GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-25 17:40:42 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320813AS rev.HP21 Running: gmer.exe; Driver: C:\Users\WOO-PC~1\AppData\Local\Temp\uwldqpow.sys .text ... .text ... ---- System - GMER 1.0.15 ---- INT 0x72 ? 8673DCB8 INT 0x82 ? 8673DCB8 INT 0x92 ? 8673DCB8 INT 0xA2 ? 847F9CB8 INT 0xA2 ? 847F9CB8 INT 0xA2 ? 847F9CB8 INT 0xA2 ? 847F9CB8 INT 0xA2 ? 8673DCB8 INT 0xA2 ? 847F9CB8 ---- Devices - GMER 1.0.15 ---- Device \Driver\apbfhclf \Device\Scsi\apbfhclf1 867F11E8 Device \Driver\apbfhclf \Device\Scsi\apbfhclf1Port5Path0Target0Lun0 867F11E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84B6B1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 84B6B1E8 Device \Driver\atapi \Device\Ide\IdePort0 84B6B1E8 Device \Driver\atapi \Device\Ide\IdePort1 84B6B1E8 Device \Driver\atapi \Device\Ide\IdePort2 84B6B1E8 Device \Driver\atapi \Device\Ide\IdePort3 84B6B1E8 Device \Driver\cdrom \Device\CdRom0 867B11E8 Device \Driver\cdrom \Device\CdRom1 867B11E8 Device \Driver\iScsiPrt \Device\RaidPort0 867F41E8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 84B6C1E8 Device \Driver\msahci \Device\Ide\PciIde0Channel1 84B6C1E8 Device \Driver\msahci \Device\Ide\PciIde0Channel2 84B6C1E8 Device \Driver\msahci \Device\Ide\PciIde0Channel3 84B6C1E8 Device \Driver\netbt \Device\NetBT_Tcpip_{43364AEA-EDEB-4709-B02D-510AD811C1C0} 86E54430 Device \Driver\netbt \Device\NetBT_Tcpip_{C7B09DE7-3339-4B11-82E5-97113B511BEF} 86E54430 Device \Driver\netbt \Device\NetBt_Wins_Export 86E54430 Device \Driver\PCI_PNP2029 \Device\00000041 sptd.sys Device \Driver\Smb \Device\NetbiosSmb 8784F1E8 AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys Device \Driver\usbehci \Device\USBFDO-1 867AD1E8 Device \Driver\usbehci \Device\USBFDO-3 867AD1E8 Device \Driver\usbehci \Device\USBPDO-1 867AD1E8 Device \Driver\usbehci \Device\USBPDO-3 867AD1E8 Device \Driver\usbohci \Device\USBFDO-0 867AC1E8 Device \Driver\usbohci \Device\USBFDO-2 867AC1E8 Device \Driver\usbohci \Device\USBPDO-0 867AC1E8 Device \Driver\usbohci \Device\USBPDO-2 867AC1E8 Device \FileSystem\cdfs \Cdfs 882F71E8 Device \FileSystem\Ntfs \Ntfs 84B6E1E8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \FileSystem\udfs \UdfsCdRom 8827E1E8 Device \FileSystem\udfs \UdfsDisk 8827E1E8 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\Drivers\apbfhclf.SYS[HAL.dll!KfAcquireSpinLock] FF0F6A70 IAT \SystemRoot\System32\Drivers\apbfhclf.SYS[HAL.dll!KfReleaseSpinLock] 8F659EFF IAT \SystemRoot\System32\Drivers\apbfhclf.SYS[NETIO.SYS!WskCaptureProviderNPI] 40DF0B66 IAT \SystemRoot\System32\Drivers\apbfhclf.SYS[NETIO.SYS!WskDeregister] 3E6E77DB IAT \SystemRoot\System32\Drivers\apbfhclf.SYS[NETIO.SYS!WskRegister] D9D65ADC IAT \SystemRoot\System32\Drivers\apbfhclf.SYS[NETIO.SYS!WskReleaseProviderNPI] AED16A4A IAT \SystemRoot\System32\Drivers\apbfhclf.SYS[storport.sys!StorPortInitialize] A00AE278 IAT \SystemRoot\System32\Drivers\apbfhclf.SYS[storport.sys!StorPortNotification] D70DD2EE IAT \SystemRoot\System32\Drivers\apbfhclf.SYS[storport.sys!StorPortPauseDevice] 616BFFD3 IAT \SystemRoot\System32\Drivers\apbfhclf.SYS[storport.sys!StorPortResumeDevice] 166CCF45 IAT \SystemRoot\System32\Drivers\apbfhclf.SYS[TDI.SYS!TdiDeregisterPnPHandlers] A7672661 IAT \SystemRoot\System32\Drivers\apbfhclf.SYS[TDI.SYS!TdiRegisterPnPHandlers] D06016F7 IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060E910] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8060E71C] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8060E852] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8060F0EC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8060EF0E] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8060F22E] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80622CE8] \SystemRoot\System32\Drivers\sptd.sys ---- Kernel code sections - GMER 1.0.15 ---- .text apbfhclf.SYS 8ED77000 173 Bytes [60, BF, 3D, 82, 82, F3, 3D, ...] .text apbfhclf.SYS 8ED770AE 69 Bytes [06, 82, 9C, 55, 06, 82, 60, ...] .text apbfhclf.SYS 8ED770F4 29 Bytes [48, 19, 00, 00, 48, 0F, 00, ...] .text apbfhclf.SYS 8ED77112 216 Bytes [0F, D2, 0D, 94, 0C, 56, 09, ...] .text apbfhclf.SYS 8ED771EB 181 Bytes [2A, 50, 6C, 51, AE, 5A, F0, ...] ---- User code sections - GMER 1.0.15 ---- .text C:\Gry\Xfire\Xfire.exe[2216] GDI32.dll!BitBlt 766F70A6 5 Bytes JMP 071F8B45 C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] kernel32.dll!CreateProcessA 76B91C28 5 Bytes JMP 071F9904 C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] kernel32.dll!CreateThread 76BDCB2E 5 Bytes JMP 071F91AE C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!BeginPaint 764FA2A3 5 Bytes JMP 071F894D C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!CreateDialogParamW 764E72A2 5 Bytes JMP 071F932B C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!CreateWindowExW 764F1305 5 Bytes JMP 071F955C C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!DialogBoxParamW 765110B0 5 Bytes JMP 071F926E C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!GetCursorPos 76500B88 5 Bytes JMP 071F8EDE C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!GetDC 764F9C31 5 Bytes JMP 071F89E9 C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!InvalidateRect 764F9062 5 Bytes JMP 071F8CBF C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!InvalidateRgn 764E8F3B 5 Bytes JMP 071F8D76 C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!IsWindowVisible 764F878A 7 Bytes JMP 071F962E C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!RedrawWindow 764FA2E5 5 Bytes JMP 071F9043 C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!RegisterClassA 764EDF42 5 Bytes JMP 071F90FD C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!ReleaseDC 764F9CED 5 Bytes JMP 071F8A91 C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!SetCapture 765130AF 5 Bytes JMP 071F8E2D C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!SetFocus 764F3684 5 Bytes JMP 071F8C0E C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!SetForegroundWindow 764EB8A6 5 Bytes JMP 071F94AB C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!SetWindowPos 764F35E3 5 Bytes JMP 071F93E8 C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!TrackPopupMenu 765014F3 5 Bytes JMP 071F9841 C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Gry\Xfire\Xfire.exe[2216] USER32.dll!WindowFromPoint 764E884F 5 Bytes JMP 071F8F8F C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2812] kernel32.dll!SetUnhandledExceptionFilter 76BBA8C5 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[3756] GDI32.dll!CreateDIBSection 766F7461 5 Bytes JMP 65700728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3756] kernel32.dll!LoadLibraryA 76BB957C 5 Bytes JMP 1003ADA0 C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Mozilla Firefox\firefox.exe[3756] kernel32.dll!LoadLibraryW 76BB9400 5 Bytes JMP 1003AEA8 C:\Gry\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Mozilla Firefox\firefox.exe[3756] kernel32.dll!MapViewOfFile 76BD6B10 5 Bytes JMP 6570079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3756] kernel32.dll!VirtualAlloc 76BDAF75 5 Bytes JMP 657007C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3756] ntdll.dll!LdrLoadDll 77889378 5 Bytes JMP 6545FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3612] USER32.dll!GetWindowInfo 764F428E 5 Bytes JMP 655DAEF3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3612] USER32.dll!SetWindowLongA 764EE7CD 5 Bytes JMP 6580003B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3612] USER32.dll!SetWindowLongW 764F13B4 5 Bytes JMP 657FFFCA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3612] USER32.dll!TrackPopupMenu 765014F3 5 Bytes JMP 655DB50D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[816] kernel32.dll!SetUnhandledExceptionFilter 76BBA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7460B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [745CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [745F73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [745EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7464CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1984] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Kernel code sections - GMER 1.0.15 ---- .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x806E70AD] ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 001D07D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 001D0790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 001D07D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetKeyState] 001D07D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010110 ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!AbortDoc 76722CC4 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!AddFontResourceW 7671CC93 5 Bytes JMP 000C0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!BeginPath 76724465 5 Bytes JMP 000C07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!CloseFigure 76724517 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!CreateDCA 766FAA49 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!CreateDCW 766FA91D 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!CreateICW 766FB2E9 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!CreateScalableFontResourceW 7671C88B 5 Bytes JMP 000C0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!DeleteDC 766F68CD 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!DeleteObject 766F5A37 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!EndDoc 767230D8 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!EndPage 7670375E 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!EndPath 7672456E 5 Bytes JMP 000C0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!Escape 767027F1 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!ExtEscape 767022A7 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!ExtSelectClipRgn 766F79F8 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!ExtTextOutA 767000A5 5 Bytes JMP 000C08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!ExtTextOutW 766F872B 5 Bytes JMP 000C0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!FillPath 7672482C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!FillPath 7672482C 5 Bytes JMP 000C0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!GetClipBox 766F9071 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!GetCurrentObject 766F6B58 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!GetDeviceCaps 766F617F 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!GetFontData 766FBA6C 5 Bytes JMP 000C0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!GetGlyphOutlineW 7671A41F 5 Bytes JMP 000C0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!GetTextAlign 766F82E0 5 Bytes JMP 000C0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!GetTextExtentPoint32W 766FC01A 5 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!GetTextFaceA 7670F4C5 5 Bytes JMP 000C0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!GetTextFaceW 766FB637 5 Bytes JMP 000C0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!GetTextMetricsA 766FCCEB 5 Bytes JMP 000C0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!GetTextMetricsW 766F8A81 5 Bytes JMP 000C0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!IntersectClipRect 766F8B64 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!LineTo 766FC65E 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!MoveToEx 766F7C33 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!PolyBezierTo 76724D25 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!PolyDraw 76724DD6 5 Bytes JMP 000C0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!PolylineTo 76724C95 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!Rectangle 766F7EA9 5 Bytes JMP 000C0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!RemoveFontResourceW 7671D129 5 Bytes JMP 000C0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!ResetDCW 76703132 5 Bytes JMP 000C0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!RestoreDC 766F7675 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!SaveDC 766F75BA 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!SelectClipPath 767244BC 5 Bytes JMP 000C0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!SelectClipRgn 766F7AF9 5 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!SelectObject 766F62A0 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!SetBkMode 766F6716 5 Bytes JMP 000C08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!SetICMMode 766F94E7 5 Bytes JMP 000C0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!SetMiterLimit 767062E2 5 Bytes JMP 000C0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!SetPolyFillMode 767061D3 5 Bytes JMP 000C0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!SetStretchBltMode 766F7206 5 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!SetTextAlign 766F85CB 5 Bytes JMP 000C09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!SetTextColor 766F666B 5 Bytes JMP 000C09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!SetWorldTransform 766FC46A 5 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!StartDocW 76723CA7 5 Bytes JMP 000C07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!StartPage 767231C3 5 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!StretchDIBits 766F78CF 5 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] GDI32.dll!StrokePath 767247A0 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] kernel32.dll!CreateEventW 76BDB87E 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] kernel32.dll!CreateProcessA 76B91C28 5 Bytes JMP 000100F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] kernel32.dll!CreateProcessW 76B91BF3 5 Bytes JMP 000100B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] kernel32.dll!OpenEventW 76BAC033 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtCreateFile + 6 778C424A 4 Bytes [28, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtCreateFile + B 778C424F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtCreateKey + 6 778C428A 4 Bytes [68, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtCreateKey + B 778C428F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtCreateMutant + 6 778C42BA 4 Bytes [28, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtCreateMutant + B 778C42BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtCreateSection + 6 778C433A 4 Bytes [68, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtCreateSection + B 778C433F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtMapViewOfSection + 6 778C499A 4 Bytes [A8, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtMapViewOfSection + B 778C499F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenFile + 6 778C4A2A 4 Bytes [68, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenFile + B 778C4A2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenKey + 6 778C4A5A 4 Bytes [A8, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenKey + B 778C4A5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenMutant + B 778C4A7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenProcess + 6 778C4AAA 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenProcess + 6 778C4AAA 4 Bytes [28, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenProcess + B 778C4AAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenProcessToken + 6 778C4ABA 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenProcessToken + 6 778C4ABA 4 Bytes [68, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenProcessToken + B 778C4ABF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenProcessTokenEx + 6 778C4ACA 4 Bytes [28, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenProcessTokenEx + B 778C4ACF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenSection + 6 778C4ADA 4 Bytes [A8, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenSection + B 778C4ADF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenThread + B 778C4B1F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenThreadToken + 6 778C4B2A 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenThreadToken + B 778C4B2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenThreadTokenEx + 6 778C4B3A 4 Bytes [68, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtOpenThreadTokenEx + B 778C4B3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtQueryAttributesFile + 6 778C4BCA 4 Bytes [A8, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtQueryAttributesFile + B 778C4BCF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtQueryFullAttributesFile + B 778C4C7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtSetInformationFile + 6 778C515A 4 Bytes [28, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtSetInformationFile + B 778C515F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtSetInformationThread + 6 778C51AA 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtSetInformationThread + 6 778C51AA 4 Bytes [A8, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtSetInformationThread + B 778C51AF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ntdll.dll!NtUnmapViewOfSection + B 778C544F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ole32.dll!OleGetClipboard 763474C9 5 Bytes JMP 001E00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ole32.dll!OleIsCurrentClipboard 7637A8F9 5 Bytes JMP 001E0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] ole32.dll!OleSetClipboard 763711E3 5 Bytes JMP 001E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] Secur32.dll!AcquireCredentialsHandleA 75DB8A43 5 Bytes JMP 00200030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] Secur32.dll!ApplyControlToken 75DBDE4F 5 Bytes JMP 002001B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] Secur32.dll!DecryptMessage 75DB3813 5 Bytes JMP 00200230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] Secur32.dll!DeleteSecurityContext 75DB2F18 5 Bytes JMP 00200270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] Secur32.dll!EncryptMessage 75DB3745 5 Bytes JMP 002001F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] Secur32.dll!FreeContextBuffer 75DB2D83 5 Bytes JMP 002000F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] Secur32.dll!FreeCredentialsHandle 75DB3598 5 Bytes JMP 00200130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] Secur32.dll!InitializeSecurityContextA 75DB87DF 5 Bytes JMP 00200170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] Secur32.dll!QueryContextAttributesA 75DB8E77 5 Bytes JMP 00200070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] Secur32.dll!QueryCredentialsAttributesA 75DBE052 5 Bytes JMP 002000B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!ActivateKeyboardLayout 764F478C 5 Bytes JMP 001D04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!ChangeClipboardChain 7650DF83 5 Bytes JMP 001D0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!CloseClipboard 7650C2F7 5 Bytes JMP 001D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!CountClipboardFormats 76510048 5 Bytes JMP 001D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!EmptyClipboard 7654398B 5 Bytes JMP 001D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!EnumClipboardFormats 76526D16 5 Bytes JMP 001D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!GetClientRect 764F8F0D 7 Bytes JMP 001D05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!GetClipboardData 7652715A 5 Bytes JMP 001D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!GetClipboardFormatNameA 764FA552 5 Bytes JMP 001D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!GetClipboardFormatNameW 7652A99F 5 Bytes JMP 001D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!GetClipboardOwner 765126EF 5 Bytes JMP 001D0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!GetClipboardSequenceNumber 7650D8B7 5 Bytes JMP 001D0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!GetClipboardViewer 765439ED 5 Bytes JMP 001D0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!GetOpenClipboardWindow 765026A6 5 Bytes JMP 001D03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!GetParent 764F90AA 7 Bytes JMP 001D06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!GetPriorityClipboardFormat 76543AEF 5 Bytes JMP 001D03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!GetTopWindow 7650CE0A 7 Bytes JMP 001D0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!IsClipboardFormatAvailable 7650C2E3 5 Bytes JMP 001D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!IsWindowVisible 764F878A 7 Bytes JMP 001D06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!MapWindowPoints 764FA30D 5 Bytes JMP 001D0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!MonitorFromWindow 764F88D4 4 Bytes JMP 001D0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!MonitorFromWindow + 5 764F88D9 2 Bytes [CC, CC] {INT 3 ; INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!OpenClipboard 7650C31D 5 Bytes JMP 001D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!PostMessageW 764FA175 5 Bytes JMP 001D05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!RegisterClipboardFormatA 764FA111 5 Bytes JMP 001D02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!RegisterClipboardFormatW 764ED6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!RegisterClipboardFormatW 764ED6AC 5 Bytes JMP 001D02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!ScreenToClient 764F8C56 7 Bytes JMP 001D0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!SetClipboardData 76526410 5 Bytes JMP 001D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!SetClipboardViewer 7650BA2D 5 Bytes JMP 001D04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!SetCursor 764ED37D 5 Bytes JMP 001D0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1904] USER32.dll!SetCursorPos 76526FB2 5 Bytes JMP 001D0770 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x57 0xFE 0xD3 0x10 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x68 0x8D 0x6F 0xDB ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x61 0x04 0xC3 0x81 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x57 0xFE 0xD3 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x68 0x8D 0x6F 0xDB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x61 0x04 0xC3 0x81 ... ---- Kernel code sections - GMER 1.0.15 ---- .text sptd.sys 8060D000 32 Bytes [EC, F5, 3D, 82, 60, BF, 3D, ...] .text sptd.sys 8060D024 4 Bytes [D2, 93, 73, 80] .text sptd.sys 8060D02C 196 Bytes [73, ED, 17, 82, 18, 35, 06, ...] .text sptd.sys 8060D0F1 7 Bytes [3C, 06, 82, F0, 37, 06, 82] .text sptd.sys 8060D0F9 203 Bytes [D3, 03, 82, 0B, 11, 03, 82, ...] ? system32\drivers\13463038.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 8A57041B 5 Bytes JMP 8673D1C8 ---- EOF - GMER 1.0.15 ----