GMER 2.1.19355 - http://www.gmer.net Rootkit scan 2014-03-13 14:24:25 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST3160815AS rev.4.CCC 149,05GB Running: 5dn94k4h.exe; Driver: C:\Users\SANEX\AppData\Local\Temp\fwrdykog.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A84A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ABE212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? system32\drivers\06981823.sys System nie może odnaleźć określonej ścieżki. ! ? System32\Drivers\28925ee982f322e5.sys System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtCreateFile + 6 7778560E 4 Bytes [28, E0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtCreateFile + B 77785613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtCreateKey + 6 7778564E 4 Bytes [68, E1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtCreateKey + B 77785653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtCreateMutant + 6 7778568E 4 Bytes [68, E2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtCreateMutant + B 77785693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtCreateSection + 6 7778572E 4 Bytes [A8, E2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtCreateSection + B 77785733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtMapViewOfSection + 6 77785C6E 4 Bytes CALL 76786457 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtMapViewOfSection + B 77785C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenFile + 6 77785D1E 4 Bytes [68, E0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenFile + B 77785D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenKey + 6 77785D4E 4 Bytes [A8, E1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenKey + B 77785D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenKeyEx + 6 77785D5E 4 Bytes CALL 76786544 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenKeyEx + B 77785D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenMutant + 6 77785D9E 4 Bytes [28, E2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenMutant + B 77785DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenProcess + 6 77785DCE 4 Bytes [68, E3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenProcess + B 77785DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenProcessToken + 6 77785DDE 4 Bytes [A8, E3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenProcessToken + B 77785DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenProcessTokenEx + 6 77785DEE 4 Bytes [68, E4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenProcessTokenEx + B 77785DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenSection + 6 77785E0E 4 Bytes CALL 767865F5 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenSection + B 77785E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenThread + 6 77785E4E 4 Bytes [28, E3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenThread + B 77785E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenThreadToken + 6 77785E5E 4 Bytes [28, E4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenThreadToken + B 77785E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenThreadTokenEx + 6 77785E6E 4 Bytes [A8, E4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtOpenThreadTokenEx + B 77785E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtQueryAttributesFile + 6 77785F7E 4 Bytes [A8, E0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtQueryAttributesFile + B 77785F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtQueryFullAttributesFile + 6 7778602E 4 Bytes CALL 76786813 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtQueryFullAttributesFile + B 77786033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtSetInformationFile + 6 7778667E 4 Bytes [28, E1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtSetInformationFile + B 77786683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtSetInformationThread + 6 777866DE 4 Bytes CALL 76786EC6 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtSetInformationThread + B 777866E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtUnmapViewOfSection + 6 777869FE 4 Bytes [28, E5, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ntdll.dll!NtUnmapViewOfSection + B 77786A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] kernel32.dll!CreateProcessW 75B0204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] kernel32.dll!CreateProcessA 75B02082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!ActivateKeyboardLayout 77518203 5 Bytes JMP 001704F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!ScreenToClient 7751A506 7 Bytes JMP 00170670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!RegisterClipboardFormatA 7751C091 5 Bytes JMP 001702F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!RegisterClipboardFormatW 7751DF8D 5 Bytes JMP 001702B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!SetCursor 77523075 5 Bytes JMP 00170530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!MonitorFromWindow 77523622 7 Bytes JMP 00170630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!PostMessageW 7752447B 5 Bytes JMP 001705F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!IsWindowVisible 77524D69 7 Bytes JMP 001706B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!GetClientRect 775254DD 7 Bytes JMP 001705B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!MapWindowPoints 77525CAA 5 Bytes JMP 00170570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!GetParent 77526029 7 Bytes JMP 001706F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!EmptyClipboard 7753290C 5 Bytes JMP 00170130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!SetClipboardData 77532962 5 Bytes JMP 00170170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!GetClipboardData 77532BA7 5 Bytes JMP 00170030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!GetClipboardFormatNameW 77535FD2 5 Bytes JMP 00170230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!SetClipboardViewer 77536FF6 5 Bytes JMP 001704B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!GetClipboardFormatNameA 7753700A 5 Bytes JMP 00170270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!ChangeClipboardChain 7754147C 5 Bytes JMP 00170430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!GetTopWindow 775424D9 7 Bytes JMP 00170730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!CloseClipboard 7754446C 5 Bytes JMP 001700B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!OpenClipboard 7754447E 5 Bytes JMP 00170070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!IsClipboardFormatAvailable 775444FF 5 Bytes JMP 001700F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!GetClipboardSequenceNumber 77544513 5 Bytes JMP 00170330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!GetClipboardOwner 77544525 5 Bytes JMP 00170370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!CountClipboardFormats 7754470A 5 Bytes JMP 001701F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!EnumClipboardFormats 775447EC 5 Bytes JMP 001701B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!GetOpenClipboardWindow 7754480B 5 Bytes JMP 001703F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!SetCursorPos 7755C1B0 5 Bytes JMP 00170770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!GetClipboardViewer 77574AF7 5 Bytes JMP 00170470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] user32.DLL!GetPriorityClipboardFormat 77574BF9 5 Bytes JMP 001703B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!DeleteObject 75AB5F14 5 Bytes JMP 001801B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!SelectObject 75AB6640 5 Bytes JMP 001805F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!SetTextColor 75AB6906 5 Bytes JMP 00180A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!SetBkMode 75AB69B1 5 Bytes JMP 001808F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!DeleteDC 75AB6EAA 5 Bytes JMP 00180170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!GetDeviceCaps 75AB6F7F 5 Bytes JMP 001803B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!ExtSelectClipRgn 75AB7114 5 Bytes JMP 001802F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!SelectClipRgn 75AB7242 5 Bytes JMP 001805B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!SetStretchBltMode 75AB7705 5 Bytes JMP 001806B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!GetCurrentObject 75AB7917 5 Bytes JMP 00180370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!GetTextMetricsW 75AB7B8F 5 Bytes JMP 00180E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!GetTextAlign 75AB7DAF 5 Bytes JMP 00180D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!IntersectClipRect 75AB7DFE 5 Bytes JMP 001803F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!ExtTextOutW 75AB8192 5 Bytes JMP 00180970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!SetTextAlign 75AB828E 5 Bytes JMP 001809F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!GetClipBox 75AB8525 5 Bytes JMP 00180330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!MoveToEx 75AB8C21 5 Bytes JMP 00180470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!StretchDIBits 75ABA53E 5 Bytes JMP 00180770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!RestoreDC 75ABA67B 5 Bytes JMP 00180530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!SaveDC 75ABA74B 5 Bytes JMP 00180570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!GetTextExtentPoint32W 75ABB4B5 5 Bytes JMP 00180670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!GetTextFaceW 75ABB73A 2 Bytes JMP 00180D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!GetTextFaceW + 3 75ABB73D 2 Bytes [6C, 8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!GetFontData 75ABBCC4 5 Bytes JMP 00180C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!SetWorldTransform 75ABC90A 5 Bytes JMP 001806F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!CreateDCA 75ABCCA9 5 Bytes JMP 001800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!CreateDCW 75ABCF79 5 Bytes JMP 001800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!CreateICW 75ABCFD0 5 Bytes JMP 00180130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!GetTextMetricsA 75ABD0F2 5 Bytes JMP 00180DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!Rectangle 75ABF1FF 5 Bytes JMP 001809B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!LineTo 75ABF59B 5 Bytes JMP 00180430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!SetICMMode 75ABFAA4 5 Bytes JMP 00180DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!ExtTextOutA 75AC0D20 5 Bytes JMP 00180930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!GetTextExtentPoint32A 75AC117F 5 Bytes JMP 00180630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!ExtEscape 75AC2D49 5 Bytes JMP 001802B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!Escape 75AC3400 5 Bytes JMP 00180270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!ResetDCW 75AC3A9B 5 Bytes JMP 00180AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!EndPage 75AC40DA 5 Bytes JMP 00180230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!SetPolyFillMode 75AC67E1 5 Bytes JMP 00180B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!SetMiterLimit 75AC699D 5 Bytes JMP 00180B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!GetTextFaceA 75AD0D22 5 Bytes JMP 00180CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!GetGlyphOutlineW 75ADC2DA 5 Bytes JMP 00180CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!CreateScalableFontResourceW 75ADE937 5 Bytes JMP 00180BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!AddFontResourceW 75ADED33 5 Bytes JMP 00180BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!RemoveFontResourceW 75ADF229 5 Bytes JMP 00180C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!AbortDoc 75AE4E29 5 Bytes JMP 00180030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!EndDoc 75AE5270 5 Bytes JMP 001801F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!StartPage 75AE535B 5 Bytes JMP 00180730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!StartDocW 75AE5D76 5 Bytes JMP 001807F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!BeginPath 75AE651D 5 Bytes JMP 00180830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!SelectClipPath 75AE6574 5 Bytes JMP 00180AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!CloseFigure 75AE65CF 5 Bytes JMP 00180070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!EndPath 75AE6626 5 Bytes JMP 00180A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!StrokePath 75AE6859 5 Bytes JMP 001807B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!FillPath 75AE68E6 5 Bytes JMP 00180870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!PolylineTo 75AE6D54 5 Bytes JMP 001804F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!PolyBezierTo 75AE6DE5 5 Bytes JMP 001804B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] GDI32.dll!PolyDraw 75AE6E97 5 Bytes JMP 001808B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ole32.dll!OleSetClipboard 77640045 5 Bytes JMP 001A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ole32.dll!OleIsCurrentClipboard 776436B2 5 Bytes JMP 001A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe[2132] ole32.dll!OleGetClipboard 7766FDCD 5 Bytes JMP 001A00B0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3512] ntdll.dll!LdrGetProcedureAddress + 26 777A22A9 7 Bytes JMP 714C1FFD C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3512] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75B4941E 7 Bytes JMP 6584049D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3512] kernel32.dll!QueryPerformanceCounter + 13 75B4C425 7 Bytes JMP 65840455 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3512] kernel32.dll!LoadAppInitDlls + 355 75B4F4E6 3 Bytes JMP 65455A06 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3512] kernel32.dll!LoadAppInitDlls + 359 75B4F4EA 3 Bytes [EF, EB, F9] {OUT DX, EAX; JMP 0xfffffffc} .text C:\Program Files\Mozilla Firefox\firefox.exe[3512] GDI32.dll!GetViewportOrgEx + 26C 75AB884B 7 Bytes JMP 658404C4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4072] USER32.dll!GetWindowInfo 77524B5E 5 Bytes JMP 6579B2EA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4072] USER32.dll!ToUnicodeEx + 71 77532223 7 Bytes JMP 65794E6D C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\49119199 \Device\KLMD03022014_02100004_B 06981823.sys Device \Driver\00000653 \Device\KLMD03022014_02100004 06981823.sys ---- EOF - GMER 2.1 ----