GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-16 20:07:47 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600AAJS-00L7A0 rev.01.03E01 149,05GB Running: gmer.exe; Driver: C:\DOCUME~1\Marzena\USTAWI~1\Temp\uxddqpog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB2EF3ACC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xB326D464] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB2EF45AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xB2F3A620] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xB2F006A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB2F006EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB2F00886] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xB2F39FD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xB2F0060E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xB2F00730] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB2F00656] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xB2EF4AE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xB2F00840] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB2EF5398] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB2EF3B32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xB2F3ACE6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB2F3AF9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB2EF8BEA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB2F3AB51] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB2F3A9BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xB326D53C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xB2EF371E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB326D91E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB2EF3B98] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB2EF8FE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB2EF5EDC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xB2F006CA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB2F0070E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB2F008AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xB2F3A330] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xB2F00634] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xB2EF84E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xB2F007BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB2F0067E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xB2EF88CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xB2F00864] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB326D6BC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xB2F3A837] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xB2EF5CF4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB2F3A689] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB2EF584A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xB327AE74] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xB327B7E0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xB2F39617] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB2EF3BFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB2EF3C64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xB2EF5212] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB2EF37B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB2EF398A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xB2F3ADED] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB2EF3918] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB2EF5562] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xB2EF56C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB2EF3A12] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB2EF5050] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xB2EF51F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xB326A906] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xB2EF3CCA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB2EF4606] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2534 80501D90 4 Bytes JMP A2B2EF8B .text ntkrnlpa.exe!ZwCallbackReturn + 2770 80501FCC 12 Bytes [FE, 3B, EF, B2, 64, 3C, EF, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2818 80502074 12 Bytes [62, 55, EF, B2, C4, 56, EF, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059BA02 4 Bytes CALL B2EF65AD \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1368] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1508] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1532] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003C01F8 .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1532] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003C03FC .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 80, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 83, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 80, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 81, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 82, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 81, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 82, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 80, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 81, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 82, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 83, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 038D01F8 .text C:\Program Files\Opera\28.0.1750.51\opera.exe[1556] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 038D03FC .text C:\Program Files\CCleaner\CCleaner.exe[1932] USER32.dll!SetScrollInfo 7E369046 5 Bytes JMP 00505F4C C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[1932] USER32.dll!GetScrollInfo 7E3717D8 5 Bytes JMP 00505EA8 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[1932] USER32.dll!ShowScrollBar 7E37F2E7 5 Bytes JMP 00505EDB C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[1932] USER32.dll!GetScrollPos 7E37F6F4 5 Bytes JMP 00505E83 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[1932] USER32.dll!SetScrollPos 7E37F740 5 Bytes JMP 00505E26 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[1932] USER32.dll!GetScrollRange 7E37F777 5 Bytes JMP 00505E4B C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[1932] USER32.dll!SetScrollRange 7E37F98B 5 Bytes JMP 00505F15 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[1932] USER32.dll!EnableScrollBar 7E3B7F55 5 Bytes JMP 00505F80 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 74, 5F, 03] {SUB [EDI+EBX*2+0x3], DH} .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 77, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 74, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 75, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 76, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 75, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 76, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 74, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 75, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 76, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 77, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 038D01F8 .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2296] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 038D03FC .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 44, 5F, 03] {SUB [EDI+EBX*2+0x3], AL} .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 47, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 44, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 45, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 46, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 45, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 46, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 44, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 45, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 46, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 47, 5F, 03] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 038D01F8 .text C:\Program Files\Opera\28.0.1750.51\opera.exe[2816] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 038D03FC .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, BC, 2A, 00] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BF, 2A, 00] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, BC, 2A, 00] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, BD, 2A, 00] {TEST AL, 0xbd; SUB AL, [EAX]} .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9100D6 .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BE, 2A, 00] {TEST AL, 0xbe; SUB AL, [EAX]} .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, BD, 2A, 00] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BE, 2A, 00] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910147 .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, BC, 2A, 00] {TEST AL, 0xbc; SUB AL, [EAX]} .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910275 .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, BD, 2A, 00] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BE, 2A, 00] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BF, 2A, 00] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 037601F8 .text C:\Program Files\Opera\28.0.1750.51\opera.exe[3476] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 037603FC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[828] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[828] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys ---- EOF - GMER 2.1 ----