GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-05-11 17:58:23
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HJ rev.1AJ100E4 465,76GB
Running: 3zob8iep.exe; Driver: C:\Users\Anhell\AppData\Local\Temp\fwrdypob.sys


---- Kernel code sections - GMER 2.2 ----

.text           ntkrnlpa.exe!ZwRenameKey + 1549                                                                               83A49F05 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                        83A84292 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                      section is writeable [0x9D409000, 0x37D761, 0xE8000020]

---- User code sections - GMER 2.2 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[3212] ntdll.dll!LdrLoadDll                                       77902133 5 Bytes  JMP 6B1467C0 C:\Program Files\Mozilla Firefox\mozglue.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3212] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D              75BC962E 7 Bytes  JMP 59E735BF C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3212] kernel32.dll!QueryPerformanceCounter + 13                  75BCC655 7 Bytes  JMP 59E7462D C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3212] kernel32.dll!LoadAppInitDlls + 355                         75BCF716 7 Bytes  JMP 59B7C271 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3212] USER32.dll!GetWindowInfo                                   75C74B2E 5 Bytes  JMP 5A9B1D5C C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3212] GDI32.dll!GetViewportOrgEx + 26C                           75D3874B 7 Bytes  JMP 59E72F7B C:\Program Files\Mozilla Firefox\xul.dll

---- User IAT/EAT - GMER 2.2 ----

IAT             C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [KERNEL32.dll!GetProcAddress]                         [7568FFF6] C:\Windows\system32\apphelp.dll

---- Devices - GMER 2.2 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                      fltmgr.sys

---- Registry - GMER 2.2 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                               331792
Reg             HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                              78179
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                            
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@57CECA92                   2969
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PowerTracker\Data\2017-05-11@AC_MonitorOn_Duration          0xBC 0x35 0x00 0x00 ...

---- Files - GMER 2.2 ----

File            C:\Users\Anhell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0T6P91H\clients[6].txt  1 bytes

---- EOF - GMER 2.2 ----