christmas

Members

View Profile See their activity

Posts
3
Joined
January 17, 2018
Last visited
January 17, 2018

Reputation

0 Neutral

URGENT- can i get experts help please gmer log infection

christmas replied to christmas's topic in Resolved Malware Removal Logs

edit- forgot to add that on a previous scan (which i didnt save) it also highlighted something called malabtyes chameleon' i dont know if this makes any difference to your advice? sorry if im confusing the issue.
- January 17, 2018
- 4 replies
URGENT- can i get experts help please gmer log infection

christmas replied to christmas's topic in Resolved Malware Removal Logs

whats got me suspicious, is that gmer seems to be detecting activity in whatever i seem to using. opera was detected in the above log and now pot-player (video player) below. i will do what you suggested, i thought id post this latest scan now (below) point im trying to make is pot-player wasn't detected before now it is? thanks for your help will follow your advice thanks and report back! GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2018-01-17 05:42:24 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDT721032SLA380 rev.ST2OA3BB 298.09GB Running: 8u3w1c77.exe; Driver: C:\DOCUME~1\proj\LOCALS~1\Temp\uwliypob.sys ---- System - GMER 2.2 ---- SSDT \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys ZwOpenProcess [0xA6D27760] SSDT \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys ZwOpenThread [0xA6D27A7E] INT 0x01 \??\C:\DOCUME~1\proj\LOCALS~1\Temp\uwliypob.sys A711350B ---- User code sections - GMER 2.2 ---- .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] kernel32.dll!DeviceIoControl 7C801629 5 Bytes JMP 10475D20 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10475BB0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] kernel32.dll!MultiByteToWideChar 7C809C98 5 Bytes JMP 10475E60 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] kernel32.dll!WideCharToMultiByte 7C80A174 5 Bytes JMP 10475E90 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 10475BF0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] kernel32.dll!SetUnhandledExceptionFilter 7C8449B5 5 Bytes JMP 01B6252E C:\Program Files\DAUM\PotPlayer\DaumCrashHandler.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 10581960 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegCloseKey 77DD6C27 5 Bytes JMP 105816B0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 5 Bytes JMP 10581A70 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 10581720 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 10581930 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 10581990 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 5 Bytes JMP 10581A40 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegEnumKeyExW 77DD7BD9 5 Bytes JMP 10581850 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegEnumValueW 77DD7EED 5 Bytes JMP 105818B0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegSetValueExW 77DDD767 5 Bytes JMP 10581B30 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegQueryValueW 77DDD87A 5 Bytes JMP 10581AA0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 10581700 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegSetValueExA 77DDEAE7 5 Bytes JMP 10581B00 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegDeleteValueA 77DDECE5 5 Bytes JMP 105817C0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 5 Bytes JMP 105817F0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 10581910 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 5 Bytes JMP 10581760 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegQueryInfoKeyA 77DE4332 5 Bytes JMP 105819B0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegQueryInfoKeyW 77DE49CE 5 Bytes JMP 105819E0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegEnumKeyExA 77DE51B6 5 Bytes JMP 10581820 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegDeleteKeyW 77DE559B 5 Bytes JMP 10581790 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegFlushKey 77DF4CE0 5 Bytes JMP 105818E0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegEnumValueA 77DF9BBF 5 Bytes JMP 10581880 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 10581740 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegQueryValueA 77DFBB8D 5 Bytes JMP 10581A10 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 105816E0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegSetValueA 77DFC79E 5 Bytes JMP 10581AD0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegSetValueW 77E363E6 5 Bytes JMP 10581B60 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 10475B50 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 10475B80 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 10581430 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll .text C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 1000A78B C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\mozglue.dll .text C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01816DF6 C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\xul.dll .text C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018163D9 C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\xul.dll .text C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] kernel32.dll!ValidateLocale + B1D0 7C8449B0 7 Bytes JMP 0158030F C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\xul.dll .text C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01815D25 C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\xul.dll .text C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 0238BE60 C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\xul.dll .text C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 0155F5F8 C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\xul.dll .text C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 018FD515 C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\xul.dll ---- Devices - GMER 2.2 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys
- January 17, 2018
- 4 replies
URGENT- can i get experts help please gmer log infection

christmas posted a topic in Resolved Malware Removal Logs

heres the log can i get an expert opinion thanks GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2018-01-17 03:08:49 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDT721032SLA380 rev.ST2OA3BB 298.09GB Running: 8u3w1c77.exe; Driver: C:\DOCUME~1\proj\LOCALS~1\Temp\uwliypob.sys ---- System - GMER 2.2 ---- SSDT \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys ZwOpenProcess [0xA6D27760] SSDT \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys ZwOpenThread [0xA6D27A7E] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, DC, 91, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, DF, 91, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, DC, 91, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, DD, 91, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9167F6 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, DE, 91, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, DD, 91, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, DE, 91, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916867 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, DC, 91, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916995 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, DD, 91, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, DE, 91, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, DF, 91, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 94, 76, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 97, 76, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 94, 76, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 95, 76, 00] {TEST AL, 0x95; JBE 0x4} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B914CAE .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 96, 76, 00] {TEST AL, 0x96; JBE 0x4} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 95, 76, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 96, 76, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914D1F .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 94, 76, 00] {TEST AL, 0x94; JBE 0x4} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914E4D .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 95, 76, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 96, 76, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 97, 76, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 04, DB, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 07, DB, 00] {SUB [EDI], AL; FILD DWORD [EAX]} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 04, DB, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 05, DB, 00] {TEST AL, 0x5; FILD DWORD [EAX]} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B11E .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 06, DB, 00] {TEST AL, 0x6; FILD DWORD [EAX]} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 05, DB, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 06, DB, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B18F .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 04, DB, 00] {TEST AL, 0x4; FILD DWORD [EAX]} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B2BD .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 05, DB, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 06, DB, 00] {SUB [ESI], AL; FILD DWORD [EAX]} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 07, DB, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 5C, B2, 00] {SUB [EDX+ESI*4+0x0], BL} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 5F, B2, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 5C, B2, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 5D, B2, 00] {TEST AL, 0x5d; MOV DL, 0x0} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918876 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 5E, B2, 00] {TEST AL, 0x5e; MOV DL, 0x0} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 5D, B2, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 5E, B2, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9188E7 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 5C, B2, 00] {TEST AL, 0x5c; MOV DL, 0x0} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B918A15 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 5D, B2, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 5E, B2, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 5F, B2, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 78, D1, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7B, D1, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 78, D1, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 79, D1, 00] {TEST AL, 0x79; ROL DWORD [EAX], 0x1} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A792 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7A, D1, 00] {TEST AL, 0x7a; ROL DWORD [EAX], 0x1} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 79, D1, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7A, D1, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A803 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 78, D1, 00] {TEST AL, 0x78; ROL DWORD [EAX], 0x1} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A931 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 79, D1, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7A, D1, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7B, D1, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B4, 53, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, B7, 53, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B4, 53, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B5, 53, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9129CE .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, B6, 53, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B5, 53, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, B6, 53, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912A3F .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B4, 53, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912B6D .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B5, 53, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, B6, 53, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, B7, 53, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A8, 89, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AB, 89, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A8, 89, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A9, 89, 00] {TEST AL, 0xa9; MOV [EAX], EAX} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915FC2 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AA, 89, 00] {TEST AL, 0xaa; MOV [EAX], EAX} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A9, 89, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AA, 89, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916033 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A8, 89, 00] {TEST AL, 0xa8; MOV [EAX], EAX} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916161 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A9, 89, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AA, 89, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AB, 89, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\proj\Desktop\hitmanpro.exe[3764] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 0052BF80 C:\Documents and Settings\proj\Desktop\hitmanpro.exe .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 78, 34, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7B, 34, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 78, 34, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 79, 34, 00] {TEST AL, 0x79; XOR AL, 0x0} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910A92 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7A, 34, 00] {TEST AL, 0x7a; XOR AL, 0x0} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 79, 34, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7A, 34, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910B03 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 78, 34, 00] {TEST AL, 0x78; XOR AL, 0x0} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910C31 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 79, 34, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7A, 34, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7B, 34, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.2 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\mbamchameleon@ProtectedRegistry ???D????????????0????????????????`???????????????????? ????????????????????? ???????????????????? ???????D?????D?????D????,?????.?????????s?????mbamchameleon Instance??????? ???????D???????????(?????????????????????????????????D????????????????s???? ?????????????D?????D???????????????????????????????????????????????????D??? ???????D???????????D??????????N??????????????D?&???????D???????e??mbamchameleon????D?????????????????????????????????s?????????D??????s???LegacyDriver??????N??D????????D?????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? ???D??????????????mbamchameleon????D?D?D?D?D?D?????????D???????????????????D???a???????s??USB\Vid_2357&Pid_0109&Rev_0200?USB\Vid_2357&Pid_0109?????D??????????????MBAMService?AegisP?WSH?WMIAdapter?WmdmPmSN?WinMgmt?Winlogon?Windows Product Activation?Windows 3.1 Migration?WebClient?VSS?VBRuntime?Userinit?Userenv?Tlntsvr?SysmonLog?Starter?SpoolerCtrs?Software Restriction Policies?Software Installation?SecurityCenter?SclgNtfy?SceSrv?SceCli?safrslv?SAFrdms?RPC?Remote Assistance
- January 17, 2018
- 4 replies

Sign In

christmas

Posts

Joined

Last visited

Reputation

URGENT- can i get experts help please gmer log infection

URGENT- can i get experts help please gmer log infection

URGENT- can i get experts help please gmer log infection

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information