GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-08 22:32:59 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD160JJ rev.WU100-33 Running: 8ork1ldi.exe; Driver: C:\Users\Kawka\AppData\Local\Temp\fwddykow.sys ---- System - GMER 1.0.15 ---- SSDT 86401BE8 ZwAlertResumeThread SSDT 86401CC8 ZwAlertThread SSDT 86402620 ZwAllocateVirtualMemory SSDT 86393A08 ZwAlpcConnectPort SSDT 86400DB8 ZwAssignProcessToJobObject SSDT 86401938 ZwCreateMutant SSDT 86400AD8 ZwCreateSymbolicLinkObject SSDT 86402B28 ZwCreateThread SSDT 86400BC8 ZwCreateThreadEx SSDT 86401470 ZwDebugActiveProcess SSDT 864027F0 ZwDuplicateObject SSDT 86402440 ZwFreeVirtualMemory SSDT 86401A28 ZwImpersonateAnonymousToken SSDT 86401B08 ZwImpersonateThread SSDT 863903C0 ZwLoadDriver SSDT 86402340 ZwMapViewOfSection SSDT 86401858 ZwOpenEvent SSDT 864029D0 ZwOpenProcess SSDT 86402710 ZwOpenProcessToken SSDT 86401698 ZwOpenSection SSDT 864028E0 ZwOpenThread SSDT 86400CC8 ZwProtectVirtualMemory SSDT 86401DA8 ZwResumeThread SSDT 86402090 ZwSetContextThread SSDT 86402170 ZwSetInformationProcess SSDT 86401550 ZwSetSystemInformation SSDT 86401778 ZwSuspendProcess SSDT 86401E88 ZwSuspendThread SSDT 863FF058 ZwTerminateProcess SSDT 86401F48 ZwTerminateThread SSDT 86402260 ZwUnmapViewOfSection SSDT 86402530 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A4D579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A71F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 224 82A79724 8 Bytes [E8, 1B, 40, 86, C8, 1C, 40, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 82A7973C 4 Bytes [20, 26, 40, 86] .text ntkrnlpa.exe!RtlSidHashLookup + 248 82A79748 4 Bytes [08, 3A, 39, 86] .text ntkrnlpa.exe!RtlSidHashLookup + 29C 82A7979C 4 Bytes [B8, 0D, 40, 86] .text ntkrnlpa.exe!RtlSidHashLookup + 318 82A79818 4 Bytes [38, 19, 40, 86] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92A04000, 0x227A14, 0xE8000020] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A1D7E000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A1D7E123 629 Bytes [95, D7, A1, FE, 05, 34, 95, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A1D7E399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F A1D7E3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B A1D7E4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text D:\Mozilla Farjerfox\firefox.exe[3964] ntdll.dll!wcsncmp + 33B 7728F580 7 Bytes JMP 6BB50C00 D:\Mozilla Farjerfox\xul.dll (Mozilla Foundation) .text D:\Mozilla Farjerfox\firefox.exe[3964] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 76ABC0CF 7 Bytes JMP 6BD87B29 D:\Mozilla Farjerfox\xul.dll (Mozilla Foundation) .text D:\Mozilla Farjerfox\firefox.exe[3964] kernel32.dll!CloseHandle + 38 76AC05EF 7 Bytes JMP 6BD87B4C D:\Mozilla Farjerfox\xul.dll (Mozilla Foundation) .text D:\Mozilla Farjerfox\firefox.exe[3964] kernel32.dll!GetExitCodeProcess + 2C 76AC313D 7 Bytes JMP 6BB53FAC D:\Mozilla Farjerfox\xul.dll (Mozilla Foundation) .text D:\Mozilla Farjerfox\firefox.exe[3964] GDI32.dll!GetViewportOrgEx + 21C 757185EB 7 Bytes JMP 6BD87AAA D:\Mozilla Farjerfox\xul.dll (Mozilla Foundation) .text D:\Mozilla Farjerfox\plugin-container.exe[5800] USER32.dll!CharToOemA + 3A 7686B1DE 7 Bytes JMP 6BE5DF63 D:\Mozilla Farjerfox\xul.dll (Mozilla Foundation) .text D:\Mozilla Farjerfox\plugin-container.exe[5800] USER32.dll!AdjustWindowRectEx + 117 7687660F 7 Bytes JMP 6BE5DEF2 D:\Mozilla Farjerfox\xul.dll (Mozilla Foundation) .text D:\Mozilla Farjerfox\plugin-container.exe[5800] USER32.dll!GetWindowInfo 76876A82 5 Bytes JMP 6BCA4536 D:\Mozilla Farjerfox\xul.dll (Mozilla Foundation) .text D:\Mozilla Farjerfox\plugin-container.exe[5800] USER32.dll!MenuItemFromPoint + F 76894B36 7 Bytes JMP 6BCA4B35 D:\Mozilla Farjerfox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtCreateFile + 6 77274A16 4 Bytes [28, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtCreateFile + B 77274A1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtCreateKey + 6 77274A56 4 Bytes [68, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtCreateKey + B 77274A5B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtCreateMutant + 6 77274A96 4 Bytes [68, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtCreateMutant + B 77274A9B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtCreateSection + 6 77274B36 4 Bytes [A8, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtCreateSection + B 77274B3B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtMapViewOfSection + B 7727507B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenFile + 6 77275126 4 Bytes [68, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenFile + B 7727512B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenKey + 6 77275156 4 Bytes [A8, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenKey + B 7727515B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenKeyEx + B 7727516B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenMutant + 6 772751A6 4 Bytes [28, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenMutant + B 772751AB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenProcess + 6 772751D6 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenProcess + 6 772751D6 4 Bytes [68, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenProcess + B 772751DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenProcessToken + 6 772751E6 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenProcessToken + 6 772751E6 4 Bytes [A8, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenProcessToken + B 772751EB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenProcessTokenEx + 6 772751F6 4 Bytes [68, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenProcessTokenEx + B 772751FB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenSection + B 7727521B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenThread + 6 77275256 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenThread + 6 77275256 4 Bytes [28, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenThread + B 7727525B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenThreadToken + 6 77275266 4 Bytes [28, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenThreadToken + B 7727526B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenThreadTokenEx + 6 77275276 4 Bytes [A8, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtOpenThreadTokenEx + B 7727527B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtQueryAttributesFile + 6 77275386 4 Bytes [A8, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtQueryAttributesFile + B 7727538B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtQueryFullAttributesFile + B 7727543B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtSetInformationFile + 6 77275A86 4 Bytes [28, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtSetInformationFile + B 77275A8B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtSetInformationThread + 6 77275AE6 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtSetInformationThread + B 77275AEB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtUnmapViewOfSection + 6 77275E06 4 Bytes [28, 05, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ntdll.dll!NtUnmapViewOfSection + B 77275E0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] kernel32.dll!CreateProcessW 76A7202D 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] kernel32.dll!CreateProcessA 76A72062 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!SelectObject 757161D0 5 Bytes JMP 000A05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!SetTextColor 75716622 5 Bytes JMP 000A0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!SetBkMode 757166CD 5 Bytes JMP 000A08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!DeleteObject 757168B4 5 Bytes JMP 000A01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!DeleteDC 75716A2C 5 Bytes JMP 000A0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!ExtSelectClipRgn 75716C72 5 Bytes JMP 000A02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!SelectClipRgn 75716D84 5 Bytes JMP 000A05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!GetDeviceCaps 75716E03 5 Bytes JMP 000A03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!SetStretchBltMode 757173CE 5 Bytes JMP 000A06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!GetCurrentObject 7571777C 5 Bytes JMP 000A0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!GetTextMetricsW 7571798F 5 Bytes JMP 000A0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!IntersectClipRect 75717CCA 5 Bytes JMP 000A03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!GetTextAlign 75717D15 5 Bytes JMP 000A0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!SetTextAlign 75717F92 5 Bytes JMP 000A09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!ExtTextOutW 75718053 5 Bytes JMP 000A0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!GetClipBox 757181F2 5 Bytes JMP 000A0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!MoveToEx 75718A16 5 Bytes JMP 000A0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!CreateDCA 75719975 5 Bytes JMP 000A00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!RestoreDC 75719A10 5 Bytes JMP 000A0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!SaveDC 75719AD2 5 Bytes JMP 000A0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!StretchDIBits 7571AC38 5 Bytes JMP 000A0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!GetTextFaceW 7571B4CC 5 Bytes JMP 000A0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!GetTextExtentPoint32W 7571B535 5 Bytes JMP 000A0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!GetFontData 7571B8E8 5 Bytes JMP 000A0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!CreateDCW 7571BD21 5 Bytes JMP 000A00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!CreateICW 7571C660 5 Bytes JMP 000A0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!LineTo 7571CA20 5 Bytes JMP 000A0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!SetWorldTransform 7571CB42 5 Bytes JMP 000A06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!GetTextMetricsA 7571CE46 5 Bytes JMP 000A0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!Rectangle 7571F5BE 5 Bytes JMP 000A09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!SetICMMode 7571F8D4 5 Bytes JMP 000A0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!ExtTextOutA 75720158 5 Bytes JMP 000A0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!GetTextExtentPoint32A 757208BB 5 Bytes JMP 000A0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!Escape 75720B0D 5 Bytes JMP 000A0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!ExtEscape 75723472 5 Bytes JMP 000A02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!GetTextFaceA 75723E49 5 Bytes JMP 000A0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!SetPolyFillMode 75726CE1 5 Bytes JMP 000A0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!SetMiterLimit 75726E54 5 Bytes JMP 000A0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!ResetDCW 7573031C 5 Bytes JMP 000A0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!EndPage 757307CD 5 Bytes JMP 000A0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!GetGlyphOutlineW 7573C292 5 Bytes JMP 000A0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!CreateScalableFontResourceW 7573E8EF 5 Bytes JMP 000A0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!AddFontResourceW 7573ECEB 5 Bytes JMP 000A0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!RemoveFontResourceW 7573F1E1 5 Bytes JMP 000A0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!AbortDoc 75744D37 5 Bytes JMP 000A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!EndDoc 7574517E 5 Bytes JMP 000A01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!StartPage 75745269 5 Bytes JMP 000A0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!StartDocW 75745BB6 5 Bytes JMP 000A07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!BeginPath 7574635D 5 Bytes JMP 000A0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!SelectClipPath 757463B4 5 Bytes JMP 000A0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!CloseFigure 7574640F 5 Bytes JMP 000A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!EndPath 75746466 5 Bytes JMP 000A0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!StrokePath 75746699 5 Bytes JMP 000A07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!FillPath 75746726 5 Bytes JMP 000A0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!PolylineTo 75746B94 5 Bytes JMP 000A04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!PolyBezierTo 75746C25 5 Bytes JMP 000A04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] GDI32.dll!PolyDraw 75746CD7 5 Bytes JMP 000A08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!ActivateKeyboardLayout 7686817D 5 Bytes JMP 000B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!ScreenToClient 7686C1F2 7 Bytes JMP 000B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!RegisterClipboardFormatA 7686E6B1 5 Bytes JMP 000B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!RegisterClipboardFormatW 7686EDFD 5 Bytes JMP 000B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!SetCursor 768752EA 5 Bytes JMP 000B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!MonitorFromWindow 7687590A 7 Bytes JMP 000B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!PostMessageW 76876225 5 Bytes JMP 000B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!IsWindowVisible 76876939 7 Bytes JMP 000B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!GetClientRect 768774B1 7 Bytes JMP 000B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!MapWindowPoints 76877915 5 Bytes JMP 000B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!GetParent 76877AB3 7 Bytes JMP 000B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!SetClipboardData 76884979 5 Bytes JMP 000B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!EmptyClipboard 76884A28 5 Bytes JMP 000B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!GetClipboardData 76884B47 5 Bytes JMP 000B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!EnumClipboardFormats 76884D98 5 Bytes JMP 000B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!GetClipboardFormatNameW 76887EB2 5 Bytes JMP 000B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!SetClipboardViewer 76888F4D 5 Bytes JMP 000B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!GetClipboardFormatNameA 76888F61 5 Bytes JMP 000B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!GetOpenClipboardWindow 7688902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!GetOpenClipboardWindow 7688902F 5 Bytes JMP 000B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!ChangeClipboardChain 76893425 5 Bytes JMP 000B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!GetTopWindow 76893A5D 7 Bytes JMP 000B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!CloseClipboard 76895BA7 5 Bytes JMP 000B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!OpenClipboard 76895BB9 5 Bytes JMP 000B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!IsClipboardFormatAvailable 76895C3A 5 Bytes JMP 000B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!GetClipboardSequenceNumber 76895C4E 5 Bytes JMP 000B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!GetClipboardOwner 76895C60 5 Bytes JMP 000B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!CountClipboardFormats 76895DC9 5 Bytes JMP 000B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!SetCursorPos 768AC1D8 5 Bytes JMP 000B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!GetClipboardViewer 768C4B57 5 Bytes JMP 000B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] USER32.dll!GetPriorityClipboardFormat 768C4C59 5 Bytes JMP 000B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ole32.dll!OleSetClipboard 764BF1F6 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ole32.dll!OleIsCurrentClipboard 764C2370 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe[6068] ole32.dll!OleGetClipboard 764EF71D 5 Bytes JMP 000C00B0 ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----