GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-09 16:48:51 Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 Hitachi_HDS721616PLA380 rev.P22OA70A 153,39GB Running: vkv8ybon.exe; Driver: C:\Users\zby\AppData\Local\Temp\uwldypow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[952] ntdll.dll!LdrLoadDll 777E7933 5 Bytes JMP 6F05A800 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[952] ntdll.dll!NtCreateFile 77818008 5 Bytes JMP 62246BEF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[952] ntdll.dll!NtFlushBuffersFile 77818508 5 Bytes JMP 6224692F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[952] ntdll.dll!NtQueryFullAttributesFile 77818A38 5 Bytes JMP 62246A64 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[952] ntdll.dll!NtReadFile 77818C68 5 Bytes JMP 62246969 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[952] ntdll.dll!NtReadFileScatter 77818C78 5 Bytes JMP 625EAE9E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[952] ntdll.dll!NtWriteFile 77819278 5 Bytes JMP 62246D93 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[952] ntdll.dll!NtWriteFileGather 77819288 5 Bytes JMP 625EAEEE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[952] kernel32.dll!HeapSetInformation + 26 76486E28 7 Bytes JMP 6234C979 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[952] kernel32.dll!LockResource + C 764A7F2B 7 Bytes JMP 625D459E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[952] kernel32.dll!VirtualAllocEx + 54 764AB86A 7 Bytes JMP 625D4F20 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[952] USER32.dll!GetWindowInfo 76A80560 5 Bytes JMP 630D41F7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[952] GDI32.dll!StretchDIBits + 179 765475BB 7 Bytes JMP 625D3EDB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtCreateFile + 6 7781800E 4 Bytes [28, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtCreateFile + B 77818013 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtCreateKey + 6 7781804E 4 Bytes [68, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtCreateKey + B 77818053 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtCreateMutant + 6 7781807E 4 Bytes [28, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtCreateMutant + B 77818083 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtCreateSection + 6 778180FE 4 Bytes [68, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtCreateSection + B 77818103 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtMapViewOfSection + 6 7781875E 4 Bytes [A8, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtMapViewOfSection + B 77818763 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenFile + 6 778187EE 4 Bytes [68, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenFile + B 778187F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenKey + 6 7781881E 4 Bytes [A8, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenKey + B 77818823 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenMutant + 6 7781883E 4 Bytes CALL 76818E44 C:\Windows\system32\MSCTF.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenMutant + B 77818843 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenProcess + 6 7781886E 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenProcess + 6 7781886E 4 Bytes [28, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenProcess + B 77818873 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenProcessToken + 6 7781887E 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenProcessToken + 6 7781887E 4 Bytes [68, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenProcessToken + B 77818883 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenProcessTokenEx + 6 7781888E 4 Bytes [28, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenProcessTokenEx + B 77818893 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenSection + 6 7781889E 4 Bytes [A8, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenSection + B 778188A3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenThread + 6 778188DE 4 Bytes CALL 76818EE5 C:\Windows\system32\MSCTF.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenThread + B 778188E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenThreadToken + 6 778188EE 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenThreadToken + 6 778188EE 4 Bytes CALL 76818EF6 C:\Windows\system32\MSCTF.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenThreadToken + B 778188F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenThreadTokenEx + 6 778188FE 4 Bytes [68, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtOpenThreadTokenEx + B 77818903 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtQueryAttributesFile + 6 7781898E 4 Bytes [A8, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtQueryAttributesFile + B 77818993 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtQueryFullAttributesFile + 6 77818A3E 4 Bytes CALL 76819043 C:\Windows\system32\MSCTF.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtQueryFullAttributesFile + B 77818A43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtSetInformationFile + 6 77818F1E 4 Bytes [28, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtSetInformationFile + B 77818F23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtSetInformationThread + 6 77818F6E 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtSetInformationThread + 6 77818F6E 4 Bytes [A8, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtSetInformationThread + B 77818F73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtUnmapViewOfSection + 6 7781920E 4 Bytes CALL 76819817 C:\Windows\system32\MSCTF.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ntdll.dll!NtUnmapViewOfSection + B 77819213 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] kernel32.dll!CreateProcessW 76461C01 5 Bytes JMP 000800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] kernel32.dll!CreateProcessA 76461C36 5 Bytes JMP 000800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] kernel32.dll!OpenEventW 7647C815 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] kernel32.dll!CreateEventW 764A4262 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!GetDeviceCaps 76545AF0 5 Bytes JMP 000B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!DeleteObject 76545BED 5 Bytes JMP 000B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!SelectObject 76546100 5 Bytes JMP 000B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!SetTextColor 76546549 5 Bytes JMP 000B0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!SetBkMode 765465F4 5 Bytes JMP 000B08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!DeleteDC 76546A44 5 Bytes JMP 000B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!SetStretchBltMode 76546D78 5 Bytes JMP 000B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!GetCurrentObject 76546F4B 5 Bytes JMP 000B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!StretchDIBits 76547442 5 Bytes JMP 000B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!SaveDC 7654772D 5 Bytes JMP 000B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!RestoreDC 765477C6 5 Bytes JMP 000B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!ExtSelectClipRgn 765479DA 5 Bytes JMP 000B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!SelectClipRgn 76547AE5 5 Bytes JMP 000B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!Rectangle 76547D49 5 Bytes JMP 000B09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!GetTextAlign 76548178 5 Bytes JMP 000B0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!ExtTextOutW 765482B1 5 Bytes JMP 000B0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!GetClipBox 76548629 5 Bytes JMP 000B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!SetTextAlign 765486EA 5 Bytes JMP 000B09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!MoveToEx 7654878E 5 Bytes JMP 000B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!GetTextMetricsW 76549434 5 Bytes JMP 000B0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!IntersectClipRect 76549698 5 Bytes JMP 000B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!SetICMMode 76549DAB 5 Bytes JMP 000B0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!GetTextExtentPoint32W 7654A926 5 Bytes JMP 000B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!CreateDCA 7654AC01 5 Bytes JMP 000B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!CreateDCW 7654ADA5 5 Bytes JMP 000B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!CreateICW 7654ADFD 5 Bytes JMP 000B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!GetTextFaceW 7654C1CF 5 Bytes JMP 000B0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!GetFontData 7654C835 5 Bytes JMP 000B0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!SetWorldTransform 7654CAB8 5 Bytes JMP 000B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!GetTextMetricsA 7654D65F 5 Bytes JMP 000B0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!LineTo 7654EF82 5 Bytes JMP 000B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!ExtTextOutA 7654FE29 5 Bytes JMP 000B0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!GetTextExtentPoint32A 76550B59 5 Bytes JMP 000B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!ExtEscape 7655208D 5 Bytes JMP 000B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!Escape 76552A7B 5 Bytes JMP 000B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!ResetDCW 7655321A 5 Bytes JMP 000B0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!SetPolyFillMode 765549EA 5 Bytes JMP 000B0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!SetMiterLimit 765562B0 5 Bytes JMP 000B0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!EndPage 7655F17C 5 Bytes JMP 000B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!GetTextFaceA 7655F32A 5 Bytes JMP 000B0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!GetGlyphOutlineW 76569ECF 5 Bytes JMP 000B0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!CreateScalableFontResourceW 7656C32B 5 Bytes JMP 000B0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!AddFontResourceW 7656C733 5 Bytes JMP 000B0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!RemoveFontResourceW 7656CBC9 5 Bytes JMP 000B0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!AbortDoc 765728BE 5 Bytes JMP 000B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!EndDoc 76572CD2 5 Bytes JMP 000B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!StartPage 76572DBD 5 Bytes JMP 000B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!StartDocW 765738A1 5 Bytes JMP 000B07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!BeginPath 7657405D 5 Bytes JMP 000B0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!SelectClipPath 765740B4 5 Bytes JMP 000B0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!CloseFigure 7657410F 5 Bytes JMP 000B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!EndPath 76574166 5 Bytes JMP 000B0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!StrokePath 76574398 5 Bytes JMP 000B07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!FillPath 76574424 5 Bytes JMP 000B0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!PolylineTo 7657488D 5 Bytes JMP 000B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!PolyBezierTo 7657491D 5 Bytes JMP 000B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] GDI32.dll!PolyDraw 765749CE 5 Bytes JMP 000B08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!SetCursor 76A7E563 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!RegisterClipboardFormatW 76A7E869 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!MonitorFromWindow 76A813F6 7 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!ActivateKeyboardLayout 76A85A50 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!GetClientRect 76A889F9 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!GetParent 76A8918E 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!RegisterClipboardFormatA 76A8974D 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!GetClipboardFormatNameA 76A89AB5 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!PostMessageW 76A8A064 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!MapWindowPoints 76A8A14F 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!ScreenToClient 76A90C02 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!IsWindowVisible 76A90CDC 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!GetOpenClipboardWindow 76A926DC 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!SetClipboardViewer 76A9BE37 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!IsClipboardFormatAvailable 76A9C8D4 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!CloseClipboard 76A9C8E8 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!OpenClipboard 76A9C90E 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!GetTopWindow 76A9D329 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!GetClipboardSequenceNumber 76A9E355 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!ChangeClipboardChain 76A9E52F 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!GetClipboardOwner 76AA0A5E 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!CountClipboardFormats 76AA0E19 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!SetClipboardData 76AB62F8 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!EnumClipboardFormats 76AB6C7E 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!SetCursorPos 76AB6F1A 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!GetClipboardData 76AB70B2 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!GetClipboardFormatNameW 76ABA93C 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!EmptyClipboard 76AD390B 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!GetClipboardViewer 76AD396D 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] USER32.dll!GetPriorityClipboardFormat 76AD3A6F 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] Secur32.dll!FreeContextBuffer 75ED2825 5 Bytes JMP 000E00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] Secur32.dll!DeleteSecurityContext 75ED2ABF 5 Bytes JMP 000E0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] Secur32.dll!FreeCredentialsHandle 75ED31F5 5 Bytes JMP 000E0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] Secur32.dll!EncryptMessage 75ED4BE6 5 Bytes JMP 000E01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] Secur32.dll!DecryptMessage 75ED4CB3 5 Bytes JMP 000E0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] Secur32.dll!InitializeSecurityContextA 75ED823B 5 Bytes JMP 000E0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] Secur32.dll!AcquireCredentialsHandleA 75ED8343 5 Bytes JMP 000E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] Secur32.dll!QueryContextAttributesA 75ED874F 5 Bytes JMP 000E0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] Secur32.dll!ApplyControlToken 75EDDD8A 5 Bytes JMP 000E01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] Secur32.dll!QueryCredentialsAttributesA 75EDDF8D 5 Bytes JMP 000E00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ole32.dll!OleGetClipboard 760B2971 5 Bytes JMP 000F00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ole32.dll!OleSetClipboard 760DEA43 5 Bytes JMP 000F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe[1132] ole32.dll!OleIsCurrentClipboard 760E8829 5 Bytes JMP 000F0070 ---- Processes - GMER 2.2 ---- Process (*** hidden *** ) [4] 83CEB910 ---- EOF - GMER 2.2 ----