GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-14 16:08:37 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 TOSHIBA_DT01ACA100 rev.MS2OA750 931,51GB Running: gmer.exe; Driver: C:\Users\MAX\AppData\Local\Temp\uxrirpow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRequestPort + 14AD 8308EBB5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C8B92 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9AA34000, 0x187DA6, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2196] ntdll.dll!LdrLoadDll 770B24C6 5 Bytes JMP 50E5A8A8 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2196] USER32.dll!GetWindowInfo 75374B5E 5 Bytes JMP 1047CDA9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2196] USER32.dll!ToUnicodeEx + 71 75382223 7 Bytes JMP 1047B5C8 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2568] ntdll.dll!NtCreateFile 77095620 5 Bytes JMP 0F75B983 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2568] ntdll.dll!NtFlushBuffersFile 770959B0 5 Bytes JMP 0F75B6C3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2568] ntdll.dll!NtQueryFullAttributesFile 77096040 5 Bytes JMP 0F75B7F8 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2568] ntdll.dll!NtReadFile 77096310 5 Bytes JMP 0F75B6FD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2568] ntdll.dll!NtReadFileScatter 77096320 5 Bytes JMP 0FAE2E91 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2568] ntdll.dll!NtWriteFile 77096AC0 5 Bytes JMP 0F75BB27 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2568] ntdll.dll!NtWriteFileGather 77096AD0 5 Bytes JMP 0FAE2EE1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2568] ntdll.dll!LdrLoadDll 770B24C6 5 Bytes JMP 50E5A8A8 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2568] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 755B952E 7 Bytes JMP 0FACB5A5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2568] kernel32.dll!QueryPerformanceCounter + 13 755BC535 7 Bytes JMP 0FACBFAC C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2568] kernel32.dll!LoadAppInitDlls + 355 755BF5F6 7 Bytes JMP 0F82AFF1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2568] USER32.dll!GetWindowInfo 75374B5E 5 Bytes JMP 105AAE81 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2568] GDI32.dll!GetViewportOrgEx + 26C 7591884B 7 Bytes JMP 0FACAF5D C:\Program Files\Mozilla Firefox\xul.dll .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!UpdateLayeredWindowIndirect 75369AC2 5 Bytes JMP 649AB4D0 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!UpdateLayeredWindow 7536A420 5 Bytes JMP 649AB400 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!SetForegroundWindow 7536B225 5 Bytes JMP 649AAF10 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!DestroyWindow 7536B2F4 5 Bytes JMP 649AADE0 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!CreateWindowExA 7536BF40 5 Bytes JMP 649AB550 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!CreateWindowExW 7536EC7C 5 Bytes JMP 649AB690 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!ShowWindow 7536F2A9 5 Bytes JMP 649AACE0 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!PeekMessageA 753719A5 5 Bytes JMP 649AAF70 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!SetWindowPos 75371BC4 5 Bytes JMP 649AAE10 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!DispatchMessageA 75372E32 5 Bytes JMP 649AAC80 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!SetCursor 75373075 5 Bytes JMP 649AA590 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!BeginPaint 75375D14 5 Bytes JMP 649AB050 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!EndPaint 75375D42 5 Bytes JMP 649AB0B0 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!PeekMessageW 7537634A 5 Bytes JMP 649AAFD0 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!DispatchMessageW 7537CC61 5 Bytes JMP 649AACB0 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!BringWindowToTop 7539040B 5 Bytes JMP 649AB030 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!AnimateWindow 75390620 5 Bytes JMP 649AAE80 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!SetCapture 75396932 5 Bytes JMP 649AAF50 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] USER32.dll!WindowFromPoint 75396BE9 5 Bytes JMP 649AA5B0 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] GDI32.dll!BitBlt 759172C0 5 Bytes JMP 649AA5E0 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\PROGRA~1\Raptr\raptr.exe[3256] GDI32.dll!StretchBlt 7591F467 5 Bytes JMP 649AA850 C:\PROGRA~1\Raptr\ltc_host.DLL .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtCreateFile + 6 77095626 4 Bytes [28, D8, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtCreateFile + B 7709562B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtCreateKey + 6 77095666 4 Bytes [68, D9, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtCreateKey + B 7709566B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtCreateMutant + 6 770956A6 4 Bytes [68, DA, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtCreateMutant + B 770956AB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtCreateSection + 6 77095746 4 Bytes [A8, DA, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtCreateSection + B 7709574B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtMapViewOfSection + 6 77095C86 4 Bytes CALL 76096467 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtMapViewOfSection + B 77095C8B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenFile + 6 77095D36 4 Bytes [68, D8, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenFile + B 77095D3B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenKey + 6 77095D66 4 Bytes [A8, D9, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenKey + B 77095D6B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenKeyEx + 6 77095D76 4 Bytes CALL 76096554 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenKeyEx + B 77095D7B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenMutant + 6 77095DB6 4 Bytes [28, DA, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenMutant + B 77095DBB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenProcess + 6 77095DE6 4 Bytes [68, DB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenProcess + B 77095DEB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenProcessToken + 6 77095DF6 4 Bytes [A8, DB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenProcessToken + B 77095DFB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenProcessTokenEx + 6 77095E06 4 Bytes [68, DC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenProcessTokenEx + B 77095E0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenSection + 6 77095E26 4 Bytes CALL 76096605 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenSection + B 77095E2B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenThread + 6 77095E66 4 Bytes [28, DB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenThread + B 77095E6B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenThreadToken + 6 77095E76 4 Bytes [28, DC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenThreadToken + B 77095E7B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenThreadTokenEx + 6 77095E86 4 Bytes [A8, DC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtOpenThreadTokenEx + B 77095E8B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtQueryAttributesFile + 6 77095F96 4 Bytes [A8, D8, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtQueryAttributesFile + B 77095F9B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtQueryFullAttributesFile + 6 77096046 4 Bytes CALL 76096823 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtQueryFullAttributesFile + B 7709604B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtSetInformationFile + 6 77096696 4 Bytes [28, D9, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtSetInformationFile + B 7709669B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtSetInformationThread + 6 770966F6 4 Bytes CALL 76096ED6 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtSetInformationThread + B 770966FB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtUnmapViewOfSection + 6 77096A16 4 Bytes [28, DD, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ntdll.dll!NtUnmapViewOfSection + B 77096A1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] kernel32.dll!CreateProcessW 7557204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] kernel32.dll!CreateProcessA 75572082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!ActivateKeyboardLayout 75368203 5 Bytes JMP 001C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!ScreenToClient 7536A506 7 Bytes JMP 001C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!RegisterClipboardFormatA 7536C091 5 Bytes JMP 001C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!RegisterClipboardFormatW 7536DF8D 5 Bytes JMP 001C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!SetCursor 75373075 5 Bytes JMP 001C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!MonitorFromWindow 75373622 7 Bytes JMP 001C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!PostMessageW 7537447B 5 Bytes JMP 001C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!IsWindowVisible 75374D69 7 Bytes JMP 001C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!GetClientRect 753754DD 7 Bytes JMP 001C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!MapWindowPoints 75375CAA 5 Bytes JMP 001C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!GetParent 75376029 7 Bytes JMP 001C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!EmptyClipboard 7538290C 5 Bytes JMP 001C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!SetClipboardData 75382962 5 Bytes JMP 001C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!GetClipboardData 75382BA7 5 Bytes JMP 001C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!GetClipboardFormatNameW 75385FD2 5 Bytes JMP 001C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!SetClipboardViewer 75386FF6 5 Bytes JMP 001C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!GetClipboardFormatNameA 7538700A 5 Bytes JMP 001C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!ChangeClipboardChain 7539147C 5 Bytes JMP 001C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!GetTopWindow 753924D9 7 Bytes JMP 001C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!CloseClipboard 7539446C 5 Bytes JMP 001C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!OpenClipboard 7539447E 5 Bytes JMP 001C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!IsClipboardFormatAvailable 753944FF 5 Bytes JMP 001C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!GetClipboardSequenceNumber 75394513 5 Bytes JMP 001C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!GetClipboardOwner 75394525 5 Bytes JMP 001C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!CountClipboardFormats 7539470A 5 Bytes JMP 001C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!EnumClipboardFormats 753947EC 5 Bytes JMP 001C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!GetOpenClipboardWindow 7539480B 5 Bytes JMP 001C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!SetCursorPos 753AC1B0 5 Bytes JMP 001C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!GetClipboardViewer 753C4AF7 5 Bytes JMP 001C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] user32.DLL!GetPriorityClipboardFormat 753C4BF9 5 Bytes JMP 001C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!DeleteObject 75915F14 3 Bytes JMP 001D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!DeleteObject + 4 75915F18 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SelectObject 75916640 3 Bytes JMP 001D05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SelectObject + 4 75916644 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SetTextColor 75916906 3 Bytes JMP 001D0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SetTextColor + 4 7591690A 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SetBkMode 759169B1 3 Bytes JMP 001D08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SetBkMode + 4 759169B5 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!DeleteDC 75916EAA 3 Bytes JMP 001D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!DeleteDC + 4 75916EAE 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetDeviceCaps 75916F7F 3 Bytes JMP 001D03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetDeviceCaps + 4 75916F83 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!ExtSelectClipRgn 75917114 3 Bytes JMP 001D02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!ExtSelectClipRgn + 4 75917118 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SelectClipRgn 75917242 3 Bytes JMP 001D05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SelectClipRgn + 4 75917246 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SetStretchBltMode 75917705 3 Bytes JMP 001D06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SetStretchBltMode + 4 75917709 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetCurrentObject 75917917 3 Bytes JMP 001D0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetCurrentObject + 4 7591791B 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetTextMetricsW 75917B8F 3 Bytes JMP 001D0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetTextMetricsW + 4 75917B93 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetTextAlign 75917DAF 3 Bytes JMP 001D0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetTextAlign + 4 75917DB3 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!IntersectClipRect 75917DFE 3 Bytes JMP 001D03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!IntersectClipRect + 4 75917E02 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!ExtTextOutW 75918192 3 Bytes JMP 001D0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!ExtTextOutW + 4 75918196 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SetTextAlign 7591828E 3 Bytes JMP 001D09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SetTextAlign + 4 75918292 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetClipBox 75918525 3 Bytes JMP 001D0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetClipBox + 4 75918529 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!MoveToEx 75918C21 3 Bytes JMP 001D0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!MoveToEx + 4 75918C25 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!StretchDIBits 7591A53E 3 Bytes JMP 001D0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!StretchDIBits + 4 7591A542 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!RestoreDC 7591A67B 3 Bytes JMP 001D0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!RestoreDC + 4 7591A67F 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SaveDC 7591A74B 3 Bytes JMP 001D0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SaveDC + 4 7591A74F 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetTextExtentPoint32W 7591B4B5 3 Bytes JMP 001D0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetTextExtentPoint32W + 4 7591B4B9 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetTextFaceW 7591B73A 2 Bytes JMP 001D0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetTextFaceW + 4 7591B73E 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetFontData 7591BCC4 3 Bytes JMP 001D0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetFontData + 4 7591BCC8 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SetWorldTransform 7591C90A 3 Bytes JMP 001D06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SetWorldTransform + 4 7591C90E 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!CreateDCA 7591CCA9 3 Bytes JMP 001D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!CreateDCA + 4 7591CCAD 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!CreateDCW 7591CF79 3 Bytes JMP 001D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!CreateDCW + 4 7591CF7D 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!CreateICW 7591CFD0 3 Bytes JMP 001D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!CreateICW + 4 7591CFD4 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetTextMetricsA 7591D0F2 3 Bytes JMP 001D0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetTextMetricsA + 4 7591D0F6 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!Rectangle 7591F1FF 3 Bytes JMP 001D09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!Rectangle + 4 7591F203 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!LineTo 7591F59B 3 Bytes JMP 001D0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!LineTo + 4 7591F59F 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SetICMMode 7591FAA4 3 Bytes JMP 001D0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SetICMMode + 4 7591FAA8 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!ExtTextOutA 759203F9 3 Bytes JMP 001D0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!ExtTextOutA + 4 759203FD 1 Byte [8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetTextExtentPoint32A 759207B0 5 Bytes JMP 001D0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!ExtEscape 75922949 5 Bytes JMP 001D02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!Escape 75923939 5 Bytes JMP 001D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetTextFaceA 75923E6A 5 Bytes JMP 001D0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SetPolyFillMode 7592D851 5 Bytes JMP 001D0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SetMiterLimit 7592DA0D 5 Bytes JMP 001D0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!EndPage 759300D7 5 Bytes JMP 001D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!ResetDCW 7593050D 5 Bytes JMP 001D0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!GetGlyphOutlineW 7593C1BA 5 Bytes JMP 001D0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!CreateScalableFontResourceW 7593E817 5 Bytes JMP 001D0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!AddFontResourceW 7593EC13 5 Bytes JMP 001D0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!RemoveFontResourceW 7593F109 5 Bytes JMP 001D0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!AbortDoc 75944C63 5 Bytes JMP 001D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!EndDoc 759450AA 5 Bytes JMP 001D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!StartPage 75945195 5 Bytes JMP 001D0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!StartDocW 75945BB0 5 Bytes JMP 001D07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!BeginPath 7594635D 5 Bytes JMP 001D0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!SelectClipPath 759463B4 5 Bytes JMP 001D0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!CloseFigure 7594640F 5 Bytes JMP 001D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!EndPath 75946466 5 Bytes JMP 001D0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!StrokePath 75946699 5 Bytes JMP 001D07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!FillPath 75946726 5 Bytes JMP 001D0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!PolylineTo 75946B94 5 Bytes JMP 001D04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!PolyBezierTo 75946C25 5 Bytes JMP 001D04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] GDI32.dll!PolyDraw 75946CD7 5 Bytes JMP 001D08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ole32.dll!OleSetClipboard 766A0045 5 Bytes JMP 002F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ole32.dll!OleIsCurrentClipboard 766A36B2 5 Bytes JMP 002F0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe[3672] ole32.dll!OleGetClipboard 766CFDCD 5 Bytes JMP 002F00B0 ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active ---- EOF - GMER 2.1 ----