GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-07-24 16:25:08 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200AAKS-00L9A0 rev.01.03E01 Running: tz30jln4.exe; Driver: C:\DOCUME~1\Pawel\USTAWI~1\Temp\kweiifow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB51893A0, 0x88C445, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text D:\programy\Gadu-Gadu 10\gg.exe[152] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text D:\programy\Gadu-Gadu 10\gg.exe[152] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text D:\programy\Gadu-Gadu 10\gg.exe[152] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text D:\programy\Gadu-Gadu 10\gg.exe[152] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text D:\programy\Gadu-Gadu 10\gg.exe[152] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text D:\programy\Gadu-Gadu 10\gg.exe[152] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\WINDOWS\system32\RUNDLL32.EXE[336] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\WINDOWS\system32\RUNDLL32.EXE[336] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\WINDOWS\system32\RUNDLL32.EXE[336] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\WINDOWS\system32\RUNDLL32.EXE[336] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\WINDOWS\system32\RUNDLL32.EXE[336] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\WINDOWS\system32\RUNDLL32.EXE[336] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .reloc C:\WINDOWS\Explorer.EXE[424] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0xA800, 0xE0000060] .reloc C:\WINDOWS\Explorer.EXE[424] C:\WINDOWS\Explorer.EXE entry point in ".reloc" section [0x010FE8FF] hkwjnrk C:\WINDOWS\Explorer.EXE[424] C:\WINDOWS\Explorer.EXE unknown last section [0x01106000, 0x1000, 0xC0000000] .text C:\WINDOWS\Explorer.EXE[424] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\WINDOWS\Explorer.EXE[424] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\WINDOWS\Explorer.EXE[424] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\WINDOWS\Explorer.EXE[424] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\WINDOWS\Explorer.EXE[424] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\WINDOWS\Explorer.EXE[424] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\Documents and Settings\Pawel\Moje dokumenty\Pobieranie\tz30jln4.exe[456] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\Documents and Settings\Pawel\Moje dokumenty\Pobieranie\tz30jln4.exe[456] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\Documents and Settings\Pawel\Moje dokumenty\Pobieranie\tz30jln4.exe[456] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\Documents and Settings\Pawel\Moje dokumenty\Pobieranie\tz30jln4.exe[456] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\Documents and Settings\Pawel\Moje dokumenty\Pobieranie\tz30jln4.exe[456] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\Documents and Settings\Pawel\Moje dokumenty\Pobieranie\tz30jln4.exe[456] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[612] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[612] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[612] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[612] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[612] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[612] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\WINDOWS\RTHDCPL.EXE[616] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\WINDOWS\RTHDCPL.EXE[616] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\WINDOWS\RTHDCPL.EXE[616] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\WINDOWS\RTHDCPL.EXE[616] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\WINDOWS\RTHDCPL.EXE[616] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\WINDOWS\RTHDCPL.EXE[616] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\WINDOWS\system32\winlogon.exe[652] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF964CD .text C:\WINDOWS\system32\winlogon.exe[652] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9655C .text C:\WINDOWS\system32\winlogon.exe[652] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF96569 .text C:\WINDOWS\system32\winlogon.exe[652] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FF967ED .text C:\WINDOWS\system32\winlogon.exe[652] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF96552 .text C:\WINDOWS\system32\winlogon.exe[652] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF965AA .text C:\WINDOWS\system32\services.exe[696] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF964CD .text C:\WINDOWS\system32\services.exe[696] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9655C .text C:\WINDOWS\system32\services.exe[696] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF96569 .text C:\WINDOWS\system32\services.exe[696] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FF967ED .text C:\WINDOWS\system32\services.exe[696] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF96552 .text C:\WINDOWS\system32\services.exe[696] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF965AA .text C:\WINDOWS\system32\lsass.exe[708] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF964CD .text C:\WINDOWS\system32\lsass.exe[708] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF9655C .text C:\WINDOWS\system32\lsass.exe[708] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF96569 .text C:\WINDOWS\system32\lsass.exe[708] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FF967ED .text C:\WINDOWS\system32\lsass.exe[708] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF96552 .text C:\WINDOWS\system32\lsass.exe[708] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF965AA .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\WINDOWS\system32\ctfmon.exe[860] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\WINDOWS\system32\ctfmon.exe[860] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\WINDOWS\system32\ctfmon.exe[860] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\WINDOWS\system32\ctfmon.exe[860] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\WINDOWS\system32\ctfmon.exe[860] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\WINDOWS\system32\ctfmon.exe[860] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\WINDOWS\System32\svchost.exe[944] NETAPI32.dll!NetpwPathCanonicalize 6FF4A259 5 Bytes JMP 01959D64 .text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 007F9DC4 .text C:\Documents and Settings\Pawel\Menu Start\Programy\Autostart\AV Voice Changer Updater.exe[1048] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\Documents and Settings\Pawel\Menu Start\Programy\Autostart\AV Voice Changer Updater.exe[1048] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\Documents and Settings\Pawel\Menu Start\Programy\Autostart\AV Voice Changer Updater.exe[1048] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\Documents and Settings\Pawel\Menu Start\Programy\Autostart\AV Voice Changer Updater.exe[1048] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\Documents and Settings\Pawel\Menu Start\Programy\Autostart\AV Voice Changer Updater.exe[1048] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\Documents and Settings\Pawel\Menu Start\Programy\Autostart\AV Voice Changer Updater.exe[1048] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\WINDOWS\system32\spoolsv.exe[1396] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\WINDOWS\system32\spoolsv.exe[1396] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\WINDOWS\system32\spoolsv.exe[1396] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\WINDOWS\system32\spoolsv.exe[1396] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\WINDOWS\system32\spoolsv.exe[1396] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\WINDOWS\system32\spoolsv.exe[1396] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\Program Files\Application Updater\ApplicationUpdater.exe[1492] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\Program Files\Application Updater\ApplicationUpdater.exe[1492] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\Program Files\Application Updater\ApplicationUpdater.exe[1492] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[1492] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\Program Files\Application Updater\ApplicationUpdater.exe[1492] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[1492] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1504] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1504] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1504] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1504] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1504] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1504] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\WINDOWS\system32\nvsvc32.exe[1560] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\WINDOWS\system32\nvsvc32.exe[1560] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\WINDOWS\system32\nvsvc32.exe[1560] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\WINDOWS\system32\nvsvc32.exe[1560] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\WINDOWS\system32\nvsvc32.exe[1560] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\WINDOWS\system32\nvsvc32.exe[1560] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1604] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1604] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1604] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1604] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1604] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1604] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\WINDOWS\System32\alg.exe[1772] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\WINDOWS\System32\alg.exe[1772] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\WINDOWS\System32\alg.exe[1772] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\WINDOWS\System32\alg.exe[1772] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\WINDOWS\System32\alg.exe[1772] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\WINDOWS\System32\alg.exe[1772] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text C:\WINDOWS\system32\wpabaln.exe[1952] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text C:\WINDOWS\system32\wpabaln.exe[1952] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text C:\WINDOWS\system32\wpabaln.exe[1952] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text C:\WINDOWS\system32\wpabaln.exe[1952] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text C:\WINDOWS\system32\wpabaln.exe[1952] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text C:\WINDOWS\system32\wpabaln.exe[1952] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text D:\programy\Mozilla 5.0\plugin-container.exe[2124] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text D:\programy\Mozilla 5.0\plugin-container.exe[2124] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text D:\programy\Mozilla 5.0\plugin-container.exe[2124] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text D:\programy\Mozilla 5.0\plugin-container.exe[2124] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text D:\programy\Mozilla 5.0\plugin-container.exe[2124] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text D:\programy\Mozilla 5.0\plugin-container.exe[2124] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text D:\programy\Mozilla 5.0\plugin-container.exe[2124] USER32.dll!SetWindowLongA 77D3DED3 5 Bytes JMP 1068EDA6 D:\programy\Mozilla 5.0\xul.dll (Mozilla Foundation) .text D:\programy\Mozilla 5.0\plugin-container.exe[2124] USER32.dll!SetWindowLongW 77D3DEF1 5 Bytes JMP 1068ED38 D:\programy\Mozilla 5.0\xul.dll (Mozilla Foundation) .text D:\programy\Mozilla 5.0\plugin-container.exe[2124] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 104A5451 D:\programy\Mozilla 5.0\xul.dll (Mozilla Foundation) .text D:\programy\Mozilla 5.0\plugin-container.exe[2124] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 104A5A99 D:\programy\Mozilla 5.0\xul.dll (Mozilla Foundation) .text D:\programy\Mozilla 5.0\firefox.exe[2428] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text D:\programy\Mozilla 5.0\firefox.exe[2428] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text D:\programy\Mozilla 5.0\firefox.exe[2428] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text D:\programy\Mozilla 5.0\firefox.exe[2428] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text D:\programy\Mozilla 5.0\firefox.exe[2428] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text D:\programy\Mozilla 5.0\firefox.exe[2428] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA .text D:\programy\Mozilla 5.0\firefox.exe[2428] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00401410 D:\programy\Mozilla 5.0\firefox.exe (Firefox/Mozilla Corporation) .text D:\programy\Winamp\winamp.exe[3360] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA64CD .text D:\programy\Winamp\winamp.exe[3360] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA655C .text D:\programy\Winamp\winamp.exe[3360] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA6569 .text D:\programy\Winamp\winamp.exe[3360] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA67ED .text D:\programy\Winamp\winamp.exe[3360] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA6552 .text D:\programy\Winamp\winamp.exe[3360] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA65AA