GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-21 20:46:29
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD4000AAJB-00YRA0 rev.12.01C02
Running: cbw1hg2f.exe; Driver: C:\DOCUME~1\Mynar\USTAWI~1\Temp\kgxirkob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text   C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                    section is writeable [0xF5B16000, 0x2AAE02, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text   C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!NtProtectVirtualMemory       7C90D6EE 5 Bytes  JMP 00EB000A 
.text   C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!NtWriteVirtualMemory         7C90DFAE 5 Bytes  JMP 00EC000A 
.text   C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!KiUserExceptionDispatcher    7C90E47C 5 Bytes  JMP 00EA000C 
.text   C:\WINDOWS\Explorer.EXE[1480] ntdll.dll!NtProtectVirtualMemory              7C90D6EE 5 Bytes  JMP 00C8000A 
.text   C:\WINDOWS\Explorer.EXE[1480] ntdll.dll!NtWriteVirtualMemory                7C90DFAE 5 Bytes  JMP 00C9000A 
.text   C:\WINDOWS\Explorer.EXE[1480] ntdll.dll!KiUserExceptionDispatcher           7C90E47C 5 Bytes  JMP 00BE000C 
.text   C:\Program Files\Opera\opera.exe[3364] ntdll.dll!NtProtectVirtualMemory     7C90D6EE 5 Bytes  JMP 00F2000A 
.text   C:\Program Files\Opera\opera.exe[3364] ntdll.dll!NtWriteVirtualMemory       7C90DFAE 5 Bytes  JMP 0117000A 
.text   C:\Program Files\Opera\opera.exe[3364] ntdll.dll!KiUserExceptionDispatcher  7C90E47C 5 Bytes  JMP 00F1000C 
.text   C:\WINDOWS\system32\wuauclt.exe[3448] ntdll.dll!NtProtectVirtualMemory      7C90D6EE 5 Bytes  JMP 00CE000A 
.text   C:\WINDOWS\system32\wuauclt.exe[3448] ntdll.dll!NtWriteVirtualMemory        7C90DFAE 5 Bytes  JMP 00CF000A 
.text   C:\WINDOWS\system32\wuauclt.exe[3448] ntdll.dll!KiUserExceptionDispatcher   7C90E47C 5 Bytes  JMP 00CD000C 

---- Devices - GMER 1.0.15 ----

Device  \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0                         89D4D31B
Device  \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3                89D4D31B
Device  \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1                         89D4D31B
Device  \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2                         89D4D31B
Device  \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3                         89D4D31B
Device  \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-10               89D4D31B

---- Disk sectors - GMER 1.0.15 ----

Disk    \Device\Harddisk0\DR0                                                       TDL4@MBR code has been found                              <-- ROOTKIT !!!
Disk    \Device\Harddisk0\DR0                                                       sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----