GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-17 22:07:14 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST340810A rev.3.34 37,27GB Running: bpriqc74.exe; Driver: C:\Users\Adam\AppData\Local\Temp\pxldrpow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 8364CA15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83686212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[4760] ntdll.dll!LdrGetProcedureAddress + 26 77D722A9 7 Bytes JMP 676C1FD9 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4760] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 76B694E6 7 Bytes JMP 612E40E1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4760] kernel32.dll!QueryPerformanceCounter + 13 76B6C4E5 7 Bytes JMP 612E4104 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4760] kernel32.dll!LoadAppInitDlls + 355 76B6F5A6 7 Bytes JMP 609B3255 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4760] GDI32.dll!GetViewportOrgEx + 26C 7785884B 7 Bytes JMP 612E4062 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[26988] USER32.dll!RegisterMessagePumpHook + 2F1 76918B9E 7 Bytes JMP 60BDE610 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[26988] USER32.dll!IsDialogMessageW + 340 76924444 7 Bytes JMP 60BDE681 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[26988] USER32.dll!GetWindowInfo 76924B5E 5 Bytes JMP 60BE2366 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[26988] USER32.dll!ToUnicodeEx + 71 76932223 7 Bytes JMP 60BDBD82 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtCreateFile + 6 77D5560E 4 Bytes [28, C0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtCreateFile + B 77D55613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtCreateKey + 6 77D5564E 4 Bytes [68, C1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtCreateKey + B 77D55653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtCreateMutant + 6 77D5568E 4 Bytes [68, C2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtCreateMutant + B 77D55693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtCreateSection + 6 77D5572E 4 Bytes [A8, C2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtCreateSection + B 77D55733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtMapViewOfSection + B 77D55C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenFile + 6 77D55D1E 4 Bytes [68, C0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenFile + B 77D55D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenKey + 6 77D55D4E 4 Bytes [A8, C1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenKey + B 77D55D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenKeyEx + B 77D55D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenMutant + 6 77D55D9E 4 Bytes [28, C2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenMutant + B 77D55DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenProcess + 6 77D55DCE 4 Bytes [68, C3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenProcess + B 77D55DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenProcessToken + 6 77D55DDE 4 Bytes [A8, C3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenProcessToken + B 77D55DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenProcessTokenEx + 6 77D55DEE 4 Bytes [68, C4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenProcessTokenEx + B 77D55DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenSection + B 77D55E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenThread + 6 77D55E4E 4 Bytes [28, C3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenThread + B 77D55E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenThreadToken + 6 77D55E5E 4 Bytes [28, C4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenThreadToken + B 77D55E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenThreadTokenEx + 6 77D55E6E 4 Bytes [A8, C4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtOpenThreadTokenEx + B 77D55E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtQueryAttributesFile + 6 77D55F7E 4 Bytes [A8, C0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtQueryAttributesFile + B 77D55F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtQueryFullAttributesFile + B 77D56033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtSetInformationFile + 6 77D5667E 4 Bytes [28, C1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtSetInformationFile + B 77D56683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtSetInformationThread + B 77D566E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtUnmapViewOfSection + 6 77D569FE 4 Bytes [28, C5, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ntdll.dll!NtUnmapViewOfSection + B 77D56A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] kernel32.dll!CreateProcessW 76B2204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] kernel32.dll!CreateProcessA 76B22082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!ActivateKeyboardLayout 76918203 5 Bytes JMP 003704F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!ScreenToClient 7691A506 7 Bytes JMP 00370670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!RegisterClipboardFormatA 7691C091 5 Bytes JMP 003702F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!RegisterClipboardFormatW 7691DF8D 5 Bytes JMP 003702B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!SetCursor 76923075 5 Bytes JMP 00370530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!MonitorFromWindow 76923622 7 Bytes JMP 00370630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!PostMessageW 7692447B 5 Bytes JMP 003705F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!IsWindowVisible 76924D69 7 Bytes JMP 003706B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!GetClientRect 769254DD 7 Bytes JMP 003705B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!MapWindowPoints 76925CAA 5 Bytes JMP 00370570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!GetParent 76926029 7 Bytes JMP 003706F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!EmptyClipboard 7693290C 5 Bytes JMP 00370130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!SetClipboardData 76932962 5 Bytes JMP 00370170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!GetClipboardData 76932BA7 5 Bytes JMP 00370030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!GetClipboardFormatNameW 76935FD2 5 Bytes JMP 00370230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!SetClipboardViewer 76936FF6 5 Bytes JMP 003704B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!GetClipboardFormatNameA 7693700A 5 Bytes JMP 00370270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!ChangeClipboardChain 7694147C 5 Bytes JMP 00370430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!GetTopWindow 769424D9 7 Bytes JMP 00370730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!CloseClipboard 7694446C 5 Bytes JMP 003700B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!OpenClipboard 7694447E 5 Bytes JMP 00370070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!IsClipboardFormatAvailable 769444FF 5 Bytes JMP 003700F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!GetClipboardSequenceNumber 76944513 5 Bytes JMP 00370330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!GetClipboardOwner 76944525 5 Bytes JMP 00370370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!CountClipboardFormats 7694470A 5 Bytes JMP 003701F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!EnumClipboardFormats 769447EC 5 Bytes JMP 003701B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!GetOpenClipboardWindow 7694480B 5 Bytes JMP 003703F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!SetCursorPos 7695C1B0 5 Bytes JMP 00370770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!GetClipboardViewer 76974AF7 5 Bytes JMP 00370470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] user32.DLL!GetPriorityClipboardFormat 76974BF9 5 Bytes JMP 003703B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!DeleteObject 77855F14 5 Bytes JMP 003801B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!SelectObject 77856640 5 Bytes JMP 003805F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!SetTextColor 77856906 5 Bytes JMP 00380A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!SetBkMode 778569B1 5 Bytes JMP 003808F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!DeleteDC 77856EAA 5 Bytes JMP 00380170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!GetDeviceCaps 77856F7F 5 Bytes JMP 003803B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!ExtSelectClipRgn 77857114 5 Bytes JMP 003802F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!SelectClipRgn 77857242 5 Bytes JMP 003805B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!SetStretchBltMode 77857705 5 Bytes JMP 003806B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!GetCurrentObject 77857917 5 Bytes JMP 00380370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!GetTextMetricsW 77857B8F 5 Bytes JMP 00380E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!GetTextAlign 77857DAF 5 Bytes JMP 00380D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!IntersectClipRect 77857DFE 5 Bytes JMP 003803F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!ExtTextOutW 77858192 5 Bytes JMP 00380970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!SetTextAlign 7785828E 5 Bytes JMP 003809F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!GetClipBox 77858525 5 Bytes JMP 00380330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!MoveToEx 77858C21 5 Bytes JMP 00380470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!StretchDIBits 7785A53E 5 Bytes JMP 00380770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!RestoreDC 7785A67B 5 Bytes JMP 00380530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!SaveDC 7785A74B 5 Bytes JMP 00380570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!GetTextExtentPoint32W 7785B4B5 5 Bytes JMP 00380670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!GetTextFaceW 7785B73A 2 Bytes JMP 00380D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!GetTextFaceW + 3 7785B73D 2 Bytes [B2, 88] {MOV DL, 0x88} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!GetFontData 7785BCC4 5 Bytes JMP 00380C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!SetWorldTransform 7785C90A 5 Bytes JMP 003806F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!CreateDCA 7785CCA9 5 Bytes JMP 003800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!CreateDCW 7785CF79 5 Bytes JMP 003800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!CreateICW 7785CFD0 5 Bytes JMP 00380130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!GetTextMetricsA 7785D0F2 5 Bytes JMP 00380DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!Rectangle 7785F1FF 5 Bytes JMP 003809B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!LineTo 7785F59B 5 Bytes JMP 00380430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!SetICMMode 7785FAA4 5 Bytes JMP 00380DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!ExtTextOutA 77860D20 5 Bytes JMP 00380930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!GetTextExtentPoint32A 7786117F 5 Bytes JMP 00380630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!ExtEscape 77862D49 5 Bytes JMP 003802B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!Escape 77863400 5 Bytes JMP 00380270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!ResetDCW 77863A9B 5 Bytes JMP 00380AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!EndPage 778640DA 5 Bytes JMP 00380230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!SetPolyFillMode 778667E1 5 Bytes JMP 00380B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!SetMiterLimit 7786699D 5 Bytes JMP 00380B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!GetTextFaceA 77870D22 5 Bytes JMP 00380CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!GetGlyphOutlineW 7787C2DA 5 Bytes JMP 00380CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!CreateScalableFontResourceW 7787E937 5 Bytes JMP 00380BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!AddFontResourceW 7787ED33 5 Bytes JMP 00380BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!RemoveFontResourceW 7787F229 5 Bytes JMP 00380C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!AbortDoc 77884E29 5 Bytes JMP 00380030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!EndDoc 77885270 5 Bytes JMP 003801F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!StartPage 7788535B 5 Bytes JMP 00380730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!StartDocW 77885D76 5 Bytes JMP 003807F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!BeginPath 7788651D 5 Bytes JMP 00380830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!SelectClipPath 77886574 5 Bytes JMP 00380AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!CloseFigure 778865CF 5 Bytes JMP 00380070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!EndPath 77886626 5 Bytes JMP 00380A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!StrokePath 77886859 5 Bytes JMP 003807B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!FillPath 778868E6 5 Bytes JMP 00380870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!PolylineTo 77886D54 5 Bytes JMP 003804F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!PolyBezierTo 77886DE5 5 Bytes JMP 003804B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] GDI32.dll!PolyDraw 77886E97 5 Bytes JMP 003808B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ole32.dll!OleSetClipboard 76380045 5 Bytes JMP 003A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ole32.dll!OleIsCurrentClipboard 763836B2 5 Bytes JMP 003A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe[27152] ole32.dll!OleGetClipboard 763AFDCD 5 Bytes JMP 003A00B0 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748124CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747F562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747F56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74812546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748085AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74804D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74805105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748051DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74806707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74808301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74808850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748090B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7480E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74804C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers@AliveServerCount 2 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@UDN uuid:21a3b820-1dd2-11b2-8a54-000391e12414 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@SerialNumber 1111-111111-1111 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@FriendlyName G??wny Dekoder Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@ModelName ITI-5720SX Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@ModelNumber v5.4-rc-94-g92fa08b RELEASE Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@Description BH/DLNA Media Server Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@PresentationURL http://192.168.1.5:8080/upnpdev/pres/uuid_21a3b820-1dd2-11b2-8a54-000391e12414/00 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@ManufacturerURL http://www.adbglobal.com/ Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@Manufacturer ADB Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@NetworkInterface {D530349A-9211-4924-BCD8-D7D165F2BAF2} Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@NetworkID {F80BCD71-95B2-441C-971C-7485F78C937D} Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@NetworkIPCount 2 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@RemoteURLCount 0 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@IPAddress 192.168.1.5 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@Alive 1 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@NetworkIP0 fe80::%11/64 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\21A3B820-1DD2-11B2-8A54-000391E12414@NetworkIP1 192.168.1.0/24 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\38A94771-DB41-443C-952F-A7D6D897FE67@IPAddress ::1 ---- Files - GMER 2.1 ---- File C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\b2366d9dfb9f67326dcfb1ce23a7f936e152a5bb.HomeGroupClassifier\0fa2ce2dc201b5cd5ee5b44166040e40\grouping\tmp.edb 65536 bytes ---- EOF - GMER 2.1 ----