GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2016-02-23 20:08:31
Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.892C 111,79GB
Running: 5k2od78g.exe; Driver: C:\DOCUME~1\Brim\USTAWI~1\Temp\fwxdqpow.sys


---- System - GMER 2.1 ----

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                           ZwCreateKey [0xF72E4CCA]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                           ZwCreateProcess [0xF72E4C8C]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                           ZwCreateProcessEx [0xF72E4CA0]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                           ZwDeleteKey [0xF72E4CDE]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                           ZwDeleteValueKey [0xF72E4D0A]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                           ZwOpenKey [0xF72E4CB6]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                           ZwOpenProcess [0xF72E4C64]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                           ZwOpenThread [0xF72E4C78]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                           ZwRenameKey [0xF72E4CF4]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                           ZwSetSecurityObject [0xF72E4D36]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                           ZwSetValueKey [0xF72E4D20]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                           NtOpenProcess
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                           NtOpenThread
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                           NtSetSecurityObject

---- User code sections - GMER 2.1 ----

.text           C:\WINDOWS\SMINST\Scheduler.exe[456] USER32.dll!GetSysColor                                             7E368E78 5 Bytes  JMP 00418ED0 C:\WINDOWS\SMINST\Scheduler.exe
.text           C:\WINDOWS\SMINST\Scheduler.exe[456] USER32.dll!GetSysColorBrush                                        7E368EAB 5 Bytes  JMP 00418F40 C:\WINDOWS\SMINST\Scheduler.exe
.text           C:\WINDOWS\SMINST\Scheduler.exe[456] USER32.dll!SetScrollInfo                                           7E369056 7 Bytes  JMP 00418DC0 C:\WINDOWS\SMINST\Scheduler.exe
.text           C:\WINDOWS\SMINST\Scheduler.exe[456] USER32.dll!GetScrollInfo                                           7E37DFE2 7 Bytes  JMP 00418D10 C:\WINDOWS\SMINST\Scheduler.exe
.text           C:\WINDOWS\SMINST\Scheduler.exe[456] USER32.dll!ShowScrollBar                                           7E37F2F2 5 Bytes  JMP 00418E90 C:\WINDOWS\SMINST\Scheduler.exe
.text           C:\WINDOWS\SMINST\Scheduler.exe[456] USER32.dll!GetScrollPos                                            7E37F704 5 Bytes  JMP 00418D50 C:\WINDOWS\SMINST\Scheduler.exe
.text           C:\WINDOWS\SMINST\Scheduler.exe[456] USER32.dll!SetScrollPos                                            7E37F750 5 Bytes  JMP 00418E00 C:\WINDOWS\SMINST\Scheduler.exe
.text           C:\WINDOWS\SMINST\Scheduler.exe[456] USER32.dll!GetScrollRange                                          7E37F787 5 Bytes  JMP 00418D80 C:\WINDOWS\SMINST\Scheduler.exe
.text           C:\WINDOWS\SMINST\Scheduler.exe[456] USER32.dll!SetScrollRange                                          7E37F99B 5 Bytes  JMP 00418E40 C:\WINDOWS\SMINST\Scheduler.exe
.text           C:\WINDOWS\SMINST\Scheduler.exe[456] USER32.dll!EnableScrollBar                                         7E3B8005 7 Bytes  JMP 00418CD0 C:\WINDOWS\SMINST\Scheduler.exe
.text           C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2044] kernel32.dll!LoadLibraryA    7C801D7B 5 Bytes  JMP 6241B370 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text           C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2044] kernel32.dll!LoadLibraryW    7C80AEEB 5 Bytes  JMP 6241B470 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)

---- User IAT/EAT - GMER 2.1 ----

IAT             C:\WINDOWS\system32\mfevtps.exe[256] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW]  [0040A3B0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT             C:\WINDOWS\system32\mfevtps.exe[256] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]      [0040A410] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                               mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                               mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                             mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device          \FileSystem\Cdfs \Cdfs                                                                                  DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                   unknown MBR code

---- EOF - GMER 2.1 ----