GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-22 19:02:46 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-00FJA0 rev.13.03G13 74,53GB Running: p2yhhowi.exe; Driver: C:\DOCUME~1\KaMiLa\USTAWI~1\Temp\awryrfog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6F6A000, 0x1C5D38, 0xE8000020] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 17 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 8 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@RefCount 3 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@RefCount 2 ---- Files - GMER 2.1 ---- File C:\System Volume Information\catalog.wci\CiFLfffd.000 240 bytes File C:\System Volume Information\catalog.wci\CiFLfffd.001 720896 bytes File C:\System Volume Information\catalog.wci\CiFLfffd.002 720896 bytes ---- EOF - GMER 2.1 ----