GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-12 02:41:28 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000005b SAMSUNG_ rev.1AA0 465,76GB Running: 7ti6jgfd.exe; Driver: C:\Users\XxX\AppData\Local\Temp\uwldipow.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x9AD58A56] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x9ACE4478] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x9AD595E0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x9AD6444A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x9AD64496] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x9AD64668] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x9AD643B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0x9AD644DA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x9AD64400] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0x9AD59B32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x9AD59D4E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x9AD64622] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x9AD5A264] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x9AD58ABC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x9AD5D3DC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x9ACE4550] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwGetContextThread [0x9AD5AAF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x9AD5869C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x9ACE4932] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x9AD58B22] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x9AD5D7EE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x9AD5B07C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x9AD64474] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x9AD644B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x9AD6468C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x9AD643DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x9AD5CCB4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x9AD64586] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x9AD64428] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x9AD5D0AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x9AD64646] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x9ACE46D0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x9AD5AEA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x9AD5A9C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeProcess [0x9AD5A42E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeThread [0x9AD5A63A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x9AD58B88] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x9AD58BEE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0x9AD5AC20] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x9AD5873C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x9AD58914] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x9AD588A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x9AD5A534] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x9AD5A764] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x9AD5899C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0x9AD5A0A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x9AD5A244] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x9ACE1B54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x9AD58C54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x9AD5963C] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82E5A339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E93D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82E9ADC0 4 Bytes [56, 8A, D5, 9A] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E9ADE8 4 Bytes [78, 44, CE, 9A] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82E9AE48 4 Bytes [E0, 95, D5, 9A] {LOOPNZ 0xffffff97; AAD 0x9a} .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82E9AE9C 8 Bytes [4A, 44, D6, 9A, 96, 44, D6, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82E9AEA8 4 Bytes [68, 46, D6, 9A] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8305626D 4 Bytes CALL 9AD5B5CF \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8307002C 4 Bytes CALL 9AD5B5E5 \SystemRoot\system32\drivers\aswSnx.sys .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x81F95300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9F03A300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, E0, F3, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, E3, F3, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, E0, F3, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, E1, F3, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, E2, F3, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, E1, F3, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, E2, F3, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, E0, F3, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, E1, F3, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, E2, F3, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, E3, F3, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[460] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2] .text C:\Program Files\AVAST Software\Avast\avastUi.exe[1816] kernel32.dll!SetUnhandledExceptionFilter 76663D01 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, F0, 83, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, F3, 83, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, F0, 83, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, F1, 83, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, F2, 83, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, F1, 83, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, F2, 83, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, F0, 83, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, F1, 83, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, F2, 83, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, F3, 83, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 3D2903FC .text C:\Program Files\Opera\41.0.2353.69\opera.exe[2108] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 3D2901F8 .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2920] ntdll.dll!DbgBreakPoint 779C40F0 1 Byte [C3] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, 0C, BC, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, 0F, BC, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, 0C, BC, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, 0D, BC, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, 0E, BC, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, 0D, BC, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, 0E, BC, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, 0C, BC, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, 0D, BC, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, 0E, BC, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, 0F, BC, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3304] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, 0C, AA, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, 0F, AA, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, 0C, AA, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, 0D, AA, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, 0E, AA, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, 0D, AA, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, 0E, AA, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, 0C, AA, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, 0D, AA, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, 0E, AA, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, 0F, AA, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[3504] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[3848] kernel32.dll!SetUnhandledExceptionFilter 76663D01 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, B0, E7, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, B3, E7, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, B0, E7, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, B1, E7, 00] {TEST AL, 0xb1; OUT 0x0, EAX} .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, B2, E7, 00] {TEST AL, 0xb2; OUT 0x0, EAX} .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, B1, E7, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, B2, E7, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, B0, E7, 00] {TEST AL, 0xb0; OUT 0x0, EAX} .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, B1, E7, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, B2, E7, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, B3, E7, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[4756] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, A0, 8A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, A3, 8A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, A0, 8A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, A1, 8A, 00] {TEST AL, 0xa1; MOV AL, [EAX]} .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, A2, 8A, 00] {TEST AL, 0xa2; MOV AL, [EAX]} .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, A1, 8A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, A2, 8A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, A0, 8A, 00] {TEST AL, 0xa0; MOV AL, [EAX]} .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, A1, 8A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, A2, 8A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, A3, 8A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5568] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, 94, 6A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, 97, 6A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, 94, 6A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, 95, 6A, 00] {TEST AL, 0x95; PUSH 0x0} .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, 96, 6A, 00] {TEST AL, 0x96; PUSH 0x0} .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, 95, 6A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, 96, 6A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, 94, 6A, 00] {TEST AL, 0x94; PUSH 0x0} .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, 95, 6A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, 96, 6A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, 97, 6A, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[5756] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2] .text C:\Program Files\CCleaner\CCleaner.exe[5800] USER32.dll!SetScrollRange 76428EC5 5 Bytes JMP 01522F39 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5800] USER32.dll!GetScrollInfo 76432DA3 5 Bytes JMP 01522EC0 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5800] USER32.dll!SetScrollInfo 764348DA 5 Bytes JMP 01522F76 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5800] USER32.dll!GetScrollRange 7645045A 5 Bytes JMP 01522E57 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5800] USER32.dll!SetScrollPos 764504BE 5 Bytes JMP 01522E2C C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5800] USER32.dll!GetScrollPos 76450E43 5 Bytes JMP 01522E95 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5800] USER32.dll!EnableScrollBar 764519CE 5 Bytes JMP 01522FB0 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5800] USER32.dll!ShowScrollBar 76453C89 5 Bytes JMP 01522EF9 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, 30, E8, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, 33, E8, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, 30, E8, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, 31, E8, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, 32, E8, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, 31, E8, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, 32, E8, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, 30, E8, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, 31, E8, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, 32, E8, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, 33, E8, 00] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2] .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!LdrUnloadDll 779EC8DE 5 Bytes JMP 160703FC .text C:\Program Files\Opera\41.0.2353.69\opera.exe[6016] ntdll.dll!LdrLoadDll 779F22B8 5 Bytes JMP 160701F8 ---- Devices - GMER 2.2 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32@ ?????????????????????????????????????????????????? ---- EOF - GMER 2.2 ----