSDT 8658A430 ZwLoadDriver SSDT 866C9CE0 ZwMapViewOfSection SSDT 866E5F90 ZwOpenEvent SSDT 866E74E8 ZwOpenProcess SSDT 866E6490 ZwOpenProcessToken SSDT 866E5E60 ZwOpenSection SSDT 866E7460 ZwOpenThread SSDT 866E5BD0 ZwProtectVirtualMemory SSDT 866E59C8 ZwQueueApcThread SSDT 866E5920 ZwQueueApcThreadEx SSDT 866E9B38 ZwResumeThread SSDT 866E9D00 ZwSetContextThread SSDT 866E9D78 ZwSetInformationProcess SSDT 866E5DA8 ZwSetSystemInformation SSDT 866E5EF8 ZwSuspendProcess SSDT 866E9BD0 ZwSuspendThread SSDT 866C1588 ZwTerminateProcess SSDT 866E9C68 ZwTerminateThread SSDT 866C9C48 ZwUnmapViewOfSection SSDT 866D02F0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1409 82C809A5 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82CA0512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 13A3 82CA7998 8 Bytes [08, 9A, 6E, 86, A0, 9A, 6E, ...] .text ntoskrnl.exe!KeRemoveQueueEx + 13BB 82CA79B0 4 Bytes [B8, 03, 6D, 86] .text ntoskrnl.exe!KeRemoveQueueEx + 13C7 82CA79BC 4 Bytes [E0, E6, 57, 86] .text ntoskrnl.exe!KeRemoveQueueEx + 141B 82CA7A10 4 Bytes [78, 5C, 6E, 86] .text ntoskrnl.exe!KeRemoveQueueEx + 1497 82CA7A8C 4 Bytes [08, 50, 6E, 86] .text ... .text C:\Windows\system32\drivers\atikmdag.sys section is writeable [0x9D81A000, 0x227A14, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtCreateFile 77675608 5 Bytes JMP 55B89C03 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtFlushBuffersFile 77675998 5 Bytes JMP 55B8990B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtQueryFullAttributesFile 77676028 5 Bytes JMP 55B899C0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtReadFile 776762F8 5 Bytes JMP 55B89ACD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtReadFileScatter 77676308 5 Bytes JMP 55F58C27 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtWriteFile 77676AA8 5 Bytes JMP 55B89DA7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtWriteFileGather 77676AB8 5 Bytes JMP 55F58C77 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!LdrLoadDll 776922AE 5 Bytes JMP 59F5902C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2116] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 76D794E6 7 Bytes JMP 55F42714 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2116] kernel32.dll!QueryPerformanceCounter + 13 76D7C4E5 7 Bytes JMP 55F44641 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2116] kernel32.dll!LoadAppInitDlls + 355 76D7F5A6 7 Bytes JMP 55CE4050 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2116] GDI32.dll!GetViewportOrgEx + 26C 7715884B 7 Bytes JMP 55F40C8F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!GetWindowInfo 76BD6A82 5 Bytes JMP 5692C048 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtCreateFile + 6 7767560E 4 Bytes [28, F0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtCreateFile + B 77675613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtCreateKey + 6 7767564E 4 Bytes [68, F1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtCreateKey + B 77675653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtCreateMutant + 6 7767568E 4 Bytes [68, F2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtCreateMutant + B 77675693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtCreateSection + 6 7767572E 4 Bytes [A8, F2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtCreateSection + B 77675733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtMapViewOfSection + B 77675C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenFile + 6 77675D1E 4 Bytes [68, F0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenFile + B 77675D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenKey + 6 77675D4E 4 Bytes [A8, F1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenKey + B 77675D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenKeyEx + B 77675D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenMutant + 6 77675D9E 4 Bytes [28, F2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenMutant + B 77675DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenProcess + 6 77675DCE 4 Bytes [68, F3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenProcess + B 77675DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenProcessToken + 6 77675DDE 4 Bytes [A8, F3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenProcessToken + B 77675DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenProcessTokenEx + 6 77675DEE 4 Bytes [68, F4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenProcessTokenEx + B 77675DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenSection + B 77675E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenThread + 6 77675E4E 4 Bytes [28, F3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenThread + B 77675E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenThreadToken + 6 77675E5E 4 Bytes [28, F4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenThreadToken + B 77675E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenThreadTokenEx + 6 77675E6E 4 Bytes [A8, F4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtOpenThreadTokenEx + B 77675E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtQueryAttributesFile + 6 77675F7E 4 Bytes [A8, F0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtQueryAttributesFile + B 77675F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtQueryFullAttributesFile + B 77676033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtSetInformationFile + 6 7767667E 4 Bytes [28, F1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtSetInformationFile + B 77676683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtSetInformationThread + B 776766E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtUnmapViewOfSection + 6 776769FE 4 Bytes [28, F5, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ntdll.dll!NtUnmapViewOfSection + B 77676A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] kernel32.dll!CreateProcessW 76D3204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] kernel32.dll!CreateProcessA 76D32082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!DeleteObject 77155F14 5 Bytes JMP 001301B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!SelectObject 77156640 5 Bytes JMP 001305F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!SetTextColor 77156906 5 Bytes JMP 00130A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!SetBkMode 771569B1 5 Bytes JMP 001308F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!DeleteDC 77156EAA 5 Bytes JMP 00130170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!GetDeviceCaps 77156F7F 5 Bytes JMP 001303B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!ExtSelectClipRgn 77157114 5 Bytes JMP 001302F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!SelectClipRgn 77157242 5 Bytes JMP 001305B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!SetStretchBltMode 77157705 5 Bytes JMP 001306B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!GetCurrentObject 77157917 5 Bytes JMP 00130370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!GetTextMetricsW 77157B8F 5 Bytes JMP 00130E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!GetTextAlign 77157DAF 5 Bytes JMP 00130D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!IntersectClipRect 77157DFE 5 Bytes JMP 001303F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!ExtTextOutW 77158192 5 Bytes JMP 00130970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!SetTextAlign 7715828E 5 Bytes JMP 001309F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!GetClipBox 77158525 5 Bytes JMP 00130330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!MoveToEx 77158C21 5 Bytes JMP 00130470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!StretchDIBits 7715A53E 5 Bytes JMP 00130770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!RestoreDC 7715A67B 5 Bytes JMP 00130530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!SaveDC 7715A74B 5 Bytes JMP 00130570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!GetTextExtentPoint32W 7715B4B5 5 Bytes JMP 00130670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!GetTextFaceW 7715B73A 2 Bytes JMP 00130D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!GetTextFaceW + 3 7715B73D 2 Bytes [FD, 88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!GetFontData 7715BCC4 5 Bytes JMP 00130C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!SetWorldTransform 7715C90A 5 Bytes JMP 001306F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!CreateDCA 7715CCA9 5 Bytes JMP 001300B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!CreateDCW 7715CF79 5 Bytes JMP 001300F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!CreateICW 7715CFD0 5 Bytes JMP 00130130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!GetTextMetricsA 7715D0F2 5 Bytes JMP 00130DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!Rectangle 7715F1FF 5 Bytes JMP 001309B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!LineTo 7715F59B 5 Bytes JMP 00130430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!SetICMMode 7715FAA4 5 Bytes JMP 00130DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!ExtTextOutA 77160D20 5 Bytes JMP 00130930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!GetTextExtentPoint32A 7716117F 5 Bytes JMP 00130630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!ExtEscape 77162D49 5 Bytes JMP 001302B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!Escape 77163400 5 Bytes JMP 00130270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!ResetDCW 77163A9B 5 Bytes JMP 00130AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!EndPage 771640DA 5 Bytes JMP 00130230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!SetPolyFillMode 771667E1 5 Bytes JMP 00130B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!SetMiterLimit 7716699D 5 Bytes JMP 00130B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!GetTextFaceA 77170D22 5 Bytes JMP 00130CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!GetGlyphOutlineW 7717C2DA 5 Bytes JMP 00130CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!CreateScalableFontResourceW 7717E937 5 Bytes JMP 00130BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!AddFontResourceW 7717ED33 5 Bytes JMP 00130BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!RemoveFontResourceW 7717F229 5 Bytes JMP 00130C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!AbortDoc 77184E29 5 Bytes JMP 00130030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!EndDoc 77185270 5 Bytes JMP 001301F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!StartPage 7718535B 5 Bytes JMP 00130730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!StartDocW 77185D76 5 Bytes JMP 001307F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!BeginPath 7718651D 5 Bytes JMP 00130830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!SelectClipPath 77186574 5 Bytes JMP 00130AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!CloseFigure 771865CF 5 Bytes JMP 00130070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!EndPath 77186626 5 Bytes JMP 00130A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!StrokePath 77186859 5 Bytes JMP 001307B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!FillPath 771868E6 5 Bytes JMP 00130870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!PolylineTo 77186D54 5 Bytes JMP 001304F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!PolyBezierTo 77186DE5 5 Bytes JMP 001304B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] GDI32.dll!PolyDraw 77186E97 5 Bytes JMP 001308B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!ActivateKeyboardLayout 76BC817D 5 Bytes JMP 001404F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!ScreenToClient 76BCC1F2 7 Bytes JMP 00140670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!RegisterClipboardFormatA 76BCE6B1 5 Bytes JMP 001402F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!RegisterClipboardFormatW 76BCEDFD 5 Bytes JMP 001402B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!SetCursor 76BD52EA 5 Bytes JMP 00140530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!MonitorFromWindow 76BD590A 7 Bytes JMP 00140630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!PostMessageW 76BD6225 5 Bytes JMP 001405F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!IsWindowVisible 76BD6939 7 Bytes JMP 001406B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!GetClientRect 76BD74B1 7 Bytes JMP 001405B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!MapWindowPoints 76BD7915 5 Bytes JMP 00140570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!GetParent 76BD7AB3 7 Bytes JMP 001406F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!SetClipboardData 76BE4979 5 Bytes JMP 00140170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!EmptyClipboard 76BE4A28 5 Bytes JMP 00140130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!GetClipboardData 76BE4B47 5 Bytes JMP 00140030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!EnumClipboardFormats 76BE4D98 5 Bytes JMP 001401B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!GetClipboardFormatNameW 76BE7EB2 5 Bytes JMP 00140230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!SetClipboardViewer 76BE8F4D 5 Bytes JMP 001404B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!GetClipboardFormatNameA 76BE8F61 5 Bytes JMP 00140270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!GetOpenClipboardWindow 76BE902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!GetOpenClipboardWindow 76BE902F 5 Bytes JMP 001403F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!ChangeClipboardChain 76BF3425 5 Bytes JMP 00140430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!GetTopWindow 76BF3A5D 7 Bytes JMP 00140730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!CloseClipboard 76BF5BA7 5 Bytes JMP 001400B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!OpenClipboard 76BF5BB9 5 Bytes JMP 00140070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!IsClipboardFormatAvailable 76BF5C3A 5 Bytes JMP 001400F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!GetClipboardSequenceNumber 76BF5C4E 5 Bytes JMP 00140330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!GetClipboardOwner 76BF5C60 5 Bytes JMP 00140370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!CountClipboardFormats 76BF5DC9 5 Bytes JMP 001401F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!SetCursorPos 76C0C1D8 5 Bytes JMP 00140770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!GetClipboardViewer 76C24B57 5 Bytes JMP 00140470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] USER32.dll!GetPriorityClipboardFormat 76C24C59 5 Bytes JMP 001403B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ole32.dll!OleSetClipboard 75B20045 5 Bytes JMP 00250030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ole32.dll!OleIsCurrentClipboard 75B236B2 5 Bytes JMP 00250070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[3144] ole32.dll!OleGetClipboard 75B4FDCD 5 Bytes JMP 002500B0 .text C:\Users\Mirek\AppData\Local\Temp\7zO4A10.tmp\jhnmqgsg.exe[4956] ntdll.dll!NtTerminateThread 77676918 5 Bytes JMP 00020050 .text C:\Users\Mirek\AppData\Local\Temp\7zO4A10.tmp\jhnmqgsg.exe[4956] USER32.dll!GetKeyState + 9F 76BD5079 7 Bytes JMP 00310A12 .text C:\Users\Mirek\AppData\Local\Temp\7zO4A10.tmp\jhnmqgsg.exe[4956] USER32.dll!RecordShutdownReason + 372 76C106EA 7 Bytes JMP 00310930 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5188] USER32.dll!CharToOemA + 3A 76BCB1DE 7 Bytes JMP 56817E77 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5188] USER32.dll!AdjustWindowRectEx + 117 76BD660F 7 Bytes JMP 56817F4C C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5188] USER32.dll!GetWindowInfo 76BD6A82 5 Bytes JMP 5681A228 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5188] USER32.dll!MenuItemFromPoint + F 76BF4B36 7 Bytes JMP 5681881B C:\Program Files\Mozilla Firefox\xul.dll ---- Files - GMER 2.1 ---- File C:\Users\Mirek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZH5UXQ45\mstag[2].js 0 bytes File C:\Users\Mirek\AppData\Local\Mozilla\Firefox\Profiles\g3yqmpp8.default-1425574685874\cache2\entries\55E3B2216829F42984DF39273B6BDEA7BEECBE20 1683874 bytes File C:\Users\Mirek\AppData\Local\Mozilla\Firefox\Profiles\g3yqmpp8.default-1425574685874\cache2\entries\12DB666B2F2EDD5E972A3D8AA911ABBEC497B9BA 354530 bytes File C:\Users\Mirek\AppData\Local\Mozilla\Firefox\Profiles\g3yqmpp8.default-1425574685874\cache2\entries\040AE6590BE547E20A4F8C58A1D0ED0B9D42B8DA 294458 bytes File C:\Users\Mirek\AppData\Local\Mozilla\Firefox\Profiles\g3yqmpp8.default-1425574685874\cache2\entries\FCB1FF1FEB10F88692B21F1E19046E38ED1F022F 1555 bytes File C:\Users\Mirek\AppData\Local\Mozilla\Firefox\Profiles\g3yqmpp8.default-1425574685874\cache2\entries\1DA0289EF1D645B0732CE864DBADE1BDE446970E 1977977 bytes ---- EOF - GMER 2.1 ----