GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-18 17:09:25
Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC70P
Running: y5utt5fh.exe; Driver: C:\DOCUME~1\D@M!@N\USTAWI~1\Temp\uxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwAssignProcessToJobObject [0xF1EC34B0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwCreateThread [0xF1EC37F0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwDebugActiveProcess [0xF1EC3AB0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwDuplicateObject [0xF1EC35D0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwLoadDriver [0xF1EC38B0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwOpenProcess [0xF1EC3350]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwOpenThread [0xF1EC3410]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwProtectVirtualMemory [0xF1EC3570]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwQueueApcThread [0xF1EC3630]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwSetContextThread [0xF1EC3530]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwSetInformationThread [0xF1EC34F0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwSetSecurityObject [0xF1EC3670]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwSetSystemInformation [0xF1EC3870]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwSuspendProcess [0xF1EC33B0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwSuspendThread [0xF1EC3430]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwSystemDebugControl [0xF1EC3830]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwTerminateProcess [0xF1EC3370]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwTerminateThread [0xF1EC3470]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                   ZwWriteVirtualMemory [0xF1EC35F0]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2FBC                                                               80504828 12 Bytes  [B0, 33, EC, F1, 30, 34, EC, ...] {MOV AL, 0x33; IN AL, DX ; INT1 ; XOR [ESP+EBP*8], DH; INT1 ; XOR [EAX], BH; IN AL, DX ; INT1 }
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                           section is writeable [0xF6788360, 0x22379D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[268] kernel32.dll!SetUnhandledExceptionFilter  7C8447ED 4 Bytes  [C2, 04, 00, 00]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1040] ntdll.dll!LdrLoadDll                            7C915CD3 5 Bytes  JMP 01259720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1040] kernel32.dll!VirtualAlloc                       7C809A61 5 Bytes  JMP 0148E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1040] kernel32.dll!MapViewOfFile                      7C80B915 5 Bytes  JMP 0148E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1040] GDI32.dll!CreateDIBSection                      77F19AA1 5 Bytes  JMP 0148E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[1424] USER32.dll!SetWindowLongA              77D3DED3 5 Bytes  JMP 106775F7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[1424] USER32.dll!SetWindowLongW              77D3DEF1 5 Bytes  JMP 10677589 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[1424] USER32.dll!GetWindowInfo               77D3F122 5 Bytes  JMP 1044FE0A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[1424] USER32.dll!TrackPopupMenu              77D84F16 5 Bytes  JMP 104503C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                             eamon.sys (Amon monitor/ESET)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                          epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                           eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----