Jump to content

URGENT- can i get experts help please gmer log infection


Recommended Posts

heres the log can i get an expert opinion thanks

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2018-01-17 03:08:49
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDT721032SLA380 rev.ST2OA3BB 298.09GB
Running: 8u3w1c77.exe; Driver: C:\DOCUME~1\proj\LOCALS~1\Temp\uwliypob.sys


---- System - GMER 2.2 ----

SSDT            \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys                                            ZwOpenProcess [0xA6D27760]
SSDT            \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys                                            ZwOpenThread [0xA6D27A7E]

---- User code sections - GMER 2.2 ----

.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtCreateFile + 6               7C90D0B4 4 Bytes  [28, DC, 91, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtCreateFile + B               7C90D0B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtMapViewOfSection + 6         7C90D524 4 Bytes  [28, DF, 91, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtMapViewOfSection + B         7C90D529 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenFile + 6                 7C90D5A4 4 Bytes  [68, DC, 91, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenFile + B                 7C90D5A9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenProcess + 6              7C90D604 4 Bytes  [A8, DD, 91, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenProcess + B              7C90D609 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenProcessToken + 6         7C90D614 4 Bytes  CALL 7B9167F6 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenProcessToken + B         7C90D619 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenProcessTokenEx + 6       7C90D624 4 Bytes  [A8, DE, 91, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenProcessTokenEx + B       7C90D629 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenThread + 6               7C90D664 4 Bytes  [68, DD, 91, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenThread + B               7C90D669 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenThreadToken + 6          7C90D674 4 Bytes  [68, DE, 91, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenThreadToken + B          7C90D679 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenThreadTokenEx + 6        7C90D684 4 Bytes  CALL 7B916867 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtOpenThreadTokenEx + B        7C90D689 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtQueryAttributesFile + 6      7C90D714 4 Bytes  [A8, DC, 91, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtQueryAttributesFile + B      7C90D719 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtQueryFullAttributesFile + 6  7C90D7B4 4 Bytes  CALL 7B916995 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtQueryFullAttributesFile + B  7C90D7B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtSetInformationFile + 6       7C90DC64 4 Bytes  [28, DD, 91, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtSetInformationFile + B       7C90DC69 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtSetInformationThread + 6     7C90DCB4 4 Bytes  [28, DE, 91, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtSetInformationThread + B     7C90DCB9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtUnmapViewOfSection + 6       7C90DF14 4 Bytes  [68, DF, 91, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1632] ntdll.dll!NtUnmapViewOfSection + B       7C90DF19 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtCreateFile + 6               7C90D0B4 4 Bytes  [28, 94, 76, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtCreateFile + B               7C90D0B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtMapViewOfSection + 6         7C90D524 4 Bytes  [28, 97, 76, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtMapViewOfSection + B         7C90D529 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenFile + 6                 7C90D5A4 4 Bytes  [68, 94, 76, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenFile + B                 7C90D5A9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenProcess + 6              7C90D604 4 Bytes  [A8, 95, 76, 00] {TEST AL, 0x95; JBE 0x4}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenProcess + B              7C90D609 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenProcessToken + 6         7C90D614 4 Bytes  CALL 7B914CAE 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenProcessToken + B         7C90D619 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenProcessTokenEx + 6       7C90D624 4 Bytes  [A8, 96, 76, 00] {TEST AL, 0x96; JBE 0x4}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenProcessTokenEx + B       7C90D629 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenThread + 6               7C90D664 4 Bytes  [68, 95, 76, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenThread + B               7C90D669 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenThreadToken + 6          7C90D674 4 Bytes  [68, 96, 76, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenThreadToken + B          7C90D679 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenThreadTokenEx + 6        7C90D684 4 Bytes  CALL 7B914D1F 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtOpenThreadTokenEx + B        7C90D689 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtQueryAttributesFile + 6      7C90D714 4 Bytes  [A8, 94, 76, 00] {TEST AL, 0x94; JBE 0x4}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtQueryAttributesFile + B      7C90D719 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtQueryFullAttributesFile + 6  7C90D7B4 4 Bytes  CALL 7B914E4D 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtQueryFullAttributesFile + B  7C90D7B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtSetInformationFile + 6       7C90DC64 4 Bytes  [28, 95, 76, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtSetInformationFile + B       7C90DC69 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtSetInformationThread + 6     7C90DCB4 4 Bytes  [28, 96, 76, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtSetInformationThread + B     7C90DCB9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtUnmapViewOfSection + 6       7C90DF14 4 Bytes  [68, 97, 76, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[1772] ntdll.dll!NtUnmapViewOfSection + B       7C90DF19 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtCreateFile + 6               7C90D0B4 4 Bytes  [28, 04, DB, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtCreateFile + B               7C90D0B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtMapViewOfSection + 6         7C90D524 4 Bytes  [28, 07, DB, 00] {SUB [EDI], AL; FILD DWORD [EAX]}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtMapViewOfSection + B         7C90D529 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenFile + 6                 7C90D5A4 4 Bytes  [68, 04, DB, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenFile + B                 7C90D5A9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenProcess + 6              7C90D604 4 Bytes  [A8, 05, DB, 00] {TEST AL, 0x5; FILD DWORD [EAX]}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenProcess + B              7C90D609 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenProcessToken + 6         7C90D614 4 Bytes  CALL 7B91B11E 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenProcessToken + B         7C90D619 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenProcessTokenEx + 6       7C90D624 4 Bytes  [A8, 06, DB, 00] {TEST AL, 0x6; FILD DWORD [EAX]}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenProcessTokenEx + B       7C90D629 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenThread + 6               7C90D664 4 Bytes  [68, 05, DB, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenThread + B               7C90D669 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenThreadToken + 6          7C90D674 4 Bytes  [68, 06, DB, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenThreadToken + B          7C90D679 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenThreadTokenEx + 6        7C90D684 4 Bytes  CALL 7B91B18F 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtOpenThreadTokenEx + B        7C90D689 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtQueryAttributesFile + 6      7C90D714 4 Bytes  [A8, 04, DB, 00] {TEST AL, 0x4; FILD DWORD [EAX]}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtQueryAttributesFile + B      7C90D719 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtQueryFullAttributesFile + 6  7C90D7B4 4 Bytes  CALL 7B91B2BD 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtQueryFullAttributesFile + B  7C90D7B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtSetInformationFile + 6       7C90DC64 4 Bytes  [28, 05, DB, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtSetInformationFile + B       7C90DC69 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtSetInformationThread + 6     7C90DCB4 4 Bytes  [28, 06, DB, 00] {SUB [ESI], AL; FILD DWORD [EAX]}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtSetInformationThread + B     7C90DCB9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtUnmapViewOfSection + 6       7C90DF14 4 Bytes  [68, 07, DB, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2160] ntdll.dll!NtUnmapViewOfSection + B       7C90DF19 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtCreateFile + 6               7C90D0B4 4 Bytes  [28, 5C, B2, 00] {SUB [EDX+ESI*4+0x0], BL}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtCreateFile + B               7C90D0B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtMapViewOfSection + 6         7C90D524 4 Bytes  [28, 5F, B2, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtMapViewOfSection + B         7C90D529 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenFile + 6                 7C90D5A4 4 Bytes  [68, 5C, B2, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenFile + B                 7C90D5A9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenProcess + 6              7C90D604 4 Bytes  [A8, 5D, B2, 00] {TEST AL, 0x5d; MOV DL, 0x0}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenProcess + B              7C90D609 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenProcessToken + 6         7C90D614 4 Bytes  CALL 7B918876 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenProcessToken + B         7C90D619 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenProcessTokenEx + 6       7C90D624 4 Bytes  [A8, 5E, B2, 00] {TEST AL, 0x5e; MOV DL, 0x0}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenProcessTokenEx + B       7C90D629 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenThread + 6               7C90D664 4 Bytes  [68, 5D, B2, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenThread + B               7C90D669 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenThreadToken + 6          7C90D674 4 Bytes  [68, 5E, B2, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenThreadToken + B          7C90D679 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenThreadTokenEx + 6        7C90D684 4 Bytes  CALL 7B9188E7 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtOpenThreadTokenEx + B        7C90D689 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtQueryAttributesFile + 6      7C90D714 4 Bytes  [A8, 5C, B2, 00] {TEST AL, 0x5c; MOV DL, 0x0}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtQueryAttributesFile + B      7C90D719 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtQueryFullAttributesFile + 6  7C90D7B4 4 Bytes  CALL 7B918A15 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtQueryFullAttributesFile + B  7C90D7B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtSetInformationFile + 6       7C90DC64 4 Bytes  [28, 5D, B2, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtSetInformationFile + B       7C90DC69 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtSetInformationThread + 6     7C90DCB4 4 Bytes  [28, 5E, B2, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtSetInformationThread + B     7C90DCB9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtUnmapViewOfSection + 6       7C90DF14 4 Bytes  [68, 5F, B2, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2208] ntdll.dll!NtUnmapViewOfSection + B       7C90DF19 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtCreateFile + 6               7C90D0B4 4 Bytes  [28, 78, D1, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtCreateFile + B               7C90D0B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtMapViewOfSection + 6         7C90D524 4 Bytes  [28, 7B, D1, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtMapViewOfSection + B         7C90D529 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenFile + 6                 7C90D5A4 4 Bytes  [68, 78, D1, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenFile + B                 7C90D5A9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenProcess + 6              7C90D604 4 Bytes  [A8, 79, D1, 00] {TEST AL, 0x79; ROL DWORD [EAX], 0x1}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenProcess + B              7C90D609 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenProcessToken + 6         7C90D614 4 Bytes  CALL 7B91A792 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenProcessToken + B         7C90D619 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenProcessTokenEx + 6       7C90D624 4 Bytes  [A8, 7A, D1, 00] {TEST AL, 0x7a; ROL DWORD [EAX], 0x1}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenProcessTokenEx + B       7C90D629 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenThread + 6               7C90D664 4 Bytes  [68, 79, D1, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenThread + B               7C90D669 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenThreadToken + 6          7C90D674 4 Bytes  [68, 7A, D1, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenThreadToken + B          7C90D679 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenThreadTokenEx + 6        7C90D684 4 Bytes  CALL 7B91A803 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtOpenThreadTokenEx + B        7C90D689 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtQueryAttributesFile + 6      7C90D714 4 Bytes  [A8, 78, D1, 00] {TEST AL, 0x78; ROL DWORD [EAX], 0x1}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtQueryAttributesFile + B      7C90D719 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtQueryFullAttributesFile + 6  7C90D7B4 4 Bytes  CALL 7B91A931 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtQueryFullAttributesFile + B  7C90D7B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtSetInformationFile + 6       7C90DC64 4 Bytes  [28, 79, D1, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtSetInformationFile + B       7C90DC69 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtSetInformationThread + 6     7C90DCB4 4 Bytes  [28, 7A, D1, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtSetInformationThread + B     7C90DCB9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtUnmapViewOfSection + 6       7C90DF14 4 Bytes  [68, 7B, D1, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[2236] ntdll.dll!NtUnmapViewOfSection + B       7C90DF19 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtCreateFile + 6               7C90D0B4 4 Bytes  [28, B4, 53, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtCreateFile + B               7C90D0B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtMapViewOfSection + 6         7C90D524 4 Bytes  [28, B7, 53, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtMapViewOfSection + B         7C90D529 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenFile + 6                 7C90D5A4 4 Bytes  [68, B4, 53, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenFile + B                 7C90D5A9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenProcess + 6              7C90D604 4 Bytes  [A8, B5, 53, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenProcess + B              7C90D609 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenProcessToken + 6         7C90D614 4 Bytes  CALL 7B9129CE 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenProcessToken + B         7C90D619 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenProcessTokenEx + 6       7C90D624 4 Bytes  [A8, B6, 53, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenProcessTokenEx + B       7C90D629 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenThread + 6               7C90D664 4 Bytes  [68, B5, 53, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenThread + B               7C90D669 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenThreadToken + 6          7C90D674 4 Bytes  [68, B6, 53, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenThreadToken + B          7C90D679 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenThreadTokenEx + 6        7C90D684 4 Bytes  CALL 7B912A3F 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtOpenThreadTokenEx + B        7C90D689 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtQueryAttributesFile + 6      7C90D714 4 Bytes  [A8, B4, 53, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtQueryAttributesFile + B      7C90D719 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtQueryFullAttributesFile + 6  7C90D7B4 4 Bytes  CALL 7B912B6D 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtQueryFullAttributesFile + B  7C90D7B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtSetInformationFile + 6       7C90DC64 4 Bytes  [28, B5, 53, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtSetInformationFile + B       7C90DC69 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtSetInformationThread + 6     7C90DCB4 4 Bytes  [28, B6, 53, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtSetInformationThread + B     7C90DCB9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtUnmapViewOfSection + 6       7C90DF14 4 Bytes  [68, B7, 53, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3016] ntdll.dll!NtUnmapViewOfSection + B       7C90DF19 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtCreateFile + 6               7C90D0B4 4 Bytes  [28, A8, 89, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtCreateFile + B               7C90D0B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtMapViewOfSection + 6         7C90D524 4 Bytes  [28, AB, 89, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtMapViewOfSection + B         7C90D529 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenFile + 6                 7C90D5A4 4 Bytes  [68, A8, 89, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenFile + B                 7C90D5A9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenProcess + 6              7C90D604 4 Bytes  [A8, A9, 89, 00] {TEST AL, 0xa9; MOV [EAX], EAX}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenProcess + B              7C90D609 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenProcessToken + 6         7C90D614 4 Bytes  CALL 7B915FC2 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenProcessToken + B         7C90D619 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenProcessTokenEx + 6       7C90D624 4 Bytes  [A8, AA, 89, 00] {TEST AL, 0xaa; MOV [EAX], EAX}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenProcessTokenEx + B       7C90D629 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenThread + 6               7C90D664 4 Bytes  [68, A9, 89, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenThread + B               7C90D669 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenThreadToken + 6          7C90D674 4 Bytes  [68, AA, 89, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenThreadToken + B          7C90D679 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenThreadTokenEx + 6        7C90D684 4 Bytes  CALL 7B916033 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtOpenThreadTokenEx + B        7C90D689 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtQueryAttributesFile + 6      7C90D714 4 Bytes  [A8, A8, 89, 00] {TEST AL, 0xa8; MOV [EAX], EAX}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtQueryAttributesFile + B      7C90D719 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtQueryFullAttributesFile + 6  7C90D7B4 4 Bytes  CALL 7B916161 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtQueryFullAttributesFile + B  7C90D7B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtSetInformationFile + 6       7C90DC64 4 Bytes  [28, A9, 89, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtSetInformationFile + B       7C90DC69 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtSetInformationThread + 6     7C90DCB4 4 Bytes  [28, AA, 89, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtSetInformationThread + B     7C90DCB9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtUnmapViewOfSection + 6       7C90DF14 4 Bytes  [68, AB, 89, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3176] ntdll.dll!NtUnmapViewOfSection + B       7C90DF19 1 Byte  [E2]
.text           C:\Documents and Settings\proj\Desktop\hitmanpro.exe[3764] WS2_32.dll!GetAddrInfoW           71AB2899 5 Bytes  JMP 0052BF80 C:\Documents and Settings\proj\Desktop\hitmanpro.exe
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtCreateFile + 6               7C90D0B4 4 Bytes  [28, 78, 34, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtCreateFile + B               7C90D0B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtMapViewOfSection + 6         7C90D524 4 Bytes  [28, 7B, 34, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtMapViewOfSection + B         7C90D529 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenFile + 6                 7C90D5A4 4 Bytes  [68, 78, 34, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenFile + B                 7C90D5A9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenProcess + 6              7C90D604 4 Bytes  [A8, 79, 34, 00] {TEST AL, 0x79; XOR AL, 0x0}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenProcess + B              7C90D609 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenProcessToken + 6         7C90D614 4 Bytes  CALL 7B910A92 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenProcessToken + B         7C90D619 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenProcessTokenEx + 6       7C90D624 4 Bytes  [A8, 7A, 34, 00] {TEST AL, 0x7a; XOR AL, 0x0}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenProcessTokenEx + B       7C90D629 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenThread + 6               7C90D664 4 Bytes  [68, 79, 34, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenThread + B               7C90D669 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenThreadToken + 6          7C90D674 4 Bytes  [68, 7A, 34, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenThreadToken + B          7C90D679 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenThreadTokenEx + 6        7C90D684 4 Bytes  CALL 7B910B03 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtOpenThreadTokenEx + B        7C90D689 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtQueryAttributesFile + 6      7C90D714 4 Bytes  [A8, 78, 34, 00] {TEST AL, 0x78; XOR AL, 0x0}
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtQueryAttributesFile + B      7C90D719 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtQueryFullAttributesFile + 6  7C90D7B4 4 Bytes  CALL 7B910C31 
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtQueryFullAttributesFile + B  7C90D7B9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtSetInformationFile + 6       7C90DC64 4 Bytes  [28, 79, 34, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtSetInformationFile + B       7C90DC69 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtSetInformationThread + 6     7C90DCB4 4 Bytes  [28, 7A, 34, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtSetInformationThread + B     7C90DCB9 1 Byte  [E2]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtUnmapViewOfSection + 6       7C90DF14 4 Bytes  [68, 7B, 34, 00]
.text           C:\Program Files\Opera\36.0.2130.80\opera.exe[3852] ntdll.dll!NtUnmapViewOfSection + B       7C90DF19 1 Byte  [E2]

---- Devices - GMER 2.2 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                     fltMgr.sys

---- Registry - GMER 2.2 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\mbamchameleon@ProtectedRegistry                       ???D????????????0????????????????`???????????????????? ????????????????????? ???????????????????? ???????D?????D?????D????,?????.?????????s?????mbamchameleon Instance??????? ???????D???????????(?????????????????????????????????D????????????????s???? ?????????????D?????D???????????????????????????????????????????????????D??? ???????D???????????D??????????N??????????????D?&???????D???????e??mbamchameleon????D?????????????????????????????????s?????????D??????s???LegacyDriver??????N??D????????D?????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? ???D??????????????mbamchameleon????D?D?D?D?D?D?????????D???????????????????D???a???????s??USB\Vid_2357&Pid_0109&Rev_0200?USB\Vid_2357&Pid_0109?????D??????????????MBAMService?AegisP?WSH?WMIAdapter?WmdmPmSN?WinMgmt?Winlogon?Windows Product Activation?Windows 3.1 Migration?WebClient?VSS?VBRuntime?Userinit?Userenv?Tlntsvr?SysmonLog?Starter?SpoolerCtrs?Software Restriction Policies?Software Installation?SecurityCenter?SclgNtfy?SceSrv?SceCli?safrslv?SAFrdms?RPC?Remote Assistance
 

Edited by christmas
mistake
Link to post
Share on other sites

  • Root Admin

Hello @christmas and :welcome:

What specific issues are you having with the computer? The log itself as provided is not really of much help. Since you're running a rootkit scanner, I assume you're here because you think you're infected. Let me have you run the following in the exact order provided please.

 

 

Please run the following steps and post back the logs as an attachment when ready. Code posted directly is not always translated properly by the forum software.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

whats got me suspicious, is that gmer seems to be detecting activity in whatever i seem to using. opera was detected in the above log and now pot-player (video player)

below. i will do what you suggested, i thought id post this latest scan now (below)  point im trying to make is pot-player wasn't detected before now it is?  thanks for your help will follow your advice thanks and report back!

 

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2018-01-17 05:42:24
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDT721032SLA380 rev.ST2OA3BB 298.09GB
Running: 8u3w1c77.exe; Driver: C:\DOCUME~1\proj\LOCALS~1\Temp\uwliypob.sys


---- System - GMER 2.2 ----

SSDT            \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys                                                                        ZwOpenProcess [0xA6D27760]
SSDT            \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys                                                                        ZwOpenThread [0xA6D27A7E]

INT 0x01        \??\C:\DOCUME~1\proj\LOCALS~1\Temp\uwliypob.sys                                                                          A711350B

---- User code sections - GMER 2.2 ----

.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] kernel32.dll!DeviceIoControl                                      7C801629 5 Bytes  JMP 10475D20 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] kernel32.dll!CreateFileA                                          7C801A28 5 Bytes  JMP 10475BB0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] kernel32.dll!MultiByteToWideChar                                  7C809C98 5 Bytes  JMP 10475E60 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] kernel32.dll!WideCharToMultiByte                                  7C80A174 5 Bytes  JMP 10475E90 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] kernel32.dll!CreateFileW                                          7C810CD9 5 Bytes  JMP 10475BF0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] kernel32.dll!SetUnhandledExceptionFilter                          7C8449B5 5 Bytes  JMP 01B6252E C:\Program Files\DAUM\PotPlayer\DaumCrashHandler.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegOpenKeyExW                                        77DD6AAF 5 Bytes  JMP 10581960 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegCloseKey                                          77DD6C27 5 Bytes  JMP 105816B0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegQueryValueExW                                     77DD6FFF 5 Bytes  JMP 10581A70 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegCreateKeyExW                                      77DD776C 5 Bytes  JMP 10581720 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegOpenKeyExA                                        77DD7852 5 Bytes  JMP 10581930 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegOpenKeyW                                          77DD7946 5 Bytes  JMP 10581990 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegQueryValueExA                                     77DD7ABB 5 Bytes  JMP 10581A40 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegEnumKeyExW                                        77DD7BD9 5 Bytes  JMP 10581850 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegEnumValueW                                        77DD7EED 5 Bytes  JMP 105818B0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegSetValueExW                                       77DDD767 5 Bytes  JMP 10581B30 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegQueryValueW                                       77DDD87A 5 Bytes  JMP 10581AA0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegCreateKeyExA                                      77DDE9F4 5 Bytes  JMP 10581700 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegSetValueExA                                       77DDEAE7 5 Bytes  JMP 10581B00 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegDeleteValueA                                      77DDECE5 5 Bytes  JMP 105817C0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegDeleteValueW                                      77DDEDF1 5 Bytes  JMP 105817F0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegOpenKeyA                                          77DDEFC8 5 Bytes  JMP 10581910 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegDeleteKeyA                                        77DE42A0 5 Bytes  JMP 10581760 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegQueryInfoKeyA                                     77DE4332 5 Bytes  JMP 105819B0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegQueryInfoKeyW                                     77DE49CE 5 Bytes  JMP 105819E0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegEnumKeyExA                                        77DE51B6 5 Bytes  JMP 10581820 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegDeleteKeyW                                        77DE559B 5 Bytes  JMP 10581790 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegFlushKey                                          77DF4CE0 5 Bytes  JMP 105818E0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegEnumValueA                                        77DF9BBF 5 Bytes  JMP 10581880 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegCreateKeyW                                        77DFBA55 5 Bytes  JMP 10581740 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegQueryValueA                                       77DFBB8D 5 Bytes  JMP 10581A10 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegCreateKeyA                                        77DFBCF3 5 Bytes  JMP 105816E0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegSetValueA                                         77DFC79E 5 Bytes  JMP 10581AD0 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ADVAPI32.dll!RegSetValueW                                         77E363E6 5 Bytes  JMP 10581B60 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] USER32.dll!ChangeDisplaySettingsExA                               7E42384E 5 Bytes  JMP 10475B50 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] USER32.dll!ChangeDisplaySettingsExW                               7E4595BD 5 Bytes  JMP 10475B80 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe[912] ole32.dll!CoCreateInstance                                        774FF1D4 5 Bytes  JMP 10581430 C:\Program Files\DAUM\PotPlayer\PotPlayer.dll
.text           C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] ntdll.dll!LdrLoadDll                7C915C35 5 Bytes  JMP 1000A78B C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\mozglue.dll
.text           C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] kernel32.dll!lstrlenW + 43          7C809AEC 7 Bytes  JMP 01816DF6 C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\xul.dll
.text           C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] kernel32.dll!MapViewOfFileEx + 6A   7C80B9A0 7 Bytes  JMP 018163D9 C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\xul.dll
.text           C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] kernel32.dll!ValidateLocale + B1D0  7C8449B0 7 Bytes  JMP 0158030F C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\xul.dll
.text           C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] GDI32.dll!SetDIBitsToDevice + 20A   77F19E14 7 Bytes  JMP 01815D25 C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\xul.dll
.text           C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] USER32.dll!GetWindowInfo            7E42C49C 5 Bytes  JMP 0238BE60 C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\xul.dll
.text           C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] USER32.dll!CreateWindowExW          7E42D0A3 5 Bytes  JMP 0155F5F8 C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\xul.dll
.text           C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\firefox.exe[1688] USER32.dll!CreateWindowExA          7E42E4A9 5 Bytes  JMP 018FD515 C:\Documents and Settings\proj\Desktop\FirefoxPortable\App\firefox\xul.dll

---- Devices - GMER 2.2 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                 fltMgr.sys

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.