GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-26 23:55:48 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 Running: zdk2ti32.exe; Driver: C:\Users\Dominik\AppData\Local\Temp\fgroikog.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[768] USER32.dll!InSendMessageEx + 4C9 7679E7C8 7 Bytes JMP 6D3FDF63 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[768] USER32.dll!CreateWindowExW + AA 767A13AF 7 Bytes JMP 6D3FDEF2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[768] USER32.dll!GetWindowInfo 767A428E 5 Bytes JMP 6D244536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[768] USER32.dll!SetMenuItemBitmaps + 71 767B14EE 7 Bytes JMP 6D244B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtCreateFile + 6 7733424A 4 Bytes [28, 00, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtCreateFile + B 7733424F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtCreateKey + 6 7733428A 4 Bytes [68, 01, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtCreateKey + B 7733428F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtCreateMutant + 6 773342BA 4 Bytes [28, 02, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtCreateMutant + B 773342BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtCreateSection + 6 7733433A 4 Bytes [68, 02, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtCreateSection + B 7733433F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtMapViewOfSection + 6 7733499A 4 Bytes [A8, 04, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtMapViewOfSection + B 7733499F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenFile + 6 77334A2A 4 Bytes [68, 00, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenFile + B 77334A2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenKey + 6 77334A5A 4 Bytes [A8, 01, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenKey + B 77334A5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenMutant + B 77334A7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenProcess + 6 77334AAA 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenProcess + 6 77334AAA 4 Bytes [28, 03, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenProcess + B 77334AAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenProcessToken + 6 77334ABA 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenProcessToken + 6 77334ABA 4 Bytes [68, 03, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenProcessToken + B 77334ABF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenProcessTokenEx + 6 77334ACA 4 Bytes [28, 04, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenProcessTokenEx + B 77334ACF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenSection + 6 77334ADA 4 Bytes [A8, 02, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenSection + B 77334ADF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenThread + B 77334B1F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenThreadToken + 6 77334B2A 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenThreadToken + B 77334B2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenThreadTokenEx + 6 77334B3A 4 Bytes [68, 04, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtOpenThreadTokenEx + B 77334B3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtQueryAttributesFile + 6 77334BCA 4 Bytes [A8, 00, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtQueryAttributesFile + B 77334BCF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtQueryFullAttributesFile + B 77334C7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtSetInformationFile + 6 7733515A 4 Bytes [28, 01, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtSetInformationFile + B 7733515F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtSetInformationThread + 6 773351AA 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtSetInformationThread + 6 773351AA 4 Bytes [A8, 03, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtSetInformationThread + B 773351AF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ntdll.dll!NtUnmapViewOfSection + B 7733544F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] kernel32.dll!CreateProcessW 76C01BF3 5 Bytes JMP 000100B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] kernel32.dll!CreateProcessA 76C01C28 5 Bytes JMP 000100F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] kernel32.dll!OpenEventW 76C1C023 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] kernel32.dll!CreateEventW 76C4B85E 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!DeleteObject 77415A37 5 Bytes JMP 001801B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!GetDeviceCaps 7741617F 5 Bytes JMP 001803B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!SelectObject 774162A0 5 Bytes JMP 001805F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!SetTextColor 7741666B 5 Bytes JMP 00180A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!SetBkMode 77416716 5 Bytes JMP 001808F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!DeleteDC 774168CD 5 Bytes JMP 00180170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!GetCurrentObject 77416B58 5 Bytes JMP 00180370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!SetStretchBltMode 77417206 5 Bytes JMP 001806B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!SaveDC 774175BA 5 Bytes JMP 00180570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!RestoreDC 77417675 5 Bytes JMP 00180530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!StretchDIBits 774178CF 5 Bytes JMP 00180770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!ExtSelectClipRgn 774179F8 5 Bytes JMP 001802F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!SelectClipRgn 77417AF9 5 Bytes JMP 001805B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!MoveToEx 77417C33 5 Bytes JMP 00180470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!Rectangle 77417EA9 5 Bytes JMP 001809B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!GetTextAlign 774182E0 5 Bytes JMP 00180D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!SetTextAlign 774185CB 5 Bytes JMP 001809F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!ExtTextOutW 7741872B 5 Bytes JMP 00180970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!GetTextMetricsW 77418A81 5 Bytes JMP 00180E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!IntersectClipRect 77418B64 5 Bytes JMP 001803F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!GetClipBox 77419071 5 Bytes JMP 00180330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!SetICMMode 774194E7 5 Bytes JMP 00180DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!CreateDCW 7741A91D 5 Bytes JMP 001800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!CreateDCA 7741AA49 5 Bytes JMP 001800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!CreateICW 7741B2E9 5 Bytes JMP 00180130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!GetTextFaceW 7741B637 5 Bytes JMP 00180D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!GetFontData 7741BA6C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!GetFontData 7741BA6C 5 Bytes JMP 00180C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!GetTextExtentPoint32W 7741C01A 5 Bytes JMP 00180670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!SetWorldTransform 7741C46A 5 Bytes JMP 001806F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!LineTo 7741C65E 5 Bytes JMP 00180430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!GetTextMetricsA 7741CCEB 5 Bytes JMP 00180DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!ExtTextOutA 774200A5 5 Bytes JMP 00180930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!GetTextExtentPoint32A 77420E58 5 Bytes JMP 00180630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!ExtEscape 774222A7 5 Bytes JMP 001802B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!Escape 774227F1 5 Bytes JMP 00180270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!ResetDCW 77423132 5 Bytes JMP 00180AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!EndPage 7742375E 5 Bytes JMP 00180230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!SetPolyFillMode 774261D3 5 Bytes JMP 00180B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!SetMiterLimit 774262E2 5 Bytes JMP 00180B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!GetTextFaceA 7742F4C5 5 Bytes JMP 00180CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!GetGlyphOutlineW 7743A41F 5 Bytes JMP 00180CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!CreateScalableFontResourceW 7743C88B 5 Bytes JMP 00180BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!AddFontResourceW 7743CC93 5 Bytes JMP 00180BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!RemoveFontResourceW 7743D129 5 Bytes JMP 00180C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!AbortDoc 77442CC4 5 Bytes JMP 00180030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!EndDoc 774430D8 5 Bytes JMP 001801F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!StartPage 774431C3 5 Bytes JMP 00180730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!StartDocW 77443CA7 5 Bytes JMP 001807F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!BeginPath 77444465 5 Bytes JMP 00180830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!SelectClipPath 774444BC 5 Bytes JMP 00180AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!CloseFigure 77444517 5 Bytes JMP 00180070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!EndPath 7744456E 5 Bytes JMP 00180A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!StrokePath 774447A0 5 Bytes JMP 001807B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!FillPath 7744482C 5 Bytes JMP 00180870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!PolylineTo 77444C95 5 Bytes JMP 001804F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!PolyBezierTo 77444D25 5 Bytes JMP 001804B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] GDI32.dll!PolyDraw 77444DD6 5 Bytes JMP 001808B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!SetCursor 7679D37D 5 Bytes JMP 00190530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!RegisterClipboardFormatW 7679D6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!RegisterClipboardFormatW 7679D6AC 5 Bytes JMP 001902B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!ActivateKeyboardLayout 767A478C 5 Bytes JMP 001904F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!IsWindowVisible 767A878A 7 Bytes JMP 001906B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!MonitorFromWindow 767A88D4 4 Bytes JMP 00190630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!MonitorFromWindow + 5 767A88D9 2 Bytes [CC, CC] {INT 3 ; INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!ScreenToClient 767A8C56 7 Bytes JMP 00190670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!GetClientRect 767A8F0D 7 Bytes JMP 001905B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!GetParent 767A90AA 7 Bytes JMP 001906F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!RegisterClipboardFormatA 767AA111 5 Bytes JMP 001902F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!PostMessageW 767AA175 5 Bytes JMP 001905F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!MapWindowPoints 767AA30D 5 Bytes JMP 00190570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!GetClipboardFormatNameA 767AA552 5 Bytes JMP 00190270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!GetOpenClipboardWindow 767B26A6 5 Bytes JMP 001903F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!SetClipboardViewer 767BBA2D 5 Bytes JMP 001904B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!IsClipboardFormatAvailable 767BC2E3 5 Bytes JMP 001900F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!CloseClipboard 767BC2F7 5 Bytes JMP 001900B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!OpenClipboard 767BC31D 5 Bytes JMP 00190070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!GetTopWindow 767BCE0A 7 Bytes JMP 00190730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!GetClipboardSequenceNumber 767BD8B7 5 Bytes JMP 00190330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!ChangeClipboardChain 767BDF83 5 Bytes JMP 00190430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!CountClipboardFormats 767C0048 5 Bytes JMP 001901F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!GetClipboardOwner 767C26EF 5 Bytes JMP 00190370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!SetClipboardData 767D6410 5 Bytes JMP 00190170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!EnumClipboardFormats 767D6D16 5 Bytes JMP 001901B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!SetCursorPos 767D6FB2 5 Bytes JMP 00190770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!GetClipboardData 767D715A 5 Bytes JMP 00190030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!GetClipboardFormatNameW 767DA99F 5 Bytes JMP 00190230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!EmptyClipboard 767F398B 5 Bytes JMP 00190130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!GetClipboardViewer 767F39ED 5 Bytes JMP 00190470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] USER32.dll!GetPriorityClipboardFormat 767F3AEF 5 Bytes JMP 001903B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ole32.dll!OleGetClipboard 76A974C9 5 Bytes JMP 001A00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ole32.dll!OleSetClipboard 76AC11E3 5 Bytes JMP 001A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] ole32.dll!OleIsCurrentClipboard 76ACA8F9 5 Bytes JMP 001A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] Secur32.dll!FreeContextBuffer 75822D83 5 Bytes JMP 001C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] Secur32.dll!DeleteSecurityContext 75822F18 5 Bytes JMP 001C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] Secur32.dll!FreeCredentialsHandle 75823598 5 Bytes JMP 001C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] Secur32.dll!EncryptMessage 75823745 5 Bytes JMP 001C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] Secur32.dll!DecryptMessage 75823813 5 Bytes JMP 001C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] Secur32.dll!InitializeSecurityContextA 758287DF 5 Bytes JMP 001C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] Secur32.dll!AcquireCredentialsHandleA 75828A43 5 Bytes JMP 001C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] Secur32.dll!QueryContextAttributesA 75828E77 5 Bytes JMP 001C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] Secur32.dll!ApplyControlToken 7582DE4F 5 Bytes JMP 001C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] Secur32.dll!QueryCredentialsAttributesA 7582E052 5 Bytes JMP 001C00B0 .text C:\Program Files\Mozilla Firefox\firefox.exe[2008] ntdll.dll!LdrLoadDll 772F9378 5 Bytes JMP 6D0F0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2008] kernel32.dll!HeapSetInformation + 26 76C2A8B0 7 Bytes JMP 6D0F3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2008] kernel32.dll!LockResource + C 76C46ACB 7 Bytes JMP 6D327B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2008] kernel32.dll!VirtualAllocEx + 54 76C4AF50 7 Bytes JMP 6D327B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2008] USER32.dll!GetWindowInfo 767A428E 5 Bytes JMP 6D24B77F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2008] GDI32.dll!SetStretchBltMode + 256 7741745C 7 Bytes JMP 6D327AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74087817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [740CB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7408BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7407F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7407E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [740B73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7408DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7407FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7407FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7410CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [740AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7407D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74076853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7407687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74082AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetKeyState] 001907D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 001907D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00190790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[1836] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 001907D0 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp ABTDI.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167bb9c27 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167bb9c27@347e395384d8 0x5A 0x49 0x28 0x3D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167bb9c27@0015eb14f0a2 0xDA 0x0A 0xA4 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001986003c65 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001986003c65@347e395384d8 0x75 0x2E 0x67 0x5E ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001167bb9c27 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001167bb9c27@347e395384d8 0x5A 0x49 0x28 0x3D ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001167bb9c27@0015eb14f0a2 0xDA 0x0A 0xA4 0x76 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001986003c65 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001986003c65@347e395384d8 0x75 0x2E 0x67 0x5E ... ---- EOF - GMER 1.0.15 ----