GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-20 11:47:24 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SP1604N rev.TM100-30 149,05GB Running: j65gotwr.exe; Driver: C:\Users\PATRIO~1\AppData\Local\Temp\axtcikog.sys ---- Kernel code sections - GMER 2.2 ---- .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C768E9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C963B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90426000, 0x3AB565, 0xE8000020] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1928] ntdll.dll!LdrLoadDll 7795F585 5 Bytes JMP 6C288230 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1928] USER32.dll!CreateWindowExA 75D5E18A 5 Bytes JMP 558A11A3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1928] USER32.dll!CreateWindowExW 75D60E51 5 Bytes JMP 553D8839 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1928] USER32.dll!GetWindowInfo 75D66A82 5 Bytes JMP 56247F19 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1928] USER32.dll!MenuItemFromPoint + F 75D84B36 7 Bytes JMP 56246501 C:\Program Files\Mozilla Firefox\xul.dll .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtCreateFile + 6 77944A16 4 Bytes [28, 98, 93, 00] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtCreateFile + B 77944A1B 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtCreateKey + 6 77944A56 4 Bytes [68, 99, 93, 00] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtCreateKey + B 77944A5B 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtMapViewOfSection + B 7794507B 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenFile + 6 77945126 4 Bytes [68, 98, 93, 00] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenFile + B 7794512B 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenKey + 6 77945156 4 Bytes [A8, 99, 93, 00] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenKey + B 7794515B 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenKeyEx + B 7794516B 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenProcess + 6 779451D6 4 Bytes [68, 9A, 93, 00] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenProcess + B 779451DB 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenProcessToken + 6 779451E6 4 Bytes [A8, 9A, 93, 00] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenProcessToken + B 779451EB 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenProcessTokenEx + 6 779451F6 4 Bytes [68, 9B, 93, 00] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenProcessTokenEx + B 779451FB 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenThread + 6 77945256 4 Bytes [28, 9A, 93, 00] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenThread + B 7794525B 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenThreadToken + 6 77945266 4 Bytes [28, 9B, 93, 00] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenThreadToken + B 7794526B 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenThreadTokenEx + 6 77945276 4 Bytes [A8, 9B, 93, 00] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtOpenThreadTokenEx + B 7794527B 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtQueryAttributesFile + 6 77945386 4 Bytes [A8, 98, 93, 00] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtQueryAttributesFile + B 7794538B 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtQueryFullAttributesFile + B 7794543B 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtSetInformationFile + 6 77945A86 4 Bytes [28, 99, 93, 00] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtSetInformationFile + B 77945A8B 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtSetInformationThread + B 77945AEB 1 Byte [E2] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtUnmapViewOfSection + 6 77945E06 4 Bytes [28, 9C, 93, 00] .text D:\Programy\steam\bin\cef\cef.win7\steamwebhelper.exe[2608] ntdll.dll!NtUnmapViewOfSection + B 77945E0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtCreateFile + 6 77944A16 4 Bytes [28, 20, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtCreateFile + B 77944A1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtCreateKey + 6 77944A56 4 Bytes [68, 21, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtCreateKey + B 77944A5B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtCreateMutant + 6 77944A96 4 Bytes [68, 22, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtCreateMutant + B 77944A9B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtCreateSection + 6 77944B36 4 Bytes [A8, 22, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtCreateSection + B 77944B3B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtMapViewOfSection + B 7794507B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenFile + 6 77945126 4 Bytes [68, 20, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenFile + B 7794512B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenKey + 6 77945156 4 Bytes [A8, 21, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenKey + B 7794515B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenKeyEx + B 7794516B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenMutant + 6 779451A6 4 Bytes [28, 22, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenMutant + B 779451AB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenProcess + 6 779451D6 4 Bytes [68, 23, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenProcess + B 779451DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenProcessToken + 6 779451E6 4 Bytes [A8, 23, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenProcessToken + B 779451EB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenProcessTokenEx + 6 779451F6 4 Bytes [68, 24, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenProcessTokenEx + B 779451FB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenSection + B 7794521B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenThread + 6 77945256 4 Bytes [28, 23, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenThread + B 7794525B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenThreadToken + 6 77945266 4 Bytes [28, 24, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenThreadToken + B 7794526B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenThreadTokenEx + 6 77945276 4 Bytes [A8, 24, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtOpenThreadTokenEx + B 7794527B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtQueryAttributesFile + 6 77945386 4 Bytes [A8, 20, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtQueryAttributesFile + B 7794538B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtQueryFullAttributesFile + B 7794543B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtSetInformationFile + 6 77945A86 4 Bytes [28, 21, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtSetInformationFile + B 77945A8B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtSetInformationThread + B 77945AEB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtUnmapViewOfSection + 6 77945E06 4 Bytes [28, 25, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ntdll.dll!NtUnmapViewOfSection + B 77945E0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] kernel32.dll!CreateProcessW 764F202D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] kernel32.dll!CreateProcessA 764F2062 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!SelectObject 75E461D0 5 Bytes JMP 001C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!SetTextColor 75E46622 5 Bytes JMP 001C0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!SetBkMode 75E466CD 5 Bytes JMP 001C08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!DeleteObject 75E468B4 5 Bytes JMP 001C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!DeleteDC 75E46A2C 5 Bytes JMP 001C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!ExtSelectClipRgn 75E46C72 5 Bytes JMP 001C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!SelectClipRgn 75E46D84 5 Bytes JMP 001C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!GetDeviceCaps 75E46E03 5 Bytes JMP 001C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!SetStretchBltMode 75E473CE 5 Bytes JMP 001C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!GetCurrentObject 75E4777C 5 Bytes JMP 001C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!GetTextMetricsW 75E4798F 5 Bytes JMP 001C0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!IntersectClipRect 75E47CCA 5 Bytes JMP 001C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!GetTextAlign 75E47D15 5 Bytes JMP 001C0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!SetTextAlign 75E47F92 5 Bytes JMP 001C09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!ExtTextOutW 75E48053 5 Bytes JMP 001C0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!GetClipBox 75E481F2 5 Bytes JMP 001C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!MoveToEx 75E48A16 5 Bytes JMP 001C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!CreateDCA 75E49975 5 Bytes JMP 001C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!RestoreDC 75E49A10 5 Bytes JMP 001C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!SaveDC 75E49AD2 5 Bytes JMP 001C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!StretchDIBits 75E4AC38 5 Bytes JMP 001C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!GetTextFaceW 75E4B4CC 5 Bytes JMP 001C0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!GetTextExtentPoint32W 75E4B535 5 Bytes JMP 001C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!GetFontData 75E4B8E8 5 Bytes JMP 001C0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!CreateDCW 75E4BD21 5 Bytes JMP 001C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!CreateICW 75E4C660 5 Bytes JMP 001C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!LineTo 75E4CA20 5 Bytes JMP 001C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!SetWorldTransform 75E4CB42 5 Bytes JMP 001C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!GetTextMetricsA 75E4CE46 5 Bytes JMP 001C0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!Rectangle 75E4F5BE 5 Bytes JMP 001C09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!SetICMMode 75E4F8D4 5 Bytes JMP 001C0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!ExtTextOutA 75E50158 5 Bytes JMP 001C0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!GetTextExtentPoint32A 75E508BB 5 Bytes JMP 001C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!Escape 75E50B0D 5 Bytes JMP 001C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!ExtEscape 75E53472 5 Bytes JMP 001C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!GetTextFaceA 75E53E49 5 Bytes JMP 001C0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!SetPolyFillMode 75E56CE1 5 Bytes JMP 001C0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!SetMiterLimit 75E56E54 5 Bytes JMP 001C0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!ResetDCW 75E6031C 5 Bytes JMP 001C0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!EndPage 75E607CD 5 Bytes JMP 001C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!GetGlyphOutlineW 75E6C292 5 Bytes JMP 001C0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!CreateScalableFontResourceW 75E6E8EF 5 Bytes JMP 001C0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!AddFontResourceW 75E6ECEB 5 Bytes JMP 001C0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!RemoveFontResourceW 75E6F1E1 5 Bytes JMP 001C0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!AbortDoc 75E74D37 5 Bytes JMP 001C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!EndDoc 75E7517E 5 Bytes JMP 001C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!StartPage 75E75269 5 Bytes JMP 001C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!StartDocW 75E75BB6 5 Bytes JMP 001C07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!BeginPath 75E7635D 5 Bytes JMP 001C0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!SelectClipPath 75E763B4 5 Bytes JMP 001C0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!CloseFigure 75E7640F 5 Bytes JMP 001C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!EndPath 75E76466 5 Bytes JMP 001C0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!StrokePath 75E76699 5 Bytes JMP 001C07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!FillPath 75E76726 5 Bytes JMP 001C0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!PolylineTo 75E76B94 5 Bytes JMP 001C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!PolyBezierTo 75E76C25 5 Bytes JMP 001C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] GDI32.dll!PolyDraw 75E76CD7 5 Bytes JMP 001C08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!ActivateKeyboardLayout 75D5817D 5 Bytes JMP 001D04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!ScreenToClient 75D5C1F2 7 Bytes JMP 001D0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!RegisterClipboardFormatA 75D5E6B1 5 Bytes JMP 001D02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!RegisterClipboardFormatW 75D5EDFD 5 Bytes JMP 001D02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!SetCursor 75D652EA 5 Bytes JMP 001D0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!MonitorFromWindow 75D6590A 7 Bytes JMP 001D0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!PostMessageW 75D66225 5 Bytes JMP 001D05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!IsWindowVisible 75D66939 7 Bytes JMP 001D06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!GetClientRect 75D674B1 7 Bytes JMP 001D05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!MapWindowPoints 75D67915 5 Bytes JMP 001D0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!GetParent 75D67AB3 7 Bytes JMP 001D06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!SetClipboardData 75D74979 5 Bytes JMP 001D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!EmptyClipboard 75D74A28 5 Bytes JMP 001D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!GetClipboardData 75D74B47 5 Bytes JMP 001D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!EnumClipboardFormats 75D74D98 5 Bytes JMP 001D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!GetClipboardFormatNameW 75D77EB2 5 Bytes JMP 001D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!SetClipboardViewer 75D78F4D 5 Bytes JMP 001D04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!GetClipboardFormatNameA 75D78F61 5 Bytes JMP 001D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!GetOpenClipboardWindow 75D7902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!GetOpenClipboardWindow 75D7902F 5 Bytes JMP 001D03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!ChangeClipboardChain 75D83425 5 Bytes JMP 001D0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!GetTopWindow 75D83A5D 7 Bytes JMP 001D0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!CloseClipboard 75D85BA7 5 Bytes JMP 001D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!OpenClipboard 75D85BB9 5 Bytes JMP 001D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!IsClipboardFormatAvailable 75D85C3A 5 Bytes JMP 001D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!GetClipboardSequenceNumber 75D85C4E 5 Bytes JMP 001D0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!GetClipboardOwner 75D85C60 5 Bytes JMP 001D0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!CountClipboardFormats 75D85DC9 5 Bytes JMP 001D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!SetCursorPos 75D9C1D8 5 Bytes JMP 001D0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!GetClipboardViewer 75DB4B57 5 Bytes JMP 001D0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] USER32.dll!GetPriorityClipboardFormat 75DB4C59 5 Bytes JMP 001D03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ole32.dll!OleSetClipboard 7668F1F6 5 Bytes JMP 00350030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ole32.dll!OleIsCurrentClipboard 76692370 5 Bytes JMP 00350070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe[2660] ole32.dll!OleGetClipboard 766BF71D 5 Bytes JMP 003500B0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3568] ntdll.dll!LdrLoadDll 7795F585 5 Bytes JMP 6C288230 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3568] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 7653C0CF 7 Bytes JMP 5571DD1D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3568] kernel32.dll!CloseHandle + 38 765405EF 7 Bytes JMP 5571EBE6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3568] kernel32.dll!GetExitCodeProcess + 2C 7654313D 7 Bytes JMP 55422853 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3568] USER32.dll!CreateWindowExA 75D5E18A 5 Bytes JMP 558A11A3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3568] USER32.dll!CreateWindowExW 75D60E51 5 Bytes JMP 553D8839 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3568] USER32.dll!GetWindowInfo 75D66A82 5 Bytes JMP 56398648 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3568] GDI32.dll!GetViewportOrgEx + 21C 75E485EB 7 Bytes JMP 5571D5D4 C:\Program Files\Mozilla Firefox\xul.dll ---- EOF - GMER 2.2 ----