GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-02-07 08:51:19 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500BEVS-22UST0 rev.01.01A01 232,89GB Running: kic2bg2k.exe; Driver: C:\Users\GAZ-PO~1\AppData\Local\Temp\fwliipod.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D04F4BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E038C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8D04FED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D05AFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D05AFF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D05B176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D05AF16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E038FA6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D05AF5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8D05011C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8D0502F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D05B130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8D05093E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D04F508] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E038CEA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E0373EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D04F556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D054534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D0513A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D05AFD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D05B016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D05B19A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D05AF3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D05B0BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D05AF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D05B154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E038E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D051272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8D050F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D04F5A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D04F5F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8D0507BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D04F1FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D04F3AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D04F350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8D050AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8D050C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D04F41A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8E038EFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8D050636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8E03741C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D04F640] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8E038D96] ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8285F579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82883F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 8288B714 1 Byte [BA] .text ntkrnlpa.exe!RtlSidHashLookup + 214 8288B714 4 Bytes [BA, F4, 04, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 8288B73C 4 Bytes [22, 8C, 03, 8E] .text ntkrnlpa.exe!RtlSidHashLookup + 29C 8288B79C 4 Bytes [D6, FE, 04, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 8288B7F0 8 Bytes [A8, AF, 05, 8D, F4, AF, 05, ...] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E219000, 0x227A14, 0xE8000020] ---- User code sections - GMER 2.0 ---- .text C:\Windows\system32\csrss.exe[404] kernel32.dll!GetBinaryTypeW + 70 778B7964 1 Byte [62] .text C:\Windows\system32\wininit.exe[480] kernel32.dll!GetBinaryTypeW + 70 778B7964 1 Byte [62] .text C:\Windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70 778B7964 1 Byte [62] .text C:\Windows\system32\services.exe[536] kernel32.dll!GetBinaryTypeW + 70 778B7964 1 Byte [62] .text C:\Windows\system32\winlogon.exe[568] kernel32.dll!GetBinaryTypeW + 70 778B7964 1 Byte [62] .text ... ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Program Files\Common Files\Comodo\launcher_service.exe[764] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\Comodo\launcher_service.exe[764] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\Comodo\launcher_service.exe[764] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\Comodo\launcher_service.exe[764] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\Comodo\launcher_service.exe[764] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6F53F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2364] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2364] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2364] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2364] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Comodo\GeekBuddy\unit.exe[2520] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Comodo\GeekBuddy\unit.exe[2520] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Comodo\GeekBuddy\unit.exe[2520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Comodo\GeekBuddy\unit.exe[2520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Comodo\GeekBuddy\unit.exe[2520] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Comodo\GeekBuddy\unit.exe[2520] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Comodo\GeekBuddy\unit.exe[2520] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [6BB69832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [6BB6A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [6BB694D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [6BB694E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [6BB692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [6BB69E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [6BB694B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [6BB694A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [6BB6AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [6BB6A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [6BB69832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [6BB692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [6BB69E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [6BB692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [6BB69E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [6BB69E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [6BB692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [6BB69832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [6BB69E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [6BB692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [6BB69E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [6BB69E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [6BB692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [6BB69832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [6BB69E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [6BB692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [6BB69E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [6BB692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlFreeHeap] [6BB69E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlAllocateHeap] [6BB692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\System32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [6BB692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\System32\Secur32.dll [ntdll.dll!RtlFreeHeap] [6BB69E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75775D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Opera\opera.exe[2928] @ C:\Windows\system32\SAMLIB.dll [ntdll.dll!RtlFreeHeap] [6BB69E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) ---- Threads - GMER 2.0 ---- Thread System [4:3960] 98CD1F2E ---- EOF - GMER 2.0 ----