GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-02 14:00:38 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541612J9SA00 rev.SBDOC7DP Running: w5pkb4c9.exe; Driver: C:\Users\Zbigniew\AppData\Local\Temp\pgroykod.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtCreateFile + 6 770D424A 4 Bytes [28, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtCreateFile + B 770D424F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtCreateKey + 6 770D428A 4 Bytes [68, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtCreateKey + B 770D428F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtCreateMutant + 6 770D42BA 4 Bytes [28, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtCreateMutant + B 770D42BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtCreateSection + 6 770D433A 4 Bytes [68, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtCreateSection + B 770D433F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtMapViewOfSection + 6 770D499A 4 Bytes [A8, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtMapViewOfSection + B 770D499F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenFile + 6 770D4A2A 4 Bytes [68, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenFile + B 770D4A2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenKey + 6 770D4A5A 4 Bytes [A8, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenKey + B 770D4A5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenMutant + B 770D4A7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenProcess + 6 770D4AAA 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenProcess + 6 770D4AAA 4 Bytes [28, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenProcess + B 770D4AAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenProcessToken + 6 770D4ABA 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenProcessToken + 6 770D4ABA 4 Bytes [68, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenProcessToken + B 770D4ABF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenProcessTokenEx + 6 770D4ACA 4 Bytes [28, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenProcessTokenEx + B 770D4ACF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenSection + 6 770D4ADA 4 Bytes [A8, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenSection + B 770D4ADF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenThread + B 770D4B1F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenThreadToken + 6 770D4B2A 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenThreadToken + B 770D4B2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenThreadTokenEx + 6 770D4B3A 4 Bytes [68, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtOpenThreadTokenEx + B 770D4B3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtQueryAttributesFile + 6 770D4BCA 4 Bytes [A8, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtQueryAttributesFile + B 770D4BCF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtQueryFullAttributesFile + B 770D4C7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtSetInformationFile + 6 770D515A 4 Bytes [28, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtSetInformationFile + B 770D515F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtSetInformationThread + 6 770D51AA 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtSetInformationThread + 6 770D51AA 4 Bytes [A8, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtSetInformationThread + B 770D51AF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ntdll.dll!NtUnmapViewOfSection + B 770D544F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] kernel32.dll!CreateProcessW 759C1BF3 5 Bytes JMP 000100B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] kernel32.dll!CreateProcessA 759C1C28 5 Bytes JMP 000100F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] kernel32.dll!OpenEventW 759DC033 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] kernel32.dll!CreateEventW 75A0B87E 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!DeleteObject 77285A37 5 Bytes JMP 000801B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!GetDeviceCaps 7728617F 5 Bytes JMP 000803B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!SelectObject 772862A0 5 Bytes JMP 000805F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!SetTextColor 7728666B 5 Bytes JMP 00080A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!SetBkMode 77286716 5 Bytes JMP 000808F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!DeleteDC 772868CD 5 Bytes JMP 00080170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!GetCurrentObject 77286B58 5 Bytes JMP 00080370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!SetStretchBltMode 77287206 5 Bytes JMP 000806B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!SaveDC 772875BA 5 Bytes JMP 00080570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!RestoreDC 77287675 5 Bytes JMP 00080530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!StretchDIBits 772878CF 5 Bytes JMP 00080770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!ExtSelectClipRgn 772879F8 5 Bytes JMP 000802F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!SelectClipRgn 77287AF9 5 Bytes JMP 000805B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!MoveToEx 77287C33 5 Bytes JMP 00080470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!Rectangle 77287EA9 5 Bytes JMP 000809B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!GetTextAlign 772882E0 5 Bytes JMP 00080D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!SetTextAlign 772885CB 5 Bytes JMP 000809F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!ExtTextOutW 7728872B 5 Bytes JMP 00080970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!GetTextMetricsW 77288A81 5 Bytes JMP 00080E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!IntersectClipRect 77288B64 5 Bytes JMP 000803F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!GetClipBox 77289071 5 Bytes JMP 00080330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!SetICMMode 772894E7 5 Bytes JMP 00080DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!CreateDCW 7728A91D 5 Bytes JMP 000800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!CreateDCA 7728AA49 5 Bytes JMP 000800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!CreateICW 7728B2E9 5 Bytes JMP 00080130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!GetTextFaceW 7728B637 5 Bytes JMP 00080D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!GetFontData 7728BA6C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!GetFontData 7728BA6C 5 Bytes JMP 00080C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!GetTextExtentPoint32W 7728C01A 5 Bytes JMP 00080670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!SetWorldTransform 7728C46A 5 Bytes JMP 000806F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!LineTo 7728C65E 5 Bytes JMP 00080430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!GetTextMetricsA 7728CCEB 5 Bytes JMP 00080DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!ExtTextOutA 772900A5 5 Bytes JMP 00080930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!GetTextExtentPoint32A 77290E58 5 Bytes JMP 00080630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!ExtEscape 772922A7 5 Bytes JMP 000802B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!Escape 772927F1 5 Bytes JMP 00080270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!ResetDCW 77293132 5 Bytes JMP 00080AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!EndPage 7729375E 5 Bytes JMP 00080230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!SetPolyFillMode 772961D3 5 Bytes JMP 00080B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!SetMiterLimit 772962E2 5 Bytes JMP 00080B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!GetTextFaceA 7729F4C5 5 Bytes JMP 00080CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!GetGlyphOutlineW 772AA41F 5 Bytes JMP 00080CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!CreateScalableFontResourceW 772AC88B 5 Bytes JMP 00080BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!AddFontResourceW 772ACC93 5 Bytes JMP 00080BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!RemoveFontResourceW 772AD129 5 Bytes JMP 00080C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!AbortDoc 772B2CC4 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!EndDoc 772B30D8 5 Bytes JMP 000801F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!StartPage 772B31C3 5 Bytes JMP 00080730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!StartDocW 772B3CA7 5 Bytes JMP 000807F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!BeginPath 772B4465 5 Bytes JMP 00080830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!SelectClipPath 772B44BC 5 Bytes JMP 00080AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!CloseFigure 772B4517 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!EndPath 772B456E 5 Bytes JMP 00080A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!StrokePath 772B47A0 5 Bytes JMP 000807B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!FillPath 772B482C 5 Bytes JMP 00080870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!PolylineTo 772B4C95 5 Bytes JMP 000804F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!PolyBezierTo 772B4D25 5 Bytes JMP 000804B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] GDI32.dll!PolyDraw 772B4DD6 5 Bytes JMP 000808B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!SetCursor 771ED37D 5 Bytes JMP 00090530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!RegisterClipboardFormatW 771ED6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!RegisterClipboardFormatW 771ED6AC 5 Bytes JMP 000902B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!ActivateKeyboardLayout 771F478C 5 Bytes JMP 000904F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!IsWindowVisible 771F878A 7 Bytes JMP 000906B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!MonitorFromWindow 771F88D4 7 Bytes JMP 00090630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!ScreenToClient 771F8C56 7 Bytes JMP 00090670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!GetClientRect 771F8F0D 7 Bytes JMP 000905B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!GetParent 771F90AA 7 Bytes JMP 000906F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!RegisterClipboardFormatA 771FA111 5 Bytes JMP 000902F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!PostMessageW 771FA175 5 Bytes JMP 000905F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!MapWindowPoints 771FA30D 5 Bytes JMP 00090570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!GetClipboardFormatNameA 771FA552 5 Bytes JMP 00090270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!GetOpenClipboardWindow 772026A6 5 Bytes JMP 000903F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!SetClipboardViewer 7720BA2D 5 Bytes JMP 000904B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!IsClipboardFormatAvailable 7720C2E3 5 Bytes JMP 000900F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!CloseClipboard 7720C2F7 5 Bytes JMP 000900B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!OpenClipboard 7720C31D 5 Bytes JMP 00090070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!GetTopWindow 7720CE0A 7 Bytes JMP 00090730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!GetClipboardSequenceNumber 7720D8B7 5 Bytes JMP 00090330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!ChangeClipboardChain 7720DF83 5 Bytes JMP 00090430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!CountClipboardFormats 77210048 5 Bytes JMP 000901F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!GetClipboardOwner 772126EF 5 Bytes JMP 00090370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!SetClipboardData 77226410 5 Bytes JMP 00090170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!EnumClipboardFormats 77226D16 5 Bytes JMP 000901B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!SetCursorPos 77226FB2 5 Bytes JMP 00090770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!GetClipboardData 7722715A 5 Bytes JMP 00090030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!GetClipboardFormatNameW 7722A99F 5 Bytes JMP 00090230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!EmptyClipboard 7724398B 5 Bytes JMP 00090130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!GetClipboardViewer 772439ED 5 Bytes JMP 00090470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] USER32.dll!GetPriorityClipboardFormat 77243AEF 5 Bytes JMP 000903B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ole32.dll!OleGetClipboard 75F474C9 5 Bytes JMP 000A00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ole32.dll!OleSetClipboard 75F711E3 5 Bytes JMP 000A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] ole32.dll!OleIsCurrentClipboard 75F7A8F9 5 Bytes JMP 000A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] Secur32.dll!FreeContextBuffer 755C2D83 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] Secur32.dll!DeleteSecurityContext 755C2F18 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] Secur32.dll!FreeCredentialsHandle 755C3598 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] Secur32.dll!EncryptMessage 755C3745 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] Secur32.dll!DecryptMessage 755C3813 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] Secur32.dll!InitializeSecurityContextA 755C87DF 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] Secur32.dll!AcquireCredentialsHandleA 755C8A43 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] Secur32.dll!QueryContextAttributesA 755C8E77 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] Secur32.dll!ApplyControlToken 755CDE4F 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] Secur32.dll!QueryCredentialsAttributesA 755CE052 5 Bytes JMP 000C00B0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[912] USER32.dll!InSendMessageEx + 4C9 771EE7C8 7 Bytes JMP 6CB8AAB0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[912] USER32.dll!CreateWindowExW + AA 771F13AF 7 Bytes JMP 6CB8AA3F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[912] USER32.dll!GetWindowInfo 771F428E 5 Bytes JMP 6C9D4559 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[912] USER32.dll!SetMenuItemBitmaps + 71 772014EE 7 Bytes JMP 6C9D4BB1 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1720] ntdll.dll!LdrLoadDll 77099378 5 Bytes JMP 6C875B00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1720] kernel32.dll!HeapSetInformation + 26 759EA8C0 7 Bytes JMP 6C87EF12 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1720] kernel32.dll!LockResource + C 75A06B0B 7 Bytes JMP 6CAB7B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1720] kernel32.dll!VirtualAllocEx + 54 75A0AF70 7 Bytes JMP 6CAB7B58 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1720] USER32.dll!GetWindowInfo 771F428E 5 Bytes JMP 6C9DBBA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1720] GDI32.dll!SetStretchBltMode + 256 7728745C 7 Bytes JMP 6CAB7AB6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetKeyState] 000907D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 000907D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00090790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[280] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 000907D0 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0x55 0xC8 0xA0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x43 0xFD 0xAA 0x06 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0x83 0x07 0x66 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3B 0xF6 0xAB 0x70 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x43 0xFD 0xAA 0x06 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0x83 0x07 0x66 ... ---- EOF - GMER 1.0.15 ----