GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-07 11:50:51
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600AAJS-00L7A0 rev.01.03E01
Running: wu3lbups.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\kwtdipow.sys


---- System - GMER 1.0.15 ----

SSDT   BA6D0184                                  ZwClose
SSDT   BA6D013E                                  ZwCreateKey
SSDT   BA6D018E                                  ZwCreateSection
SSDT   BA6D0134                                  ZwCreateThread
SSDT   BA6D0143                                  ZwDeleteKey
SSDT   BA6D014D                                  ZwDeleteValueKey
SSDT   BA6D017F                                  ZwDuplicateObject
SSDT   BA6D0152                                  ZwLoadKey
SSDT   BA6D0120                                  ZwOpenProcess
SSDT   BA6D0125                                  ZwOpenThread
SSDT   BA6D015C                                  ZwReplaceKey
SSDT   BA6D0157                                  ZwRestoreKey
SSDT   BA6D0193                                  ZwSetContextThread
SSDT   BA6D0148                                  ZwSetValueKey
SSDT   BA6D012F                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\system32\DRIVERS\ati2mtag.sys  section is writeable [0xB9A28000, 0x1BDE76, 0xE8000020]
.text  C:\WINDOWS\system32\DRIVERS\atksgt.sys    section is writeable [0xAAA34300, 0x3ACC8, 0xE8000020]
.text  C:\WINDOWS\system32\DRIVERS\lirsgt.sys    section is writeable [0xBA448300, 0x1B7E, 0xE8000020]

---- EOF - GMER 1.0.15 ----