GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-16 21:29:41 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDP725040GLA360 rev.GMDOA52A Running: x0vywrmg.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pftdypow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text atapi.sys F749F852 1 Byte [CC] {INT 3 } ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\WgaTray.exe[2840] WININET.dll!InternetErrorDlg 436ACC43 5 Bytes JMP 0101211B C:\WINDOWS\system32\WgaTray.exe (Windows Genuine Advantage Notification/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:488] 897420F4 ---- Processes - GMER 1.0.15 ---- Process C:\Program Files\Opera\Opera.exe (*** hidden *** ) 1944 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run@Policies C:\WINDOWS\system32\install\server.exe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@HKLM C:\WINDOWS\system32\install\server.exe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 26C2B3A1234FB03464E04FEECAD52993A25E3860F5D05EBC94DCDFAECEC0C9D9FAE53E0CE40610A33534A2C2CE8713AAEC3203A8502A13F04CE0EE5C1F0D664FC0008858AE263533D30D0ED312A2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667FEBC9E127BECC74CA6171C11EC38DE3DBE1D7A13A1F59EFE9ED4B5F85EAF4EBFAD59096B8F1B550C013582BC4A459F5C6554D9C85D1DC3C427BA4FEDDC565A5A608F8B5ABB9AF1E55DF298AC75830AE910286859C774A3778F8F6A6D01B1DE502E6BB215D65A295D967AAFFED221FC7386E07383C9DFAFE50ADF84236CF9CD6E51DE4CD2DB090E5C90C185185660CC9D7697C7F6715B9A142C8A9EAC65FDDB34E8ACA9BCE86AF57E11145CCE179A10446E3C3C586D715DB8EEC2BC1CD5218257777022F342577B97C48DFA71D13B21F56491A642944535BF2F9166F74C587EBE62948C0CCC377C2D3A212C3D66C29FF330ACE1405E8B20482FD22AB9782E5189F4DAC909950D9A76E594BEE7594770360D7B4FD3E88CE2A6153598CFB1C1BF06DC583868496ABC631F008599D0EDB7661DB952F273A78662E7BDC41B734453392D75C0193D760D142052D6EC9A7563E3647B5185E44C57B616C3C873587CD9DC5DEDCA7CE6EC795F09CD8DF3242D21C04A2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@Policies C:\WINDOWS\system32\install\server.exe ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_0002\opr00PI9.tmp 16152 bytes File C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_0002\opr00PIG.tmp 1 bytes File C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\sesn\opr00PIA.tmp 404 bytes File C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\sesn\opr00PIB.tmp 1428 bytes ---- EOF - GMER 1.0.15 ----