GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-04-24 06:46:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400BEVT-80A0RT0 rev.01.01A01 596,17GB
Running: 80d6dynp.exe; Driver: C:\Users\Krystian\AppData\Local\Temp\fgloqpoc.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\System32\win32k.sys!W32pServiceTable                          fffff96000193f00 7 bytes [00, 98, F3, FF, 01, A6, F0]
.text   C:\Windows\System32\win32k.sys!W32pServiceTable + 8                      fffff96000193f08 3 bytes [C0, 06, 02]
.text   ...                                                                      * 109
.text   C:\Windows\System32\win32k.sys!BRUSHOBJ_pvGetRbrush + 432                fffff9600024ba18 8 bytes [40, 26, 70, 04, 80, F8, FF, ...]
.text   C:\Windows\System32\win32k.sys!CLIPOBJ_bEnum + 740                       fffff9600024bee8 8 bytes [FC, 26, 70, 04, 80, F8, FF, ...]
.text   C:\Windows\System32\win32k.sys!EngAcquireSemaphoreNoWait + 76            fffff9600024c578 8 bytes [C8, 27, 70, 04, 80, F8, FF, ...]
.text   C:\Windows\System32\win32k.sys!EngIsSemaphoreSharedByCurrentThread + 24  fffff9600024c658 8 bytes [E0, 29, 70, 04, 80, F8, FF, ...]
.text   C:\Windows\System32\win32k.sys!EngDeleteSafeSemaphore + 52               fffff9600024c728 8 bytes [78, 31, 70, 04, 80, F8, FF, ...]
.text   C:\Windows\System32\win32k.sys!EngGetProcessHandle + 398                 fffff96000252a92 3 bytes [FF, 25, C0]
.text   C:\Windows\System32\win32k.sys!EngGetProcessHandle + 402                 fffff96000252a96 2 bytes [04, 00]
.text   C:\Windows\System32\win32k.sys!EngMarkBandingSurface + 60                fffff96000254598 8 bytes [10, 37, 70, 04, 80, F8, FF, ...]
.text   C:\Windows\System32\win32k.sys!EngUnlockSurface + 52                     fffff96000254698 8 bytes [48, 39, 70, 04, 80, F8, FF, ...]
.text   C:\Windows\System32\win32k.sys!EngCreateEvent + 88                       fffff9600025cf78 8 bytes [CC, 2A, 70, 04, 80, F8, FF, ...]
.text   C:\Windows\System32\win32k.sys!EngGetFileChangeTime + 304                fffff9600025da48 8 bytes [A8, 2F, 70, 04, 80, F8, FF, ...]
.text   C:\Windows\System32\win32k.sys!EngFindResource + 840                     fffff9600025dd98 8 bytes [8C, 30, 70, 04, 80, F8, FF, ...]
.text   C:\Windows\System32\win32k.sys!EngWideCharToMultiByte + 28               fffff9600025ddf8 8 bytes [A0, 2C, 70, 04, 80, F8, FF, ...]
.text   C:\Windows\System32\win32k.sys!EngDitherColor + 416                      fffff9600027e368 8 bytes [44, 2D, 70, 04, 80, F8, FF, ...]
.text   C:\Windows\System32\win32k.sys!EngFileWrite + 76                         fffff9600027e418 8 bytes [C0, 2D, 70, 04, 80, F8, FF, ...]
.text   C:\Windows\System32\win32k.sys!EngFileIoControl + 312                    fffff9600027e558 8 bytes [D8, 2E, 70, 04, 80, F8, FF, ...]
.text   C:\Windows\System32\win32k.sys!EngLoadModuleForWrite + 16                fffff9600028e628 8 bytes {CALL QWORD [RAX+0x470354c]}

---- Kernel IAT/EAT - GMER 2.1 ----

IAT     C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback]          [fffff88004763ea4] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

---- Devices - GMER 2.1 ----

Device  \Driver\WUDFRd \Device\UMDFCtrlDev-e2103044-cb62-11e3-bfef-20cf3024a2bf  fffff88008fc63f4

---- EOF - GMER 2.1 ----