GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-22 00:24:27 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0 232,89GB Running: 99dx2k74.exe; Driver: C:\Users\Kasia\AppData\Local\Temp\ugddqpod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x92B43AA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x92B4457E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x92B505C8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x92B50614] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x92B507AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x92B50536] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x9039B6D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x92B5057E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0x92B44AB4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x92B50768] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x92B4536C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x92B43B06] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x92B48B40] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x92B436F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x9039B7B2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x92B43B6C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x92B48F36] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x92B45E54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x92B505F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x92B50636] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x92B507D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x92B5055C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x92B4843A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x92B506E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x92B505A6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x92B48822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x92B5078C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x9039B556] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x92B45CC8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0x92B4581E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x92B43BD2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x92B43C38] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x9039B8AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x92B4378C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x92B4395E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x92B438EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x92B45536] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x92B45698] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x92B439E6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x9039B624] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x92B451C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x92B43C9E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x92B445DA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x92B44CD0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 830EC758 4 Bytes [A0, 3A, B4, 92] .text ntkrnlpa.exe!KeSetEvent + 191 830EC7DC 4 Bytes [7E, 45, B4, 92] {JLE 0x47; MOV AH, 0x92} .text ntkrnlpa.exe!KeSetEvent + 1D1 830EC81C 8 Bytes [C8, 05, B5, 92, 14, 06, B5, ...] {ENTER 0xb505, 0x92; ADC AL, 0x6; MOV CH, 0x92} .text ntkrnlpa.exe!KeSetEvent + 1DD 830EC828 4 Bytes [AE, 07, B5, 92] {SCASB ; POP ES; MOV CH, 0x92} .text ntkrnlpa.exe!KeSetEvent + 1F5 830EC840 4 Bytes [36, 05, B5, 92] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8327A00F 4 Bytes CALL 92B46517 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8327DC83 4 Bytes CALL 92B4652D \SystemRoot\system32\drivers\aswSnx.sys .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8B556480, 0x3C939, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8B597900, 0x3CA, 0x48000040] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FA0B000, 0x1FB0FA, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[304] kernel32.dll!SetUnhandledExceptionFilter 76C4A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[304] kernel32.dll!GetBinaryTypeW + 70 76C7252F 1 Byte [62] .text C:\Windows\system32\WLANExt.exe[384] kernel32.dll!GetBinaryTypeW + 70 76C7252F 1 Byte [62] .text C:\Windows\system32\Dwm.exe[396] kernel32.dll!GetBinaryTypeW + 70 76C7252F 1 Byte [62] .text C:\Windows\system32\csrss.exe[784] KERNEL32.dll!GetBinaryTypeW + 70 76C7252F 1 Byte [62] .text C:\Windows\Explorer.EXE[792] kernel32.dll!GetBinaryTypeW + 70 76C7252F 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\avastui.exe[3880] kernel32.dll!SetUnhandledExceptionFilter 76C4A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\avastui.exe[3880] kernel32.dll!GetBinaryTypeW + 70 76C7252F 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3964] kernel32.dll!GetBinaryTypeW + 70 76C7252F 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[4048] kernel32.dll!GetBinaryTypeW + 70 76C7252F 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] ntdll.dll!LdrLoadDll 77879378 5 Bytes JMP 6BB01EAE C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] ntdll.dll!LdrUnloadDll 7788B680 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] ntdll.dll!NtCreateFile 778B4264 5 Bytes JMP 5D9EB8D0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] ntdll.dll!NtFlushBuffersFile 778B4764 5 Bytes JMP 5D9E7B07 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] ntdll.dll!NtQueryFullAttributesFile 778B4C94 5 Bytes JMP 5D9E7820 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] ntdll.dll!NtReadFile 778B4EC4 5 Bytes JMP 5D9E7A00 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] ntdll.dll!NtReadFileScatter 778B4ED4 5 Bytes JMP 5E23CCC0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] ntdll.dll!NtWriteFile 778B54D4 5 Bytes JMP 5D9EBFE0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] ntdll.dll!NtWriteFileGather 778B54E4 5 Bytes JMP 5E23CC6F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] KERNEL32.dll!HeapSetInformation + 26 76C4A9B8 7 Bytes JMP 5D9E8236 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] KERNEL32.dll!LockResource + C 76C66BD3 7 Bytes JMP 5E209E65 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] KERNEL32.dll!VirtualAllocEx + 54 76C6B030 7 Bytes JMP 5E209E88 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] KERNEL32.dll!GetBinaryTypeW + 70 76C7252F 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] user32.dll!GetWindowInfo 7755428E 5 Bytes JMP 5E117585 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5092] GDI32.dll!SetStretchBltMode + 256 7780745C 7 Bytes JMP 5E209DE6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\svchost.exe[5332] kernel32.dll!GetBinaryTypeW + 70 76C7252F 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5660] kernel32.dll!GetBinaryTypeW + 70 76C7252F 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5660] USER32.dll!InSendMessageEx + 4C9 7754E7C8 7 Bytes JMP 5DC389BD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5660] USER32.dll!CreateWindowExW + AA 775513AF 7 Bytes JMP 5DC38A2E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5660] USER32.dll!GetWindowInfo 7755428E 5 Bytes JMP 5DC3C714 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5660] USER32.dll!SetMenuItemBitmaps + 71 775614EE 7 Bytes JMP 5DC360A5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5700] kernel32.dll!GetBinaryTypeW + 70 76C7252F 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtCreateFile + 6 778B426A 4 Bytes [28, F0, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtCreateFile + B 778B426F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtCreateKey + 6 778B42AA 4 Bytes [68, F1, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtCreateKey + B 778B42AF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtCreateMutant + 6 778B42DA 4 Bytes [28, F2, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtCreateMutant + B 778B42DF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtCreateSection + 6 778B435A 4 Bytes [68, F2, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtCreateSection + B 778B435F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtMapViewOfSection + 6 778B49BA 4 Bytes [A8, F4, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtMapViewOfSection + B 778B49BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenFile + 6 778B4A4A 4 Bytes [68, F0, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenFile + B 778B4A4F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenKey + 6 778B4A7A 4 Bytes [A8, F1, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenKey + B 778B4A7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenMutant + B 778B4A9F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenProcess + 6 778B4ACA 4 Bytes [28, F3, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenProcess + B 778B4ACF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenProcessToken + 6 778B4ADA 4 Bytes [68, F3, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenProcessToken + B 778B4ADF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenProcessTokenEx + 6 778B4AEA 4 Bytes [28, F4, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenProcessTokenEx + B 778B4AEF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenSection + 6 778B4AFA 4 Bytes [A8, F2, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenSection + B 778B4AFF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenThread + B 778B4B3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenThreadToken + B 778B4B4F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenThreadTokenEx + 6 778B4B5A 4 Bytes [68, F4, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtOpenThreadTokenEx + B 778B4B5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtQueryAttributesFile + 6 778B4BEA 4 Bytes [A8, F0, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtQueryAttributesFile + B 778B4BEF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtQueryFullAttributesFile + B 778B4C9F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtSetInformationFile + 6 778B517A 4 Bytes [28, F1, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtSetInformationFile + B 778B517F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtSetInformationThread + 6 778B51CA 4 Bytes [A8, F3, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtSetInformationThread + B 778B51CF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ntdll.dll!NtUnmapViewOfSection + B 778B546F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] kernel32.dll!CreateProcessW 76C21BF3 5 Bytes JMP 000800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] kernel32.dll!CreateProcessA 76C21C28 5 Bytes JMP 000800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] kernel32.dll!OpenEventW 76C3C033 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] kernel32.dll!CreateEventW 76C6B93E 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] kernel32.dll!GetBinaryTypeW + 70 76C7252F 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!DeleteObject 77805A37 5 Bytes JMP 000B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!GetDeviceCaps 7780617F 5 Bytes JMP 000B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!SelectObject 778062A0 5 Bytes JMP 000B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!SetTextColor 7780666B 5 Bytes JMP 000B0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!SetBkMode 77806716 5 Bytes JMP 000B08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!DeleteDC 778068CD 5 Bytes JMP 000B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!GetCurrentObject 77806B58 5 Bytes JMP 000B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!SetStretchBltMode 77807206 5 Bytes JMP 000B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!SaveDC 778075BA 5 Bytes JMP 000B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!RestoreDC 77807675 5 Bytes JMP 000B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!StretchDIBits 778078CF 5 Bytes JMP 000B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!ExtSelectClipRgn 778079F8 5 Bytes JMP 000B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!SelectClipRgn 77807AF9 5 Bytes JMP 000B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!MoveToEx 77807C33 5 Bytes JMP 000B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!Rectangle 77807EA9 5 Bytes JMP 000B09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!GetTextAlign 778082E0 5 Bytes JMP 000B0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!SetTextAlign 778085CB 5 Bytes JMP 000B09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!ExtTextOutW 7780872B 5 Bytes JMP 000B0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!GetTextMetricsW 77808A81 5 Bytes JMP 000B0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!IntersectClipRect 77808B64 5 Bytes JMP 000B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!GetClipBox 77809071 5 Bytes JMP 000B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!SetICMMode 778094E7 5 Bytes JMP 000B0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!CreateDCW 7780A91D 5 Bytes JMP 000B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!CreateDCA 7780AA49 5 Bytes JMP 000B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!CreateICW 7780B2E9 5 Bytes JMP 000B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!GetTextFaceW 7780B637 5 Bytes JMP 000B0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!GetFontData 7780BA6C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!GetFontData 7780BA6C 5 Bytes JMP 000B0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!GetTextExtentPoint32W 7780C01A 5 Bytes JMP 000B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!SetWorldTransform 7780C46A 5 Bytes JMP 000B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!LineTo 7780C65E 5 Bytes JMP 000B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!GetTextMetricsA 7780CCEB 5 Bytes JMP 000B0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!ExtTextOutA 778100A5 5 Bytes JMP 000B0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!GetTextExtentPoint32A 77810E58 5 Bytes JMP 000B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!ExtEscape 778122A7 5 Bytes JMP 000B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!Escape 778127F1 5 Bytes JMP 000B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!ResetDCW 77813132 5 Bytes JMP 000B0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!EndPage 7781375E 5 Bytes JMP 000B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!SetPolyFillMode 778161D3 5 Bytes JMP 000B0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!SetMiterLimit 778162E2 5 Bytes JMP 000B0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!GetTextFaceA 7781F489 5 Bytes JMP 000B0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!GetGlyphOutlineW 7782A537 5 Bytes JMP 000B0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!CreateScalableFontResourceW 7782C993 5 Bytes JMP 000B0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!AddFontResourceW 7782CD9B 5 Bytes JMP 000B0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!RemoveFontResourceW 7782D231 5 Bytes JMP 000B0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!AbortDoc 77832E7F 5 Bytes JMP 000B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!EndDoc 77833293 5 Bytes JMP 000B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!StartPage 7783337E 5 Bytes JMP 000B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!StartDocW 77833E62 5 Bytes JMP 000B07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!BeginPath 7783461D 5 Bytes JMP 000B0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!SelectClipPath 77834674 5 Bytes JMP 000B0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!CloseFigure 778346CF 5 Bytes JMP 000B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!EndPath 77834726 5 Bytes JMP 000B0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!StrokePath 77834958 5 Bytes JMP 000B07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!FillPath 778349E4 5 Bytes JMP 000B0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!PolylineTo 77834E4D 5 Bytes JMP 000B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!PolyBezierTo 77834EDD 5 Bytes JMP 000B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] GDI32.dll!PolyDraw 77834F8E 5 Bytes JMP 000B08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!SetCursor 7754D37D 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!RegisterClipboardFormatW 7754D6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!RegisterClipboardFormatW 7754D6AC 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!ActivateKeyboardLayout 7755478C 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!IsWindowVisible 7755878A 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!MonitorFromWindow 775588D4 7 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!ScreenToClient 77558C56 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!GetClientRect 77558F0D 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!GetParent 775590AA 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!RegisterClipboardFormatA 7755A111 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!PostMessageW 7755A175 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!MapWindowPoints 7755A30D 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!GetClipboardFormatNameA 7755A552 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!GetOpenClipboardWindow 775626A6 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!SetClipboardViewer 7756BA2D 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!IsClipboardFormatAvailable 7756C2E3 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!CloseClipboard 7756C2F7 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!OpenClipboard 7756C31D 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!GetTopWindow 7756CE0A 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!GetClipboardSequenceNumber 7756D8B7 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!ChangeClipboardChain 7756DF83 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!CountClipboardFormats 77570048 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!GetClipboardOwner 775726EF 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!SetClipboardData 77586410 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!EnumClipboardFormats 77586D16 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!SetCursorPos 77586FB2 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!GetClipboardData 7758715A 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!GetClipboardFormatNameW 7758A99F 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!EmptyClipboard 775A398B 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!GetClipboardViewer 775A39ED 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] USER32.dll!GetPriorityClipboardFormat 775A3AEF 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ole32.dll!OleGetClipboard 76AC74C9 5 Bytes JMP 001D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ole32.dll!OleSetClipboard 76AF11E3 5 Bytes JMP 001D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] ole32.dll!OleIsCurrentClipboard 76AFA8F9 5 Bytes JMP 001D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] Secur32.dll!FreeContextBuffer 75DA2D83 5 Bytes JMP 001F00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] Secur32.dll!DeleteSecurityContext 75DA2F18 5 Bytes JMP 001F0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] Secur32.dll!FreeCredentialsHandle 75DA3598 5 Bytes JMP 001F0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] Secur32.dll!EncryptMessage 75DA3745 5 Bytes JMP 001F01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] Secur32.dll!DecryptMessage 75DA3813 5 Bytes JMP 001F0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] Secur32.dll!InitializeSecurityContextA 75DA87DF 5 Bytes JMP 001F0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] Secur32.dll!AcquireCredentialsHandleA 75DA8A43 5 Bytes JMP 001F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] Secur32.dll!QueryContextAttributesA 75DA8E77 5 Bytes JMP 001F0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] Secur32.dll!ApplyControlToken 75DADE4F 5 Bytes JMP 001F01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[5736] Secur32.dll!QueryCredentialsAttributesA 75DAE052 5 Bytes JMP 001F00B0 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\services.exe[888] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00210002 IAT C:\Windows\system32\services.exe[888] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00210000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys ---- EOF - GMER 2.1 ----