GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-09 20:10:14 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320325AS rev.0002SDM1 298,09GB Running: e2tm1y3v.exe; Driver: C:\Users\Kasia\AppData\Local\Temp\pxldqpow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x90E57BA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x90E58684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x90E646F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x90E64744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x90E648DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x90E64666] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x90F48DF0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x90E646AE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x90F49080] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x90F4916A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x90E64898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x90E59472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x90E57C0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x90E5CC68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x90E577F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x90F48ED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x90E57C72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90E5D05E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90E59F5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x90E64722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x90E64766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x90E64902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x90E6468C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x90E5C560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x90E64816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x90E646D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x90E5C94C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x90E648BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x90F48C6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x90E59DCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x90E59ADC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x90E57CD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x90E57D3E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x90F48FCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x90E57892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x90E57A64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x90E579F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x90E5963C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x90E5979E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x90E57AEC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x90F48D3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x90E592CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x90E57DA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x90F48BA0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82C95599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 82CC1864 4 Bytes [A6, 7B, E5, 90] {CMPSB ; JNP 0xffffffe8; NOP } .text ntkrnlpa.exe!RtlSidHashLookup + 29C 82CC18EC 4 Bytes [84, 86, E5, 90] .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82CC1940 8 Bytes [F8, 46, E6, 90, 44, 47, E6, ...] {CLC ; INC ESI; OUT 0x90, AL; INC ESP; INC EDI; OUT 0x90, AL} .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82CC194C 4 Bytes [DE, 48, E6, 90] {FIMUL WORD [EAX-0x1a]; NOP } .text ntkrnlpa.exe!RtlSidHashLookup + 318 82CC1968 4 Bytes [66, 46, E6, 90] {INC SI; OUT 0x90, AL} .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82EBF762 4 Bytes CALL 90E5A641 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82EC7873 4 Bytes CALL 90E5A657 \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\spoolsv.exe[356] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\system32\csrss.exe[396] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\system32\wininit.exe[452] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\system32\csrss.exe[460] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\system32\services.exe[508] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text ... .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtCreateFile + 6 771C46B6 4 Bytes [28, 70, A9, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtCreateFile + B 771C46BB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtMapViewOfSection + 6 771C4D16 4 Bytes [28, 73, A9, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtMapViewOfSection + B 771C4D1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtOpenFile + 6 771C4DC6 4 Bytes [68, 70, A9, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtOpenFile + B 771C4DCB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtOpenProcess + 6 771C4E76 4 Bytes [A8, 71, A9, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtOpenProcess + B 771C4E7B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtOpenProcessToken + B 771C4E8B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtOpenProcessTokenEx + 6 771C4E96 4 Bytes [A8, 72, A9, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtOpenProcessTokenEx + B 771C4E9B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtOpenThread + 6 771C4EF6 4 Bytes [68, 71, A9, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtOpenThread + B 771C4EFB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtOpenThreadToken + 6 771C4F06 4 Bytes [68, 72, A9, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtOpenThreadToken + B 771C4F0B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtOpenThreadTokenEx + B 771C4F1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtQueryAttributesFile + 6 771C5026 4 Bytes [A8, 70, A9, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtQueryAttributesFile + B 771C502B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtQueryFullAttributesFile + B 771C50DB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtSetInformationFile + 6 771C5726 4 Bytes [28, 71, A9, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtSetInformationFile + B 771C572B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtSetInformationThread + 6 771C5786 4 Bytes [28, 72, A9, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtSetInformationThread + B 771C578B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtUnmapViewOfSection + 6 771C5AA6 4 Bytes [68, 73, A9, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!NtUnmapViewOfSection + B 771C5AAB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!LdrUnloadDll 771DBD1F 5 Bytes JMP 00B603FC .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] ntdll.dll!LdrLoadDll 771DF425 5 Bytes JMP 00B601F8 .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1368] KERNEL32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtCreateFile + 6 771C46B6 4 Bytes [28, 98, 7C, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtCreateFile + B 771C46BB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtMapViewOfSection + 6 771C4D16 4 Bytes [28, 9B, 7C, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtMapViewOfSection + B 771C4D1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtOpenFile + 6 771C4DC6 4 Bytes [68, 98, 7C, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtOpenFile + B 771C4DCB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtOpenProcess + 6 771C4E76 4 Bytes [A8, 99, 7C, 00] {TEST AL, 0x99; JL 0x4} .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtOpenProcess + B 771C4E7B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtOpenProcessToken + B 771C4E8B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtOpenProcessTokenEx + 6 771C4E96 4 Bytes [A8, 9A, 7C, 00] {TEST AL, 0x9a; JL 0x4} .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtOpenProcessTokenEx + B 771C4E9B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtOpenThread + 6 771C4EF6 4 Bytes [68, 99, 7C, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtOpenThread + B 771C4EFB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtOpenThreadToken + 6 771C4F06 4 Bytes [68, 9A, 7C, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtOpenThreadToken + B 771C4F0B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtOpenThreadTokenEx + B 771C4F1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtQueryAttributesFile + 6 771C5026 4 Bytes [A8, 98, 7C, 00] {TEST AL, 0x98; JL 0x4} .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtQueryAttributesFile + B 771C502B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtQueryFullAttributesFile + B 771C50DB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtSetInformationFile + 6 771C5726 4 Bytes [28, 99, 7C, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtSetInformationFile + B 771C572B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtSetInformationThread + 6 771C5786 4 Bytes [28, 9A, 7C, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtSetInformationThread + B 771C578B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtUnmapViewOfSection + 6 771C5AA6 4 Bytes [68, 9B, 7C, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!NtUnmapViewOfSection + B 771C5AAB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!LdrUnloadDll 771DBD1F 5 Bytes JMP 008A03FC .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] ntdll.dll!LdrLoadDll 771DF425 5 Bytes JMP 008A01F8 .text C:\Program Files\Opera\18.0.1284.49\opera.exe[1372] KERNEL32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1544] kernel32.dll!SetUnhandledExceptionFilter 75B23122 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1544] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1600] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1608] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\Explorer.EXE[1632] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1688] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text ... .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtCreateFile + 6 771C46B6 4 Bytes [28, 98, 39, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtCreateFile + B 771C46BB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtMapViewOfSection + 6 771C4D16 4 Bytes [28, 9B, 39, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtMapViewOfSection + B 771C4D1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtOpenFile + 6 771C4DC6 4 Bytes [68, 98, 39, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtOpenFile + B 771C4DCB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtOpenProcess + 6 771C4E76 4 Bytes [A8, 99, 39, 00] {TEST AL, 0x99; CMP [EAX], EAX} .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtOpenProcess + B 771C4E7B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtOpenProcessToken + B 771C4E8B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtOpenProcessTokenEx + 6 771C4E96 4 Bytes [A8, 9A, 39, 00] {TEST AL, 0x9a; CMP [EAX], EAX} .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtOpenProcessTokenEx + B 771C4E9B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtOpenThread + 6 771C4EF6 4 Bytes [68, 99, 39, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtOpenThread + B 771C4EFB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtOpenThreadToken + 6 771C4F06 4 Bytes [68, 9A, 39, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtOpenThreadToken + B 771C4F0B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtOpenThreadTokenEx + B 771C4F1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtQueryAttributesFile + 6 771C5026 4 Bytes [A8, 98, 39, 00] {TEST AL, 0x98; CMP [EAX], EAX} .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtQueryAttributesFile + B 771C502B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtQueryFullAttributesFile + B 771C50DB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtSetInformationFile + 6 771C5726 4 Bytes [28, 99, 39, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtSetInformationFile + B 771C572B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtSetInformationThread + 6 771C5786 4 Bytes [28, 9A, 39, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtSetInformationThread + B 771C578B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtUnmapViewOfSection + 6 771C5AA6 4 Bytes [68, 9B, 39, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!NtUnmapViewOfSection + B 771C5AAB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!LdrUnloadDll 771DBD1F 5 Bytes JMP 004603FC .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] ntdll.dll!LdrLoadDll 771DF425 5 Bytes JMP 004601F8 .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2148] KERNEL32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2324] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Samsung\AllShare\AllShareAgent.exe[2392] KERNEL32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\gmsd_pl_132\gmsd_pl_132.exe[2420] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Users\Kasia\AppData\Roaming\ASPackage\ASSrv.exe[2496] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtCreateFile + 6 771C46B6 4 Bytes [28, 14, CE, 00] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtCreateFile + B 771C46BB 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtMapViewOfSection + 6 771C4D16 4 Bytes [28, 17, CE, 00] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtMapViewOfSection + B 771C4D1B 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtOpenFile + 6 771C4DC6 4 Bytes [68, 14, CE, 00] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtOpenFile + B 771C4DCB 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtOpenProcess + 6 771C4E76 4 Bytes [A8, 15, CE, 00] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtOpenProcess + B 771C4E7B 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtOpenProcessToken + B 771C4E8B 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtOpenProcessTokenEx + 6 771C4E96 4 Bytes [A8, 16, CE, 00] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtOpenProcessTokenEx + B 771C4E9B 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtOpenThread + 6 771C4EF6 4 Bytes [68, 15, CE, 00] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtOpenThread + B 771C4EFB 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtOpenThreadToken + 6 771C4F06 4 Bytes [68, 16, CE, 00] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtOpenThreadToken + B 771C4F0B 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtOpenThreadTokenEx + B 771C4F1B 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtQueryAttributesFile + 6 771C5026 4 Bytes [A8, 14, CE, 00] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtQueryAttributesFile + B 771C502B 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtQueryFullAttributesFile + B 771C50DB 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtSetInformationFile + 6 771C5726 4 Bytes [28, 15, CE, 00] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtSetInformationFile + B 771C572B 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtSetInformationThread + 6 771C5786 4 Bytes [28, 16, CE, 00] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtSetInformationThread + B 771C578B 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtUnmapViewOfSection + 6 771C5AA6 4 Bytes [68, 17, CE, 00] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] ntdll.dll!NtUnmapViewOfSection + B 771C5AAB 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2508] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2556] ntdll.dll!NtMapViewOfSection + 6 771C4D16 4 Bytes [18, 10, 99, 6D] {SBB [EAX], DL; CDQ ; INS DWORD [ES:EDI], DX} .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2556] ntdll.dll!NtMapViewOfSection + B 771C4D1B 1 Byte [E2] .text C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe[2556] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Common Files\ShopperPro\spbiu.exe[2592] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\system32\svchost.exe[2648] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\system32\viakaraokesrv.exe[2704] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtCreateFile + 6 771C46B6 4 Bytes [28, 48, A6, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtCreateFile + B 771C46BB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtMapViewOfSection + 6 771C4D16 4 Bytes [28, 4B, A6, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtMapViewOfSection + B 771C4D1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtOpenFile + 6 771C4DC6 4 Bytes [68, 48, A6, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtOpenFile + B 771C4DCB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtOpenProcess + 6 771C4E76 4 Bytes [A8, 49, A6, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtOpenProcess + B 771C4E7B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtOpenProcessToken + B 771C4E8B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtOpenProcessTokenEx + 6 771C4E96 4 Bytes [A8, 4A, A6, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtOpenProcessTokenEx + B 771C4E9B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtOpenThread + 6 771C4EF6 4 Bytes [68, 49, A6, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtOpenThread + B 771C4EFB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtOpenThreadToken + 6 771C4F06 4 Bytes [68, 4A, A6, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtOpenThreadToken + B 771C4F0B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtOpenThreadTokenEx + B 771C4F1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtQueryAttributesFile + 6 771C5026 4 Bytes [A8, 48, A6, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtQueryAttributesFile + B 771C502B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtQueryFullAttributesFile + B 771C50DB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtSetInformationFile + 6 771C5726 4 Bytes [28, 49, A6, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtSetInformationFile + B 771C572B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtSetInformationThread + 6 771C5786 4 Bytes [28, 4A, A6, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtSetInformationThread + B 771C578B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtUnmapViewOfSection + 6 771C5AA6 4 Bytes [68, 4B, A6, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!NtUnmapViewOfSection + B 771C5AAB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!LdrUnloadDll 771DBD1F 5 Bytes JMP 00B303FC .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] ntdll.dll!LdrLoadDll 771DF425 5 Bytes JMP 00B301F8 .text C:\Program Files\Opera\18.0.1284.49\opera.exe[2724] KERNEL32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[2764] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe[2788] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Users\Kasia\AppData\Local\SmartWeb\SmartWebHelper.exe[2976] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\ShopperPro\JSDriver\1.42.1.1957\jsdrv.exe[2984] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4040] kernel32.dll!SetUnhandledExceptionFilter 75B23122 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4040] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4048] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[4080] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[4204] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[4400] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text ... .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtCreateFile + 6 771C46B6 4 Bytes [28, 54, 97, 03] {SUB [EDI+EDX*4+0x3], DL} .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtCreateFile + B 771C46BB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtMapViewOfSection + 6 771C4D16 4 Bytes [28, 57, 97, 03] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtMapViewOfSection + B 771C4D1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtOpenFile + 6 771C4DC6 4 Bytes [68, 54, 97, 03] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtOpenFile + B 771C4DCB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtOpenProcess + 6 771C4E76 4 Bytes [A8, 55, 97, 03] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtOpenProcess + B 771C4E7B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtOpenProcessToken + B 771C4E8B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtOpenProcessTokenEx + 6 771C4E96 4 Bytes [A8, 56, 97, 03] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtOpenProcessTokenEx + B 771C4E9B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtOpenThread + 6 771C4EF6 4 Bytes [68, 55, 97, 03] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtOpenThread + B 771C4EFB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtOpenThreadToken + 6 771C4F06 4 Bytes [68, 56, 97, 03] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtOpenThreadToken + B 771C4F0B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtOpenThreadTokenEx + B 771C4F1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtQueryAttributesFile + 6 771C5026 4 Bytes [A8, 54, 97, 03] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtQueryAttributesFile + B 771C502B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtQueryFullAttributesFile + B 771C50DB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtSetInformationFile + 6 771C5726 4 Bytes [28, 55, 97, 03] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtSetInformationFile + B 771C572B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtSetInformationThread + 6 771C5786 4 Bytes [28, 56, 97, 03] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtSetInformationThread + B 771C578B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtUnmapViewOfSection + 6 771C5AA6 4 Bytes [68, 57, 97, 03] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!NtUnmapViewOfSection + B 771C5AAB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!LdrUnloadDll 771DBD1F 5 Bytes JMP 039C03FC .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] ntdll.dll!LdrLoadDll 771DF425 5 Bytes JMP 039C01F8 .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4856] KERNEL32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[4948] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4996] ntdll.dll!LdrUnloadDll 771DBD1F 5 Bytes JMP 000F03FC .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4996] ntdll.dll!LdrLoadDll 771DF425 5 Bytes JMP 000F01F8 .text C:\Program Files\Opera\18.0.1284.49\opera.exe[4996] KERNEL32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\system32\taskmgr.exe[5032] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtCreateFile + 6 771C46B6 4 Bytes [28, 84, 24, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtCreateFile + B 771C46BB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtMapViewOfSection + 6 771C4D16 4 Bytes [28, 87, 24, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtMapViewOfSection + B 771C4D1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtOpenFile + 6 771C4DC6 4 Bytes [68, 84, 24, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtOpenFile + B 771C4DCB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtOpenProcess + 6 771C4E76 4 Bytes [A8, 85, 24, 00] {TEST AL, 0x85; AND AL, 0x0} .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtOpenProcess + B 771C4E7B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtOpenProcessToken + B 771C4E8B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtOpenProcessTokenEx + 6 771C4E96 4 Bytes [A8, 86, 24, 00] {TEST AL, 0x86; AND AL, 0x0} .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtOpenProcessTokenEx + B 771C4E9B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtOpenThread + 6 771C4EF6 4 Bytes [68, 85, 24, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtOpenThread + B 771C4EFB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtOpenThreadToken + 6 771C4F06 4 Bytes [68, 86, 24, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtOpenThreadToken + B 771C4F0B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtOpenThreadTokenEx + B 771C4F1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtQueryAttributesFile + 6 771C5026 4 Bytes [A8, 84, 24, 00] {TEST AL, 0x84; AND AL, 0x0} .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtQueryAttributesFile + B 771C502B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtQueryFullAttributesFile + B 771C50DB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtSetInformationFile + 6 771C5726 4 Bytes [28, 85, 24, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtSetInformationFile + B 771C572B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtSetInformationThread + 6 771C5786 4 Bytes [28, 86, 24, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtSetInformationThread + B 771C578B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtUnmapViewOfSection + 6 771C5AA6 4 Bytes [68, 87, 24, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!NtUnmapViewOfSection + B 771C5AAB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!LdrUnloadDll 771DBD1F 5 Bytes JMP 004503FC .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] ntdll.dll!LdrLoadDll 771DF425 5 Bytes JMP 004501F8 .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5132] KERNEL32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtCreateFile + 6 771C46B6 4 Bytes [28, 28, E8, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtCreateFile + B 771C46BB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtMapViewOfSection + 6 771C4D16 4 Bytes [28, 2B, E8, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtMapViewOfSection + B 771C4D1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtOpenFile + 6 771C4DC6 4 Bytes [68, 28, E8, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtOpenFile + B 771C4DCB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtOpenProcess + 6 771C4E76 4 Bytes [A8, 29, E8, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtOpenProcess + B 771C4E7B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtOpenProcessToken + B 771C4E8B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtOpenProcessTokenEx + 6 771C4E96 4 Bytes [A8, 2A, E8, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtOpenProcessTokenEx + B 771C4E9B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtOpenThread + 6 771C4EF6 4 Bytes [68, 29, E8, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtOpenThread + B 771C4EFB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtOpenThreadToken + 6 771C4F06 4 Bytes [68, 2A, E8, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtOpenThreadToken + B 771C4F0B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtOpenThreadTokenEx + B 771C4F1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtQueryAttributesFile + 6 771C5026 4 Bytes [A8, 28, E8, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtQueryAttributesFile + B 771C502B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtQueryFullAttributesFile + B 771C50DB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtSetInformationFile + 6 771C5726 4 Bytes [28, 29, E8, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtSetInformationFile + B 771C572B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtSetInformationThread + 6 771C5786 4 Bytes [28, 2A, E8, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtSetInformationThread + B 771C578B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtUnmapViewOfSection + 6 771C5AA6 4 Bytes [68, 2B, E8, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!NtUnmapViewOfSection + B 771C5AAB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!LdrUnloadDll 771DBD1F 5 Bytes JMP 039603FC .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] ntdll.dll!LdrLoadDll 771DF425 5 Bytes JMP 039601F8 .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5144] KERNEL32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5364] KERNEL32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Windows\System32\svchost.exe[5580] kernel32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtCreateFile + 6 771C46B6 4 Bytes [28, 90, 6A, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtCreateFile + B 771C46BB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtMapViewOfSection + 6 771C4D16 4 Bytes [28, 93, 6A, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtMapViewOfSection + B 771C4D1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtOpenFile + 6 771C4DC6 4 Bytes [68, 90, 6A, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtOpenFile + B 771C4DCB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtOpenProcess + 6 771C4E76 4 Bytes [A8, 91, 6A, 00] {TEST AL, 0x91; PUSH 0x0} .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtOpenProcess + B 771C4E7B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtOpenProcessToken + B 771C4E8B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtOpenProcessTokenEx + 6 771C4E96 4 Bytes [A8, 92, 6A, 00] {TEST AL, 0x92; PUSH 0x0} .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtOpenProcessTokenEx + B 771C4E9B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtOpenThread + 6 771C4EF6 4 Bytes [68, 91, 6A, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtOpenThread + B 771C4EFB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtOpenThreadToken + 6 771C4F06 4 Bytes [68, 92, 6A, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtOpenThreadToken + B 771C4F0B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtOpenThreadTokenEx + B 771C4F1B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtQueryAttributesFile + 6 771C5026 4 Bytes [A8, 90, 6A, 00] {TEST AL, 0x90; PUSH 0x0} .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtQueryAttributesFile + B 771C502B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtQueryFullAttributesFile + B 771C50DB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtSetInformationFile + 6 771C5726 4 Bytes [28, 91, 6A, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtSetInformationFile + B 771C572B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtSetInformationThread + 6 771C5786 4 Bytes [28, 92, 6A, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtSetInformationThread + B 771C578B 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtUnmapViewOfSection + 6 771C5AA6 4 Bytes [68, 93, 6A, 00] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!NtUnmapViewOfSection + B 771C5AAB 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!LdrUnloadDll 771DBD1F 5 Bytes JMP 007703FC .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] ntdll.dll!LdrLoadDll 771DF425 5 Bytes JMP 007701F8 .text C:\Program Files\Opera\18.0.1284.49\opera.exe[5852] KERNEL32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] .text C:\Program Files\Opera\18.0.1284.49\opera.exe[7080] ntdll.dll!LdrUnloadDll 771DBD1F 5 Bytes JMP 000803FC .text C:\Program Files\Opera\18.0.1284.49\opera.exe[7080] ntdll.dll!LdrLoadDll 771DF425 5 Bytes JMP 000801F8 .text C:\Program Files\Opera\18.0.1284.49\opera.exe[7080] KERNEL32.dll!GetBinaryTypeW + 70 75B37934 1 Byte [62] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp innfd_1_10_0_14.sys AttachedDevice \Driver\tdx \Device\Udp innfd_1_10_0_14.sys ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Różne. \x2665\sterowniki Kasia\Touchpad_Elantech_Win7_32_7059\Setup.exe 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Różne. \x2665\sterowniki Kasia\Audio_VIA_WIN7_32_WIN7_64_60017333\SETUP.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Kasia\Desktop\Różne. \x2665\Programy xd\BitComet_1.34_x86_setup.exe 1 ---- EOF - GMER 2.1 ----