GMER 2.1.19324 - http://www.gmer.net Rootkit scan 2014-01-18 20:34:40 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS722580VLAT20 rev.V32OA6MA 76,69GB Running: nhur17z6.exe; Driver: C:\DOCUME~1\UZYTKO~1\USTAWI~1\Temp\pwpyqaoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB16FF690] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB16FF7B0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB16FF010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xB16FF490] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB16FF2D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB16FF3B0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB16FF110] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB16FF1F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB16FF590] INT 0x62 ? 8990FCB8 INT 0x82 ? 8990FCB8 INT 0x94 ? 88CFBCB8 INT 0xA4 ? 88CFBCB8 INT 0xB4 ? 88CFBCB8 ---- Kernel code sections - GMER 2.1 ---- .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF75A7CF2] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9BCD000, 0x1C5D38, 0xE8000020] ? System32\Drivers\SCDEmu.SYS System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, E2, 02] {SUB [EAX], AL; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, E2, 02] {SUB [EBX], AL; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, E2, 02] {TEST AL, 0x1; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, E2, 02] {TEST AL, 0x2; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, E2, 02] {TEST AL, 0x0; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, E2, 02] {SUB [ECX], AL; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, E2, 02] {SUB [EDX], AL; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[312] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 64, E2, 02] {SUB [EDX+0x2], AH} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 67, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 64, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 65, E2, 02] {TEST AL, 0x65; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 66, E2, 02] {TEST AL, 0x66; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 65, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 66, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 64, E2, 02] {TEST AL, 0x64; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 65, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 66, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 67, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[1120] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D0, E2, 02] {SUB AL, DL; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D3, E2, 02] {SUB BL, DL; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D0, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D1, E2, 02] {TEST AL, 0xd1; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D2, E2, 02] {TEST AL, 0xd2; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D1, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D2, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D0, E2, 02] {TEST AL, 0xd0; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D1, E2, 02] {SUB CL, DL; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D2, E2, 02] {SUB DL, DL; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D3, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2100] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 2C, 16, 00] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 2F, 16, 00] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 2C, 16, 00] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 2D, 16, 00] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC46 .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 2E, 16, 00] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 2D, 16, 00] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 2E, 16, 00] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ECB7 .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 2C, 16, 00] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDE5 .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 2D, 16, 00] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 2E, 16, 00] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 2F, 16, 00] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[2820] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 70, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 73, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 70, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 71, E2, 02] {TEST AL, 0x71; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 72, E2, 02] {TEST AL, 0x72; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 71, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 72, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 70, E2, 02] {TEST AL, 0x70; LOOP 0x6} .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 71, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 72, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 73, E2, 02] .text C:\Program Files\Opera\18.0.1284.68\opera.exe[3872] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8990E1F8 AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys Device \FileSystem\Fastfat \FatCdrom 88D3F440 AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys Device \Driver\usbohci \Device\USBPDO-0 88D081F8 Device \Driver\usbehci \Device\USBPDO-1 88CE51F8 Device \Driver\usbohci \Device\USBPDO-2 88D081F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{0E3F2B19-2631-4234-90D1-AC4C30D2478B} 88DB0440 AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp idmtdi.sys Device \Driver\Cdrom \Device\CdRom0 88D03440 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7888B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F7888B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7888B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7888B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 88DB0440 Device \Driver\NetBT \Device\NetbiosSmb 88DB0440 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp idmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp idmtdi.sys Device \Driver\usbohci \Device\USBFDO-0 88D081F8 Device \Driver\usbohci \Device\USBFDO-1 88D081F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88DB9440 Device \Driver\usbehci \Device\USBFDO-2 88CE51F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 88DB9440 Device \FileSystem\Fastfat \Fat 88D3F440 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys Device \FileSystem\Cdfs \Cdfs 88D5F440 ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x17 0xBE 0xC3 0xEF ... Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xE9 0xC4 0x36 0x5F ... Reg HKLM\SOFTWARE\Classes\CLSID\{d3cb2133-c087-4264-a6ee-aba53644c4b8}@Model 363 Reg HKLM\SOFTWARE\Classes\CLSID\{d3cb2133-c087-4264-a6ee-aba53644c4b8}@Therad 23 Reg HKLM\SOFTWARE\Classes\CLSID\{d3cb2133-c087-4264-a6ee-aba53644c4b8}@MData 0x73 0xD5 0xCF 0xB8 ... Reg HKLM\SOFTWARE\Classes\CLSID\{e606d321-900c-43ac-85b3-fb7e4bfae5e7}@Model 262 Reg HKLM\SOFTWARE\Classes\CLSID\{e606d321-900c-43ac-85b3-fb7e4bfae5e7}@Therad 30 Reg HKLM\SOFTWARE\Classes\CLSID\{e606d321-900c-43ac-85b3-fb7e4bfae5e7}@MData 0x2B 0x8F 0x78 0x29 ... ---- EOF - GMER 2.1 ----