GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-24 15:31:36
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-14 ST3250410AS rev.3.AAC
Running: mf6yrnlk.exe; Driver: C:\DOCUME~1\S0904~1.IWO\USTAWI~1\Temp\fxtyifow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwAssignProcessToJobObject [0xA7FA84B0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwCreateThread [0xA7FA87F0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwDebugActiveProcess [0xA7FA8AB0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwDuplicateObject [0xA7FA85D0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwLoadDriver [0xA7FA88B0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwOpenProcess [0xA7FA8350]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwOpenThread [0xA7FA8410]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwProtectVirtualMemory [0xA7FA8570]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwQueueApcThread [0xA7FA8630]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwSetContextThread [0xA7FA8530]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwSetInformationThread [0xA7FA84F0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwSetSecurityObject [0xA7FA8670]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwSetSystemInformation [0xA7FA8870]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwSuspendProcess [0xA7FA83B0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwSuspendThread [0xA7FA8430]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwSystemDebugControl [0xA7FA8830]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwTerminateProcess [0xA7FA8370]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwTerminateThread [0xA7FA8470]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                     ZwWriteVirtualMemory [0xA7FA85F0]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2FD8                                                                 80504874 12 Bytes  [B0, 83, FA, A7, 30, 84, FA, ...] {MOV AL, 0x83; CLI ; CMPSD ; XOR [EDX+EDI*8-0x577cf59], AL; CMPSD }

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1268] kernel32.dll!SetUnhandledExceptionFilter    7C84495D 4 Bytes  [C2, 04, 00, 00]
.text           C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[2716] kernel32.dll!SetUnhandledExceptionFilter  7C84495D 5 Bytes  JMP 326050B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text           C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[2716] ole32.dll!OleLoadFromStream               7751983B 5 Bytes  JMP 330CEAC8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text           C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[3000] kernel32.dll!SetUnhandledExceptionFilter             7C84495D 5 Bytes  JMP 326050B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text           C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[3000] ole32.dll!OleLoadFromStream                          7751983B 5 Bytes  JMP 330CEAC8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                               InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                               eamon.sys (Amon monitor/ESET)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                             epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                            epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                            epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                          epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                             InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                             eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----