GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-25 09:52:53 Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-6 SAMSUNG_HD403LJ rev.CT100-12 372,61GB Running: gmer.exe; Driver: C:\Users\Gosia\AppData\Local\Temp\ugrcqpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!PaintMonitor + 94 76BCB20C 7 Bytes JMP 6F15EA03 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!GetWindowInfo 76BD00DB 5 Bytes JMP 6EF95238 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!DefWindowProcW + 6B5 76BE2445 7 Bytes JMP 6F15E992 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!SetMenuItemBitmaps + 3E 76BECFF3 7 Bytes JMP 6EF95811 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtCreateFile + 6 77AAF41A 4 Bytes [28, 38, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtCreateFile + B 77AAF41F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtCreateKey + 6 77AAF45A 4 Bytes [68, 39, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtCreateKey + B 77AAF45F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtCreateMutant + 6 77AAF48A 4 Bytes [28, 3A, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtCreateMutant + B 77AAF48F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtCreateSection + 6 77AAF50A 4 Bytes [68, 3A, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtCreateSection + B 77AAF50F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtMapViewOfSection + 6 77AAFB6A 4 Bytes [A8, 3C, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtMapViewOfSection + B 77AAFB6F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenFile + 6 77AAFBFA 4 Bytes [68, 38, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenFile + B 77AAFBFF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenKey + 6 77AAFC2A 4 Bytes [A8, 39, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenKey + B 77AAFC2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenMutant + B 77AAFC4F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenProcess + 6 77AAFC7A 4 Bytes [28, 3B, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenProcess + B 77AAFC7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenProcessToken + 6 77AAFC8A 4 Bytes [68, 3B, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenProcessToken + B 77AAFC8F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenProcessTokenEx + 6 77AAFC9A 4 Bytes [28, 3C, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenProcessTokenEx + B 77AAFC9F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenSection + 6 77AAFCAA 4 Bytes [A8, 3A, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenSection + B 77AAFCAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenThread + B 77AAFCEF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenThreadToken + B 77AAFCFF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenThreadTokenEx + 6 77AAFD0A 4 Bytes [68, 3C, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtOpenThreadTokenEx + B 77AAFD0F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtQueryAttributesFile + 6 77AAFD9A 4 Bytes [A8, 38, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtQueryAttributesFile + B 77AAFD9F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtQueryFullAttributesFile + B 77AAFE4F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtSetInformationFile + 6 77AB036A 4 Bytes [28, 39, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtSetInformationFile + B 77AB036F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtSetInformationThread + 6 77AB03BA 4 Bytes [A8, 3B, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtSetInformationThread + B 77AB03BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ntdll.dll!NtUnmapViewOfSection + B 77AB065F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] kernel32.dll!CreateProcessW 76DF1D27 5 Bytes JMP 000800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] kernel32.dll!CreateProcessA 76DF1D5C 5 Bytes JMP 000800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] kernel32.dll!OpenEventW 76E14CB8 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] kernel32.dll!CreateEventW 76E19146 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!DeleteObject 77B85A1F 5 Bytes JMP 000B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!GetDeviceCaps 77B85EA6 5 Bytes JMP 000B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!SelectObject 77B85FC0 5 Bytes JMP 000B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!SetBkMode 77B86390 5 Bytes JMP 000B08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!SetTextColor 77B864BF 5 Bytes JMP 000B0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!SetStretchBltMode 77B86624 5 Bytes JMP 000B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!DeleteDC 77B869A5 5 Bytes JMP 000B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!StretchDIBits 77B86F0F 5 Bytes JMP 000B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!GetTextMetricsW 77B8720B 5 Bytes JMP 000B0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!GetCurrentObject 77B87419 5 Bytes JMP 000B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!RestoreDC 77B874AA 5 Bytes JMP 000B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!SaveDC 77B87557 5 Bytes JMP 000B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!GetTextAlign 77B87A93 5 Bytes JMP 000B0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!ExtSelectClipRgn 77B87AE2 5 Bytes JMP 000B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!SelectClipRgn 77B87BED 5 Bytes JMP 000B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!SetTextAlign 77B87E09 5 Bytes JMP 000B09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!IntersectClipRect 77B882B4 5 Bytes JMP 000B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!SetICMMode 77B888BB 5 Bytes JMP 000B0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!ExtTextOutW 77B889EC 5 Bytes JMP 000B0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!MoveToEx 77B88E09 5 Bytes JMP 000B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!Rectangle 77B890CA 5 Bytes JMP 000B09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!GetClipBox 77B8989D 5 Bytes JMP 000B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!GetTextFaceW 77B8A788 5 Bytes JMP 000B0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!GetTextExtentPoint32W 77B8ABB5 5 Bytes JMP 000B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!CreateDCA 77B8BCD9 5 Bytes JMP 000B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!CreateDCW 77B8BE99 5 Bytes JMP 000B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!CreateICW 77B8BEDD 5 Bytes JMP 000B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!GetFontData 77B8C6E3 5 Bytes JMP 000B0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!SetWorldTransform 77B8CC0A 5 Bytes JMP 000B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!GetTextMetricsA 77B8D201 5 Bytes JMP 000B0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!LineTo 77B90984 5 Bytes JMP 000B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!ExtTextOutA 77B910E8 5 Bytes JMP 000B0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!GetTextExtentPoint32A 77B911A7 5 Bytes JMP 000B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!ExtEscape 77B9544B 5 Bytes JMP 000B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!EndPage 77B970FC 5 Bytes JMP 000B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!SetMiterLimit 77B998D2 5 Bytes JMP 000B0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!ResetDCW 77B9F929 5 Bytes JMP 000B0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!GetTextFaceA 77B9FE74 5 Bytes JMP 000B0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!SetPolyFillMode 77B9FF50 5 Bytes JMP 000B0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!GetGlyphOutlineW 77B9FFEF 5 Bytes JMP 000B0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!Escape 77BA0181 5 Bytes JMP 000B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!CreateScalableFontResourceW 77BAD8CD 5 Bytes JMP 000B0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!AddFontResourceW 77BADB8E 5 Bytes JMP 000B0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!RemoveFontResourceW 77BADE3B 5 Bytes JMP 000B0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!AbortDoc 77BB2F0C 5 Bytes JMP 000B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!EndDoc 77BB325D 5 Bytes JMP 000B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!StartPage 77BB3348 5 Bytes JMP 000B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!StartDocW 77BB3DBB 5 Bytes JMP 000B07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!BeginPath 77BB4575 5 Bytes JMP 000B0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!SelectClipPath 77BB45CC 5 Bytes JMP 000B0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!CloseFigure 77BB4627 5 Bytes JMP 000B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!EndPath 77BB467E 5 Bytes JMP 000B0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!StrokePath 77BB48B0 5 Bytes JMP 000B07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!FillPath 77BB493C 5 Bytes JMP 000B0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!PolylineTo 77BB4DA5 5 Bytes JMP 000B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!PolyBezierTo 77BB4E35 5 Bytes JMP 000B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] GDI32.dll!PolyDraw 77BB4EE6 5 Bytes JMP 000B08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!GetTopWindow 76BC7BC1 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!CountClipboardFormats 76BCBEAE 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!RegisterClipboardFormatW 76BCF811 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!ActivateKeyboardLayout 76BDA9FF 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!RegisterClipboardFormatA 76BDAEC3 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!GetClipboardFormatNameA 76BDB1C6 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!GetClientRect 76BDB396 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!MonitorFromWindow 76BDB4F8 7 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!ScreenToClient 76BDC1D8 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!GetParent 76BE2E91 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!IsWindowVisible 76BE3429 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!MapWindowPoints 76BE34B0 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!SetCursor 76BE380D 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!PostMessageW 76BE3915 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!SetCursorPos 76BE4EDD 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!GetClipboardViewer 76BE4F52 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!GetClipboardData 76BE589C 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!EmptyClipboard 76BE59B8 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!EnumClipboardFormats 76BE59CA 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!SetClipboardViewer 76BF1CE7 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!GetOpenClipboardWindow 76BF1D02 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!ChangeClipboardChain 76BFBABA 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!CloseClipboard 76BFCA35 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!OpenClipboard 76BFCA47 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!IsClipboardFormatAvailable 76BFCAC8 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!GetClipboardSequenceNumber 76BFCADC 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!GetClipboardOwner 76BFCB0E 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!SetClipboardData 76C1116B 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!GetClipboardFormatNameW 76C146EF 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] USER32.dll!GetPriorityClipboardFormat 76C2555B 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] Secur32.dll!FreeContextBuffer 7619243F 5 Bytes JMP 000E00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] Secur32.dll!DeleteSecurityContext 761925C7 5 Bytes JMP 000E0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] Secur32.dll!FreeCredentialsHandle 76192AD9 5 Bytes JMP 000E0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] Secur32.dll!QueryContextAttributesA 761961FF 5 Bytes JMP 000E0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] Secur32.dll!InitializeSecurityContextA 76196282 5 Bytes JMP 000E0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] Secur32.dll!AcquireCredentialsHandleA 761963CE 5 Bytes JMP 000E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] Secur32.dll!EncryptMessage 76198A63 5 Bytes JMP 000E01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] Secur32.dll!DecryptMessage 76198B31 5 Bytes JMP 000E0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] Secur32.dll!ApplyControlToken 7619DE58 5 Bytes JMP 000E01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] Secur32.dll!QueryCredentialsAttributesA 7619DFD3 5 Bytes JMP 000E00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ole32.dll!OleGetClipboard 7661BDB6 5 Bytes JMP 001F00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ole32.dll!OleSetClipboard 76640F64 5 Bytes JMP 001F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[1088] ole32.dll!OleIsCurrentClipboard 7664B185 5 Bytes JMP 001F0070 .text C:\Program Files\Mozilla Firefox\firefox.exe[1924] ntdll.dll!LdrLoadDll 77A7EB00 5 Bytes JMP 6EAC9CF0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1924] kernel32.dll!ActivateActCtx + 2C 76E17379 7 Bytes JMP 6F075408 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1924] kernel32.dll!VirtualQuery + 24 76E1D172 7 Bytes JMP 6EAD369E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1924] kernel32.dll!VirtualAllocEx + 54 76E39BC5 7 Bytes JMP 6F07542B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1924] GDI32.dll!SetTextAlign + E6 77B87EEF 7 Bytes JMP 6F075389 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 83D42AB0 ---- EOF - GMER 2.1 ----