GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-06 18:59:25 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600AAJS-00L7A0 rev.01.03E01 Running: 0sz4m7sk.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\kwtdipow.sys ---- System - GMER 1.0.15 ---- SSDT BA6F7C4C ZwClose SSDT BA6F7C06 ZwCreateKey SSDT BA6F7C56 ZwCreateSection SSDT BA6F7BFC ZwCreateThread SSDT BA6F7C0B ZwDeleteKey SSDT BA6F7C15 ZwDeleteValueKey SSDT BA6F7C47 ZwDuplicateObject SSDT BA6F7C1A ZwLoadKey SSDT BA6F7BE8 ZwOpenProcess SSDT BA6F7BED ZwOpenThread SSDT BA6F7C24 ZwReplaceKey SSDT BA6F7C1F ZwRestoreKey SSDT BA6F7C5B ZwSetContextThread SSDT BA6F7C10 ZwSetValueKey SSDT BA6F7BF7 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2DCC 80504668 4 Bytes CALL D50AB5E8 .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9918000, 0x1BDE76, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAA8C1300, 0x3ACC8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA440300, 0x1B7E, 0xE8000020] ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB57294$\317862595 0 bytes File C:\WINDOWS\$NtUninstallKB57294$\317862595\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB57294$\317862595\click.tlb 2144 bytes File C:\WINDOWS\$NtUninstallKB57294$\317862595\L 0 bytes File C:\WINDOWS\$NtUninstallKB57294$\317862595\L\bziadtav 62976 bytes File C:\WINDOWS\$NtUninstallKB57294$\317862595\loader.tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB57294$\317862595\U 0 bytes File C:\WINDOWS\$NtUninstallKB57294$\317862595\U\@00000001 45968 bytes File C:\WINDOWS\$NtUninstallKB57294$\317862595\U\@000000c0 3584 bytes File C:\WINDOWS\$NtUninstallKB57294$\317862595\U\@000000cb 3072 bytes File C:\WINDOWS\$NtUninstallKB57294$\317862595\U\@000000cf 1536 bytes File C:\WINDOWS\$NtUninstallKB57294$\317862595\U\@80000000 26112 bytes File C:\WINDOWS\$NtUninstallKB57294$\317862595\U\@800000c0 35840 bytes File C:\WINDOWS\$NtUninstallKB57294$\317862595\U\@800000cb 27648 bytes File C:\WINDOWS\$NtUninstallKB57294$\317862595\U\@800000cf 27648 bytes File C:\WINDOWS\$NtUninstallKB57294$\589441654 0 bytes ---- EOF - GMER 1.0.15 ----