GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-02-01 01:10:46
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 232,89GB
Running: gmer.exe; Driver: C:\Users\eugenia\AppData\Local\Temp\axlyqpow.sys


---- Kernel code sections - GMER 2.0 ----

.text  ntoskrnl.exe!ZwRollbackTransaction + 13ED                                                                      82C438A9 1 Byte  [06]
.text  ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                         82C632F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  autochk.exe                                                                                                    004511D1 2 Bytes  [C1, 80]
.text  autochk.exe                                                                                                    004511D6 71 Bytes  [E8, 65, E8, FB, FF, 8B, 45, ...]
.text  autochk.exe                                                                                                    0045121E 35 Bytes  [8D, 95, F8, F6, FF, FF, 52, ...]
.text  autochk.exe                                                                                                    00451244 35 Bytes  [E8, F7, E7, FB, FF, 8B, 4D, ...]
.text  autochk.exe                                                                                                    00451269 1 Byte  [A1]
.text  ...                                                                                                            

---- User code sections - GMER 2.0 ----

.text  C:\Program Files\Opera\opera.exe[2308] WS2_32.dll!recv                                                         777547DF 6 Bytes  JMP 719D0F5A 
.text  C:\Program Files\Opera\opera.exe[2308] WS2_32.dll!GetAddrInfoW                                                 777560F5 6 Bytes  JMP 71AF0F5A 
.text  C:\Program Files\Opera\opera.exe[2308] WS2_32.dll!FreeAddrInfoW                                                77756387 6 Bytes  JMP 71A90F5A 
.text  C:\Program Files\Opera\opera.exe[2308] WS2_32.dll!WSASend                                                      777568A7 6 Bytes  JMP 719A0F5A 
.text  C:\Program Files\Opera\opera.exe[2308] WS2_32.dll!WSARecv                                                      7775C29F 6 Bytes  JMP 71970F5A 
.text  C:\Program Files\Opera\opera.exe[2308] WS2_32.dll!send                                                         7775C4C8 6 Bytes  JMP 71A00F5A 
.text  C:\Program Files\Opera\opera.exe[2308] WS2_32.dll!GetAddrInfoExW                                               7775D2B5 6 Bytes  JMP 71A60F5A 
.text  C:\Program Files\Opera\opera.exe[2308] WS2_32.dll!FreeAddrInfoEx                                               7775DE59 6 Bytes  JMP 71A30F5A 
.text  C:\Program Files\Opera\opera.exe[2308] WS2_32.dll!WSAGetOverlappedResult                                       7775E860 6 Bytes  JMP 71940F5A 

---- User IAT/EAT - GMER 2.0 ----

IAT    C:\Program Files\Zune\ZuneLauncher.exe[3000] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75B25E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)
IAT    C:\Program Files\Zune\ZuneLauncher.exe[3000] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75B25E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)
IAT    C:\Program Files\Zune\ZuneLauncher.exe[3000] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [75B25E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)
IAT    C:\Program Files\Zune\ZuneLauncher.exe[3000] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [75B25E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)

---- EOF - GMER 2.0 ----