GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-07 22:26:01
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541040G9SA00 rev.MB2OC60R
Running: 54nwsc65.exe; Driver: C:\DOCUME~1\xxx\USTAWI~1\Temp\fxadrpow.sys


---- System - GMER 1.0.15 ----

SSDT	  spnu.sys																											 ZwCreateKey [0xF72870E0]
SSDT	  spnu.sys																											 ZwEnumerateKey [0xF72A5CA2]
SSDT	  spnu.sys																											 ZwEnumerateValueKey [0xF72A6030]
SSDT	  spnu.sys																											 ZwOpenKey [0xF72870C0]
SSDT	  spnu.sys																											 ZwQueryKey [0xF72A6108]
SSDT	  spnu.sys																											 ZwQueryValueKey [0xF72A5F88]
SSDT	  spnu.sys																											 ZwSetValueKey [0xF72A619A]

INT 0x62  ?																												    837DDBF8
INT 0x63  ?																												    835FCBF8
INT 0x73  ?																												    835FCBF8
INT 0x82  ?																												    837DDBF8
INT 0xA4  ?																												    835FCBF8
INT 0xB4  ?																												    835FCBF8

---- Kernel code sections - GMER 1.0.15 ----

?		 spnu.sys																											 Nie można odnaleźć określonego pliku. !
.text	 USBPORT.SYS!DllUnload																							    F6EF38AC 5 Bytes  JMP 835FC1D8
.text	 a8aep41s.SYS																										 F6E81386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text	 a8aep41s.SYS																										 F6E813AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text	 a8aep41s.SYS																										 F6E813C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text	 a8aep41s.SYS																										 F6E813C9 1 Byte  [2E]
.text	 a8aep41s.SYS																										 F6E813C9 11 Bytes  [2E, 00, 00, 00, 5A, 02, 00, ...]
.text	 ...																												 

---- User code sections - GMER 1.0.15 ----

.text	 C:\Program Files\Microsoft Office\Office12\GROOVE.EXE[900] kernel32.dll!SetUnhandledExceptionFilter				  7C8449FD 5 Bytes  JMP 32605629 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text	 C:\Program Files\Mozilla Firefox\firefox.exe[3272] ntdll.dll!LdrLoadDll											  7C9163A3 5 Bytes  JMP 01614470 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text	 C:\Program Files\Mozilla Firefox\firefox.exe[3272] kernel32.dll!lstrlenW + 43									    7C809ADC 7 Bytes  JMP 0186047C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text	 C:\Program Files\Mozilla Firefox\firefox.exe[3272] kernel32.dll!MapViewOfFileEx + 6A								 7C80B990 7 Bytes  JMP 01860459 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text	 C:\Program Files\Mozilla Firefox\firefox.exe[3272] kernel32.dll!ValidateLocale + B1E8							    7C8449F8 7 Bytes  JMP 0161F972 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text	 C:\Program Files\Mozilla Firefox\firefox.exe[3272] GDI32.dll!SetDIBitsToDevice + 209								 77F19E04 7 Bytes  JMP 018603DA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----