GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-17 21:19:56 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6E040L0 rev.NAR61590 Running: wg16mi8w.exe; Driver: C:\DOCUME~1\adamss\USTAWI~1\Temp\ugnyypob.sys ---- System - GMER 1.0.15 ---- SSDT spuo.sys ZwCreateKey [0xF84150E0] SSDT spuo.sys ZwEnumerateKey [0xF8433DA4] SSDT spuo.sys ZwEnumerateValueKey [0xF8434132] SSDT spuo.sys ZwOpenKey [0xF84150C0] SSDT spuo.sys ZwQueryKey [0xF843420A] SSDT spuo.sys ZwQueryValueKey [0xF843408A] SSDT spuo.sys ZwSetValueKey [0xF843429C] INT 0x62 ? 823DFBF8 INT 0x73 ? 821A1BF8 INT 0x73 ? 821A1BF8 INT 0x73 ? 821A1BF8 INT 0x73 ? 821A1BF8 INT 0x73 ? 821A1BF8 INT 0x82 ? 823DFBF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spuo.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload F805462C 5 Bytes JMP 821A11D8 .text ao796ore.SYS F3C0B386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text ao796ore.SYS F3C0B3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text ao796ore.SYS F3C0B3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text ao796ore.SYS F3C0B3C9 1 Byte [2E] .text ao796ore.SYS F3C0B3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430 .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1708] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430 .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2424] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430 .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2960] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430 .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430 .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\adamss\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4008] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 823742D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8446D4C] spuo.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8446DA0] spuo.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8416042] spuo.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F841613E] spuo.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84160C0] spuo.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8416800] spuo.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84166D6] spuo.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 821A12D8 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8425E9C] spuo.sys IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!RtlInitUnicodeString] 0975013E IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!swprintf] 1B42E853 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeSetEvent] C4830000 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoCreateSymbolicLink] B05E5F04 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E58B5B01 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] CCCCC35D IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!MmFreeMappingAddress] CCCCCCCC IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 53EC8B55 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 08758B56 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!MmUnmapIoSpace] 0214BE83 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 57000000 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IofCompleteRequest] 45C60674 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1EEB010B IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IofCallDriver] 020C868B IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!MmAllocateMappingAddress] C0850000 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 808A1074 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoConnectInterrupt] 00000804 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoDetachDevice] A03CF024 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0B45950F IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeInitializeEvent] 45C604EB IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 458A000B IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!RtlInitAnsiString] 88C0840B IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 840F0946 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoQueueWorkItem] 000000C1 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!MmMapIoSpace] 14B30E8B IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 1C8286C6 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoReportDetectedDevice] 88010000 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoReportResourceForDetection] 001C859E IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] A19E8800 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!NlsMbCodePageTag] C600001C IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!PoRequestPowerIrp] 001C8686 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 86C60100 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 00001CA2 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!sprintf] 70518B01 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 8D52006A IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!ObfDereferenceObject] 001C8886 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 55E85000 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 8B000023 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!ZwClose] 70518B0E IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 8D52016A IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 001CA486 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 41E85000 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 8B000023 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!PoCallDriver] 18C4830E IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoCreateDevice] 1C8D9E88 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 9E880000 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 00001CA9 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!ZwOpenKey] 0E798366 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 74AAB000 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoStartTimer] 8186C636 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeInitializeTimer] 1A00001C IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoInitializeTimer] 1C8386C6 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeInitializeDpc] C6020000 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeInitializeSpinLock] 001C8E86 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoInitializeIrp] 86C60200 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!ZwCreateKey] 00001CAA IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 959E8802 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8800001C IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB19E IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeInsertQueueDpc] 96868800 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8800001C IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoStartPacket] 001CB286 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C61AEB00 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 001C8186 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoFreeMdl] 86C61200 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!MmUnlockPages] 00001C83 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8E868801 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 8800001C IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 001CAA86 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 80968B00 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeSynchronizeExecution] 8900001C IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoStartNextPacket] 001C9C96 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeBugCheckEx] C6168B00 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CB986 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeSetTimer] 428A0A00 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeCancelTimer] BA86880C IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!_allmul] 8B00001C IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!MmProbeAndLockPages] 24A48DFA IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!_except_handler3] 00000000 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!PoSetPowerState] 4B8BDF8B IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 8D3F0304 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!RtlWriteRegistryValue] CB033043 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!_aulldiv] 0673C13B IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!strstr] C13B0003 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!_strupr] 8366FA72 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeQuerySystemTime] 75000E7B IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0B7D80E3 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!KeTickCount] 307B8D00 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00AA840F IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoDeleteDevice] 83660000 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 6A000E7A IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoAllocateWorkItem] C6647400 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoAllocateIrp] 001CBB86 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoAllocateMdl] 4F8B0200 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 968D5140 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!MmLockPagableDataSection] 00001C90 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 2266E852 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 478B0000 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!ExFreePoolWithTag] 50016A40 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoFreeIrp] 1CAC8E8D IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!IoFreeWorkItem] E8510000 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!InitSafeBootMode] 00002254 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!RtlCompareMemory] 6A18538B IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 868D5200 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!memmove] 00001C98 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[ntoskrnl.exe!MmHighestUserAddress] 2242E850 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[HAL.dll!KfAcquireSpinLock] 8A000002 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[HAL.dll!READ_PORT_UCHAR] 83880846 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[HAL.dll!KeGetCurrentIrql] 000001C0 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[HAL.dll!KfRaiseIrql] 2C4EB70F IAT \SystemRoot\System32\Drivers\ao796ore.SYS[HAL.dll!KfLowerIrql] 8303C183 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[HAL.dll!HalGetInterruptVector] D103FCE1 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[HAL.dll!HalTranslateBusAddress] 2E7E8366 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[HAL.dll!KeStallExecutionProcessor] 8D1C7400 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[HAL.dll!KfReleaseSpinLock] 83893204 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00000218 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[HAL.dll!READ_PORT_USHORT] 2E4EB70F IAT \SystemRoot\System32\Drivers\ao796ore.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 021C8B89 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[HAL.dll!WRITE_PORT_UCHAR] B70F0000 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[WMILIB.SYS!WmiSystemControl] 03D00304 IAT \SystemRoot\System32\Drivers\ao796ore.SYS[WMILIB.SYS!WmiCompleteRequest] 0CB389F2 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 823DE1F8 Device \FileSystem\Fastfat \FatCdrom 81F6B1F8 Device \Driver\usbuhci \Device\USBPDO-0 8219F1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{9949E236-6304-4396-A137-595C8EBBC4E7} 81F861F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 823721F8 Device \Driver\dmio \Device\DmControl\DmConfig 823721F8 Device \Driver\dmio \Device\DmControl\DmPnP 823721F8 Device \Driver\dmio \Device\DmControl\DmInfo 823721F8 Device \Driver\usbuhci \Device\USBPDO-1 8219F1F8 Device \Driver\usbuhci \Device\USBPDO-2 8219F1F8 Device \Driver\usbehci \Device\USBPDO-3 8217D1F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 823E01F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 823E01F8 Device \Driver\Cdrom \Device\CdRom0 821C3500 Device \Driver\atapi \Device\Ide\IdePort0 823DF1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 823DF1F8 Device \Driver\atapi \Device\Ide\IdePort1 823DF1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 823DF1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 823DF1F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 823E01F8 Device \Driver\Cdrom \Device\CdRom1 821C3500 Device \Driver\sptd \Device\456620136 spuo.sys Device \Driver\Ftdisk \Device\HarddiskVolume4 823E01F8 Device \Driver\Ftdisk \Device\HarddiskVolume5 823E01F8 Device \Driver\PCI_PNP8886 \Device\0000003c spuo.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 81F861F8 Device \Driver\NetBT \Device\NetbiosSmb 81F861F8 Device \Driver\usbuhci \Device\USBFDO-0 8219F1F8 Device \Driver\usbuhci \Device\USBFDO-1 8219F1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81F701F8 Device \Driver\usbuhci \Device\USBFDO-2 8219F1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 81F701F8 Device \Driver\usbehci \Device\USBFDO-3 8217D1F8 Device \Driver\Ftdisk \Device\FtControl 823E01F8 Device \Driver\ao796ore \Device\Scsi\ao796ore1Port3Path0Target0Lun0 820AB500 Device \Driver\ao796ore \Device\Scsi\ao796ore1 820AB500 Device \FileSystem\Fastfat \Fat 81F6B1F8 Device \FileSystem\Cdfs \Cdfs 820BB500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0x42 0x04 0xA8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 f:\program\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB1 0x29 0xF9 0xA4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0xA8 0xB3 0x16 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0x42 0x04 0xA8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 f:\program\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB1 0x29 0xF9 0xA4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0xA8 0xB3 0x16 ... ---- EOF - GMER 1.0.15 ----