GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-25 16:00:23 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-e ST380013AS rev.3.18 74,53GB Running: h9tzzl5d.exe; Driver: C:\DOCUME~1\Naxi\USTAWI~1\Temp\fwecaaow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB84596F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB8459820] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB8459010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xB84594E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB8459300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB84593F0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB8459120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB8459210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB84595F0] ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6B9B3C0, 0x75D00A, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 98, 66, 00] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9B, 66, 00] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 98, 66, 00] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 99, 66, 00] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913CB2 .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9A, 66, 00] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 99, 66, 00] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9A, 66, 00] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913D23 .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 98, 66, 00] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913E51 .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 99, 66, 00] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9A, 66, 00] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9B, 66, 00] .text C:\Opera\34.0.2036.25\opera.exe[216] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 48, E2, 00] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4B, E2, 00] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 48, E2, 00] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 49, E2, 00] {TEST AL, 0x49; LOOP 0x4} .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B862 .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4A, E2, 00] {TEST AL, 0x4a; LOOP 0x4} .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 49, E2, 00] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4A, E2, 00] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B8D3 .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 48, E2, 00] {TEST AL, 0x48; LOOP 0x4} .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91BA01 .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 49, E2, 00] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4A, E2, 00] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4B, E2, 00] .text C:\Opera\34.0.2036.25\opera.exe[352] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 4C, 4B, 00] {SUB [EBX+ECX*2+0x0], CL} .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4F, 4B, 00] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 4C, 4B, 00] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 4D, 4B, 00] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912166 .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4E, 4B, 00] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 4D, 4B, 00] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4E, 4B, 00] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9121D7 .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 4C, 4B, 00] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912305 .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 4D, 4B, 00] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4E, 4B, 00] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4F, 4B, 00] .text C:\Opera\34.0.2036.25\opera.exe[464] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 34, 55, 00] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 37, 55, 00] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 34, 55, 00] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 35, 55, 00] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B4E .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 36, 55, 00] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 35, 55, 00] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 36, 55, 00] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912BBF .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 34, 55, 00] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CED .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 35, 55, 00] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 36, 55, 00] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 37, 55, 00] .text C:\Opera\34.0.2036.25\opera.exe[1084] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 68, DA, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtCreateKey + 6 7C90D0F4 4 Bytes [68, 69, DA, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtCreateKey + B 7C90D0F9 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [A8, 6B, DA, 00] {TEST AL, 0x6b; FIADD DWORD [EAX]} .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 68, DA, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenKey + 6 7C90D5D4 4 Bytes [A8, 69, DA, 00] {TEST AL, 0x69; FIADD DWORD [EAX]} .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenKey + B 7C90D5D9 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [28, 6A, DA, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes [68, 6A, DA, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [28, 6B, DA, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes CALL 7B91B0D2 .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes CALL 7B91B0E3 .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes [68, 6B, DA, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 68, DA, 00] {TEST AL, 0x68; FIADD DWORD [EAX]} .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B221 .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 69, DA, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [A8, 6A, DA, 00] {TEST AL, 0x6a; FIADD DWORD [EAX]} .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes CALL 7B91B984 .text C:\Program Files\Steam\bin\steamwebhelper.exe[1340] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 58, F0, 00] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 5B, F0, 00] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 58, F0, 00] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 59, F0, 00] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C672 .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 5A, F0, 00] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 59, F0, 00] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 5A, F0, 00] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C6E3 .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 58, F0, 00] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C811 .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 59, F0, 00] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 5A, F0, 00] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 5B, F0, 00] .text C:\Opera\34.0.2036.25\opera.exe[3304] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{76AD7FEF-6F67-4D47-893B-B2102B30BC39}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{A8AB33C6-2B0A-4CB9-B4D7-80B5FB17AB05}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{F447C729-9D70-4925-9B98-DC6DFBD912A1}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{F447C729-9D70-4925-9B98-DC6DFBD912A1}\0001@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{76AD7FEF-6F67-4D47-893B-B2102B30BC39}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{A8AB33C6-2B0A-4CB9-B4D7-80B5FB17AB05}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{F447C729-9D70-4925-9B98-DC6DFBD912A1}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{F447C729-9D70-4925-9B98-DC6DFBD912A1}\0001@D3D_\x3332\x3331 2089309684 ---- EOF - GMER 2.1 ----