GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-07 17:31:08 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST1000DM003-1CH162 rev.CC47 931,51GB Running: 3nj43moy.exe; Driver: C:\Users\Mario\AppData\Local\Temp\uwtoypod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[356] ntdll.dll!LdrLoadDll 77C69378 5 Bytes JMP 71C31FD9 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[356] kernel32.dll!HeapSetInformation + 26 7638A8B0 7 Bytes JMP 6BE43255 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[356] kernel32.dll!LockResource + C 763A6ACB 7 Bytes JMP 6C7740E1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[356] kernel32.dll!VirtualAllocEx + 54 763AAF50 7 Bytes JMP 6C774104 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[356] USER32.dll!GetWindowInfo 7702428E 5 Bytes JMP 6C549CE9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[356] GDI32.dll!SetStretchBltMode + 256 7718745C 7 Bytes JMP 6C774062 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtCreateFile + 6 77CA426A 4 Bytes [28, B0, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtCreateFile + B 77CA426F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtCreateKey + 6 77CA42AA 4 Bytes [68, B1, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtCreateKey + B 77CA42AF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtCreateMutant + 6 77CA42DA 4 Bytes [28, B2, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtCreateMutant + B 77CA42DF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtCreateSection + 6 77CA435A 4 Bytes [68, B2, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtCreateSection + B 77CA435F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtMapViewOfSection + 6 77CA49BA 4 Bytes [A8, B4, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtMapViewOfSection + B 77CA49BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenFile + 6 77CA4A4A 4 Bytes [68, B0, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenFile + B 77CA4A4F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenKey + 6 77CA4A7A 4 Bytes [A8, B1, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenKey + B 77CA4A7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenMutant + 6 77CA4A9A 4 Bytes CALL 76CA5150 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenMutant + B 77CA4A9F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenProcess + 6 77CA4ACA 4 Bytes [28, B3, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenProcess + B 77CA4ACF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenProcessToken + 6 77CA4ADA 4 Bytes [68, B3, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenProcessToken + B 77CA4ADF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenProcessTokenEx + 6 77CA4AEA 4 Bytes [28, B4, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenProcessTokenEx + B 77CA4AEF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenSection + 6 77CA4AFA 4 Bytes [A8, B2, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenSection + B 77CA4AFF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenThread + 6 77CA4B3A 4 Bytes CALL 76CA51F1 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenThread + B 77CA4B3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenThreadToken + 6 77CA4B4A 4 Bytes CALL 76CA5202 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenThreadToken + B 77CA4B4F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenThreadTokenEx + 6 77CA4B5A 4 Bytes [68, B4, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtOpenThreadTokenEx + B 77CA4B5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtQueryAttributesFile + 6 77CA4BEA 4 Bytes [A8, B0, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtQueryAttributesFile + B 77CA4BEF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtQueryFullAttributesFile + 6 77CA4C9A 4 Bytes CALL 76CA534F C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtQueryFullAttributesFile + B 77CA4C9F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtSetInformationFile + 6 77CA517A 4 Bytes [28, B1, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtSetInformationFile + B 77CA517F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtSetInformationThread + 6 77CA51CA 4 Bytes [A8, B3, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtSetInformationThread + B 77CA51CF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtUnmapViewOfSection + 6 77CA546A 4 Bytes CALL 76CA5B23 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ntdll.dll!NtUnmapViewOfSection + B 77CA546F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] kernel32.dll!CreateProcessW 76361BF3 5 Bytes JMP 000800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] kernel32.dll!CreateProcessA 76361C28 5 Bytes JMP 000800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] kernel32.dll!OpenEventW 7637C023 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] kernel32.dll!CreateEventW 763AB85E 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!DeleteObject 77185A37 5 Bytes JMP 000B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!GetDeviceCaps 7718617F 5 Bytes JMP 000B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!SelectObject 771862A0 5 Bytes JMP 000B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!SetTextColor 7718666B 5 Bytes JMP 000B0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!SetBkMode 77186716 5 Bytes JMP 000B08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!DeleteDC 771868CD 5 Bytes JMP 000B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!GetCurrentObject 77186B58 5 Bytes JMP 000B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!SetStretchBltMode 77187206 5 Bytes JMP 000B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!SaveDC 771875BA 5 Bytes JMP 000B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!RestoreDC 77187675 5 Bytes JMP 000B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!StretchDIBits 771878CF 5 Bytes JMP 000B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!ExtSelectClipRgn 771879F8 5 Bytes JMP 000B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!SelectClipRgn 77187AF9 5 Bytes JMP 000B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!MoveToEx 77187C33 5 Bytes JMP 000B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!Rectangle 77187EA9 5 Bytes JMP 000B09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!GetTextAlign 771882E0 5 Bytes JMP 000B0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!SetTextAlign 771885CB 5 Bytes JMP 000B09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!ExtTextOutW 7718872B 5 Bytes JMP 000B0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!GetTextMetricsW 77188A81 5 Bytes JMP 000B0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!IntersectClipRect 77188B64 5 Bytes JMP 000B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!GetClipBox 77189071 5 Bytes JMP 000B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!SetICMMode 771894E7 5 Bytes JMP 000B0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!CreateDCW 7718A91D 5 Bytes JMP 000B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!CreateDCA 7718AA49 5 Bytes JMP 000B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!CreateICW 7718B2E9 5 Bytes JMP 000B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!GetTextFaceW 7718B637 5 Bytes JMP 000B0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!GetFontData 7718BA6C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!GetFontData 7718BA6C 5 Bytes JMP 000B0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!GetTextExtentPoint32W 7718C01A 5 Bytes JMP 000B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!SetWorldTransform 7718C46A 5 Bytes JMP 000B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!LineTo 7718C65E 5 Bytes JMP 000B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!GetTextMetricsA 7718CCEB 5 Bytes JMP 000B0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!ExtTextOutA 771900A5 5 Bytes JMP 000B0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!GetTextExtentPoint32A 77190E58 5 Bytes JMP 000B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!ExtEscape 771922A7 5 Bytes JMP 000B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!Escape 771927F1 5 Bytes JMP 000B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!ResetDCW 77193132 5 Bytes JMP 000B0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!EndPage 7719375E 5 Bytes JMP 000B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!SetPolyFillMode 771961D3 5 Bytes JMP 000B0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!SetMiterLimit 771962E2 5 Bytes JMP 000B0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!GetTextFaceA 7719F489 5 Bytes JMP 000B0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!GetGlyphOutlineW 771AA537 5 Bytes JMP 000B0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!CreateScalableFontResourceW 771AC993 5 Bytes JMP 000B0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!AddFontResourceW 771ACD9B 5 Bytes JMP 000B0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!RemoveFontResourceW 771AD231 5 Bytes JMP 000B0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!AbortDoc 771B2E7F 5 Bytes JMP 000B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!EndDoc 771B3293 5 Bytes JMP 000B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!StartPage 771B337E 5 Bytes JMP 000B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!StartDocW 771B3E62 5 Bytes JMP 000B07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!BeginPath 771B461D 5 Bytes JMP 000B0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!SelectClipPath 771B4674 5 Bytes JMP 000B0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!CloseFigure 771B46CF 5 Bytes JMP 000B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!EndPath 771B4726 5 Bytes JMP 000B0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!StrokePath 771B4958 5 Bytes JMP 000B07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!FillPath 771B49E4 5 Bytes JMP 000B0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!PolylineTo 771B4E4D 5 Bytes JMP 000B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!PolyBezierTo 771B4EDD 5 Bytes JMP 000B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] GDI32.dll!PolyDraw 771B4F8E 5 Bytes JMP 000B08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!SetCursor 7701D37D 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!RegisterClipboardFormatW 7701D6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!RegisterClipboardFormatW 7701D6AC 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!ActivateKeyboardLayout 7702478C 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!IsWindowVisible 7702878A 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!MonitorFromWindow 770288D4 4 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!MonitorFromWindow + 5 770288D9 2 Bytes [CC, CC] {INT 3 ; INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!ScreenToClient 77028C56 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!GetClientRect 77028F0D 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!GetParent 770290AA 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!RegisterClipboardFormatA 7702A111 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!PostMessageW 7702A175 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!MapWindowPoints 7702A30D 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!GetClipboardFormatNameA 7702A552 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!GetOpenClipboardWindow 770326A6 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!SetClipboardViewer 7703BA2D 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!IsClipboardFormatAvailable 7703C2E3 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!CloseClipboard 7703C2F7 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!OpenClipboard 7703C31D 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!GetTopWindow 7703CE0A 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!GetClipboardSequenceNumber 7703D8B7 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!ChangeClipboardChain 7703DF83 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!CountClipboardFormats 77040048 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!GetClipboardOwner 770426EF 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!SetClipboardData 77056410 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!EnumClipboardFormats 77056D16 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!SetCursorPos 77056FB2 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!GetClipboardData 7705715A 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!GetClipboardFormatNameW 7705A99F 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!EmptyClipboard 7707398B 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!GetClipboardViewer 770739ED 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] USER32.dll!GetPriorityClipboardFormat 77073AEF 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ole32.dll!OleGetClipboard 779174C9 5 Bytes JMP 000D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ole32.dll!OleSetClipboard 779411E3 5 Bytes JMP 000D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] ole32.dll!OleIsCurrentClipboard 7794A8F9 5 Bytes JMP 000D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] Secur32.dll!FreeContextBuffer 76192D83 5 Bytes JMP 000F00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] Secur32.dll!DeleteSecurityContext 76192F18 5 Bytes JMP 000F0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] Secur32.dll!FreeCredentialsHandle 76193598 5 Bytes JMP 000F0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] Secur32.dll!EncryptMessage 76193745 5 Bytes JMP 000F01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] Secur32.dll!DecryptMessage 76193813 5 Bytes JMP 000F0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] Secur32.dll!InitializeSecurityContextA 761987DF 5 Bytes JMP 000F0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] Secur32.dll!AcquireCredentialsHandleA 76198A43 5 Bytes JMP 000F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] Secur32.dll!QueryContextAttributesA 76198E77 5 Bytes JMP 000F0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] Secur32.dll!ApplyControlToken 7619DE4F 5 Bytes JMP 000F01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe[792] Secur32.dll!QueryCredentialsAttributesA 7619E052 5 Bytes JMP 000F00B0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2044] USER32.dll!InSendMessageEx + 4C9 7701E7C8 7 Bytes JMP 6C06E610 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2044] USER32.dll!CreateWindowExW + AA 770213AF 7 Bytes JMP 6C06E681 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2044] USER32.dll!GetWindowInfo 7702428E 5 Bytes JMP 6C072366 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2044] USER32.dll!SetMenuItemBitmaps + 71 770314EE 7 Bytes JMP 6C06BD82 C:\Program Files\Mozilla Firefox\xul.dll ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----