GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-18 15:52:48 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.01.0 149,05GB Running: zhoznttf.exe; Driver: C:\Users\Arcadius\AppData\Local\Temp\kwdorpob.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 81C47A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C81212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\B72CE2E2-26FF-4F01-81A0-B767B20A11FE@IPAddress 127.0.0.1 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{54FA871F-5D37-11E3-85A4-806E6F6E6963} 577857584 ---- EOF - GMER 2.1 ----