GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-14 13:51:17 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 rev. Running: ql344buw.exe; Driver: C:\DOCUME~1\leszek\USTAWI~1\Temp\pxtdapow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB7846000, 0x231B17, 0xE8000020] ---- Devices - GMER 1.0.15 ---- Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89A7D0AE Device \Driver\atapi \Device\Ide\IdePort0 89A7CF76 Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89A7D0AE Device \Driver\atapi \Device\Ide\IdePort1 89A7CF76 Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 89A7D0AE Device \Driver\atapi \Device\Ide\IdePort2 89A7CF76 Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 89A7D0AE Device \Driver\atapi \Device\Ide\IdePort3 89A7CF76 Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-5 89A7D0AE Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 89A7CF76 Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-12 89A7D0AE Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 89A7CF76 Device \Driver\Disk \Device\Harddisk0\DR0 89A7CA2E Device \Driver\Disk \Device\Harddisk1\DR3 89A7CA2E Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 89A7CA2E AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs A5E82400 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- EOF - GMER 1.0.15 ----