Fortsetzung #2 (Log_GMER.log) #Log_GMER.log: Code:
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-05 15:40:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_Series rev.DXT08B0Q 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\E6410\AppData\Local\Temp\fgdiapog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000774913ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077491544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000774918ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077491ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077491f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077492238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077492683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774926a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774926c2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007749271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077492788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 4
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077492b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077492b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007749306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000774931f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007749388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000774938e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000774939b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077493f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077494001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077494075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000774941b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000774941f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077494461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007749464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077494713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077494807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077494926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077494a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077494aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077494ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077494ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077494fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077495193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077495f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077496016 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007749610e 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000774962fc 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007749633d 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077496354 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000774963ac 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077496b76 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774ddc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774dde00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774dde30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774de000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de630 8 bytes {JMP QWORD [RIP-0x47102]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774de880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df0e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1824] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000774913ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077491544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000774918ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077491ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077491f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077492238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077492683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774926a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774926c2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007749271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077492788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 4
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077492b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077492b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007749306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000774931f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007749388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000774938e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000774939b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077493f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077494001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077494075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000774941b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000774941f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077494461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007749464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077494713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077494807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077494926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077494a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077494aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077494ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077494ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077494fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077495193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077495f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077496016 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007749610e 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000774962fc 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007749633d 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077496354 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000774963ac 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077496b76 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774ddc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774dde00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774dde30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774de000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de630 8 bytes {JMP QWORD [RIP-0x47102]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774de880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df0e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000774913ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077491544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000774918ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077491ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077491f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077492238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077492683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774926a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774926c2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007749271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077492788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 4
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077492b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077492b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007749306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000774931f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007749388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000774938e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000774939b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077493f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077494001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077494075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000774941b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000774941f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077494461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007749464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077494713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077494807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077494926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077494a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077494aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077494ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077494ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077494fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077495193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077495f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077496016 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007749610e 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000774962fc 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007749633d 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077496354 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000774963ac 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077496b76 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774ddc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774dde00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774dde30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774de000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de630 8 bytes {JMP QWORD [RIP-0x47102]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774de880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df0e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2260] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000774913ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077491544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000774918ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077491ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077491f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077492238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077492683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774926a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774926c2 8 bytes {JMP 0x10}
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007749271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077492788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 4
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077492b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077492b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007749306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000774931f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007749388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000774938e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000774939b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077493f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077494001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077494075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000774941b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000774941f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077494461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007749464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077494713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077494807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077494926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077494a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077494aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077494ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077494ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077494fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077495193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077495f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077496016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007749610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000774962fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007749633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077496354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000774963ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077496b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774ddc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774dde00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774dde30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddf50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774de000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de630 8 bytes {JMP QWORD [RIP-0x47102]}
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774de880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774df0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000735a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000735a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000735a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000735a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000735a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000735a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007768fc6c 3 bytes JMP 718a000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007768fc70 2 bytes JMP 718a000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007768fc84 3 bytes JMP 7181000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007768fc88 2 bytes JMP 7181000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007768fdb0 3 bytes JMP 7184000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007768fdb4 2 bytes JMP 7184000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077690100 3 bytes JMP 7187000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077690104 2 bytes JMP 7187000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077690210 3 bytes JMP 7190000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000077690214 2 bytes JMP 7190000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077690a90 3 bytes JMP 718d000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077690a94 2 bytes JMP 718d000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007769196c 3 bytes JMP 717e000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077691970 2 bytes JMP 717e000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075763bab 3 bytes JMP 717b000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075763baf 2 bytes JMP 717b000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076912ca4 4 bytes CALL 71af0000
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076799679 6 bytes JMP 719f000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767a12a5 6 bytes JMP 7199000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767a3baa 6 bytes JMP 719c000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000767a612e 6 bytes JMP 71a2000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\syswow64\USER32.dll!SendInput 00000000767bff4a 3 bytes JMP 71a5000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000767bff4e 2 bytes JMP 71a5000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\syswow64\USER32.dll!mouse_event 00000000767f027b 6 bytes JMP 71ab000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\syswow64\USER32.dll!keybd_event 00000000767f02bf 6 bytes JMP 71a8000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075877154 6 bytes JMP 7193000a
.text C:\Users\E6410\Downloads\Gmer-19357.exe[2288] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 000000007589342c 6 bytes JMP 7196000a
---- Kernel IAT/EAT - GMER 2.1 ----
IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800209df58] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]
---- EOF - GMER 2.1 ---- --- --- ---
|