GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-21 06:58:45 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000524AS rev.JC45 931,51GB Running: 3v131kl5.exe; Driver: C:\Users\r\AppData\Local\Temp\pxldrpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtCreateFile + 6 77C5426A 4 Bytes [28, B8, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtCreateFile + B 77C5426F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtCreateKey + 6 77C542AA 4 Bytes [68, B9, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtCreateKey + B 77C542AF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtCreateMutant + 6 77C542DA 4 Bytes [28, BA, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtCreateMutant + B 77C542DF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtCreateSection + 6 77C5435A 4 Bytes [68, BA, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtCreateSection + B 77C5435F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtMapViewOfSection + 6 77C549BA 4 Bytes [A8, BC, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtMapViewOfSection + B 77C549BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenFile + 6 77C54A4A 4 Bytes [68, B8, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenFile + B 77C54A4F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenKey + 6 77C54A7A 4 Bytes [A8, B9, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenKey + B 77C54A7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenMutant + B 77C54A9F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenProcess + 6 77C54ACA 4 Bytes [28, BB, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenProcess + B 77C54ACF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenProcessToken + 6 77C54ADA 4 Bytes [68, BB, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenProcessToken + B 77C54ADF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenProcessTokenEx + 6 77C54AEA 4 Bytes [28, BC, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenProcessTokenEx + B 77C54AEF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenSection + 6 77C54AFA 4 Bytes [A8, BA, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenSection + B 77C54AFF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenThread + B 77C54B3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenThreadToken + B 77C54B4F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenThreadTokenEx + 6 77C54B5A 4 Bytes [68, BC, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtOpenThreadTokenEx + B 77C54B5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtQueryAttributesFile + 6 77C54BEA 4 Bytes [A8, B8, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtQueryAttributesFile + B 77C54BEF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtQueryFullAttributesFile + B 77C54C9F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtSetInformationFile + 6 77C5517A 4 Bytes [28, B9, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtSetInformationFile + B 77C5517F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtSetInformationThread + 6 77C551CA 4 Bytes [A8, BB, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtSetInformationThread + B 77C551CF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ntdll.dll!NtUnmapViewOfSection + B 77C5546F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] kernel32.dll!CreateProcessW 77B11BF3 5 Bytes JMP 001700B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] kernel32.dll!CreateProcessA 77B11C28 5 Bytes JMP 001700F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] kernel32.dll!OpenEventW 77B2C033 5 Bytes JMP 00170070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] kernel32.dll!CreateEventW 77B5B93E 5 Bytes JMP 00170030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!DeleteObject 77AC5A37 5 Bytes JMP 001A01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!GetDeviceCaps 77AC617F 5 Bytes JMP 001A03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!SelectObject 77AC62A0 5 Bytes JMP 001A05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!SetTextColor 77AC666B 5 Bytes JMP 001A0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!SetBkMode 77AC6716 5 Bytes JMP 001A08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!DeleteDC 77AC68CD 5 Bytes JMP 001A0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!GetCurrentObject 77AC6B58 5 Bytes JMP 001A0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!SetStretchBltMode 77AC7206 5 Bytes JMP 001A06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!SaveDC 77AC75BA 5 Bytes JMP 001A0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!RestoreDC 77AC7675 5 Bytes JMP 001A0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!StretchDIBits 77AC78CF 5 Bytes JMP 001A0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!ExtSelectClipRgn 77AC79F8 5 Bytes JMP 001A02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!SelectClipRgn 77AC7AF9 5 Bytes JMP 001A05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!MoveToEx 77AC7C33 5 Bytes JMP 001A0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!Rectangle 77AC7EA9 5 Bytes JMP 001A09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!GetTextAlign 77AC82E0 5 Bytes JMP 001A0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!SetTextAlign 77AC85CB 5 Bytes JMP 001A09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!ExtTextOutW 77AC872B 5 Bytes JMP 001A0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!GetTextMetricsW 77AC8A81 5 Bytes JMP 001A0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!IntersectClipRect 77AC8B64 5 Bytes JMP 001A03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!GetClipBox 77AC9071 5 Bytes JMP 001A0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!SetICMMode 77AC94E7 5 Bytes JMP 001A0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!CreateDCW 77ACA91D 5 Bytes JMP 001A00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!CreateDCA 77ACAA49 5 Bytes JMP 001A00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!CreateICW 77ACB2E9 5 Bytes JMP 001A0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!GetTextFaceW 77ACB637 5 Bytes JMP 001A0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!GetFontData 77ACBA6C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!GetFontData 77ACBA6C 5 Bytes JMP 001A0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!GetTextExtentPoint32W 77ACC01A 5 Bytes JMP 001A0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!SetWorldTransform 77ACC46A 5 Bytes JMP 001A06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!LineTo 77ACC65E 5 Bytes JMP 001A0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!GetTextMetricsA 77ACCCEB 5 Bytes JMP 001A0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!ExtTextOutA 77AD008D 5 Bytes JMP 001A0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!GetTextExtentPoint32A 77AD0E40 5 Bytes JMP 001A0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!ExtEscape 77AD228F 5 Bytes JMP 001A02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!Escape 77AD27D9 5 Bytes JMP 001A0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!ResetDCW 77AD311A 5 Bytes JMP 001A0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!EndPage 77AD3746 5 Bytes JMP 001A0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!SetPolyFillMode 77AD61BB 5 Bytes JMP 001A0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!SetMiterLimit 77AD62CA 5 Bytes JMP 001A0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!GetTextFaceA 77ADF479 5 Bytes JMP 001A0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!GetGlyphOutlineW 77AEA587 5 Bytes JMP 001A0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!CreateScalableFontResourceW 77AEC9E3 5 Bytes JMP 001A0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!AddFontResourceW 77AECDEB 5 Bytes JMP 001A0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!RemoveFontResourceW 77AED281 5 Bytes JMP 001A0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!AbortDoc 77AF2ED2 5 Bytes JMP 001A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!EndDoc 77AF32E6 5 Bytes JMP 001A01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!StartPage 77AF33D1 5 Bytes JMP 001A0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!StartDocW 77AF3EB5 5 Bytes JMP 001A07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!BeginPath 77AF466D 5 Bytes JMP 001A0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!SelectClipPath 77AF46C4 5 Bytes JMP 001A0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!CloseFigure 77AF471F 5 Bytes JMP 001A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!EndPath 77AF4776 5 Bytes JMP 001A0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!StrokePath 77AF49A8 5 Bytes JMP 001A07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!FillPath 77AF4A34 5 Bytes JMP 001A0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!PolylineTo 77AF4E9D 5 Bytes JMP 001A04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!PolyBezierTo 77AF4F2D 5 Bytes JMP 001A04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] GDI32.dll!PolyDraw 77AF4FDE 5 Bytes JMP 001A08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!SetCursor 778AD37D 5 Bytes JMP 001B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!RegisterClipboardFormatW 778AD6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!RegisterClipboardFormatW 778AD6AC 5 Bytes JMP 001B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!ActivateKeyboardLayout 778B478C 5 Bytes JMP 001B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!IsWindowVisible 778B878A 7 Bytes JMP 001B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!MonitorFromWindow 778B88D4 7 Bytes JMP 001B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!ScreenToClient 778B8C56 7 Bytes JMP 001B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!GetClientRect 778B8F0D 7 Bytes JMP 001B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!GetParent 778B90AA 7 Bytes JMP 001B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!RegisterClipboardFormatA 778BA111 5 Bytes JMP 001B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!PostMessageW 778BA175 5 Bytes JMP 001B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!MapWindowPoints 778BA30D 5 Bytes JMP 001B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!GetClipboardFormatNameA 778BA552 5 Bytes JMP 001B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!GetOpenClipboardWindow 778C26A6 5 Bytes JMP 001B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!SetClipboardViewer 778CBA2D 5 Bytes JMP 001B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!IsClipboardFormatAvailable 778CC2E3 5 Bytes JMP 001B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!CloseClipboard 778CC2F7 5 Bytes JMP 001B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!OpenClipboard 778CC31D 5 Bytes JMP 001B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!GetTopWindow 778CCE0A 7 Bytes JMP 001B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!GetClipboardSequenceNumber 778CD8B7 5 Bytes JMP 001B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!ChangeClipboardChain 778CDF83 5 Bytes JMP 001B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!CountClipboardFormats 778D0048 5 Bytes JMP 001B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!GetClipboardOwner 778D26EF 5 Bytes JMP 001B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!SetClipboardData 778E6410 5 Bytes JMP 001B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!EnumClipboardFormats 778E6D16 5 Bytes JMP 001B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!SetCursorPos 778E6FB2 5 Bytes JMP 001B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!GetClipboardData 778E715A 5 Bytes JMP 001B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!GetClipboardFormatNameW 778EA99F 5 Bytes JMP 001B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!EmptyClipboard 7790398B 5 Bytes JMP 001B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!GetClipboardViewer 779039ED 5 Bytes JMP 001B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] USER32.dll!GetPriorityClipboardFormat 77903AEF 5 Bytes JMP 001B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ole32.dll!OleGetClipboard 776074C9 5 Bytes JMP 001C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ole32.dll!OleSetClipboard 776311E3 5 Bytes JMP 001C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] ole32.dll!OleIsCurrentClipboard 7763A8F9 5 Bytes JMP 001C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] Secur32.dll!FreeContextBuffer 76142D83 5 Bytes JMP 001E00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] Secur32.dll!DeleteSecurityContext 76142F18 5 Bytes JMP 001E0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] Secur32.dll!FreeCredentialsHandle 76143598 5 Bytes JMP 001E0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] Secur32.dll!EncryptMessage 76143745 5 Bytes JMP 001E01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] Secur32.dll!DecryptMessage 76143813 5 Bytes JMP 001E0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] Secur32.dll!InitializeSecurityContextA 761487DF 5 Bytes JMP 001E0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] Secur32.dll!AcquireCredentialsHandleA 76148A43 5 Bytes JMP 001E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] Secur32.dll!QueryContextAttributesA 76148E77 5 Bytes JMP 001E0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] Secur32.dll!ApplyControlToken 7614DE4F 5 Bytes JMP 001E01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe[716] Secur32.dll!QueryCredentialsAttributesA 7614E052 5 Bytes JMP 001E00B0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3096] USER32.dll!InSendMessageEx + 4C9 778AE7C8 7 Bytes JMP 64727925 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3096] USER32.dll!CreateWindowExW + AA 778B13AF 7 Bytes JMP 647279F7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3096] USER32.dll!GetWindowInfo 778B428E 5 Bytes JMP 64729C96 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3096] USER32.dll!SetMenuItemBitmaps + 71 778C14EE 7 Bytes JMP 647282CB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\CCleaner\CCleaner.exe[3168] USER32.dll!SetScrollRange 778AD185 5 Bytes JMP 012C60C6 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3168] USER32.dll!GetScrollInfo 778AF073 5 Bytes JMP 012C6059 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3168] USER32.dll!ShowScrollBar 778AF8AE 5 Bytes JMP 012C608C C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3168] USER32.dll!SetScrollInfo 778B71D8 5 Bytes JMP 012C60FD C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3168] USER32.dll!EnableScrollBar 778CAF53 5 Bytes JMP 012C6131 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3168] USER32.dll!GetScrollPos 778D337D 5 Bytes JMP 012C6034 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3168] USER32.dll!GetScrollRange 778D34A5 5 Bytes JMP 012C5FFC C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[3168] USER32.dll!SetScrollPos 778D3602 5 Bytes JMP 012C5FD7 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\Mozilla Firefox\firefox.exe[3748] ntdll.dll!LdrLoadDll 77C19378 5 Bytes JMP 742E900C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3748] ntdll.dll!NtCreateFile 77C54264 5 Bytes JMP 6396D441 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3748] ntdll.dll!NtFlushBuffersFile 77C54764 5 Bytes JMP 6396D181 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3748] ntdll.dll!NtQueryFullAttributesFile 77C54C94 5 Bytes JMP 6396D2B9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3748] ntdll.dll!NtReadFile 77C54EC4 5 Bytes JMP 6396D1BB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3748] ntdll.dll!NtReadFileScatter 77C54ED4 5 Bytes JMP 63D53D7D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3748] ntdll.dll!NtWriteFile 77C554D4 5 Bytes JMP 6396D5E5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3748] ntdll.dll!NtWriteFileGather 77C554E4 5 Bytes JMP 63D53DCD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3748] kernel32.dll!HeapSetInformation + 26 77B3A9B8 7 Bytes JMP 63AF497B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3748] kernel32.dll!LockResource + C 77B56BD3 7 Bytes JMP 63D3ECDA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3748] kernel32.dll!VirtualAllocEx + 54 77B5B030 7 Bytes JMP 63D4041B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3748] USER32.dll!GetWindowInfo 778B428E 5 Bytes JMP 6482FA10 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3748] GDI32.dll!SetStretchBltMode + 256 77AC745C 7 Bytes JMP 63D3D492 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Processes - GMER 2.1 ---- Library C:\Windowr\system32\lsm.exe (*** hidden *** ) @ C:\Windowr\system32\lsm.exe [628] 0x00BD0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules@PerfLogsAlerts-PLASrv-In-TCP-NoScope v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|Name=@PlaSrv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ---- EOF - GMER 2.1 ----