GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-20 04:18:31 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK1652GSX rev.LV010M Running: gxygjbjb.exe; Driver: C:\Users\Hubert\AppData\Local\Temp\ugddqpoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82040A49 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8207A4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[552] ntdll.dll!LdrGetProcedureAddress + 26 77A62239 7 Bytes JMP 6D85A650 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[552] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 773D941E 7 Bytes JMP 6DA97DF7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[552] kernel32.dll!QueryPerformanceCounter + 13 773DC435 7 Bytes JMP 6DA97E1A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[552] kernel32.dll!LoadAppInitDlls + 355 773DF4F6 7 Bytes JMP 6D85EDB3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[552] GDI32.dll!GetViewportOrgEx + 26C 7776884B 7 Bytes JMP 6DA97D78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1484] USER32.dll!RegisterMessagePumpHook + 2F1 762D8B9E 7 Bytes JMP 6DB6ADE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1484] USER32.dll!IsDialogMessageW + 340 762E4444 7 Bytes JMP 6DB6AD6F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1484] USER32.dll!GetWindowInfo 762E4B5E 5 Bytes JMP 6D9B47EC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1484] USER32.dll!ToUnicodeEx + 71 762F2223 7 Bytes JMP 6D9B4E1E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtCreateFile + 6 77A455CE 4 Bytes [28, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtCreateFile + B 77A455D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtCreateKey + 6 77A4560E 4 Bytes [68, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtCreateKey + B 77A45613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtCreateMutant + 6 77A4564E 4 Bytes [68, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtCreateMutant + B 77A45653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtCreateSection + 6 77A456EE 4 Bytes [A8, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtCreateSection + B 77A456F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtMapViewOfSection + B 77A45C33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenFile + 6 77A45CDE 4 Bytes [68, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenFile + B 77A45CE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenKey + 6 77A45D0E 4 Bytes [A8, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenKey + B 77A45D13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenKeyEx + B 77A45D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenMutant + 6 77A45D5E 4 Bytes [28, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenMutant + B 77A45D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenProcess + 6 77A45D8E 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenProcess + 6 77A45D8E 4 Bytes [68, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenProcess + B 77A45D93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenProcessToken + 6 77A45D9E 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenProcessToken + 6 77A45D9E 4 Bytes [A8, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenProcessToken + B 77A45DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenProcessTokenEx + 6 77A45DAE 4 Bytes [68, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenProcessTokenEx + B 77A45DB3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenSection + B 77A45DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenThread + 6 77A45E0E 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenThread + 6 77A45E0E 4 Bytes [28, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenThread + B 77A45E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenThreadToken + 6 77A45E1E 4 Bytes [28, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenThreadToken + B 77A45E23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenThreadTokenEx + 6 77A45E2E 4 Bytes [A8, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtOpenThreadTokenEx + B 77A45E33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtQueryAttributesFile + 6 77A45F3E 4 Bytes [A8, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtQueryAttributesFile + B 77A45F43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtQueryFullAttributesFile + B 77A45FF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtSetInformationFile + 6 77A4663E 4 Bytes [28, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtSetInformationFile + B 77A46643 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtSetInformationThread + 6 77A4669E 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtSetInformationThread + B 77A466A3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtUnmapViewOfSection + 6 77A469BE 4 Bytes [28, 05, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ntdll.dll!NtUnmapViewOfSection + B 77A469C3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] kernel32.dll!CreateProcessW 7739204D 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] kernel32.dll!CreateProcessA 77392082 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!DeleteObject 77765F14 5 Bytes JMP 002D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!SelectObject 77766640 5 Bytes JMP 002D05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!SetTextColor 77766906 5 Bytes JMP 002D0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!SetBkMode 777669B1 5 Bytes JMP 002D08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!DeleteDC 77766EAA 5 Bytes JMP 002D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!GetDeviceCaps 77766F7F 5 Bytes JMP 002D03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!ExtSelectClipRgn 77767114 5 Bytes JMP 002D02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!SelectClipRgn 77767242 5 Bytes JMP 002D05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!SetStretchBltMode 77767705 5 Bytes JMP 002D06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!GetCurrentObject 77767917 5 Bytes JMP 002D0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!GetTextMetricsW 77767B8F 5 Bytes JMP 002D0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!GetTextAlign 77767DAF 5 Bytes JMP 002D0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!IntersectClipRect 77767DFE 5 Bytes JMP 002D03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!ExtTextOutW 77768192 5 Bytes JMP 002D0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!SetTextAlign 7776828E 5 Bytes JMP 002D09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!GetClipBox 77768525 5 Bytes JMP 002D0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!MoveToEx 77768C21 5 Bytes JMP 002D0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!StretchDIBits 7776A53E 5 Bytes JMP 002D0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!RestoreDC 7776A67B 5 Bytes JMP 002D0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!SaveDC 7776A74B 5 Bytes JMP 002D0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!GetTextExtentPoint32W 7776B4B5 5 Bytes JMP 002D0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!GetTextFaceW 7776B73A 2 Bytes JMP 002D0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!GetTextFaceW + 3 7776B73D 2 Bytes [B6, 88] {MOV DH, 0x88} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!GetFontData 7776BCC4 5 Bytes JMP 002D0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!SetWorldTransform 7776C90A 5 Bytes JMP 002D06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!CreateDCA 7776CCA9 5 Bytes JMP 002D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!CreateDCW 7776CF79 5 Bytes JMP 002D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!CreateICW 7776CFD0 5 Bytes JMP 002D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!GetTextMetricsA 7776D0F2 5 Bytes JMP 002D0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!Rectangle 7776F1FF 5 Bytes JMP 002D09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!LineTo 7776F59B 5 Bytes JMP 002D0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!SetICMMode 7776FAA4 5 Bytes JMP 002D0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!ExtTextOutA 777703F9 5 Bytes JMP 002D0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!GetTextExtentPoint32A 777707B0 5 Bytes JMP 002D0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!ExtEscape 77772949 5 Bytes JMP 002D02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!Escape 77773939 5 Bytes JMP 002D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!GetTextFaceA 77773E6A 5 Bytes JMP 002D0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!SetPolyFillMode 7777D851 5 Bytes JMP 002D0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!SetMiterLimit 7777DA0D 5 Bytes JMP 002D0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!EndPage 777800D7 5 Bytes JMP 002D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!ResetDCW 7778050D 5 Bytes JMP 002D0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!GetGlyphOutlineW 7778C1BA 5 Bytes JMP 002D0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!CreateScalableFontResourceW 7778E817 5 Bytes JMP 002D0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!AddFontResourceW 7778EC13 5 Bytes JMP 002D0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!RemoveFontResourceW 7778F109 5 Bytes JMP 002D0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!AbortDoc 77794C63 5 Bytes JMP 002D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!EndDoc 777950AA 5 Bytes JMP 002D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!StartPage 77795195 5 Bytes JMP 002D0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!StartDocW 77795BB0 5 Bytes JMP 002D07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!BeginPath 7779635D 5 Bytes JMP 002D0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!SelectClipPath 777963B4 5 Bytes JMP 002D0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!CloseFigure 7779640F 5 Bytes JMP 002D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!EndPath 77796466 5 Bytes JMP 002D0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!StrokePath 77796699 5 Bytes JMP 002D07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!FillPath 77796726 5 Bytes JMP 002D0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!PolylineTo 77796B94 5 Bytes JMP 002D04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!PolyBezierTo 77796C25 5 Bytes JMP 002D04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] GDI32.dll!PolyDraw 77796CD7 5 Bytes JMP 002D08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!ActivateKeyboardLayout 762D8203 3 Bytes JMP 002E04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!ActivateKeyboardLayout + 4 762D8207 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!ScreenToClient 762DA506 7 Bytes JMP 002E0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!RegisterClipboardFormatA 762DC091 5 Bytes JMP 002E02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!RegisterClipboardFormatW 762DDF8D 5 Bytes JMP 002E02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!SetCursor 762E3075 5 Bytes JMP 002E0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!MonitorFromWindow 762E3622 7 Bytes JMP 002E0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!PostMessageW 762E447B 5 Bytes JMP 002E05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!IsWindowVisible 762E4D69 7 Bytes JMP 002E06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!GetClientRect 762E54DD 7 Bytes JMP 002E05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!MapWindowPoints 762E5CAA 5 Bytes JMP 002E0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!GetParent 762E6029 7 Bytes JMP 002E06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!EmptyClipboard 762F290C 5 Bytes JMP 002E0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!SetClipboardData 762F2962 5 Bytes JMP 002E0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!GetClipboardData 762F2BA7 5 Bytes JMP 002E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!GetClipboardFormatNameW 762F5FD2 5 Bytes JMP 002E0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!SetClipboardViewer 762F6FF6 5 Bytes JMP 002E04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!GetClipboardFormatNameA 762F700A 5 Bytes JMP 002E0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!ChangeClipboardChain 7630147C 5 Bytes JMP 002E0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!GetTopWindow 763024D9 7 Bytes JMP 002E0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!CloseClipboard 7630446C 5 Bytes JMP 002E00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!OpenClipboard 7630447E 5 Bytes JMP 002E0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!IsClipboardFormatAvailable 763044FF 5 Bytes JMP 002E00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!GetClipboardSequenceNumber 76304513 5 Bytes JMP 002E0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!GetClipboardOwner 76304525 5 Bytes JMP 002E0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!CountClipboardFormats 7630470A 5 Bytes JMP 002E01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!EnumClipboardFormats 763047EC 5 Bytes JMP 002E01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!GetOpenClipboardWindow 7630480B 5 Bytes JMP 002E03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!SetCursorPos 7631C1B0 5 Bytes JMP 002E0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!GetClipboardViewer 76334AF7 5 Bytes JMP 002E0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] USER32.dll!GetPriorityClipboardFormat 76334BF9 5 Bytes JMP 002E03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ole32.dll!OleSetClipboard 778E0045 5 Bytes JMP 002F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ole32.dll!OleIsCurrentClipboard 778E36B2 5 Bytes JMP 002F0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] ole32.dll!OleGetClipboard 7790FDCD 5 Bytes JMP 002F00B0 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 002E0790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 002E07D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[1584] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010090 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00037a8cc08c Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00037a8cc08c (not active ControlSet) ---- EOF - GMER 1.0.15 ----