GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-30 20:52:28
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHW2160BH_PL rev.0040001D 149,05GB
Running: vte74zzp.exe; Driver: C:\Users\Ania\AppData\Local\Temp\kwtdrpow.sys


---- System - GMER 2.1 ----

INT 0x52        ?                                                                                                                       95C3D7D8
INT 0x61        ?                                                                                                                       95CC52D8
INT 0x62        ?                                                                                                                       95C3DA58
INT 0x71        ?                                                                                                                       95CC5558
INT 0xA2        ?                                                                                                                       95C3DCD8
INT 0xB2        ?                                                                                                                       95CC5CD8

---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                                830759A5 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                  83095512 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                section is writeable [0x91C30340, 0x3EE217, 0xE8000020]

---- User IAT/EAT - GMER 2.1 ----

IAT             C:\Windows\Explorer.EXE[1756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                         [73AD249F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[1756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                    [73AB5652] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[1756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                   [73AB5710] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[1756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                          [73AD251A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[1756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                [73AC857E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[1756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                  [73AC4D32] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[1756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                 [73AC50D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[1756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                [73AC51AE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[1756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                       [73AC66DB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[1756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                 [73AC82D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[1756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                            [73AC8824] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[1756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                          [73AC9085] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[1756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                [73ACE228] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[1756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                    [73AC4C64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                 Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                 Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{C8220DD6-2688-11E1-B44F-806E6F6E6963}  6764116112

---- EOF - GMER 2.1 ----