GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-08-17 20:27:41
Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c SAMSUNG_HD502HI rev.1AG01118 465,76GB
Running: q064kwmf.exe; Driver: T:\TEMP\ugtdypob.sys


---- System - GMER 2.1 ----

SSDT     \??\C:\WINDOWS\system32\drivers\HookCentre.sys                                                            ZwCreateKey [0xB3FAAD0C]
SSDT     \??\C:\WINDOWS\system32\drivers\HookCentre.sys                                                            ZwDeleteKey [0xB3FAB0D2]
SSDT     \??\C:\WINDOWS\system32\drivers\HookCentre.sys                                                            ZwDeleteValueKey [0xB3FAB112]
SSDT     \??\C:\WINDOWS\system32\drivers\HookCentre.sys                                                            ZwOpenKey [0xB3FAAEE8]
SSDT     \??\C:\WINDOWS\system32\drivers\HookCentre.sys                                                            ZwOpenProcess [0xB3FA9AA0]
SSDT     \??\C:\WINDOWS\system32\drivers\HookCentre.sys                                                            ZwSetValueKey [0xB3FAB076]

---- Kernel code sections - GMER 2.1 ----

.text    ntkrnlpa.exe!ZwCallbackReturn + 2E64                                                                      8050474C 4 Bytes  [E8, AE, FA, B3]
.text    C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                  section is writeable [0xB69BD3C0, 0x83E20A, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text    D:\Internet\Firefox\firefox.exe[3708] ntdll.dll!NtCreateFile                                              7C90D0AE 5 Bytes  JMP 0137337E D:\Internet\Firefox\xul.dll
.text    D:\Internet\Firefox\firefox.exe[3708] ntdll.dll!NtFlushBuffersFile                                        7C90D32E 5 Bytes  JMP 013730BE D:\Internet\Firefox\xul.dll
.text    D:\Internet\Firefox\firefox.exe[3708] ntdll.dll!NtQueryFullAttributesFile                                 7C90D7AE 5 Bytes  JMP 013731F6 D:\Internet\Firefox\xul.dll
.text    D:\Internet\Firefox\firefox.exe[3708] ntdll.dll!NtReadFile                                                7C90D9CE 5 Bytes  JMP 013730F8 D:\Internet\Firefox\xul.dll
.text    D:\Internet\Firefox\firefox.exe[3708] ntdll.dll!NtReadFileScatter                                         7C90D9DE 5 Bytes  JMP 016EAA7F D:\Internet\Firefox\xul.dll
.text    D:\Internet\Firefox\firefox.exe[3708] ntdll.dll!NtWriteFile                                               7C90DF7E 5 Bytes  JMP 01373522 D:\Internet\Firefox\xul.dll
.text    D:\Internet\Firefox\firefox.exe[3708] ntdll.dll!NtWriteFileGather                                         7C90DF8E 5 Bytes  JMP 016EAACF D:\Internet\Firefox\xul.dll
.text    D:\Internet\Firefox\firefox.exe[3708] ntdll.dll!LdrLoadDll                                                7C91632D 5 Bytes  JMP 1000A732 D:\Internet\Firefox\mozglue.dll
.text    D:\Internet\Firefox\firefox.exe[3708] kernel32.dll!lstrlenW + 43                                          7C809AEC 7 Bytes  JMP 016D3E1D D:\Internet\Firefox\xul.dll
.text    D:\Internet\Firefox\firefox.exe[3708] kernel32.dll!MapViewOfFileEx + 6A                                   7C80B9A0 7 Bytes  JMP 016D3022 D:\Internet\Firefox\xul.dll
.text    D:\Internet\Firefox\firefox.exe[3708] kernel32.dll!ValidateLocale + B648                                  7C844EE0 7 Bytes  JMP 01458F7A D:\Internet\Firefox\xul.dll
.text    D:\Internet\Firefox\firefox.exe[3708] GDI32.dll!SetDIBitsToDevice + 20A                                   77F19E14 7 Bytes  JMP 016D28A7 D:\Internet\Firefox\xul.dll
.text    D:\Internet\Firefox\firefox.exe[3708] USER32.dll!GetWindowInfo                                            7E37C49C 5 Bytes  JMP 02195AF0 D:\Internet\Firefox\xul.dll

---- Devices - GMER 2.1 ----

Device   \Driver\Tcpip \Device\Ip                                                                                  GDTdiIcpt.sys
Device   \Driver\Tcpip \Device\Tcp                                                                                 GDTdiIcpt.sys
Device   \Driver\Tcpip \Device\Udp                                                                                 GDTdiIcpt.sys
Device   \Driver\Tcpip \Device\RawIp                                                                               GDTdiIcpt.sys
Device   \Driver\Tcpip \Device\IPMULTICAST                                                                         GDTdiIcpt.sys
---- Processes - GMER 2.1 ----

Library  C:\LOGI\Dla picasso\FRST.exe (*** hidden *** ) @ C:\LOGI\Dla picasso\FRST.exe [1532]                      0x00400000                                                      

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\ControlSet001\Control\Video\{5ABF644C-6773-4D7F-B4B3-88D8210A04B4}\0000@D3D_\x3332\x3331      2089309684
Reg      HKLM\SYSTEM\ControlSet001\Control\Video\{BAED37E2-3AC0-456F-8C8C-1C5BD89ACEDC}\0000@D3D_\x3332\x3331      2089309684
Reg      HKLM\SYSTEM\ControlSet001\Control\Video\{E5BB8364-EB99-4705-9E5A-31232C916688}\0000@D3D_\x3332\x3331      2089309684
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Video\{5ABF644C-6773-4D7F-B4B3-88D8210A04B4}\0000@D3D_\x3332\x3331  2089309684
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Video\{BAED37E2-3AC0-456F-8C8C-1C5BD89ACEDC}\0000@D3D_\x3332\x3331  2089309684
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Video\{E5BB8364-EB99-4705-9E5A-31232C916688}\0000@D3D_\x3332\x3331  2089309684
Reg      HKLM\SYSTEM\ControlSet004\Control\Video\{5ABF644C-6773-4D7F-B4B3-88D8210A04B4}\0000@D3D_\x3332\x3331      2089309684
Reg      HKLM\SYSTEM\ControlSet004\Control\Video\{BAED37E2-3AC0-456F-8C8C-1C5BD89ACEDC}\0000@D3D_\x3332\x3331      2089309684
Reg      HKLM\SYSTEM\ControlSet004\Control\Video\{E5BB8364-EB99-4705-9E5A-31232C916688}\0000@D3D_\x3332\x3331      2089309684
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit@FindFlags                                  14
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites                                  

---- EOF - GMER 2.1 ----