GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-11 23:27:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2040AT_PL rev.0022
Running: 16godzso.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwkdrkog.sys


---- User code sections - GMER 1.0.15 ----

.text   C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtQueryInformationProcess                                                           7C90D7E0 5 Bytes  JMP 015B9DC2 
.text   C:\Windows\System32\svchost.exe[1024] NETAPI32.dll!NetpwPathCanonicalize                                                            5B86A3A9 5 Bytes  JMP 015B9D62 
.text   C:\Windows\System32\svchost.exe[1080] ntdll.dll!NtQueryInformationProcess                                                           7C90D7E0 5 Bytes  JMP 00699DC2 

---- Devices - GMER 1.0.15 ----

Device  \FileSystem\Cdfs \Cdfs                                                                                                              A437C400

---- Registry - GMER 1.0.15 ----

Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6AE71E9A-253C-82C4-C6EF-7DF0FFE2A9B7}                     
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6AE71E9A-253C-82C4-C6EF-7DF0FFE2A9B7}@iahahnafmehcmjgapm  0x6A 0x61 0x6C 0x6A ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6AE71E9A-253C-82C4-C6EF-7DF0FFE2A9B7}@hanpaalibmpdpkbh    0x6A 0x61 0x6C 0x6A ...

---- EOF - GMER 1.0.15 ----