GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-01 00:01:24 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0001SDM1 Running: CCleaner.lnk.exe; Driver: C:\Users\Martyna\AppData\Local\Temp\uxldapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwAlpcSendWaitReceivePort [0x904786B4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEvent [0x90477F84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEventPair [0x90478008] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateIoCompletion [0x904781A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateMutant [0x90477E80] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSection [0x90478084] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSemaphore [0x90477F02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateTimer [0x90478124] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwLoadDriver [0x904762E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEvent [0x90477FCA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEventPair [0x90478046] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenIoCompletion [0x904781E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenMutant [0x90477EC4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSection [0x904780DA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSemaphore [0x90477F46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenTimer [0x90478166] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryObject [0x90476E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePort [0x90478B0A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePortEx [0x90478672] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSetSystemInformation [0x90476352] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwShutdownSystem [0x9047648E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSystemDebugControl [0x904764A0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x9078350A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A7F3C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB8D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82ABFDF8 4 Bytes [B4, 86, 47, 90] {MOV AH, 0x86; INC EDI; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82ABFE5C 8 Bytes [84, 7F, 47, 90, 08, 80, 47, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82ABFE68 4 Bytes [A4, 81, 47, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82ABFE84 4 Bytes [80, 7E, 47, 90] {CMP BYTE [ESI+0x47], 0x90} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82ABFEAC 8 Bytes [84, 80, 47, 90, 02, 7F, 47, ...] {TEST [EAX+0x7f029047], AL; INC EDI; NOP } .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C4CC64 5 Bytes JMP 9077F4AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 82C65290 5 Bytes JMP 907809E4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82D1E11A 7 Bytes JMP 9078350E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] ADVAPI32.dll!RegOpenKeyExA 77064907 5 Bytes JMP 00E63EEE C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Windows Live Family Safety Service/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtCreateFile + 6 779B55CE 4 Bytes [28, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtCreateFile + B 779B55D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtCreateKey + 6 779B560E 4 Bytes [68, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtCreateKey + B 779B5613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtCreateMutant + 6 779B564E 4 Bytes [68, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtCreateMutant + B 779B5653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtCreateSection + 6 779B56EE 4 Bytes [A8, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtCreateSection + B 779B56F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtMapViewOfSection + B 779B5C33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenFile + 6 779B5CDE 4 Bytes [68, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenFile + B 779B5CE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenKey + 6 779B5D0E 4 Bytes [A8, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenKey + B 779B5D13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenKeyEx + B 779B5D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenMutant + 6 779B5D5E 4 Bytes [28, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenMutant + B 779B5D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenProcess + 6 779B5D8E 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenProcess + 6 779B5D8E 4 Bytes [68, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenProcess + B 779B5D93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenProcessToken + 6 779B5D9E 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenProcessToken + 6 779B5D9E 4 Bytes [A8, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenProcessToken + B 779B5DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenProcessTokenEx + 6 779B5DAE 4 Bytes [68, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenProcessTokenEx + B 779B5DB3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenSection + B 779B5DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenThread + 6 779B5E0E 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenThread + 6 779B5E0E 4 Bytes [28, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenThread + B 779B5E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenThreadToken + 6 779B5E1E 4 Bytes [28, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenThreadToken + B 779B5E23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenThreadTokenEx + 6 779B5E2E 4 Bytes [A8, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtOpenThreadTokenEx + B 779B5E33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtQueryAttributesFile + 6 779B5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtQueryAttributesFile + B 779B5F43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtQueryFullAttributesFile + B 779B5FF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtSetInformationFile + 6 779B663E 4 Bytes [28, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtSetInformationFile + B 779B6643 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtSetInformationThread + 6 779B669E 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtSetInformationThread + B 779B66A3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtUnmapViewOfSection + 6 779B69BE 4 Bytes [28, 05, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ntdll.dll!NtUnmapViewOfSection + B 779B69C3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] kernel32.dll!CreateProcessW 77AC204D 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] kernel32.dll!CreateProcessA 77AC2082 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!DeleteObject 77665F14 5 Bytes JMP 000A01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!SelectObject 77666640 5 Bytes JMP 000A05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!SetTextColor 77666906 5 Bytes JMP 000A09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!SetBkMode 776669B1 5 Bytes JMP 000A08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!DeleteDC 77666EAA 5 Bytes JMP 000A0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!GetDeviceCaps 77666F7F 5 Bytes JMP 000A03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!ExtSelectClipRgn 77667114 5 Bytes JMP 000A02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!SelectClipRgn 77667242 5 Bytes JMP 000A05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!SetStretchBltMode 77667705 5 Bytes JMP 000A0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!GetCurrentObject 77667917 5 Bytes JMP 000A0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!GetTextMetricsW 77667B8F 5 Bytes JMP 000A0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!GetTextAlign 77667DAF 5 Bytes JMP 000A0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!IntersectClipRect 77667DFE 5 Bytes JMP 000A03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!ExtTextOutW 77668192 5 Bytes JMP 000A0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!SetTextAlign 7766828E 5 Bytes JMP 000A09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!GetClipBox 77668525 5 Bytes JMP 000A0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!MoveToEx 77668C21 5 Bytes JMP 000A0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!StretchDIBits 7766A53E 5 Bytes JMP 000A0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!RestoreDC 7766A67B 5 Bytes JMP 000A0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!SaveDC 7766A74B 5 Bytes JMP 000A0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!GetTextExtentPoint32W 7766B4B5 5 Bytes JMP 000A0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!GetTextFaceW 7766B73A 2 Bytes JMP 000A0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!GetTextFaceW + 3 7766B73D 2 Bytes [A3, 88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!GetFontData 7766BCC4 5 Bytes JMP 000A0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!SetWorldTransform 7766C90A 5 Bytes JMP 000A06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!CreateDCA 7766CCA9 5 Bytes JMP 000A00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!CreateDCW 7766CF79 5 Bytes JMP 000A00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!CreateICW 7766CFD0 5 Bytes JMP 000A0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!GetTextMetricsA 7766D0F2 5 Bytes JMP 000A0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!Rectangle 7766F1FF 5 Bytes JMP 000A0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!LineTo 7766F59B 5 Bytes JMP 000A0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!SetICMMode 7766FAA4 5 Bytes JMP 000A0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!ExtTextOutA 776703F9 5 Bytes JMP 000A08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!ExtEscape 77672949 5 Bytes JMP 000A02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!Escape 77673939 5 Bytes JMP 000A0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!GetTextFaceA 77673E6A 5 Bytes JMP 000A0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!SetPolyFillMode 7767D851 5 Bytes JMP 000A0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!SetMiterLimit 7767DA0D 5 Bytes JMP 000A0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!EndPage 776800D7 5 Bytes JMP 000A0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!ResetDCW 7768050D 5 Bytes JMP 000A0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!GetGlyphOutlineW 7768C1BA 5 Bytes JMP 000A0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!CreateScalableFontResourceW 7768E817 5 Bytes JMP 000A0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!AddFontResourceW 7768EC13 5 Bytes JMP 000A0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!RemoveFontResourceW 7768F109 5 Bytes JMP 000A0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!AbortDoc 77694C63 5 Bytes JMP 000A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!EndDoc 776950AA 5 Bytes JMP 000A01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!StartPage 77695195 5 Bytes JMP 000A06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!StartDocW 77695BB0 5 Bytes JMP 000A07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!BeginPath 7769635D 5 Bytes JMP 000A07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!SelectClipPath 776963B4 5 Bytes JMP 000A0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!CloseFigure 7769640F 5 Bytes JMP 000A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!EndPath 77696466 5 Bytes JMP 000A0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!StrokePath 77696699 5 Bytes JMP 000A0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!FillPath 77696726 5 Bytes JMP 000A0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!PolylineTo 77696B94 5 Bytes JMP 000A04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!PolyBezierTo 77696C25 5 Bytes JMP 000A04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] GDI32.dll!PolyDraw 77696CD7 5 Bytes JMP 000A0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!ActivateKeyboardLayout 76C08203 5 Bytes JMP 000B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!ScreenToClient 76C0A506 7 Bytes JMP 000B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!RegisterClipboardFormatA 76C0C091 5 Bytes JMP 000B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!RegisterClipboardFormatW 76C0DF8D 5 Bytes JMP 000B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!SetCursor 76C13075 5 Bytes JMP 000B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!MonitorFromWindow 76C13622 7 Bytes JMP 000B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!PostMessageW 76C1447B 5 Bytes JMP 000B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!IsWindowVisible 76C14D69 7 Bytes JMP 000B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!GetClientRect 76C154DD 7 Bytes JMP 000B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!MapWindowPoints 76C15CAA 5 Bytes JMP 000B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!GetParent 76C16029 7 Bytes JMP 000B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!EmptyClipboard 76C2290C 5 Bytes JMP 000B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!SetClipboardData 76C22962 5 Bytes JMP 000B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!GetClipboardData 76C22BA7 5 Bytes JMP 000B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!GetClipboardFormatNameW 76C25FD2 5 Bytes JMP 000B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!SetClipboardViewer 76C26FF6 5 Bytes JMP 000B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!GetClipboardFormatNameA 76C2700A 5 Bytes JMP 000B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!ChangeClipboardChain 76C3147C 5 Bytes JMP 000B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!GetTopWindow 76C324D9 7 Bytes JMP 000B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!CloseClipboard 76C3446C 5 Bytes JMP 000B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!OpenClipboard 76C3447E 5 Bytes JMP 000B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!IsClipboardFormatAvailable 76C344FF 5 Bytes JMP 000B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!GetClipboardSequenceNumber 76C34513 5 Bytes JMP 000B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!GetClipboardOwner 76C34525 5 Bytes JMP 000B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!CountClipboardFormats 76C3470A 5 Bytes JMP 000B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!EnumClipboardFormats 76C347EC 5 Bytes JMP 000B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!GetOpenClipboardWindow 76C3480B 5 Bytes JMP 000B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!SetCursorPos 76C4C1B0 5 Bytes JMP 000B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!GetClipboardViewer 76C64AF7 5 Bytes JMP 000B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] USER32.dll!GetPriorityClipboardFormat 76C64BF9 5 Bytes JMP 000B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ole32.dll!OleSetClipboard 774B0045 5 Bytes JMP 00230030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ole32.dll!OleIsCurrentClipboard 774B36B2 5 Bytes JMP 00230070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] ole32.dll!OleGetClipboard 774DFDCD 5 Bytes JMP 002300B0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3932] USER32.dll!GetWindowInfo 76C14B5E 5 Bytes JMP 64A8BACC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3932] USER32.dll!ToUnicodeEx + 71 76C22223 7 Bytes JMP 64A8C0F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3972] ntdll.dll!LdrGetProcedureAddress + 26 779D2239 7 Bytes JMP 6490B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3972] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 77B093D6 7 Bytes JMP 64BBB6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3972] kernel32.dll!QueryPerformanceCounter + 13 77B0C435 7 Bytes JMP 64BBB6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3972] GDI32.dll!GetViewportOrgEx + 26C 7766884B 7 Bytes JMP 64BBB653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\System32\rundll32.exe[2288] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75A3FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2288] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75A3FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2288] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75A3FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2288] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75A3FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 000B0790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 000B07D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe[3740] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010090 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000005a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software) ---- EOF - GMER 1.0.15 ----