GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-07 14:30:06 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD7500AADS-00M2B0 rev.01.00A01 698,64GB Running: 1tq2myvt.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\aftcaaog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x93842BA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x93843684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x9384F6F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x9384F744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x9384F8DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x9384F666] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x938F9DF0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x9384F6AE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x938FA080] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x938FA16A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x9384F898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x93844472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x93842C0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x93847C68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x938427F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x938F9ED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x93842C72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x9384805E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x93844F5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x9384F722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x9384F766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x9384F902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x9384F68C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x93847560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x9384F816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x9384F6D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x9384794C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x9384F8BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x938F9C6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x93844DCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x93844ADC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x93842CD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x93842D3E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x938F9FCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x93842892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x93842A64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x938429F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x9384463C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x9384479E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x93842AEC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x938F9D3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x938442CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x93842DA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x938F9BA0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRequestWaitReplyPort + 1495 82E8A9E5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC4312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82ECB550 4 Bytes [A6, 2B, 84, 93] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82ECB5D8 4 Bytes [84, 36, 84, 93] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82ECB62C 8 Bytes [F8, F6, 84, 93, 44, F7, 84, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82ECB638 4 Bytes [DE, F8, 84, 93] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82ECB654 4 Bytes [66, F6, 84, 93] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8308768D 4 Bytes CALL 93845641 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 830A14F3 4 Bytes CALL 93845657 \SystemRoot\system32\drivers\aswSnx.sys .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94E28000, 0x2D5378, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Genius\ioCentre\GMouseService.exe[308] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Windows\system32\csrss.exe[384] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Windows\system32\svchost.exe[396] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Windows\system32\wininit.exe[456] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Windows\system32\csrss.exe[464] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text ... .text E:\Avast\AvastSvc.exe[1384] kernel32.dll!SetUnhandledExceptionFilter 758AF5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text E:\Avast\AvastSvc.exe[1384] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1464] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1540] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1572] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Windows\Explorer.EXE[1580] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text ... .text E:\Avast\avastui.exe[2248] kernel32.dll!SetUnhandledExceptionFilter 758AF5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text E:\Avast\avastui.exe[2248] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2316] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Windows\system32\svchost.exe[2692] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Program Files\Logitech\Logitech Vid\Vid.exe[2780] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2876] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text ... .text E:\Mozilla\plugin-container.exe[3592] USER32.dll!GetWindowInfo 75196A82 5 Bytes JMP 5E79A188 E:\Mozilla\xul.dll .text E:\Mozilla\plugin-container.exe[3592] USER32.dll!MenuItemFromPoint + F 751B4B36 7 Bytes JMP 5E798779 E:\Mozilla\xul.dll .text C:\Program Files\Logitech Gaming Software\LCore.exe[3596] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Genius\ioCentre\gTaskBar.exe[3656] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Windows\System32\CtHelper.exe[3684] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3768] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Genius\ioCentre\gMouseTask.exe[3780] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text ... .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtCreateFile + 6 76E0560E 4 Bytes [28, 00, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtCreateFile + B 76E05613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtCreateKey + 6 76E0564E 4 Bytes [68, 01, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtCreateKey + B 76E05653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtCreateMutant + 6 76E0568E 4 Bytes [68, 02, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtCreateMutant + B 76E05693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtCreateSection + 6 76E0572E 4 Bytes [A8, 02, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtCreateSection + B 76E05733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtMapViewOfSection + 6 76E05C6E 4 Bytes CALL 75E07377 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtMapViewOfSection + B 76E05C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenFile + 6 76E05D1E 4 Bytes [68, 00, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenFile + B 76E05D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenKey + 6 76E05D4E 4 Bytes [A8, 01, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenKey + B 76E05D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenKeyEx + 6 76E05D5E 4 Bytes CALL 75E07464 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenKeyEx + B 76E05D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenMutant + 6 76E05D9E 4 Bytes [28, 02, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenMutant + B 76E05DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenProcess + 6 76E05DCE 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenProcess + 6 76E05DCE 4 Bytes [68, 03, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenProcess + B 76E05DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenProcessToken + 6 76E05DDE 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenProcessToken + 6 76E05DDE 4 Bytes [A8, 03, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenProcessToken + B 76E05DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenProcessTokenEx + 6 76E05DEE 4 Bytes [68, 04, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenProcessTokenEx + B 76E05DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenSection + 6 76E05E0E 4 Bytes CALL 75E07515 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenSection + B 76E05E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenThread + 6 76E05E4E 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenThread + 6 76E05E4E 4 Bytes [28, 03, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenThread + B 76E05E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenThreadToken + 6 76E05E5E 4 Bytes [28, 04, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenThreadToken + B 76E05E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenThreadTokenEx + 6 76E05E6E 4 Bytes [A8, 04, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtOpenThreadTokenEx + B 76E05E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtQueryAttributesFile + 6 76E05F7E 4 Bytes [A8, 00, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtQueryAttributesFile + B 76E05F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtQueryFullAttributesFile + 6 76E0602E 4 Bytes CALL 75E07733 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtQueryFullAttributesFile + B 76E06033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtSetInformationFile + 6 76E0667E 4 Bytes [28, 01, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtSetInformationFile + B 76E06683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtSetInformationThread + 6 76E066DE 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtSetInformationThread + 6 76E066DE 4 Bytes CALL 75E07DE6 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtSetInformationThread + B 76E066E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtUnmapViewOfSection + 6 76E069FE 4 Bytes [28, 05, 17, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ntdll.dll!NtUnmapViewOfSection + B 76E06A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] kernel32.dll!CreateProcessW 7586204D 5 Bytes JMP 00180030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] kernel32.dll!CreateProcessA 75862082 5 Bytes JMP 00180070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!ActivateKeyboardLayout 7518817D 5 Bytes JMP 001C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!ScreenToClient 7518C1F2 7 Bytes JMP 001C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!RegisterClipboardFormatA 7518E6B1 5 Bytes JMP 001C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!RegisterClipboardFormatW 7518EDFD 5 Bytes JMP 001C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!SetCursor 751952EA 5 Bytes JMP 001C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!MonitorFromWindow 7519590A 7 Bytes JMP 001C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!PostMessageW 75196225 5 Bytes JMP 001C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!IsWindowVisible 75196939 7 Bytes JMP 001C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!GetClientRect 751974B1 7 Bytes JMP 001C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!MapWindowPoints 75197915 5 Bytes JMP 001C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!GetParent 75197AB3 7 Bytes JMP 001C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!SetClipboardData 751A4979 5 Bytes JMP 001C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!EmptyClipboard 751A4A28 5 Bytes JMP 001C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!GetClipboardData 751A4B47 5 Bytes JMP 001C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!EnumClipboardFormats 751A4D98 5 Bytes JMP 001C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!GetClipboardFormatNameW 751A7EB2 5 Bytes JMP 001C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!SetClipboardViewer 751A8F4D 5 Bytes JMP 001C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!GetClipboardFormatNameA 751A8F61 5 Bytes JMP 001C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!GetOpenClipboardWindow 751A902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!GetOpenClipboardWindow 751A902F 5 Bytes JMP 001C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!ChangeClipboardChain 751B3425 3 Bytes JMP 001C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!ChangeClipboardChain + 4 751B3429 1 Byte [8B] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!GetTopWindow 751B3A5D 7 Bytes JMP 001C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!CloseClipboard 751B5BA7 3 Bytes JMP 001C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!CloseClipboard + 4 751B5BAB 1 Byte [8B] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!OpenClipboard 751B5BB9 5 Bytes JMP 001C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!IsClipboardFormatAvailable 751B5C3A 3 Bytes JMP 001C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!IsClipboardFormatAvailable + 4 751B5C3E 1 Byte [8B] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!GetClipboardSequenceNumber 751B5C4E 3 Bytes JMP 001C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!GetClipboardSequenceNumber + 4 751B5C52 1 Byte [8B] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!GetClipboardOwner 751B5C60 3 Bytes JMP 001C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!GetClipboardOwner + 4 751B5C64 1 Byte [8B] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!CountClipboardFormats 751B5DC9 3 Bytes JMP 001C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!CountClipboardFormats + 4 751B5DCD 1 Byte [8B] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!SetCursorPos 751CC1D8 5 Bytes JMP 001C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!GetClipboardViewer 751E4B57 5 Bytes JMP 001C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] user32.DLL!GetPriorityClipboardFormat 751E4C59 5 Bytes JMP 001C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!DeleteObject 75415F14 5 Bytes JMP 001D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!SelectObject 75416640 5 Bytes JMP 001D05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!SetTextColor 75416906 5 Bytes JMP 001D0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!SetBkMode 754169B1 5 Bytes JMP 001D08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!DeleteDC 75416EAA 5 Bytes JMP 001D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!GetDeviceCaps 75416F7F 5 Bytes JMP 001D03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!ExtSelectClipRgn 75417114 5 Bytes JMP 001D02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!SelectClipRgn 75417242 5 Bytes JMP 001D05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!SetStretchBltMode 75417705 5 Bytes JMP 001D06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!GetCurrentObject 75417917 5 Bytes JMP 001D0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!GetTextMetricsW 75417B8F 5 Bytes JMP 001D0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!GetTextAlign 75417DAF 5 Bytes JMP 001D0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!IntersectClipRect 75417DFE 5 Bytes JMP 001D03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!ExtTextOutW 75418192 5 Bytes JMP 001D0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!SetTextAlign 7541828E 5 Bytes JMP 001D09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!GetClipBox 75418525 5 Bytes JMP 001D0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!MoveToEx 75418C21 5 Bytes JMP 001D0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!StretchDIBits 7541A53E 5 Bytes JMP 001D0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!RestoreDC 7541A67B 5 Bytes JMP 001D0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!SaveDC 7541A74B 5 Bytes JMP 001D0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!GetTextExtentPoint32W 7541B4B5 5 Bytes JMP 001D0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!GetTextFaceW 7541B73A 2 Bytes JMP 001D0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!GetTextFaceW + 3 7541B73D 2 Bytes [DB, 8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!GetFontData 7541BCC4 5 Bytes JMP 001D0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!SetWorldTransform 7541C90A 5 Bytes JMP 001D06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!CreateDCA 7541CCA9 5 Bytes JMP 001D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!CreateDCW 7541CF79 5 Bytes JMP 001D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!CreateICW 7541CFD0 5 Bytes JMP 001D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!GetTextMetricsA 7541D0F2 5 Bytes JMP 001D0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!Rectangle 7541F1E7 5 Bytes JMP 001D09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!LineTo 7541F583 5 Bytes JMP 001D0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!SetICMMode 7541FA8C 5 Bytes JMP 001D0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!ExtTextOutA 75420D08 5 Bytes JMP 001D0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!GetTextExtentPoint32A 75421167 5 Bytes JMP 001D0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!ExtEscape 75422D31 5 Bytes JMP 001D02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!Escape 754233E8 5 Bytes JMP 001D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!ResetDCW 75423A83 5 Bytes JMP 001D0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!EndPage 754240C2 5 Bytes JMP 001D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!SetPolyFillMode 754267C9 5 Bytes JMP 001D0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!SetMiterLimit 75426985 5 Bytes JMP 001D0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!GetTextFaceA 75430D12 5 Bytes JMP 001D0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!GetGlyphOutlineW 7543C32A 5 Bytes JMP 001D0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!CreateScalableFontResourceW 7543E987 5 Bytes JMP 001D0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!AddFontResourceW 7543ED83 5 Bytes JMP 001D0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!RemoveFontResourceW 7543F279 5 Bytes JMP 001D0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!AbortDoc 75444E79 5 Bytes JMP 001D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!EndDoc 754452C0 5 Bytes JMP 001D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!StartPage 754453AB 5 Bytes JMP 001D0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!StartDocW 75445DC6 5 Bytes JMP 001D07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!BeginPath 7544656D 5 Bytes JMP 001D0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!SelectClipPath 754465C4 5 Bytes JMP 001D0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!CloseFigure 7544661F 5 Bytes JMP 001D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!EndPath 75446676 5 Bytes JMP 001D0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!StrokePath 754468A9 5 Bytes JMP 001D07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!FillPath 75446936 5 Bytes JMP 001D0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!PolylineTo 75446DA4 5 Bytes JMP 001D04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!PolyBezierTo 75446E35 5 Bytes JMP 001D04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] GDI32.dll!PolyDraw 75446EE7 5 Bytes JMP 001D08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ole32.dll!OleSetClipboard 76AD0045 5 Bytes JMP 002A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ole32.dll!OleIsCurrentClipboard 76AD36B2 5 Bytes JMP 002A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[6612] ole32.dll!OleGetClipboard 76AFFDCD 5 Bytes JMP 002A00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[7692] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text C:\Users\Kuba\Downloads\FRST.exe[7748] kernel32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text E:\AMD\ATI.ACE\Core-Static\CCC.exe[8344] KERNEL32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text E:\Mozilla\firefox.exe[9788] ntdll.dll!NtCreateFile 76E05608 5 Bytes JMP 5D92F912 E:\Mozilla\xul.dll .text E:\Mozilla\firefox.exe[9788] ntdll.dll!NtFlushBuffersFile 76E05998 5 Bytes JMP 5D92F652 E:\Mozilla\xul.dll .text E:\Mozilla\firefox.exe[9788] ntdll.dll!NtQueryFullAttributesFile 76E06028 5 Bytes JMP 5D92F78A E:\Mozilla\xul.dll .text E:\Mozilla\firefox.exe[9788] ntdll.dll!NtReadFile 76E062F8 5 Bytes JMP 5D92F68C E:\Mozilla\xul.dll .text E:\Mozilla\firefox.exe[9788] ntdll.dll!NtReadFileScatter 76E06308 5 Bytes JMP 5DED43A6 E:\Mozilla\xul.dll .text E:\Mozilla\firefox.exe[9788] ntdll.dll!NtWriteFile 76E06AA8 5 Bytes JMP 5D92FAB6 E:\Mozilla\xul.dll .text E:\Mozilla\firefox.exe[9788] ntdll.dll!NtWriteFileGather 76E06AB8 5 Bytes JMP 5DED43F6 E:\Mozilla\xul.dll .text E:\Mozilla\firefox.exe[9788] ntdll.dll!LdrUnloadDll 76E1C8DE 5 Bytes JMP 001E03FC .text E:\Mozilla\firefox.exe[9788] ntdll.dll!LdrLoadDll 76E222AE 5 Bytes JMP 740F908C E:\Mozilla\mozglue.dll .text E:\Mozilla\firefox.exe[9788] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 758A94E6 7 Bytes JMP 5DEBDDA1 E:\Mozilla\xul.dll .text E:\Mozilla\firefox.exe[9788] KERNEL32.dll!QueryPerformanceCounter + 13 758AC4E5 7 Bytes JMP 5DEBFD1D E:\Mozilla\xul.dll .text E:\Mozilla\firefox.exe[9788] KERNEL32.dll!LoadAppInitDlls + 355 758AF5A6 7 Bytes JMP 5DC61FD5 E:\Mozilla\xul.dll .text E:\Mozilla\firefox.exe[9788] KERNEL32.dll!GetBinaryTypeW + 70 758C6AAC 1 Byte [62] .text E:\Mozilla\firefox.exe[9788] user32.dll!GetWindowInfo 75196A82 5 Bytes JMP 5E8ABF0A E:\Mozilla\xul.dll .text E:\Mozilla\firefox.exe[9788] GDI32.dll!GetViewportOrgEx + 26C 7541884B 7 Bytes JMP 5DEBC315 E:\Mozilla\xul.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet) ---- EOF - GMER 2.1 ----