GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-04 15:43:12 Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB Running: yqhy9h28.exe; Driver: C:\Users\Artur\AppData\Local\Temp\kwrcrpog.sys ---- System - GMER 2.2 ---- SSDT \??\C:\Users\Artur\AppData\Local\Temp\CBB76896-308ADD58-CC0DDB36-B00FB29C\64d27fbc.sys ZwCreateSection [0xAC6DA874] SSDT \??\C:\Users\Artur\AppData\Local\Temp\CBB76896-308ADD58-CC0DDB36-B00FB29C\64d27fbc.sys ZwCreateThread [0xAC6DA9FA] SSDT \??\C:\Users\Artur\AppData\Local\Temp\CBB76896-308ADD58-CC0DDB36-B00FB29C\64d27fbc.sys ZwMakeTemporaryObject [0xAC6DA7EA] SSDT \??\C:\Users\Artur\AppData\Local\Temp\CBB76896-308ADD58-CC0DDB36-B00FB29C\64d27fbc.sys ZwQueueApcThread [0xAC6DAB1A] SSDT \??\C:\Users\Artur\AppData\Local\Temp\CBB76896-308ADD58-CC0DDB36-B00FB29C\64d27fbc.sys ZwSetContextThread [0xAC6DAC3A] SSDT \??\C:\Users\Artur\AppData\Local\Temp\CBB76896-308ADD58-CC0DDB36-B00FB29C\64d27fbc.sys ZwSetSystemInformation [0xAC6D6AF4] SSDT \??\C:\Users\Artur\AppData\Local\Temp\CBB76896-308ADD58-CC0DDB36-B00FB29C\64d27fbc.sys ZwSetSystemTime [0xAC6D6CAA] SSDT \??\C:\Users\Artur\AppData\Local\Temp\CBB76896-308ADD58-CC0DDB36-B00FB29C\64d27fbc.sys ZwTerminateProcess [0xAC6D6D38] SSDT \??\C:\Users\Artur\AppData\Local\Temp\CBB76896-308ADD58-CC0DDB36-B00FB29C\64d27fbc.sys ZwUnmapViewOfSection [0xAC6DA75C] SSDT \??\C:\Users\Artur\AppData\Local\Temp\CBB76896-308ADD58-CC0DDB36-B00FB29C\64d27fbc.sys ZwWriteVirtualMemory [0xAC6D88F6] SSDT \??\C:\Users\Artur\AppData\Local\Temp\CBB76896-308ADD58-CC0DDB36-B00FB29C\64d27fbc.sys ZwCreateThreadEx [0xAC6DAA88] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 560 82480FE4 4 Bytes [EA, A7, 6D, AC] ? C:\Users\Artur\AppData\Local\Temp\CBB76896-308ADD58-CC0DDB36-B00FB29C\64d27fbc.sys System nie może odnaleźć określonej ścieżki. ! ? C:\Users\Artur\AppData\Local\Temp\6D7FCD02.sys Nie można odnaleźć określonego pliku. ! ? system32\drivers\16156587.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\426286F6.sys System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtCreateFile + 6 7745F41A 4 Bytes [28, B8, AF, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtCreateFile + B 7745F41F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtMapViewOfSection + 6 7745FB6A 4 Bytes [28, BB, AF, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtMapViewOfSection + B 7745FB6F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtOpenFile + 6 7745FBFA 4 Bytes [68, B8, AF, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtOpenFile + B 7745FBFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtOpenProcess + 6 7745FC7A 4 Bytes [A8, B9, AF, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtOpenProcess + B 7745FC7F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtOpenProcessToken + B 7745FC8F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtOpenProcessTokenEx + 6 7745FC9A 4 Bytes [A8, BA, AF, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtOpenProcessTokenEx + B 7745FC9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtOpenThread + 6 7745FCEA 4 Bytes [68, B9, AF, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtOpenThread + B 7745FCEF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtOpenThreadToken + 6 7745FCFA 4 Bytes [68, BA, AF, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtOpenThreadToken + B 7745FCFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtOpenThreadTokenEx + B 7745FD0F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtQueryAttributesFile + 6 7745FD9A 4 Bytes [A8, B8, AF, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtQueryAttributesFile + B 7745FD9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtQueryFullAttributesFile + B 7745FE4F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtSetInformationFile + 6 7746036A 4 Bytes [28, B9, AF, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtSetInformationFile + B 7746036F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtSetInformationThread + 6 774603BA 4 Bytes [28, BA, AF, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtSetInformationThread + B 774603BF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtUnmapViewOfSection + 6 7746065A 4 Bytes [68, BB, AF, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1348] ntdll.dll!NtUnmapViewOfSection + B 7746065F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtCreateFile + 6 7745F41A 4 Bytes [28, 30, 82, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtCreateFile + B 7745F41F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtMapViewOfSection + 6 7745FB6A 4 Bytes [28, 33, 82, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtMapViewOfSection + B 7745FB6F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtOpenFile + 6 7745FBFA 4 Bytes [68, 30, 82, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtOpenFile + B 7745FBFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtOpenProcess + 6 7745FC7A 4 Bytes [A8, 31, 82, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtOpenProcess + B 7745FC7F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtOpenProcessToken + B 7745FC8F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtOpenProcessTokenEx + 6 7745FC9A 4 Bytes [A8, 32, 82, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtOpenProcessTokenEx + B 7745FC9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtOpenThread + 6 7745FCEA 4 Bytes [68, 31, 82, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtOpenThread + B 7745FCEF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtOpenThreadToken + 6 7745FCFA 4 Bytes [68, 32, 82, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtOpenThreadToken + B 7745FCFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtOpenThreadTokenEx + B 7745FD0F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtQueryAttributesFile + 6 7745FD9A 4 Bytes [A8, 30, 82, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtQueryAttributesFile + B 7745FD9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtQueryFullAttributesFile + B 7745FE4F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtSetInformationFile + 6 7746036A 4 Bytes [28, 31, 82, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtSetInformationFile + B 7746036F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtSetInformationThread + 6 774603BA 4 Bytes [28, 32, 82, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtSetInformationThread + B 774603BF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtUnmapViewOfSection + 6 7746065A 4 Bytes [68, 33, 82, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[1448] ntdll.dll!NtUnmapViewOfSection + B 7746065F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtCreateFile + 6 7745F41A 4 Bytes [28, 54, 67, 00] {SUB [EDI+0x0], DL} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtCreateFile + B 7745F41F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtMapViewOfSection + 6 7745FB6A 4 Bytes [28, 57, 67, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtMapViewOfSection + B 7745FB6F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtOpenFile + 6 7745FBFA 4 Bytes [68, 54, 67, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtOpenFile + B 7745FBFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtOpenProcess + 6 7745FC7A 4 Bytes [A8, 55, 67, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtOpenProcess + B 7745FC7F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtOpenProcessToken + B 7745FC8F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtOpenProcessTokenEx + 6 7745FC9A 4 Bytes [A8, 56, 67, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtOpenProcessTokenEx + B 7745FC9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtOpenThread + 6 7745FCEA 4 Bytes [68, 55, 67, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtOpenThread + B 7745FCEF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtOpenThreadToken + 6 7745FCFA 4 Bytes [68, 56, 67, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtOpenThreadToken + B 7745FCFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtOpenThreadTokenEx + B 7745FD0F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtQueryAttributesFile + 6 7745FD9A 4 Bytes [A8, 54, 67, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtQueryAttributesFile + B 7745FD9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtQueryFullAttributesFile + B 7745FE4F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtSetInformationFile + 6 7746036A 4 Bytes [28, 55, 67, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtSetInformationFile + B 7746036F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtSetInformationThread + 6 774603BA 4 Bytes [28, 56, 67, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtSetInformationThread + B 774603BF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtUnmapViewOfSection + 6 7746065A 4 Bytes [68, 57, 67, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2444] ntdll.dll!NtUnmapViewOfSection + B 7746065F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtCreateFile + 6 7745F41A 4 Bytes [28, 90, 57, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtCreateFile + B 7745F41F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtMapViewOfSection + 6 7745FB6A 4 Bytes [28, 93, 57, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtMapViewOfSection + B 7745FB6F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtOpenFile + 6 7745FBFA 4 Bytes [68, 90, 57, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtOpenFile + B 7745FBFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtOpenProcess + 6 7745FC7A 4 Bytes [A8, 91, 57, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtOpenProcess + B 7745FC7F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtOpenProcessToken + B 7745FC8F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtOpenProcessTokenEx + 6 7745FC9A 4 Bytes [A8, 92, 57, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtOpenProcessTokenEx + B 7745FC9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtOpenThread + 6 7745FCEA 4 Bytes [68, 91, 57, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtOpenThread + B 7745FCEF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtOpenThreadToken + 6 7745FCFA 4 Bytes [68, 92, 57, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtOpenThreadToken + B 7745FCFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtOpenThreadTokenEx + B 7745FD0F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtQueryAttributesFile + 6 7745FD9A 4 Bytes [A8, 90, 57, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtQueryAttributesFile + B 7745FD9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtQueryFullAttributesFile + B 7745FE4F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtSetInformationFile + 6 7746036A 4 Bytes [28, 91, 57, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtSetInformationFile + B 7746036F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtSetInformationThread + 6 774603BA 4 Bytes [28, 92, 57, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtSetInformationThread + B 774603BF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtUnmapViewOfSection + 6 7746065A 4 Bytes [68, 93, 57, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2728] ntdll.dll!NtUnmapViewOfSection + B 7746065F 1 Byte [E2] .text D:\Ccleaner\CCleaner.exe[2748] USER32.dll!GetScrollRange 765377AB 5 Bytes JMP 00C06E8F D:\Ccleaner\CCleaner.exe .text D:\Ccleaner\CCleaner.exe[2748] USER32.dll!GetScrollPos 7653795D 5 Bytes JMP 00C06ECD D:\Ccleaner\CCleaner.exe .text D:\Ccleaner\CCleaner.exe[2748] USER32.dll!ShowScrollBar 76537CD3 5 Bytes JMP 00C06F31 D:\Ccleaner\CCleaner.exe .text D:\Ccleaner\CCleaner.exe[2748] USER32.dll!SetScrollRange 76539C54 5 Bytes JMP 00C06F71 D:\Ccleaner\CCleaner.exe .text D:\Ccleaner\CCleaner.exe[2748] USER32.dll!GetScrollInfo 76539FF9 5 Bytes JMP 00C06EF8 D:\Ccleaner\CCleaner.exe .text D:\Ccleaner\CCleaner.exe[2748] USER32.dll!SetScrollInfo 76553808 5 Bytes JMP 00C06FAE D:\Ccleaner\CCleaner.exe .text D:\Ccleaner\CCleaner.exe[2748] USER32.dll!EnableScrollBar 7656B850 5 Bytes JMP 00C06FE8 D:\Ccleaner\CCleaner.exe .text D:\Ccleaner\CCleaner.exe[2748] USER32.dll!SetScrollPos 7656D7E6 5 Bytes JMP 00C06E64 D:\Ccleaner\CCleaner.exe .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtCreateFile + 6 7745F41A 4 Bytes [28, 54, 45, 00] {SUB [EBP+EAX*2+0x0], DL} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtCreateFile + B 7745F41F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtMapViewOfSection + 6 7745FB6A 4 Bytes [28, 57, 45, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtMapViewOfSection + B 7745FB6F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtOpenFile + 6 7745FBFA 4 Bytes [68, 54, 45, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtOpenFile + B 7745FBFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtOpenProcess + 6 7745FC7A 4 Bytes [A8, 55, 45, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtOpenProcess + B 7745FC7F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtOpenProcessToken + B 7745FC8F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtOpenProcessTokenEx + 6 7745FC9A 4 Bytes [A8, 56, 45, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtOpenProcessTokenEx + B 7745FC9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtOpenThread + 6 7745FCEA 4 Bytes [68, 55, 45, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtOpenThread + B 7745FCEF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtOpenThreadToken + 6 7745FCFA 4 Bytes [68, 56, 45, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtOpenThreadToken + B 7745FCFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtOpenThreadTokenEx + B 7745FD0F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtQueryAttributesFile + 6 7745FD9A 4 Bytes [A8, 54, 45, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtQueryAttributesFile + B 7745FD9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtQueryFullAttributesFile + B 7745FE4F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtSetInformationFile + 6 7746036A 4 Bytes [28, 55, 45, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtSetInformationFile + B 7746036F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtSetInformationThread + 6 774603BA 4 Bytes [28, 56, 45, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtSetInformationThread + B 774603BF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtUnmapViewOfSection + 6 7746065A 4 Bytes [68, 57, 45, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2884] ntdll.dll!NtUnmapViewOfSection + B 7746065F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtCreateFile + 6 7745F41A 4 Bytes [28, 5C, 2D, 00] {SUB [EBP+EBP+0x0], BL} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtCreateFile + B 7745F41F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtMapViewOfSection + 6 7745FB6A 4 Bytes [28, 5F, 2D, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtMapViewOfSection + B 7745FB6F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtOpenFile + 6 7745FBFA 4 Bytes [68, 5C, 2D, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtOpenFile + B 7745FBFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtOpenProcess + 6 7745FC7A 4 Bytes [A8, 5D, 2D, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtOpenProcess + B 7745FC7F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtOpenProcessToken + B 7745FC8F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtOpenProcessTokenEx + 6 7745FC9A 4 Bytes [A8, 5E, 2D, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtOpenProcessTokenEx + B 7745FC9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtOpenThread + 6 7745FCEA 4 Bytes [68, 5D, 2D, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtOpenThread + B 7745FCEF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtOpenThreadToken + 6 7745FCFA 4 Bytes [68, 5E, 2D, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtOpenThreadToken + B 7745FCFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtOpenThreadTokenEx + B 7745FD0F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtQueryAttributesFile + 6 7745FD9A 4 Bytes [A8, 5C, 2D, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtQueryAttributesFile + B 7745FD9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtQueryFullAttributesFile + B 7745FE4F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtSetInformationFile + 6 7746036A 4 Bytes [28, 5D, 2D, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtSetInformationFile + B 7746036F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtSetInformationThread + 6 774603BA 4 Bytes [28, 5E, 2D, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtSetInformationThread + B 774603BF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtUnmapViewOfSection + 6 7746065A 4 Bytes [68, 5F, 2D, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[2936] ntdll.dll!NtUnmapViewOfSection + B 7746065F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtCreateFile + 6 7745F41A 4 Bytes [28, 68, D2, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtCreateFile + B 7745F41F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtMapViewOfSection + 6 7745FB6A 4 Bytes [28, 6B, D2, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtMapViewOfSection + B 7745FB6F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtOpenFile + 6 7745FBFA 4 Bytes [68, 68, D2, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtOpenFile + B 7745FBFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtOpenProcess + 6 7745FC7A 4 Bytes [A8, 69, D2, 00] {TEST AL, 0x69; ROL [EAX], CL} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtOpenProcess + B 7745FC7F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtOpenProcessToken + B 7745FC8F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtOpenProcessTokenEx + 6 7745FC9A 4 Bytes [A8, 6A, D2, 00] {TEST AL, 0x6a; ROL [EAX], CL} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtOpenProcessTokenEx + B 7745FC9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtOpenThread + 6 7745FCEA 4 Bytes [68, 69, D2, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtOpenThread + B 7745FCEF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtOpenThreadToken + 6 7745FCFA 4 Bytes [68, 6A, D2, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtOpenThreadToken + B 7745FCFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtOpenThreadTokenEx + B 7745FD0F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtQueryAttributesFile + 6 7745FD9A 4 Bytes [A8, 68, D2, 00] {TEST AL, 0x68; ROL [EAX], CL} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtQueryAttributesFile + B 7745FD9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtQueryFullAttributesFile + B 7745FE4F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtSetInformationFile + 6 7746036A 4 Bytes [28, 69, D2, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtSetInformationFile + B 7746036F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtSetInformationThread + 6 774603BA 4 Bytes [28, 6A, D2, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtSetInformationThread + B 774603BF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtUnmapViewOfSection + 6 7746065A 4 Bytes [68, 6B, D2, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3080] ntdll.dll!NtUnmapViewOfSection + B 7746065F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtCreateFile + 6 7745F41A 4 Bytes [28, 68, 88, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtCreateFile + B 7745F41F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtMapViewOfSection + 6 7745FB6A 4 Bytes [28, 6B, 88, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtMapViewOfSection + B 7745FB6F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtOpenFile + 6 7745FBFA 4 Bytes [68, 68, 88, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtOpenFile + B 7745FBFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtOpenProcess + 6 7745FC7A 4 Bytes [A8, 69, 88, 00] {TEST AL, 0x69; MOV [EAX], AL} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtOpenProcess + B 7745FC7F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtOpenProcessToken + B 7745FC8F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtOpenProcessTokenEx + 6 7745FC9A 4 Bytes [A8, 6A, 88, 00] {TEST AL, 0x6a; MOV [EAX], AL} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtOpenProcessTokenEx + B 7745FC9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtOpenThread + 6 7745FCEA 4 Bytes [68, 69, 88, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtOpenThread + B 7745FCEF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtOpenThreadToken + 6 7745FCFA 4 Bytes [68, 6A, 88, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtOpenThreadToken + B 7745FCFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtOpenThreadTokenEx + B 7745FD0F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtQueryAttributesFile + 6 7745FD9A 4 Bytes [A8, 68, 88, 00] {TEST AL, 0x68; MOV [EAX], AL} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtQueryAttributesFile + B 7745FD9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtQueryFullAttributesFile + B 7745FE4F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtSetInformationFile + 6 7746036A 4 Bytes [28, 69, 88, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtSetInformationFile + B 7746036F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtSetInformationThread + 6 774603BA 4 Bytes [28, 6A, 88, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtSetInformationThread + B 774603BF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtUnmapViewOfSection + 6 7746065A 4 Bytes [68, 6B, 88, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3388] ntdll.dll!NtUnmapViewOfSection + B 7746065F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtCreateFile + 6 7745F41A 4 Bytes [28, 78, DA, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtCreateFile + B 7745F41F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtMapViewOfSection + 6 7745FB6A 4 Bytes [28, 7B, DA, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtMapViewOfSection + B 7745FB6F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtOpenFile + 6 7745FBFA 4 Bytes [68, 78, DA, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtOpenFile + B 7745FBFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtOpenProcess + 6 7745FC7A 4 Bytes [A8, 79, DA, 00] {TEST AL, 0x79; FIADD DWORD [EAX]} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtOpenProcess + B 7745FC7F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtOpenProcessToken + B 7745FC8F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtOpenProcessTokenEx + 6 7745FC9A 4 Bytes [A8, 7A, DA, 00] {TEST AL, 0x7a; FIADD DWORD [EAX]} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtOpenProcessTokenEx + B 7745FC9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtOpenThread + 6 7745FCEA 4 Bytes [68, 79, DA, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtOpenThread + B 7745FCEF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtOpenThreadToken + 6 7745FCFA 4 Bytes [68, 7A, DA, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtOpenThreadToken + B 7745FCFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtOpenThreadTokenEx + B 7745FD0F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtQueryAttributesFile + 6 7745FD9A 4 Bytes [A8, 78, DA, 00] {TEST AL, 0x78; FIADD DWORD [EAX]} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtQueryAttributesFile + B 7745FD9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtQueryFullAttributesFile + B 7745FE4F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtSetInformationFile + 6 7746036A 4 Bytes [28, 79, DA, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtSetInformationFile + B 7746036F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtSetInformationThread + 6 774603BA 4 Bytes [28, 7A, DA, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtSetInformationThread + B 774603BF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtUnmapViewOfSection + 6 7746065A 4 Bytes [68, 7B, DA, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3472] ntdll.dll!NtUnmapViewOfSection + B 7746065F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtCreateFile + 6 7745F41A 4 Bytes [28, A4, 24, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtCreateFile + B 7745F41F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtMapViewOfSection + 6 7745FB6A 4 Bytes [28, A7, 24, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtMapViewOfSection + B 7745FB6F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtOpenFile + 6 7745FBFA 4 Bytes [68, A4, 24, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtOpenFile + B 7745FBFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtOpenProcess + 6 7745FC7A 4 Bytes [A8, A5, 24, 00] {TEST AL, 0xa5; AND AL, 0x0} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtOpenProcess + B 7745FC7F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtOpenProcessToken + B 7745FC8F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtOpenProcessTokenEx + 6 7745FC9A 4 Bytes [A8, A6, 24, 00] {TEST AL, 0xa6; AND AL, 0x0} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtOpenProcessTokenEx + B 7745FC9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtOpenThread + 6 7745FCEA 4 Bytes [68, A5, 24, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtOpenThread + B 7745FCEF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtOpenThreadToken + 6 7745FCFA 4 Bytes [68, A6, 24, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtOpenThreadToken + B 7745FCFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtOpenThreadTokenEx + B 7745FD0F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtQueryAttributesFile + 6 7745FD9A 4 Bytes [A8, A4, 24, 00] {TEST AL, 0xa4; AND AL, 0x0} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtQueryAttributesFile + B 7745FD9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtQueryFullAttributesFile + B 7745FE4F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtSetInformationFile + 6 7746036A 4 Bytes [28, A5, 24, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtSetInformationFile + B 7746036F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtSetInformationThread + 6 774603BA 4 Bytes [28, A6, 24, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtSetInformationThread + B 774603BF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtUnmapViewOfSection + 6 7746065A 4 Bytes [68, A7, 24, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3668] ntdll.dll!NtUnmapViewOfSection + B 7746065F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtCreateFile + 6 7745F41A 4 Bytes [28, 64, 58, 00] {SUB [EAX+EBX*2+0x0], AH} .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtCreateFile + B 7745F41F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtMapViewOfSection + 6 7745FB6A 4 Bytes [28, 67, 58, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtMapViewOfSection + B 7745FB6F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtOpenFile + 6 7745FBFA 4 Bytes [68, 64, 58, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtOpenFile + B 7745FBFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtOpenProcess + 6 7745FC7A 4 Bytes [A8, 65, 58, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtOpenProcess + B 7745FC7F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtOpenProcessToken + B 7745FC8F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtOpenProcessTokenEx + 6 7745FC9A 4 Bytes [A8, 66, 58, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtOpenProcessTokenEx + B 7745FC9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtOpenThread + 6 7745FCEA 4 Bytes [68, 65, 58, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtOpenThread + B 7745FCEF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtOpenThreadToken + 6 7745FCFA 4 Bytes [68, 66, 58, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtOpenThreadToken + B 7745FCFF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtOpenThreadTokenEx + B 7745FD0F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtQueryAttributesFile + 6 7745FD9A 4 Bytes [A8, 64, 58, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtQueryAttributesFile + B 7745FD9F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtQueryFullAttributesFile + B 7745FE4F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtSetInformationFile + 6 7746036A 4 Bytes [28, 65, 58, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtSetInformationFile + B 7746036F 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtSetInformationThread + 6 774603BA 4 Bytes [28, 66, 58, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtSetInformationThread + B 774603BF 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtUnmapViewOfSection + 6 7746065A 4 Bytes [68, 67, 58, 00] .text C:\Program Files\Opera\36.0.2130.65\opera.exe[3976] ntdll.dll!NtUnmapViewOfSection + B 7746065F 1 Byte [E2] ---- Devices - GMER 2.2 ---- AttachedDevice \FileSystem\Ntfs \Ntfs 64d27fbc.sys Device \Driver\30517178 \Device\KLMDKVRT08082014_04000001 16156587.sys Device \FileSystem\4586BE613293A66C \Device\4586BE613293A66C 64d27fbc.sys ---- Processes - GMER 2.2 ---- Process (*** hidden *** ) [4] 83E47940 ---- EOF - GMER 2.2 ----