GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-16 14:03:09 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e SAMSUNG_HD502HI rev.1AG01118 Running: mm5q092c.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\kwwyaaob.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9796380, 0x34C81F, 0xE8000020] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Fastfat \Fat B62A9D20 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\afbbkdctm@DisplayName Shell Windows Reg HKLM\SYSTEM\ControlSet002\Services\afbbkdctm@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\afbbkdctm@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\afbbkdctm@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\afbbkdctm@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\afbbkdctm@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\afbbkdctm@Description Zapewnia us?ugi translacji adres?w sieciowych, adresowania, rozpoznawania nazw i/lub blokowania dost?pu intruz?w wszystkim komputerom w sieci domowej lub biurowej. Reg HKLM\SYSTEM\ControlSet002\Services\afbbkdctm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\afbbkdctm\Parameters@ServiceDll C:\WINDOWS\system32\haqtyfy.dll Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x06 0x5D 0x95 0xD7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{68a8bc11-1dba-4323-b62f-26275517ea0a}@Model 251 Reg HKLM\SOFTWARE\Classes\CLSID\{68a8bc11-1dba-4323-b62f-26275517ea0a}@Therad 30 Reg HKLM\SOFTWARE\Classes\CLSID\{68a8bc11-1dba-4323-b62f-26275517ea0a}@MData 0x2B 0x8F 0x78 0x29 ... ---- EOF - GMER 1.0.15 ----