GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-15 11:00:57 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000064 Hitachi_ rev.PB2O 232,89GB Running: p02h3h4q.exe; Driver: C:\Users\Oem5\AppData\Local\Temp\aftcyaob.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x83202444] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x83201C8A] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x83201958] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x83203520] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x83201A68] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x83201B5A] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x83202780] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x83201F9C] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x832020D2] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8320177E] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x832026C8] SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x832022BC] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C85A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBF212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82CC6504 4 Bytes [44, 24, 20, 83] .text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82CC6544 4 Bytes [8A, 1C, 20, 83] .text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82CC6554 4 Bytes [58, 19, 20, 83] .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CC658C 4 Bytes [20, 35, 20, 83] .text ntkrnlpa.exe!KeRemoveQueueEx + 1243 82CC65D8 4 Bytes [68, 1A, 20, 83] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9301B000, 0x38E935, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1304] USER32.dll!RegisterMessagePumpHook + 2F1 76AB8B9E 7 Bytes JMP 658076A0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1304] USER32.dll!IsDialogMessageW + 340 76AC4444 7 Bytes JMP 65807711 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1304] USER32.dll!GetWindowInfo 76AC4B5E 5 Bytes JMP 6580B2EA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1304] USER32.dll!ToUnicodeEx + 71 76AD2223 7 Bytes JMP 65804E6D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1316] ntdll.dll!LdrGetProcedureAddress + 26 77BA22A9 7 Bytes JMP 66911FFD C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1316] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 77CC941E 7 Bytes JMP 658B049D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1316] kernel32.dll!QueryPerformanceCounter + 13 77CCC425 7 Bytes JMP 658B0455 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1316] kernel32.dll!LoadAppInitDlls + 355 77CCF4E6 7 Bytes JMP 654C5A06 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1316] USER32.dll!GetWindowInfo 76AC4B5E 5 Bytes JMP 65BB5984 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1316] GDI32.dll!GetViewportOrgEx + 26C 75EC884B 7 Bytes JMP 658B04C4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtCreateFile + 6 77B8560E 4 Bytes [28, 30, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtCreateFile + B 77B85613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtCreateKey + 6 77B8564E 4 Bytes [68, 31, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtCreateKey + B 77B85653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtCreateMutant + 6 77B8568E 4 Bytes [68, 32, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtCreateMutant + B 77B85693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtCreateSection + 6 77B8572E 4 Bytes [A8, 32, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtCreateSection + B 77B85733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtMapViewOfSection + 6 77B85C6E 4 Bytes CALL 76B863A7 C:\Windows\system32\COMDLG32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtMapViewOfSection + B 77B85C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenFile + 6 77B85D1E 4 Bytes [68, 30, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenFile + B 77B85D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenKey + 6 77B85D4E 4 Bytes [A8, 31, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenKey + B 77B85D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenKeyEx + 6 77B85D5E 4 Bytes CALL 76B86494 C:\Windows\system32\COMDLG32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenKeyEx + B 77B85D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenMutant + 6 77B85D9E 4 Bytes [28, 32, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenMutant + B 77B85DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenProcess + 6 77B85DCE 4 Bytes [68, 33, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenProcess + B 77B85DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenProcessToken + 6 77B85DDE 4 Bytes [A8, 33, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenProcessToken + B 77B85DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenProcessTokenEx + 6 77B85DEE 4 Bytes [68, 34, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenProcessTokenEx + B 77B85DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenSection + 6 77B85E0E 4 Bytes CALL 76B86545 C:\Windows\system32\COMDLG32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenSection + B 77B85E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenThread + 6 77B85E4E 4 Bytes [28, 33, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenThread + B 77B85E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenThreadToken + 6 77B85E5E 4 Bytes [28, 34, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenThreadToken + B 77B85E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenThreadTokenEx + 6 77B85E6E 4 Bytes [A8, 34, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtOpenThreadTokenEx + B 77B85E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtQueryAttributesFile + 6 77B85F7E 4 Bytes [A8, 30, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtQueryAttributesFile + B 77B85F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtQueryFullAttributesFile + 6 77B8602E 4 Bytes CALL 76B86763 C:\Windows\system32\COMDLG32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtQueryFullAttributesFile + B 77B86033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtSetInformationFile + 6 77B8667E 4 Bytes [28, 31, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtSetInformationFile + B 77B86683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtSetInformationThread + 6 77B866DE 4 Bytes CALL 76B86E16 C:\Windows\system32\COMDLG32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtSetInformationThread + B 77B866E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtUnmapViewOfSection + 6 77B869FE 4 Bytes [28, 35, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ntdll.dll!NtUnmapViewOfSection + B 77B86A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] kernel32.dll!CreateProcessW 77C8204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] kernel32.dll!CreateProcessA 77C82082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!ActivateKeyboardLayout 76AB8203 5 Bytes JMP 001004F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!ScreenToClient 76ABA506 7 Bytes JMP 00100670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!RegisterClipboardFormatA 76ABC091 5 Bytes JMP 001002F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!RegisterClipboardFormatW 76ABDF8D 5 Bytes JMP 001002B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!SetCursor 76AC3075 5 Bytes JMP 00100530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!MonitorFromWindow 76AC3622 7 Bytes JMP 00100630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!PostMessageW 76AC447B 5 Bytes JMP 001005F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!IsWindowVisible 76AC4D69 7 Bytes JMP 001006B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!GetClientRect 76AC54DD 7 Bytes JMP 001005B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!MapWindowPoints 76AC5CAA 5 Bytes JMP 00100570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!GetParent 76AC6029 7 Bytes JMP 001006F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!EmptyClipboard 76AD290C 5 Bytes JMP 00100130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!SetClipboardData 76AD2962 5 Bytes JMP 00100170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!GetClipboardData 76AD2BA7 5 Bytes JMP 00100030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!GetClipboardFormatNameW 76AD5FD2 5 Bytes JMP 00100230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!SetClipboardViewer 76AD6FF6 5 Bytes JMP 001004B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!GetClipboardFormatNameA 76AD700A 5 Bytes JMP 00100270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!ChangeClipboardChain 76AE147C 5 Bytes JMP 00100430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!GetTopWindow 76AE24D9 7 Bytes JMP 00100730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!CloseClipboard 76AE446C 5 Bytes JMP 001000B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!OpenClipboard 76AE447E 5 Bytes JMP 00100070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!IsClipboardFormatAvailable 76AE44FF 5 Bytes JMP 001000F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!GetClipboardSequenceNumber 76AE4513 5 Bytes JMP 00100330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!GetClipboardOwner 76AE4525 5 Bytes JMP 00100370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!CountClipboardFormats 76AE470A 5 Bytes JMP 001001F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!EnumClipboardFormats 76AE47EC 5 Bytes JMP 001001B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!GetOpenClipboardWindow 76AE480B 5 Bytes JMP 001003F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!SetCursorPos 76AFC1B0 5 Bytes JMP 00100770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!GetClipboardViewer 76B14AF7 5 Bytes JMP 00100470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] user32.DLL!GetPriorityClipboardFormat 76B14BF9 5 Bytes JMP 001003B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!DeleteObject 75EC5F14 5 Bytes JMP 001101B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!SelectObject 75EC6640 5 Bytes JMP 001105F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!SetTextColor 75EC6906 5 Bytes JMP 00110A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!SetBkMode 75EC69B1 5 Bytes JMP 001108F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!DeleteDC 75EC6EAA 5 Bytes JMP 00110170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!GetDeviceCaps 75EC6F7F 5 Bytes JMP 001103B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!ExtSelectClipRgn 75EC7114 5 Bytes JMP 001102F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!SelectClipRgn 75EC7242 5 Bytes JMP 001105B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!SetStretchBltMode 75EC7705 5 Bytes JMP 001106B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!GetCurrentObject 75EC7917 5 Bytes JMP 00110370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!GetTextMetricsW 75EC7B8F 5 Bytes JMP 00110E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!GetTextAlign 75EC7DAF 5 Bytes JMP 00110D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!IntersectClipRect 75EC7DFE 5 Bytes JMP 001103F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!ExtTextOutW 75EC8192 5 Bytes JMP 00110970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!SetTextAlign 75EC828E 5 Bytes JMP 001109F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!GetClipBox 75EC8525 5 Bytes JMP 00110330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!MoveToEx 75EC8C21 5 Bytes JMP 00110470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!StretchDIBits 75ECA53E 5 Bytes JMP 00110770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!RestoreDC 75ECA67B 5 Bytes JMP 00110530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!SaveDC 75ECA74B 5 Bytes JMP 00110570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!GetTextExtentPoint32W 75ECB4B5 5 Bytes JMP 00110670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!GetTextFaceW 75ECB73A 2 Bytes JMP 00110D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!GetTextFaceW + 3 75ECB73D 2 Bytes [24, 8A] {AND AL, 0x8a} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!GetFontData 75ECBCC4 5 Bytes JMP 00110C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!SetWorldTransform 75ECC90A 5 Bytes JMP 001106F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!CreateDCA 75ECCCA9 5 Bytes JMP 001100B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!CreateDCW 75ECCF79 5 Bytes JMP 001100F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!CreateICW 75ECCFD0 5 Bytes JMP 00110130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!GetTextMetricsA 75ECD0F2 5 Bytes JMP 00110DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!Rectangle 75ECF1FF 5 Bytes JMP 001109B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!LineTo 75ECF59B 5 Bytes JMP 00110430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!SetICMMode 75ECFAA4 5 Bytes JMP 00110DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!ExtTextOutA 75ED0D20 5 Bytes JMP 00110930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!GetTextExtentPoint32A 75ED117F 5 Bytes JMP 00110630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!ExtEscape 75ED2D49 5 Bytes JMP 001102B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!Escape 75ED3400 5 Bytes JMP 00110270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!ResetDCW 75ED3A9B 5 Bytes JMP 00110AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!EndPage 75ED40DA 5 Bytes JMP 00110230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!SetPolyFillMode 75ED67E1 5 Bytes JMP 00110B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!SetMiterLimit 75ED699D 5 Bytes JMP 00110B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!GetTextFaceA 75EE0D22 5 Bytes JMP 00110CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!GetGlyphOutlineW 75EEC2DA 5 Bytes JMP 00110CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!CreateScalableFontResourceW 75EEE937 5 Bytes JMP 00110BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!AddFontResourceW 75EEED33 5 Bytes JMP 00110BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!RemoveFontResourceW 75EEF229 5 Bytes JMP 00110C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!AbortDoc 75EF4E29 5 Bytes JMP 00110030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!EndDoc 75EF5270 5 Bytes JMP 001101F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!StartPage 75EF535B 5 Bytes JMP 00110730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!StartDocW 75EF5D76 5 Bytes JMP 001107F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!BeginPath 75EF651D 5 Bytes JMP 00110830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!SelectClipPath 75EF6574 5 Bytes JMP 00110AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!CloseFigure 75EF65CF 5 Bytes JMP 00110070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!EndPath 75EF6626 5 Bytes JMP 00110A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!StrokePath 75EF6859 5 Bytes JMP 001107B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!FillPath 75EF68E6 5 Bytes JMP 00110870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!PolylineTo 75EF6D54 5 Bytes JMP 001104F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!PolyBezierTo 75EF6DE5 5 Bytes JMP 001104B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] GDI32.dll!PolyDraw 75EF6E97 5 Bytes JMP 001108B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ole32.dll!OleSetClipboard 760E0045 5 Bytes JMP 00300030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ole32.dll!OleIsCurrentClipboard 760E36B2 5 Bytes JMP 00300070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[2376] ole32.dll!OleGetClipboard 7610FDCD 5 Bytes JMP 003000B0 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{49D359DC-1BA0-11E3-B182-806E6F6E6963} 1595274224 ---- EOF - GMER 2.1 ----