GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-03-10 20:28:52 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320613AS rev.SD22 298,09GB Running: eyv85itg.exe; Driver: C:\Users\Marcin\AppData\Local\Temp\awrdrpoc.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwReplaceKey + 151D 82E81B65 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBBC12 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtCreateFile + 6 76FF55F2 4 Bytes CALL 59FE55FE .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtCreateFile + B 76FF55F7 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtCreateKey + 6 76FF5632 4 Bytes JMP 59FE563E .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtCreateKey + B 76FF5637 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtCreateMutant + 6 76FF5672 4 Bytes JMP E2FF0007 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtCreateMutant + B 76FF5677 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtCreateSection + 6 76FF5712 4 Bytes JMP E2FF0007 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtCreateSection + B 76FF5717 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtMapViewOfSection + 6 76FF5C52 4 Bytes CALL 75FF6443 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtMapViewOfSection + B 76FF5C57 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenFile + 6 76FF5D02 4 Bytes CALL 59FE5D0E .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenFile + B 76FF5D07 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenKey + 6 76FF5D32 4 Bytes JMP 59FE5D3E .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenKey + B 76FF5D37 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenKeyEx + 6 76FF5D42 4 Bytes CALL 75FF6530 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenKeyEx + B 76FF5D47 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenMutant + 6 76FF5D82 4 Bytes JMP E2FF0007 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenMutant + B 76FF5D87 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenProcess + 6 76FF5DB2 4 Bytes [68, EB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenProcess + B 76FF5DB7 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenProcessToken + 6 76FF5DC2 4 Bytes [A8, EB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenProcessToken + B 76FF5DC7 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenProcessTokenEx + 6 76FF5DD2 4 Bytes [68, EC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenProcessTokenEx + B 76FF5DD7 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenSection + 6 76FF5DF2 4 Bytes CALL 75FF65E1 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenSection + B 76FF5DF7 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenThread + 6 76FF5E32 4 Bytes [28, EB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenThread + B 76FF5E37 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenThreadToken + 6 76FF5E42 4 Bytes [28, EC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenThreadToken + B 76FF5E47 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenThreadTokenEx + 6 76FF5E52 4 Bytes [A8, EC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtOpenThreadTokenEx + B 76FF5E57 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtQueryAttributesFile + 6 76FF5F62 4 Bytes CALL 59FE5F6E .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtQueryAttributesFile + B 76FF5F67 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtQueryFullAttributesFile + 6 76FF6012 4 Bytes CALL 75FF67FF C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtQueryFullAttributesFile + B 76FF6017 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtSetInformationFile + 6 76FF6662 4 Bytes JMP 59FE666E .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtSetInformationFile + B 76FF6667 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtSetInformationThread + 6 76FF66C2 4 Bytes CALL 75FF6EB2 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtSetInformationThread + B 76FF66C7 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtUnmapViewOfSection + 6 76FF69E2 4 Bytes [28, ED, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ntdll.dll!NtUnmapViewOfSection + B 76FF69E7 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] kernel32.dll!CreateProcessW 7649204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] kernel32.dll!CreateProcessA 76492082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!ActivateKeyboardLayout 76E8820B 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!ScreenToClient 76E8A50E 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!RegisterClipboardFormatA 76E8C099 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!RegisterClipboardFormatW 76E8DF95 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!SetCursor 76E9307D 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!MonitorFromWindow 76E9362A 7 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!PostMessageW 76E94483 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!IsWindowVisible 76E94D71 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!GetClientRect 76E954ED 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!MapWindowPoints 76E95CBA 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!GetParent 76E96039 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!EmptyClipboard 76EA2924 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!SetClipboardData 76EA297A 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!GetClipboardData 76EA2BBF 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!GetClipboardFormatNameW 76EA5FEA 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!SetClipboardViewer 76EA700E 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!GetClipboardFormatNameA 76EA7022 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!ChangeClipboardChain 76EB1494 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!GetTopWindow 76EB24F1 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!CloseClipboard 76EB4484 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!OpenClipboard 76EB4496 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!IsClipboardFormatAvailable 76EB4517 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!GetClipboardSequenceNumber 76EB452B 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!GetClipboardOwner 76EB453D 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!CountClipboardFormats 76EB4721 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!EnumClipboardFormats 76EB4803 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!GetOpenClipboardWindow 76EB4822 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!SetCursorPos 76ECC266 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!GetClipboardViewer 76EE4BCB 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] user32.DLL!GetPriorityClipboardFormat 76EE4CCD 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!DeleteObject 753A5F14 5 Bytes JMP 000D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!SelectObject 753A6640 5 Bytes JMP 000D05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!SetTextColor 753A6906 5 Bytes JMP 000D0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!SetBkMode 753A69B1 5 Bytes JMP 000D08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!DeleteDC 753A6EAA 5 Bytes JMP 000D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!GetDeviceCaps 753A6F7F 5 Bytes JMP 000D03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!ExtSelectClipRgn 753A7114 5 Bytes JMP 000D02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!SelectClipRgn 753A7242 5 Bytes JMP 000D05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!GetCurrentObject 753A782B 5 Bytes JMP 000D0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!SetStretchBltMode 753A7872 5 Bytes JMP 000D06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!GetTextMetricsW 753A7B1F 5 Bytes JMP 000D0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!GetTextAlign 753A7D3F 5 Bytes JMP 000D0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!IntersectClipRect 753A7D8E 5 Bytes JMP 000D03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!ExtTextOutW 753A8122 5 Bytes JMP 000D0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!SetTextAlign 753A821E 5 Bytes JMP 000D09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!GetClipBox 753A84B5 5 Bytes JMP 000D0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!MoveToEx 753A8BB1 5 Bytes JMP 000D0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!StretchDIBits 753AA204 5 Bytes JMP 000D0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!RestoreDC 753AA341 5 Bytes JMP 000D0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!SaveDC 753AA411 5 Bytes JMP 000D0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!GetTextExtentPoint32W 753AB17D 5 Bytes JMP 000D0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!GetTextFaceW 753AB402 5 Bytes JMP 000D0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!GetFontData 753AB98C 5 Bytes JMP 000D0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!CreateDCA 753ABDC9 5 Bytes JMP 000D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!CreateDCW 753AC099 5 Bytes JMP 000D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!CreateICW 753AC0F0 5 Bytes JMP 000D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!SetWorldTransform 753ACD04 5 Bytes JMP 000D06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!GetTextMetricsA 753AD328 5 Bytes JMP 000D0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!Rectangle 753AF1BD 5 Bytes JMP 000D09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!LineTo 753AF559 5 Bytes JMP 000D0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!SetICMMode 753AFA62 5 Bytes JMP 000D0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!ExtTextOutA 753B0CDE 5 Bytes JMP 000D0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!GetTextExtentPoint32A 753B113D 5 Bytes JMP 000D0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!ExtEscape 753B2D09 5 Bytes JMP 000D02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!Escape 753B33C0 5 Bytes JMP 000D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!ResetDCW 753B3A5B 5 Bytes JMP 000D0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!EndPage 753B409A 5 Bytes JMP 000D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!SetPolyFillMode 753B6741 5 Bytes JMP 000D0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!SetMiterLimit 753B68FD 5 Bytes JMP 000D0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!GetTextFaceA 753C0C82 5 Bytes JMP 000D0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!GetGlyphOutlineW 753CC3A2 5 Bytes JMP 000D0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!CreateScalableFontResourceW 753CEA07 5 Bytes JMP 000D0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!AddFontResourceW 753CEE03 5 Bytes JMP 000D0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!RemoveFontResourceW 753CF2F9 5 Bytes JMP 000D0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!AbortDoc 753D4FAB 5 Bytes JMP 000D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!EndDoc 753D53F2 5 Bytes JMP 000D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!StartPage 753D54DD 5 Bytes JMP 000D0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!StartDocW 753D5EF8 5 Bytes JMP 000D07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!BeginPath 753D66A5 5 Bytes JMP 000D0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!SelectClipPath 753D66FC 5 Bytes JMP 000D0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!CloseFigure 753D6757 5 Bytes JMP 000D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!EndPath 753D67AE 5 Bytes JMP 000D0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!StrokePath 753D69E1 5 Bytes JMP 000D07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!FillPath 753D6A6E 5 Bytes JMP 000D0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!PolylineTo 753D6EDC 5 Bytes JMP 000D04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!PolyBezierTo 753D6F6D 5 Bytes JMP 000D04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] GDI32.dll!PolyDraw 753D701F 5 Bytes JMP 000D08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ole32.dll!OleSetClipboard 765D01DE 5 Bytes JMP 000F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ole32.dll!OleIsCurrentClipboard 765D365E 5 Bytes JMP 000F0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe[212] ole32.dll!OleGetClipboard 765FFD75 5 Bytes JMP 000F00B0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ntdll.dll!LdrLoadDll 77012611 5 Bytes JMP 6DCFA7DC C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!RegisterMessagePumpHook + 2F1 76E88BA6 7 Bytes JMP 5EF5BEC0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!IsDialogMessageW + 340 76E9444C 7 Bytes JMP 5EF5BF95 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!GetWindowInfo 76E94B66 5 Bytes JMP 5EF5E0C5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!ToUnicodeEx + 71 76EA223B 7 Bytes JMP 5EF5C82F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3820] ntdll.dll!NtCreateFile 76FF55EC 5 Bytes JMP 5E24FF71 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3820] ntdll.dll!NtFlushBuffersFile 76FF597C 5 Bytes JMP 5E24FCB1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3820] ntdll.dll!NtQueryFullAttributesFile 76FF600C 5 Bytes JMP 5E24FE64 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3820] ntdll.dll!NtReadFile 76FF62DC 5 Bytes JMP 5E24FCEB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3820] ntdll.dll!NtReadFileScatter 76FF62EC 5 Bytes JMP 5E5DF233 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3820] ntdll.dll!NtWriteFile 76FF6A8C 5 Bytes JMP 5E250115 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3820] ntdll.dll!NtWriteFileGather 76FF6A9C 5 Bytes JMP 5E5DF283 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3820] ntdll.dll!LdrLoadDll 77012611 5 Bytes JMP 6DCFA7DC C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3820] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 764D95DE 7 Bytes JMP 5E5C88D7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3820] kernel32.dll!QueryPerformanceCounter + 13 764DC5E5 7 Bytes JMP 5E5C92B8 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3820] kernel32.dll!LoadAppInitDlls + 355 764DF6A6 7 Bytes JMP 5E33C918 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3820] USER32.dll!GetWindowInfo 76E94B66 5 Bytes JMP 5F08AB31 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3820] GDI32.dll!GetViewportOrgEx + 26C 753A87DB 7 Bytes JMP 5E5C8258 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@5B131E4A 661 ---- EOF - GMER 2.1 ----