GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-04 16:31:43 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c ST3500418AS rev.CC46 465,76GB Running: cmpz2uvt.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\afxcraog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB242F3A0, 0x585A45, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 20, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 23, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 20, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 21, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 22, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 21, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 22, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 20, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 21, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 22, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 23, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[432] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[520] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 84, 16, 00] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 87, 16, 00] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 84, 16, 00] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 85, 16, 00] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EC80 .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 86, 16, 00] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 85, 16, 00] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 86, 16, 00] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ECF1 .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 84, 16, 00] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE1F .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 85, 16, 00] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 86, 16, 00] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 87, 16, 00] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[2244] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 28, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 2B, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 28, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 29, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 2A, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 29, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 2A, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 28, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 29, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 2A, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 2B, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3684] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, E0, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, E3, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, E0, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, E1, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, E2, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, E1, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, E2, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, E0, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, E1, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, E2, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, E3, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3692] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, B8, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, BB, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, B8, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, B9, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, BA, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, B9, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, BA, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, B8, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, B9, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, BA, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, BB, A1, 02] .text C:\Program Files\Opera\15.0.1147.153\opera.exe[3868] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] ---- Files - GMER 2.1 ---- File C:\Documents and Settings\Administrator\Dane aplikacji\Adobe\AIR\Updater\Background 0 bytes File C:\Documents and Settings\Administrator\Dane aplikacji\Adobe\AIR\Updater\Background\META-INF 0 bytes File C:\Documents and Settings\Administrator\Dane aplikacji\Adobe\AIR\Updater\Background\META-INF\signatures.xml 14874 bytes File C:\Documents and Settings\Administrator\Dane aplikacji\Adobe\AIR\Updater\Background\mimetype 41 bytes File C:\Documents and Settings\Administrator\Dane aplikacji\Adobe\AIR\Updater\Background\updateAttempted 0 bytes File C:\Documents and Settings\Administrator\Dane aplikacji\Adobe\AIR\Updater\Background\updater 18066392 bytes executable File C:\Documents and Settings\Administrator\Dane aplikacji\Adobe\AIR\Updater\lastUpdateCheck 35 bytes ---- EOF - GMER 2.1 ----