GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-21 22:01:54 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320613AS rev.SD22 298,09GB Running: 5lp3u53f.exe; Driver: C:\Users\Marcin\AppData\Local\Temp\awrdrpoc.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwReplaceKey + 1525 82E77B75 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB1C12 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtCreateFile + 6 77C956B6 4 Bytes CALL 5AC856C2 C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtCreateFile + B 77C956BB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtCreateKey + 6 77C956F6 4 Bytes JMP 5AC85702 C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtCreateKey + B 77C956FB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtCreateMutant + 6 77C95736 4 Bytes JMP E2FF0007 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtCreateMutant + B 77C9573B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtCreateSection + 6 77C957D6 4 Bytes JMP E2FF0007 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtCreateSection + B 77C957DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtMapViewOfSection + 6 77C95D16 4 Bytes CALL 76C96507 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtMapViewOfSection + B 77C95D1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenFile + 6 77C95DC6 4 Bytes CALL 5AC85DD2 C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenFile + B 77C95DCB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenKey + 6 77C95DF6 4 Bytes JMP 5AC85E02 C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenKey + B 77C95DFB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenKeyEx + 6 77C95E06 4 Bytes CALL 76C965F4 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenKeyEx + B 77C95E0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenMutant + 6 77C95E46 4 Bytes JMP E2FF0007 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenMutant + B 77C95E4B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenProcess + 6 77C95E76 4 Bytes [68, EB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenProcess + B 77C95E7B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenProcessToken + 6 77C95E86 4 Bytes [A8, EB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenProcessToken + B 77C95E8B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenProcessTokenEx + 6 77C95E96 4 Bytes [68, EC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenProcessTokenEx + B 77C95E9B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenSection + 6 77C95EB6 4 Bytes CALL 76C966A5 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenSection + B 77C95EBB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenThread + 6 77C95EF6 4 Bytes [28, EB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenThread + B 77C95EFB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenThreadToken + 6 77C95F06 4 Bytes [28, EC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenThreadToken + B 77C95F0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenThreadTokenEx + 6 77C95F16 4 Bytes [A8, EC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtOpenThreadTokenEx + B 77C95F1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtQueryAttributesFile + 6 77C96026 4 Bytes CALL 5AC86032 C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtQueryAttributesFile + B 77C9602B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtQueryFullAttributesFile + 6 77C960D6 4 Bytes CALL 76C968C3 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtQueryFullAttributesFile + B 77C960DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtSetInformationFile + 6 77C96726 4 Bytes JMP 5AC86732 C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtSetInformationFile + B 77C9672B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtSetInformationThread + 6 77C96786 4 Bytes CALL 76C96F76 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtSetInformationThread + B 77C9678B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtUnmapViewOfSection + 6 77C96AA6 4 Bytes [28, ED, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ntdll.dll!NtUnmapViewOfSection + B 77C96AAB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] kernel32.dll!CreateProcessW 7636204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] kernel32.dll!CreateProcessA 76362082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!ActivateKeyboardLayout 7644820B 5 Bytes JMP 001C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!ScreenToClient 7644A50E 7 Bytes JMP 001C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!RegisterClipboardFormatA 7644C099 5 Bytes JMP 001C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!RegisterClipboardFormatW 7644DF95 5 Bytes JMP 001C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!SetCursor 7645307D 5 Bytes JMP 001C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!MonitorFromWindow 7645362A 7 Bytes JMP 001C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!PostMessageW 76454483 5 Bytes JMP 001C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!IsWindowVisible 76454D71 7 Bytes JMP 001C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!GetClientRect 764554ED 7 Bytes JMP 001C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!MapWindowPoints 76455CBA 5 Bytes JMP 001C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!GetParent 76456039 7 Bytes JMP 001C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!EmptyClipboard 76462924 5 Bytes JMP 001C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!SetClipboardData 7646297A 5 Bytes JMP 001C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!GetClipboardData 76462BBF 5 Bytes JMP 001C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!GetClipboardFormatNameW 76465FEA 5 Bytes JMP 001C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!SetClipboardViewer 7646700E 5 Bytes JMP 001C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!GetClipboardFormatNameA 76467022 5 Bytes JMP 001C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!ChangeClipboardChain 76471494 5 Bytes JMP 001C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!GetTopWindow 764724F1 7 Bytes JMP 001C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!CloseClipboard 76474484 5 Bytes JMP 001C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!OpenClipboard 76474496 5 Bytes JMP 001C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!IsClipboardFormatAvailable 76474517 5 Bytes JMP 001C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!GetClipboardSequenceNumber 7647452B 5 Bytes JMP 001C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!GetClipboardOwner 7647453D 5 Bytes JMP 001C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!CountClipboardFormats 76474721 5 Bytes JMP 001C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!EnumClipboardFormats 76474803 5 Bytes JMP 001C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!GetOpenClipboardWindow 76474822 5 Bytes JMP 001C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!SetCursorPos 7648C266 5 Bytes JMP 001C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!GetClipboardViewer 764A4BCB 5 Bytes JMP 001C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] user32.DLL!GetPriorityClipboardFormat 764A4CCD 5 Bytes JMP 001C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!DeleteObject 77365F14 5 Bytes JMP 001D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!SelectObject 77366640 5 Bytes JMP 001D05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!SetTextColor 77366906 5 Bytes JMP 001D0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!SetBkMode 773669B1 5 Bytes JMP 001D08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!DeleteDC 77366EAA 5 Bytes JMP 001D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!GetDeviceCaps 77366F7F 5 Bytes JMP 001D03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!ExtSelectClipRgn 77367114 5 Bytes JMP 001D02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!SelectClipRgn 77367242 5 Bytes JMP 001D05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!GetCurrentObject 7736782B 5 Bytes JMP 001D0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!SetStretchBltMode 77367872 5 Bytes JMP 001D06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!GetTextMetricsW 77367B1F 5 Bytes JMP 001D0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!GetTextAlign 77367D3F 5 Bytes JMP 001D0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!IntersectClipRect 77367D8E 5 Bytes JMP 001D03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!ExtTextOutW 77368122 5 Bytes JMP 001D0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!SetTextAlign 7736821E 5 Bytes JMP 001D09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!GetClipBox 773684B5 5 Bytes JMP 001D0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!MoveToEx 77368BB1 5 Bytes JMP 001D0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!StretchDIBits 7736A204 5 Bytes JMP 001D0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!RestoreDC 7736A341 5 Bytes JMP 001D0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!SaveDC 7736A411 5 Bytes JMP 001D0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!GetTextExtentPoint32W 7736B17D 5 Bytes JMP 001D0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!GetTextFaceW 7736B402 5 Bytes JMP 001D0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!GetFontData 7736B98C 5 Bytes JMP 001D0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!CreateDCA 7736BDC9 5 Bytes JMP 001D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!CreateDCW 7736C099 5 Bytes JMP 001D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!CreateICW 7736C0F0 5 Bytes JMP 001D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!SetWorldTransform 7736CD04 5 Bytes JMP 001D06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!GetTextMetricsA 7736D328 5 Bytes JMP 001D0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!Rectangle 7736F1BD 5 Bytes JMP 001D09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!LineTo 7736F559 5 Bytes JMP 001D0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!SetICMMode 7736FA62 5 Bytes JMP 001D0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!ExtTextOutA 77370CDE 5 Bytes JMP 001D0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!GetTextExtentPoint32A 7737113D 5 Bytes JMP 001D0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!ExtEscape 77372D09 5 Bytes JMP 001D02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!Escape 773733C0 5 Bytes JMP 001D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!ResetDCW 77373A5B 5 Bytes JMP 001D0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!EndPage 7737409A 5 Bytes JMP 001D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!SetPolyFillMode 77376741 5 Bytes JMP 001D0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!SetMiterLimit 773768FD 5 Bytes JMP 001D0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!GetTextFaceA 77380C82 5 Bytes JMP 001D0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!GetGlyphOutlineW 7738C3A2 5 Bytes JMP 001D0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!CreateScalableFontResourceW 7738EA07 5 Bytes JMP 001D0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!AddFontResourceW 7738EE03 5 Bytes JMP 001D0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!RemoveFontResourceW 7738F2F9 5 Bytes JMP 001D0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!AbortDoc 77394FAB 5 Bytes JMP 001D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!EndDoc 773953F2 5 Bytes JMP 001D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!StartPage 773954DD 5 Bytes JMP 001D0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!StartDocW 77395EF8 5 Bytes JMP 001D07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!BeginPath 773966A5 5 Bytes JMP 001D0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!SelectClipPath 773966FC 5 Bytes JMP 001D0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!CloseFigure 77396757 5 Bytes JMP 001D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!EndPath 773967AE 5 Bytes JMP 001D0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!StrokePath 773969E1 5 Bytes JMP 001D07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!FillPath 77396A6E 5 Bytes JMP 001D0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!PolylineTo 77396EDC 5 Bytes JMP 001D04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!PolyBezierTo 77396F6D 5 Bytes JMP 001D04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] GDI32.dll!PolyDraw 7739701F 5 Bytes JMP 001D08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ole32.dll!OleSetClipboard 76030225 5 Bytes JMP 00360030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ole32.dll!OleIsCurrentClipboard 760336A6 5 Bytes JMP 00360070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe[532] ole32.dll!OleGetClipboard 7605FDBD 5 Bytes JMP 003600B0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] ntdll.dll!LdrLoadDll 77CB2576 4 Bytes JMP 647EA7DC C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] USER32.dll!GetWindowInfo 76454B66 5 Bytes JMP 5FECE0C5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] USER32.dll!ToUnicodeEx + 71 7646223B 7 Bytes JMP 5FECC82F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ntdll.dll!NtCreateFile 77C956B0 5 Bytes JMP 5F1BFF71 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ntdll.dll!NtFlushBuffersFile 77C95A40 5 Bytes JMP 5F1BFCB1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ntdll.dll!NtQueryFullAttributesFile 77C960D0 5 Bytes JMP 5F1BFE64 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ntdll.dll!NtReadFile 77C963A0 5 Bytes JMP 5F1BFCEB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ntdll.dll!NtReadFileScatter 77C963B0 5 Bytes JMP 5F54F233 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ntdll.dll!NtWriteFile 77C96B50 5 Bytes JMP 5F1C0115 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ntdll.dll!NtWriteFileGather 77C96B60 5 Bytes JMP 5F54F283 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ntdll.dll!LdrLoadDll 77CB2576 4 Bytes JMP 647EA7DC C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 763A952E 7 Bytes JMP 5F5388D7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] kernel32.dll!QueryPerformanceCounter + 13 763AC535 7 Bytes JMP 5F5392B8 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] kernel32.dll!LoadAppInitDlls + 355 763AF5F6 7 Bytes JMP 5F2AC918 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] USER32.dll!GetWindowInfo 76454B66 5 Bytes JMP 5FFFAB31 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] GDI32.dll!GetViewportOrgEx + 26C 773687DB 7 Bytes JMP 5F538258 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@5B131E4A 612 ---- Files - GMER 2.1 ---- File C:\Users\Marcin\AppData\Local\Mozilla\Firefox\Profiles\65qax4n4.default\cache2\index.tmp 0 bytes ---- EOF - GMER 2.1 ----