GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-28 20:04:31 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 SAMSUNG_ rev.1AJ1 465,76GB Running: 1s4g07i5.exe; Driver: C:\DOCUME~1\ANNAWR~1\USTAWI~1\Temp\pgtdrpow.sys ---- System - GMER 2.1 ---- SSDT spfs.sys ZwCreateKey [0xB9EB50E0] SSDT spfs.sys ZwEnumerateKey [0xB9ECDDA4] SSDT spfs.sys ZwEnumerateValueKey [0xB9ECE132] SSDT spfs.sys ZwOpenKey [0xB9EB50C0] SSDT spfs.sys ZwQueryKey [0xB9ECE20A] SSDT spfs.sys ZwQueryValueKey [0xB9ECE08A] SSDT spfs.sys ZwSetValueKey [0xB9ECE29C] INT 0x73 ? 89DCFBF8 INT 0x83 ? 89DCFBF8 INT 0xB4 ? 89B00BF8 ---- Kernel code sections - GMER 2.1 ---- ? spfs.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8B38000, 0x1A51FA, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\Explorer.EXE[620] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 01833806; RET .text C:\WINDOWS\Explorer.EXE[620] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [E1, 39, 83, 01, C3] {LOOPZ 0x3b; ADD DWORD [ECX], -0x3d} .text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!GetFileAttributesExW 7C81166D 6 Bytes PUSH 01833C4A; RET .text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!ExitProcess 7C81D20A 6 Bytes PUSH 01833C09; RET .text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 01833CC7; RET .text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 01833CB0; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 0183FA02; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 0183F984; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0183A41D; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 0183F9C3; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0183002E; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0183007E; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0182FF8F; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 01836C08; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 01836CA2; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!OpenInputDesktop 7E36ECA3 6 Bytes PUSH 01836896; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!SwitchDesktop 7E36FE6E 6 Bytes PUSH 018368E6; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 01836990; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 01830056; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 01836CF4; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 01836904; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!BeginPaint 7E378FE9 6 Bytes PUSH 0183F879; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!EndPaint 7E378FFD 6 Bytes JMP 413913FA .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 0182FE61; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 0182FE2F; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 01836B3A; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 018300A9; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 0183FA42; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 01836B83; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0183694A; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!SetCapture 7E37C35E 6 Bytes PUSH 0182FEE5; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 0182FF3F; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!GetDCEx 7E37C595 6 Bytes PUSH 0183F929; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 01836C55; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 0183FAD5; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 01836A1C; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 01836AAE; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0183A5CC; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 018369D6; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 01836A65; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 01836AF4; RET .text C:\WINDOWS\Explorer.EXE[620] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 0182FEA8; RET .text C:\WINDOWS\Explorer.EXE[620] CRYPT32.dll!PFXImportCertStore 77AE012F 6 Bytes PUSH 01841D51; RET .text C:\WINDOWS\Explorer.EXE[620] WININET.dll!HttpSendRequestA 3FD07021 6 Bytes PUSH 01841711; RET .text C:\WINDOWS\Explorer.EXE[620] WININET.dll!InternetReadFile 3FD0F5EB 6 Bytes PUSH 018419A3; RET .text C:\WINDOWS\Explorer.EXE[620] WININET.dll!HttpQueryInfoA 3FD1182D 6 Bytes PUSH 01841AD6; RET .text C:\WINDOWS\Explorer.EXE[620] WININET.dll!InternetCloseHandle 3FD12128 6 Bytes PUSH 01841936; RET .text C:\WINDOWS\Explorer.EXE[620] WININET.dll!InternetQueryDataAvailable 3FD1501F 6 Bytes PUSH 01841AAA; RET .text C:\WINDOWS\Explorer.EXE[620] WININET.dll!HttpOpenRequestA 3FD165A8 6 Bytes PUSH 01841678; RET .text C:\WINDOWS\Explorer.EXE[620] WININET.dll!HttpSendRequestW 3FD18B5E 6 Bytes PUSH 018416BC; RET .text C:\WINDOWS\Explorer.EXE[620] WININET.dll!HttpOpenRequestW 3FD18C9B 6 Bytes PUSH 01841634; RET .text C:\WINDOWS\Explorer.EXE[620] WININET.dll!InternetReadFileExA 3FD22C09 6 Bytes PUSH 018419D1; RET .text C:\WINDOWS\Explorer.EXE[620] WININET.dll!InternetSetFilePointer 3FD65E8B 6 Bytes PUSH 01841A50; RET .text C:\WINDOWS\Explorer.EXE[620] WININET.dll!HttpSendRequestExA 3FD7ABA6 6 Bytes PUSH 01841803; RET .text C:\WINDOWS\Explorer.EXE[620] WININET.dll!HttpSendRequestExW 3FD7ABFF 6 Bytes PUSH 01841766; RET .text C:\WINDOWS\Explorer.EXE[620] WININET.dll!HttpEndRequestA 3FD7ACAE 6 Bytes PUSH 018418A0; RET .text C:\WINDOWS\Explorer.EXE[620] WININET.dll!HttpEndRequestW 3FD7ACE0 6 Bytes PUSH 018418EB; RET .text C:\WINDOWS\Explorer.EXE[620] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0182F18C; RET .text C:\WINDOWS\Explorer.EXE[620] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 0182F57B; RET .text C:\WINDOWS\Explorer.EXE[620] WS2_32.dll!send 71A54C27 6 Bytes PUSH 0182F5B3; RET .text C:\WINDOWS\Explorer.EXE[620] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 0182F11C; RET .text C:\WINDOWS\Explorer.EXE[620] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 0182F5D4; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 06, 38, BA] .text C:\WINDOWS\system32\ctfmon.exe[1060] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1060] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [E1, 39, BA] .text C:\WINDOWS\system32\ctfmon.exe[1060] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1060] kernel32.dll!GetFileAttributesExW 7C81166D 6 Bytes PUSH 00BA3C4A; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] kernel32.dll!ExitProcess 7C81D20A 6 Bytes PUSH 00BA3C09; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00BA3CC7; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00BA3CB0; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00BAFA02; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!GetDC 7E3686C7 4 Bytes [68, 84, F9, BA] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00BAA41D; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, C3, F9, BA] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00BA002E; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00BA007E; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00B9FF8F; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00BA6C08; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00BA6CA2; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, 96, 68, BA] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, E6, 68, BA] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00BA6990; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00BA0056; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00BA6CF4; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00BA6904; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, 79, F8, BA] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!EndPaint 7E378FFD 4 Bytes JMP 41384AFA .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00B9FE61; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00B9FE2F; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00BA6B3A; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00BA00A9; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00BAFA42; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00BA6B83; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 00BA694A; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, E5, FE, B9] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00B9FF3F; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 29, F9, BA] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00BA6C55; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00BAFAD5; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00BA6A1C; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 00BA6AAE; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 00BAA5CC; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 00BA69D6; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00BA6A65; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00BA6AF4; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00B9FEA8; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00B9F18C; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00B9F57B; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00B9F5B3; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00B9F11C; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00B9F5D4; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] CRYPT32.dll!PFXImportCertStore 77AE012F 6 Bytes PUSH 00BB1D51; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WININET.dll!HttpSendRequestA 3FD07021 6 Bytes PUSH 00BB1711; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WININET.dll!InternetReadFile 3FD0F5EB 6 Bytes PUSH 00BB19A3; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WININET.dll!HttpQueryInfoA 3FD1182D 6 Bytes PUSH 00BB1AD6; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WININET.dll!InternetCloseHandle 3FD12128 6 Bytes PUSH 00BB1936; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WININET.dll!InternetQueryDataAvailable 3FD1501F 6 Bytes PUSH 00BB1AAA; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WININET.dll!HttpOpenRequestA 3FD165A8 6 Bytes PUSH 00BB1678; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WININET.dll!HttpSendRequestW 3FD18B5E 6 Bytes PUSH 00BB16BC; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WININET.dll!HttpOpenRequestW 3FD18C9B 6 Bytes PUSH 00BB1634; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WININET.dll!InternetReadFileExA 3FD22C09 6 Bytes PUSH 00BB19D1; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WININET.dll!InternetSetFilePointer 3FD65E8B 6 Bytes PUSH 00BB1A50; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WININET.dll!HttpSendRequestExA 3FD7ABA6 6 Bytes PUSH 00BB1803; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WININET.dll!HttpSendRequestExW 3FD7ABFF 6 Bytes PUSH 00BB1766; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WININET.dll!HttpEndRequestA 3FD7ACAE 6 Bytes PUSH 00BB18A0; RET .text C:\WINDOWS\system32\ctfmon.exe[1060] WININET.dll!HttpEndRequestW 3FD7ACE0 6 Bytes PUSH 00BB18EB; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 06, 38, 3A] .text C:\Program Files\Skype\Phone\Skype.exe[1068] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Skype\Phone\Skype.exe[1068] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [E1, 39, 3A] .text C:\Program Files\Skype\Phone\Skype.exe[1068] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\Program Files\Skype\Phone\Skype.exe[1068] kernel32.dll!GetFileAttributesExW 7C81166D 6 Bytes PUSH 003A3C4A; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] kernel32.dll!ExitProcess 7C81D20A 6 Bytes PUSH 003A3C09; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 003AFA02; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!GetDC 7E3686C7 4 Bytes [68, 84, F9, 3A] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 003AA41D; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, C3, F9, 3A] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 003A002E; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 003A007E; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0039FF8F; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 003A6C08; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 003A6CA2; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, 96, 68, 3A] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, E6, 68, 3A] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 003A6990; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 003A0056; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 003A6CF4; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 003A6904; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, 79, F8, 3A] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!EndPaint 7E378FFD 4 Bytes JMP 4137CAFA .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 0039FE61; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 0039FE2F; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 003A6B3A; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 003A00A9; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 003AFA42; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 003A6B83; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 003A694A; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, E5, FE, 39] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 0039FF3F; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 29, F9, 3A] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 003A6C55; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 003AFAD5; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 003A6A1C; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 003A6AAE; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 003AA5CC; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 003A69D6; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 003A6A65; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 003A6AF4; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 0039FEA8; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 003A3CC7; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 003A3CB0; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0039F18C; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 0039F57B; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WS2_32.dll!send 71A54C27 6 Bytes PUSH 0039F5B3; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 0039F11C; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 0039F5D4; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] CRYPT32.dll!PFXImportCertStore 77AE012F 6 Bytes PUSH 003B1D51; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WININET.dll!HttpSendRequestA 3FD07021 6 Bytes PUSH 003B1711; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WININET.dll!InternetReadFile 3FD0F5EB 6 Bytes PUSH 003B19A3; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WININET.dll!HttpQueryInfoA 3FD1182D 6 Bytes PUSH 003B1AD6; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WININET.dll!InternetCloseHandle 3FD12128 6 Bytes PUSH 003B1936; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WININET.dll!InternetQueryDataAvailable 3FD1501F 6 Bytes PUSH 003B1AAA; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WININET.dll!HttpOpenRequestA 3FD165A8 6 Bytes PUSH 003B1678; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WININET.dll!HttpSendRequestW 3FD18B5E 6 Bytes PUSH 003B16BC; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WININET.dll!HttpOpenRequestW 3FD18C9B 6 Bytes PUSH 003B1634; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WININET.dll!InternetReadFileExA 3FD22C09 6 Bytes PUSH 003B19D1; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WININET.dll!InternetSetFilePointer 3FD65E8B 6 Bytes PUSH 003B1A50; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WININET.dll!HttpSendRequestExA 3FD7ABA6 6 Bytes PUSH 003B1803; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WININET.dll!HttpSendRequestExW 3FD7ABFF 6 Bytes PUSH 003B1766; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WININET.dll!HttpEndRequestA 3FD7ACAE 6 Bytes PUSH 003B18A0; RET .text C:\Program Files\Skype\Phone\Skype.exe[1068] WININET.dll!HttpEndRequestW 3FD7ACE0 6 Bytes PUSH 003B18EB; RET .text C:\WINDOWS\notepad.exe[2424] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 06, 38, 09] .text C:\WINDOWS\notepad.exe[2424] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\notepad.exe[2424] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [E1, 39, 09] .text C:\WINDOWS\notepad.exe[2424] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\WINDOWS\notepad.exe[2424] kernel32.dll!GetFileAttributesExW 7C81166D 6 Bytes PUSH 00093C4A; RET .text C:\WINDOWS\notepad.exe[2424] kernel32.dll!ExitProcess 7C81D20A 6 Bytes PUSH 00093C09; RET .text C:\WINDOWS\notepad.exe[2424] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00093CC7; RET .text C:\WINDOWS\notepad.exe[2424] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00093CB0; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 0009FA02; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!GetDC 7E3686C7 4 Bytes [68, 84, F9, 09] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0009A41D; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, C3, F9, 09] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0009002E; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0009007E; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0008FF8F; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00096C08; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00096CA2; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, 96, 68, 09] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, E6, 68, 09] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00096990; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00090056; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00096CF4; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00096904; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, 79, F8, 09] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!EndPaint 7E378FFD 4 Bytes JMP 413799FA .text C:\WINDOWS\notepad.exe[2424] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 0008FE61; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 0008FE2F; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00096B3A; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 000900A9; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 0009FA42; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00096B83; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0009694A; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, E5, FE, 08] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 0008FF3F; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 29, F9, 09] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\WINDOWS\notepad.exe[2424] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00096C55; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 0009FAD5; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00096A1C; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 00096AAE; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0009A5CC; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 000969D6; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00096A65; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00096AF4; RET .text C:\WINDOWS\notepad.exe[2424] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 0008FEA8; RET .text C:\WINDOWS\notepad.exe[2424] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0008F18C; RET .text C:\WINDOWS\notepad.exe[2424] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 0008F57B; RET .text C:\WINDOWS\notepad.exe[2424] WS2_32.dll!send 71A54C27 6 Bytes PUSH 0008F5B3; RET .text C:\WINDOWS\notepad.exe[2424] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 0008F11C; RET .text C:\WINDOWS\notepad.exe[2424] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 0008F5D4; RET .text C:\WINDOWS\notepad.exe[2424] CRYPT32.dll!PFXImportCertStore 77AE012F 6 Bytes PUSH 000A1D51; RET .text C:\WINDOWS\notepad.exe[2424] WININET.dll!HttpSendRequestA 3FD07021 6 Bytes PUSH 000A1711; RET .text C:\WINDOWS\notepad.exe[2424] WININET.dll!InternetReadFile 3FD0F5EB 6 Bytes PUSH 000A19A3; RET .text C:\WINDOWS\notepad.exe[2424] WININET.dll!HttpQueryInfoA 3FD1182D 6 Bytes PUSH 000A1AD6; RET .text C:\WINDOWS\notepad.exe[2424] WININET.dll!InternetCloseHandle 3FD12128 6 Bytes PUSH 000A1936; RET .text C:\WINDOWS\notepad.exe[2424] WININET.dll!InternetQueryDataAvailable 3FD1501F 6 Bytes PUSH 000A1AAA; RET .text C:\WINDOWS\notepad.exe[2424] WININET.dll!HttpOpenRequestA 3FD165A8 6 Bytes PUSH 000A1678; RET .text C:\WINDOWS\notepad.exe[2424] WININET.dll!HttpSendRequestW 3FD18B5E 6 Bytes PUSH 000A16BC; RET .text C:\WINDOWS\notepad.exe[2424] WININET.dll!HttpOpenRequestW 3FD18C9B 6 Bytes PUSH 000A1634; RET .text C:\WINDOWS\notepad.exe[2424] WININET.dll!InternetReadFileExA 3FD22C09 6 Bytes PUSH 000A19D1; RET .text C:\WINDOWS\notepad.exe[2424] WININET.dll!InternetSetFilePointer 3FD65E8B 6 Bytes PUSH 000A1A50; RET .text C:\WINDOWS\notepad.exe[2424] WININET.dll!HttpSendRequestExA 3FD7ABA6 6 Bytes PUSH 000A1803; RET .text C:\WINDOWS\notepad.exe[2424] WININET.dll!HttpSendRequestExW 3FD7ABFF 6 Bytes PUSH 000A1766; RET .text C:\WINDOWS\notepad.exe[2424] WININET.dll!HttpEndRequestA 3FD7ACAE 6 Bytes PUSH 000A18A0; RET .text C:\WINDOWS\notepad.exe[2424] WININET.dll!HttpEndRequestW 3FD7ACE0 6 Bytes PUSH 000A18EB; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 06, 38, 14] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [E1, 39, 14] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] kernel32.dll!GetFileAttributesExW 7C81166D 6 Bytes PUSH 00143C4A; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] kernel32.dll!ExitProcess 7C81D20A 6 Bytes PUSH 00143C09; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 0014FA02; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!GetDC 7E3686C7 4 Bytes [68, 84, F9, 14] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0014A41D; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, C3, F9, 14] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0014002E; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0014007E; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0013FF8F; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00146C08; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00146CA2; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, 96, 68, 14] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, E6, 68, 14] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00146990; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00140056; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00146CF4; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00146904; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, 79, F8, 14] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!EndPaint 7E378FFD 4 Bytes JMP 4137A4FA .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 0013FE61; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 0013FE2F; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00146B3A; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 001400A9; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 0014FA42; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00146B83; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0014694A; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, E5, FE, 13] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 0013FF3F; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 29, F9, 14] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00146C55; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 0014FAD5; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00146A1C; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 00146AAE; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0014A5CC; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 001469D6; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00146A65; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00146AF4; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 0013FEA8; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00143CC7; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00143CB0; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0013F18C; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 0013F57B; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WS2_32.dll!send 71A54C27 6 Bytes PUSH 0013F5B3; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 0013F11C; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 0013F5D4; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] CRYPT32.dll!PFXImportCertStore 77AE012F 6 Bytes PUSH 00151D51; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WININET.dll!HttpSendRequestA 3FD07021 6 Bytes PUSH 00151711; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WININET.dll!InternetReadFile 3FD0F5EB 6 Bytes PUSH 001519A3; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WININET.dll!HttpQueryInfoA 3FD1182D 6 Bytes PUSH 00151AD6; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WININET.dll!InternetCloseHandle 3FD12128 6 Bytes PUSH 00151936; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WININET.dll!InternetQueryDataAvailable 3FD1501F 6 Bytes PUSH 00151AAA; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WININET.dll!HttpOpenRequestA 3FD165A8 6 Bytes PUSH 00151678; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WININET.dll!HttpSendRequestW 3FD18B5E 6 Bytes PUSH 001516BC; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WININET.dll!HttpOpenRequestW 3FD18C9B 6 Bytes PUSH 00151634; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WININET.dll!InternetReadFileExA 3FD22C09 6 Bytes PUSH 001519D1; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WININET.dll!InternetSetFilePointer 3FD65E8B 6 Bytes PUSH 00151A50; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WININET.dll!HttpSendRequestExA 3FD7ABA6 6 Bytes PUSH 00151803; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WININET.dll!HttpSendRequestExW 3FD7ABFF 6 Bytes PUSH 00151766; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WININET.dll!HttpEndRequestA 3FD7ACAE 6 Bytes PUSH 001518A0; RET .text C:\Documents and Settings\anna wróblewska\Pulpit\PROGRAMY\1s4g07i5.exe[2756] WININET.dll!HttpEndRequestW 3FD7ACE0 6 Bytes PUSH 001518EB; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, 06, 38, 14] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!LdrLoadDll 7C91632D 6 Bytes JMP 01A29CF0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01FD542B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01FD5408 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] kernel32.dll!GetFileAttributesExW 7C81166D 6 Bytes PUSH 00143C4A; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] kernel32.dll!ExitProcess 7C81D20A 6 Bytes PUSH 00143C09; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01A3369E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 0014FA02; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetDC 7E3686C7 4 Bytes [68, 84, F9, 14] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0014A41D; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, C3, F9, 14] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0014002E; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0014007E; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0013FF8F; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00146C08; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00146CA2; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, 96, 68, 14] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, E6, 68, 14] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00146990; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00140056; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00146CF4; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00146904; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, 79, F8, 14] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!EndPaint 7E378FFD 4 Bytes JMP 4137A4FA .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 0013FE61; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 0013FE2F; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00146B3A; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 001400A9; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 0014FA42; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00146B83; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0014694A; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, E5, FE, 13] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 0013FF3F; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 29, F9, 14] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00146C55; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 0014FAD5; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00146A1C; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 00146AAE; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0014A5CC; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 001469D6; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00146A65; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00146AF4; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 0013FEA8; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01FD5389 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00143CC7; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00143CB0; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0013F18C; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 0013F57B; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WS2_32.dll!send 71A54C27 6 Bytes PUSH 0013F5B3; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 0013F11C; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 0013F5D4; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] CRYPT32.dll!PFXImportCertStore 77AE012F 6 Bytes PUSH 00151D51; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WININET.dll!HttpSendRequestA 3FD07021 6 Bytes PUSH 00151711; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WININET.dll!InternetReadFile 3FD0F5EB 6 Bytes PUSH 001519A3; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WININET.dll!HttpQueryInfoA 3FD1182D 6 Bytes PUSH 00151AD6; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WININET.dll!InternetCloseHandle 3FD12128 6 Bytes PUSH 00151936; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WININET.dll!InternetQueryDataAvailable 3FD1501F 6 Bytes PUSH 00151AAA; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WININET.dll!HttpOpenRequestA 3FD165A8 6 Bytes PUSH 00151678; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WININET.dll!HttpSendRequestW 3FD18B5E 6 Bytes PUSH 001516BC; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WININET.dll!HttpOpenRequestW 3FD18C9B 6 Bytes PUSH 00151634; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WININET.dll!InternetReadFileExA 3FD22C09 6 Bytes PUSH 001519D1; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WININET.dll!InternetSetFilePointer 3FD65E8B 6 Bytes PUSH 00151A50; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WININET.dll!HttpSendRequestExA 3FD7ABA6 6 Bytes PUSH 00151803; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WININET.dll!HttpSendRequestExW 3FD7ABFF 6 Bytes PUSH 00151766; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WININET.dll!HttpEndRequestA 3FD7ACAE 6 Bytes PUSH 001518A0; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] WININET.dll!HttpEndRequestW 3FD7ACE0 6 Bytes PUSH 001518EB; RET ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 89D5D1F8 Device \Driver\usbohci \Device\USBPDO-0 89BB61F8 Device \Driver\usbehci \Device\USBPDO-1 89B03500 Device \Driver\Ftdisk \Device\HarddiskVolume1 89D5F1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89D5F1F8 Device \Driver\Cdrom \Device\CdRom0 89BB8500 Device \Driver\Ftdisk \Device\HarddiskVolume3 89D5F1F8 Device \Driver\atapi \Device\Ide\IdePort0 [B9E2EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E2EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBT_Tcpip_{70C47666-031B-4CB8-A230-154B403252C3} 88CE11F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 88CE11F8 Device \Driver\NetBT \Device\NetbiosSmb 88CE11F8 Device \Driver\usbohci \Device\USBFDO-0 89BB61F8 Device \Driver\usbehci \Device\USBFDO-1 89B03500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88CC21F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 88CC21F8 Device \Driver\Ftdisk \Device\FtControl 89D5F1F8 Device \Driver\nvgts \Device\Scsi\nvgts1Port2Path0Target0Lun0 89D5E1F8 Device \Driver\nvgts \Device\Scsi\nvgts1Port2Path1Target1Lun0 89D5E1F8 Device \Driver\nvgts \Device\Scsi\nvgts1 89D5E1F8 Device \Driver\nvgts \Device\Scsi\nvgts2 89D5E1F8 Device \FileSystem\Cdfs \Cdfs 89BA1500 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89d5e1f8]<< >>UNKNOWN [0x89a332d9]<< 89a332d9 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89cf0030] 89cf0030 Trace 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000065[0x89cfc960] 89cfc960 Trace 5 ACPI.sys[b9e73620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x89cf1030] 89cf1030 Trace \Driver\nvgts[0x89dbdf38] -> IRP_MJ_CREATE -> 0x89d5e1f8 89d5e1f8 ---- Threads - GMER 2.1 ---- Thread System [4:576] 899BF0F4 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x56 0xAA 0x40 0x6D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x56 0xAA 0x40 0x6D ... ---- EOF - GMER 2.1 ----