Gmer: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-08-04 07:32:17
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000029 Crucial_CT120M500SSD1 rev.MU05 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Ibrahim\AppData\Local\Temp\pgldapow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000213600 15 bytes [00, 96, F2, 01, 00, 6A, 6C, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff96000213610 11 bytes [00, D7, FB, FF, 00, 7B, D1, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffcb4fc4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffcb4fc4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffcb4fc5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffcb4fc53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffcb4fc579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffcb4fc5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffcb4fc5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffcb4fc5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ffcb4fc60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ffcb4fc64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ffcb4fc6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ffcb4fc66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ffcb4fc8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ffcb4fc8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ffcb4fc8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ffcb4fc8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ffcb4fc90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ffcb4fc917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ffcb4fc9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ffcb4fc9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ffcb4fcaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ffcb4fcab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ffcb4fcb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ffcb4fcb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ffcb4fcc4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ffcb4fcc5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ffcb4fcd0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ffcb4fcd10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ffcb4fcd57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ffcb4fcd6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ffcb4fcd888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ffcb4fcd944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ffcb4fcdba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ffcb4fcdd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ffcb4fce073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ffcb4fce124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ffcb4fce160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ffcb4fceb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ffcb4fcfe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ffcb4fd009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ffcb4fd015b 8 bytes [70, 6C, 68, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ffcb4fd1438 8 bytes [40, 6C, 68, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ffcb4fd15e6 8 bytes [30, 6C, 68, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ffcb4fd1877 8 bytes [20, 6C, 68, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ffcb4fd1a2d 8 bytes [10, 6C, 68, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ffcb4fd1c35 8 bytes [00, 6C, 68, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffcb5041290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffcb5041410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffcb5041440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffcb5041560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffcb5041610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffcb5041cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffcb5041fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffcb5042850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776913f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077691583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077691621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077691674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776916e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077691727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776925d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077692714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077692961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077692bd3 8 bytes [DC, 6A, 68, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffcb4fc4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffcb4fc4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffcb4fc5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffcb4fc53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffcb4fc579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffcb4fc5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffcb4fc5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffcb4fc5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ffcb4fc60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ffcb4fc64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ffcb4fc6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ffcb4fc66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ffcb4fc8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ffcb4fc8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ffcb4fc8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ffcb4fc8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ffcb4fc90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ffcb4fc917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ffcb4fc9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ffcb4fc9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ffcb4fcaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ffcb4fcab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ffcb4fcb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ffcb4fcb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ffcb4fcc4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ffcb4fcc5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ffcb4fcd0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ffcb4fcd10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ffcb4fcd57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ffcb4fcd6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ffcb4fcd888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ffcb4fcd944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ffcb4fcdba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ffcb4fcdd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ffcb4fce073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ffcb4fce124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ffcb4fce160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ffcb4fceb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ffcb4fcfe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ffcb4fd009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ffcb4fd015b 8 bytes [70, 6C, B5, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ffcb4fd1438 8 bytes [40, 6C, B5, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ffcb4fd15e6 8 bytes [30, 6C, B5, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ffcb4fd1877 8 bytes [20, 6C, B5, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ffcb4fd1a2d 8 bytes [10, 6C, B5, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ffcb4fd1c35 8 bytes [00, 6C, B5, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffcb5041290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffcb5041410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffcb5041440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffcb5041560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffcb5041610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffcb5041cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffcb5041fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffcb5042850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776913f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077691583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077691621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077691674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776916e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077691727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776925d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077692714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077692961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077692bd3 8 bytes [DC, 6A, B5, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffcb4fc4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffcb4fc4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffcb4fc5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffcb4fc53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffcb4fc579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffcb4fc5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffcb4fc5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffcb4fc5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ffcb4fc60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ffcb4fc64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ffcb4fc6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ffcb4fc66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ffcb4fc8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ffcb4fc8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ffcb4fc8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ffcb4fc8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ffcb4fc90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ffcb4fc917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ffcb4fc9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ffcb4fc9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ffcb4fcaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ffcb4fcab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ffcb4fcb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ffcb4fcb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ffcb4fcc4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ffcb4fcc5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ffcb4fcd0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ffcb4fcd10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ffcb4fcd57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ffcb4fcd6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ffcb4fcd888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ffcb4fcd944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ffcb4fcdba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ffcb4fcdd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ffcb4fce073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ffcb4fce124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ffcb4fce160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ffcb4fceb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ffcb4fcfe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ffcb4fd009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ffcb4fd015b 8 bytes [70, 6C, 44, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ffcb4fd1438 8 bytes [40, 6C, 44, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ffcb4fd15e6 8 bytes [30, 6C, 44, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ffcb4fd1877 8 bytes [20, 6C, 44, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ffcb4fd1a2d 8 bytes [10, 6C, 44, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ffcb4fd1c35 8 bytes [00, 6C, 44, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffcb5041290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffcb5041410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffcb5041440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffcb5041560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffcb5041610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffcb5041cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffcb5041fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffcb5042850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776913f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077691583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077691621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077691674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776916e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077691727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776925d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077692714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077692961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077692bd3 8 bytes [DC, 6A, 44, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffcb4fc4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffcb4fc4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffcb4fc5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffcb4fc53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffcb4fc579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffcb4fc5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffcb4fc5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffcb4fc5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ffcb4fc60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ffcb4fc64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ffcb4fc6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ffcb4fc66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ffcb4fc8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ffcb4fc8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ffcb4fc8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ffcb4fc8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ffcb4fc90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ffcb4fc917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ffcb4fc9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ffcb4fc9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ffcb4fcaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ffcb4fcab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ffcb4fcb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ffcb4fcb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ffcb4fcc4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ffcb4fcc5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ffcb4fcd0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ffcb4fcd10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ffcb4fcd57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ffcb4fcd6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ffcb4fcd888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ffcb4fcd944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ffcb4fcdba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ffcb4fcdd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ffcb4fce073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ffcb4fce124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ffcb4fce160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ffcb4fceb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ffcb4fcfe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ffcb4fd009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ffcb4fd015b 8 bytes [70, 6C, 56, FE, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ffcb4fd1438 8 bytes [40, 6C, 56, FE, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ffcb4fd15e6 8 bytes [30, 6C, 56, FE, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ffcb4fd1877 8 bytes [20, 6C, 56, FE, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ffcb4fd1a2d 8 bytes [10, 6C, 56, FE, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ffcb4fd1c35 8 bytes [00, 6C, 56, FE, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffcb5041290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffcb5041410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffcb5041440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffcb5041560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffcb5041610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffcb5041cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffcb5041fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffcb5042850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776913f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077691583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077691621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077691674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776916e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077691727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776925d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077692714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077692961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077692bd3 8 bytes [DC, 6A, 56, FE, 00, 00, 00, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffcb4fc4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffcb4fc4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffcb4fc5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffcb4fc53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffcb4fc579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffcb4fc5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffcb4fc5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffcb4fc5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ffcb4fc60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ffcb4fc64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ffcb4fc6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ffcb4fc66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ffcb4fc8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ffcb4fc8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ffcb4fc8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ffcb4fc8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ffcb4fc90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ffcb4fc917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ffcb4fc9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ffcb4fc9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ffcb4fcaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ffcb4fcab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ffcb4fcb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ffcb4fcb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ffcb4fcc4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ffcb4fcc5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ffcb4fcd0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ffcb4fcd10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ffcb4fcd57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ffcb4fcd6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ffcb4fcd888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ffcb4fcd944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ffcb4fcdba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ffcb4fcdd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ffcb4fce073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ffcb4fce124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ffcb4fce160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ffcb4fceb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ffcb4fcfe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ffcb4fd009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ffcb4fd015b 8 bytes [70, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ffcb4fd1438 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ffcb4fd15e6 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ffcb4fd1877 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ffcb4fd1a2d 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ffcb4fd1c35 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffcb5041290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffcb5041410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffcb5041440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffcb5041560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffcb5041610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffcb5041cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffcb5041fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffcb5042850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776913f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077691583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077691621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077691674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776916e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077691727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776925d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077692714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077692961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077692bd3 8 bytes [DC, 6A, F8, 7F, 00, 00, 00, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [704:7472] fffff960008642d0
Thread C:\Windows\system32\csrss.exe [704:8104] fffff960008642d0
---- EOF - GMER 2.1 ---- adwcleaner habe ich vor einem Monat ca benutzt und hier ist der Log.
wenn ich jetzt suche habe ich keine Funde. Code:
# AdwCleaner v4.208 - Bericht erstellt 10/07/2015 um 15:23:18
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-10.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Ibrahim - PC
# Gestarted von : C:\Users\Ibrahim\Downloads\adwcleaner_4.208.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\uj57y9ss.default\user.js
Ordner Gefunden : C:\Users\Ibrahim\AppData\Roaming\RHEng
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v39.0 (x86 de)
-\\ Google Chrome v39.0.2171.99
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB19A5DA2-93CE-4F7F-9155-BCB5F2F9D10A&q={searchTerms}&SSPV=
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB19A5DA2-93CE-4F7F-9155-BCB5F2F9D10A&q={searchTerms}&SSPV=
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10263&locale=de_AT&apn_uid=70bc7904-fb3b-4000-8e6d-003b808e46ef&apn_ptnrs=%5EAGU&apn_sauid=F5DBEF0E-9B90-4600-826F-3E5D7B6E3040&apn_dtid=%5EYYYYYY%5EYY%5EAT&q={searchTerms}
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110823&tt=3612_7&babsrc=SP_ss&mntrId=bc6b19f8000000000000001e8c9f56a0
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Homepage] : hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPB19A5DA2-93CE-4F7F-9155-BCB5F2F9D10A&SSPV=
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPB19A5DA2-93CE-4F7F-9155-BCB5F2F9D10A&SSPV=
*************************
AdwCleaner[R0].txt - [3736 Bytes] - [10/07/2015 15:23:18]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3795 Bytes] ########## |