GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-17 19:35:52 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.GH10 Running: nfy5n5h8.exe; Driver: C:\Users\DINO\AppData\Local\Temp\pxdiapog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 8208F369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820C8D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[304] ntdll.dll!LdrLoadDll 779C22B8 5 Bytes JMP 706CFA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[304] kernel32.dll!MapViewOfFile 777C93DB 5 Bytes JMP 7097079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[304] kernel32.dll!VirtualAlloc 777CC43A 5 Bytes JMP 709707C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[304] GDI32.dll!CreateDIBSection 77AB8850 5 Bytes JMP 70970728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtCreateFile + 6 779A55CE 4 Bytes [28, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtCreateFile + B 779A55D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtCreateKey + 6 779A560E 4 Bytes [68, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtCreateKey + B 779A5613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtCreateMutant + 6 779A564E 4 Bytes [68, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtCreateMutant + B 779A5653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtCreateSection + 6 779A56EE 4 Bytes [A8, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtCreateSection + B 779A56F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtMapViewOfSection + 6 779A5C2E 4 Bytes CALL 769A6337 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtMapViewOfSection + B 779A5C33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenFile + 6 779A5CDE 4 Bytes [68, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenFile + B 779A5CE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenKey + 6 779A5D0E 4 Bytes [A8, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenKey + B 779A5D13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenKeyEx + 6 779A5D1E 4 Bytes CALL 769A6424 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenKeyEx + B 779A5D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenMutant + 6 779A5D5E 4 Bytes [28, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenMutant + B 779A5D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenProcess + 6 779A5D8E 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenProcess + 6 779A5D8E 4 Bytes [68, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenProcess + B 779A5D93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenProcessToken + 6 779A5D9E 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenProcessToken + 6 779A5D9E 4 Bytes [A8, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenProcessToken + B 779A5DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenProcessTokenEx + 6 779A5DAE 4 Bytes [68, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenProcessTokenEx + B 779A5DB3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenSection + 6 779A5DCE 4 Bytes CALL 769A64D5 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenSection + B 779A5DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenThread + 6 779A5E0E 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenThread + 6 779A5E0E 4 Bytes [28, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenThread + B 779A5E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenThreadToken + 6 779A5E1E 4 Bytes [28, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenThreadToken + B 779A5E23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenThreadTokenEx + 6 779A5E2E 4 Bytes [A8, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtOpenThreadTokenEx + B 779A5E33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtQueryAttributesFile + 6 779A5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtQueryAttributesFile + B 779A5F43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtQueryFullAttributesFile + 6 779A5FEE 4 Bytes CALL 769A66F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtQueryFullAttributesFile + B 779A5FF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtSetInformationFile + 6 779A663E 4 Bytes [28, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtSetInformationFile + B 779A6643 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtSetInformationThread + 6 779A669E 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtSetInformationThread + 6 779A669E 4 Bytes CALL 769A6DA6 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtSetInformationThread + B 779A66A3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtUnmapViewOfSection + 6 779A69BE 4 Bytes [28, 05, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ntdll.dll!NtUnmapViewOfSection + B 779A69C3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] kernel32.dll!CreateProcessW 7778204D 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] kernel32.dll!CreateProcessA 77782082 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!DeleteObject 77AB5F14 5 Bytes JMP 001101B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!SelectObject 77AB6640 5 Bytes JMP 001105F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!SetTextColor 77AB6906 5 Bytes JMP 001109F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!SetBkMode 77AB69B1 5 Bytes JMP 001108B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!DeleteDC 77AB6EAA 5 Bytes JMP 00110170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!GetDeviceCaps 77AB6F7F 5 Bytes JMP 001103B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!ExtSelectClipRgn 77AB7114 5 Bytes JMP 001102F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!SelectClipRgn 77AB7242 5 Bytes JMP 001105B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!SetStretchBltMode 77AB7705 5 Bytes JMP 00110670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!GetCurrentObject 77AB7917 5 Bytes JMP 00110370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!GetTextMetricsW 77AB7B8F 5 Bytes JMP 00110DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!GetTextAlign 77AB7DAF 5 Bytes JMP 00110D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!IntersectClipRect 77AB7DFE 5 Bytes JMP 001103F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!ExtTextOutW 77AB8192 5 Bytes JMP 00110930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!SetTextAlign 77AB828E 5 Bytes JMP 001109B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!GetClipBox 77AB8525 5 Bytes JMP 00110330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!MoveToEx 77AB8C21 5 Bytes JMP 00110470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!StretchDIBits 77ABA53E 5 Bytes JMP 00110730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!RestoreDC 77ABA67B 5 Bytes JMP 00110530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!SaveDC 77ABA74B 5 Bytes JMP 00110570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!GetTextExtentPoint32W 77ABB4B5 5 Bytes JMP 00110630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!GetTextFaceW 77ABB73A 2 Bytes JMP 00110CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!GetTextFaceW + 3 77ABB73D 2 Bytes [65, 88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!GetFontData 77ABBCC4 5 Bytes JMP 00110C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!SetWorldTransform 77ABC90A 5 Bytes JMP 001106B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!CreateDCA 77ABCCA9 5 Bytes JMP 001100B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!CreateDCW 77ABCF79 5 Bytes JMP 001100F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!CreateICW 77ABCFD0 5 Bytes JMP 00110130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!GetTextMetricsA 77ABD0F2 5 Bytes JMP 00110DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!Rectangle 77ABF1FF 5 Bytes JMP 00110970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!LineTo 77ABF59B 5 Bytes JMP 00110430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!SetICMMode 77ABFAA4 5 Bytes JMP 00110D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!ExtTextOutA 77AC03F9 5 Bytes JMP 001108F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!ExtEscape 77AC2949 5 Bytes JMP 001102B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!Escape 77AC3939 5 Bytes JMP 00110270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!GetTextFaceA 77AC3E6A 5 Bytes JMP 00110CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!SetPolyFillMode 77ACD851 5 Bytes JMP 00110AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!SetMiterLimit 77ACDA0D 5 Bytes JMP 00110B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!EndPage 77AD00D7 5 Bytes JMP 00110230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!ResetDCW 77AD050D 5 Bytes JMP 00110A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!GetGlyphOutlineW 77ADC1BA 5 Bytes JMP 00110C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!CreateScalableFontResourceW 77ADE817 5 Bytes JMP 00110B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!AddFontResourceW 77ADEC13 5 Bytes JMP 00110BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!RemoveFontResourceW 77ADF109 5 Bytes JMP 00110BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!AbortDoc 77AE4C63 5 Bytes JMP 00110030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!EndDoc 77AE50AA 5 Bytes JMP 001101F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!StartPage 77AE5195 5 Bytes JMP 001106F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!StartDocW 77AE5BB0 5 Bytes JMP 001107B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!BeginPath 77AE635D 5 Bytes JMP 001107F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!SelectClipPath 77AE63B4 5 Bytes JMP 00110AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!CloseFigure 77AE640F 5 Bytes JMP 00110070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!EndPath 77AE6466 5 Bytes JMP 00110A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!StrokePath 77AE6699 5 Bytes JMP 00110770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!FillPath 77AE6726 5 Bytes JMP 00110830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!PolylineTo 77AE6B94 5 Bytes JMP 001104F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!PolyBezierTo 77AE6C25 5 Bytes JMP 001104B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] GDI32.dll!PolyDraw 77AE6CD7 5 Bytes JMP 00110870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!ActivateKeyboardLayout 763F8203 5 Bytes JMP 001204F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!ScreenToClient 763FA506 7 Bytes JMP 00120670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!RegisterClipboardFormatA 763FC091 5 Bytes JMP 001202F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!RegisterClipboardFormatW 763FDF8D 5 Bytes JMP 001202B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!SetCursor 76403075 5 Bytes JMP 00120530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!MonitorFromWindow 76403622 7 Bytes JMP 00120630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!PostMessageW 7640447B 5 Bytes JMP 001205F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!IsWindowVisible 76404D69 7 Bytes JMP 001206B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!GetClientRect 764054DD 7 Bytes JMP 001205B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!MapWindowPoints 76405CAA 5 Bytes JMP 00120570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!GetParent 76406029 7 Bytes JMP 001206F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!EmptyClipboard 7641290C 5 Bytes JMP 00120130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!SetClipboardData 76412962 5 Bytes JMP 00120170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!GetClipboardData 76412BA7 5 Bytes JMP 00120030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!GetClipboardFormatNameW 76415FD2 5 Bytes JMP 00120230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!SetClipboardViewer 76416FF6 5 Bytes JMP 001204B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!GetClipboardFormatNameA 7641700A 5 Bytes JMP 00120270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!ChangeClipboardChain 7642147C 5 Bytes JMP 00120430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!GetTopWindow 764224D9 7 Bytes JMP 00120730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!CloseClipboard 7642446C 5 Bytes JMP 001200B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!OpenClipboard 7642447E 5 Bytes JMP 00120070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!IsClipboardFormatAvailable 764244FF 5 Bytes JMP 001200F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!GetClipboardSequenceNumber 76424513 5 Bytes JMP 00120330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!GetClipboardOwner 76424525 5 Bytes JMP 00120370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!CountClipboardFormats 7642470A 5 Bytes JMP 001201F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!EnumClipboardFormats 764247EC 5 Bytes JMP 001201B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!GetOpenClipboardWindow 7642480B 5 Bytes JMP 001203F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!SetCursorPos 7643C1B0 5 Bytes JMP 00120770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!GetClipboardViewer 76454AF7 5 Bytes JMP 00120470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] USER32.dll!GetPriorityClipboardFormat 76454BF9 5 Bytes JMP 001203B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ole32.dll!OleSetClipboard 77380045 5 Bytes JMP 00170030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ole32.dll!OleIsCurrentClipboard 773836B2 5 Bytes JMP 00170070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] ole32.dll!OleGetClipboard 773AFDCD 5 Bytes JMP 001700B0 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74782437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74765600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747656BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747824B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74778514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74774CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7477506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74775144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74776671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7477826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747787BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7477901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7477E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74774BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00120790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 001207D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe[1496] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010090 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----