GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-11 13:26:18
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AR1 298,09GB
Running: bnuf20zp.exe; Driver: C:\Users\Ja\AppData\Local\Temp\uglcyaoc.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                 834539E5 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                   83473512 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[11260] shell32.DLL!RealDriveType + 173D                  756AFE30 4 Bytes  [E5, 36, E9, 67]
.text           C:\Program Files\Internet Explorer\iexplore.exe[11260] shell32.DLL!RealDriveType + 1745                  756AFE38 8 Bytes  JMP 5FEE9DA4 

---- User IAT/EAT - GMER 2.1 ----

IAT             C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                          [73A124CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                     [739F562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                    [739F56EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree]                           [73A12546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                 [73A085AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                   [73A04D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                  [73A05105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                 [73A051DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]        [73A06707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                  [73A08301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]             [73A08850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]           [73A090B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                 [73A0E254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT             C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                     [73A04C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                  Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                  Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                 fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers@AliveServerCount                            1
Reg             HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\66C93817-E290-4F9D-A842-024273D2374D@Alive  0

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                    unknown MBR code

---- EOF - GMER 2.1 ----