nejde spustit centrum zabezpečení ve win 7 a activex prvky

[Pajinek88]

Logy z mbr

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: Hitachi_HTS542516K9SA00 rev.BBCOC31P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[0x8307652F] -> \Device\Harddisk0\DR0[0x8659B030]
3 CLASSPNP[0x89AF359E] -> ntkrnlpa!IofCallDriver[0x8307652F] -> [0x864CA7E0]
5 ACPI[0x895AE3D4] -> ntkrnlpa!IofCallDriver[0x8307652F] -> \Device\Ide\IdeDeviceP0T0L0-0[0x864AB908]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK

log s gmer první

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-07-25 21:53:50
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542516K9SA00 rev.BBCOC31P
Running: gmer.exe; Driver: C:\Users\CHEVYO~1\AppData\Local\Temp\kwtyqkow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

gmer druhý log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-25 22:41:28
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542516K9SA00 rev.BBCOC31P
Running: gmer.exe; Driver: C:\Users\CHEVYO~1\AppData\Local\Temp\kwtyqkow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 8307D339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B6D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? system32\DRIVERS\71903405.sys Systém nemůže nalézt uvedenou cestu. !
? C:\Users\CHEVYO~1\AppData\Local\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtCreateFile + 6 779255CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtCreateFile + B 779255D3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtMapViewOfSection + 6 77925C2E 1 Byte [28]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtMapViewOfSection + 6 77925C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtMapViewOfSection + B 77925C33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtOpenFile + 6 77925CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtOpenFile + B 77925CE3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtOpenProcess + 6 77925D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtOpenProcess + B 77925D93 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtOpenProcessToken + 6 77925D9E 4 Bytes CALL 769264A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtOpenProcessToken + B 77925DA3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtOpenProcessTokenEx + 6 77925DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtOpenProcessTokenEx + B 77925DB3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtOpenThread + 6 77925E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtOpenThread + B 77925E13 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtOpenThreadToken + 6 77925E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtOpenThreadToken + B 77925E23 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtOpenThreadTokenEx + 6 77925E2E 4 Bytes CALL 76926535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtOpenThreadTokenEx + B 77925E33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtQueryAttributesFile + 6 77925F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtQueryAttributesFile + B 77925F43 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtQueryFullAttributesFile + 6 77925FEE 4 Bytes CALL 769266F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtQueryFullAttributesFile + B 77925FF3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtSetInformationFile + 6 7792663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtSetInformationFile + B 77926643 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtSetInformationThread + 6 7792669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtSetInformationThread + B 779266A3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 1 Byte [68]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[1124] ntdll.dll!NtUnmapViewOfSection + B 779269C3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtCreateFile + 6 779255CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtCreateFile + B 779255D3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtMapViewOfSection + 6 77925C2E 1 Byte [28]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtMapViewOfSection + 6 77925C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtMapViewOfSection + B 77925C33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenFile + 6 77925CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenFile + B 77925CE3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcess + 6 77925D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcess + B 77925D93 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcessToken + 6 77925D9E 4 Bytes CALL 769264A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcessToken + B 77925DA3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcessTokenEx + 6 77925DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcessTokenEx + B 77925DB3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThread + 6 77925E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThread + B 77925E13 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThreadToken + 6 77925E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThreadToken + B 77925E23 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThreadTokenEx + 6 77925E2E 4 Bytes CALL 76926535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThreadTokenEx + B 77925E33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtQueryAttributesFile + 6 77925F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtQueryAttributesFile + B 77925F43 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtQueryFullAttributesFile + 6 77925FEE 4 Bytes CALL 769266F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtQueryFullAttributesFile + B 77925FF3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtSetInformationFile + 6 7792663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtSetInformationFile + B 77926643 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtSetInformationThread + 6 7792669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtSetInformationThread + B 779266A3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 1 Byte [68]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtUnmapViewOfSection + B 779269C3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtCreateFile + 6 779255CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtCreateFile + B 779255D3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtMapViewOfSection + 6 77925C2E 1 Byte [28]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtMapViewOfSection + 6 77925C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtMapViewOfSection + B 77925C33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenFile + 6 77925CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenFile + B 77925CE3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcess + 6 77925D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcess + B 77925D93 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessToken + 6 77925D9E 4 Bytes CALL 769274A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessToken + B 77925DA3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessTokenEx + 6 77925DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessTokenEx + B 77925DB3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThread + 6 77925E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThread + B 77925E13 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadToken + 6 77925E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadToken + B 77925E23 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadTokenEx + 6 77925E2E 4 Bytes CALL 76927535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadTokenEx + B 77925E33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryAttributesFile + 6 77925F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryAttributesFile + B 77925F43 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryFullAttributesFile + 6 77925FEE 4 Bytes CALL 769276F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryFullAttributesFile + B 77925FF3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationFile + 6 7792663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationFile + B 77926643 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationThread + 6 7792669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationThread + B 779266A3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 1 Byte [68]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtUnmapViewOfSection + B 779269C3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtCreateFile + 6 779255CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtCreateFile + B 779255D3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtMapViewOfSection + 6 77925C2E 1 Byte [28]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtMapViewOfSection + 6 77925C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtMapViewOfSection + B 77925C33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenFile + 6 77925CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenFile + B 77925CE3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcess + 6 77925D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcess + B 77925D93 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessToken + 6 77925D9E 4 Bytes CALL 769264A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessToken + B 77925DA3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessTokenEx + 6 77925DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenProcessTokenEx + B 77925DB3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThread + 6 77925E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThread + B 77925E13 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadToken + 6 77925E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadToken + B 77925E23 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadTokenEx + 6 77925E2E 4 Bytes CALL 76926535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtOpenThreadTokenEx + B 77925E33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryAttributesFile + 6 77925F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryAttributesFile + B 77925F43 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryFullAttributesFile + 6 77925FEE 4 Bytes CALL 769266F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtQueryFullAttributesFile + B 77925FF3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationFile + 6 7792663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationFile + B 77926643 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationThread + 6 7792669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtSetInformationThread + B 779266A3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 1 Byte [68]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3856] ntdll.dll!NtUnmapViewOfSection + B 779269C3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtCreateFile + 6 779255CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtCreateFile + B 779255D3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtMapViewOfSection + 6 77925C2E 1 Byte [28]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtMapViewOfSection + 6 77925C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtMapViewOfSection + B 77925C33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenFile + 6 77925CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenFile + B 77925CE3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcess + 6 77925D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcess + B 77925D93 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcessToken + 6 77925D9E 4 Bytes CALL 769274A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcessToken + B 77925DA3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcessTokenEx + 6 77925DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenProcessTokenEx + B 77925DB3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThread + 6 77925E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThread + B 77925E13 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThreadToken + 6 77925E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThreadToken + B 77925E23 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThreadTokenEx + 6 77925E2E 4 Bytes CALL 76927535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtOpenThreadTokenEx + B 77925E33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtQueryAttributesFile + 6 77925F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtQueryAttributesFile + B 77925F43 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtQueryFullAttributesFile + 6 77925FEE 4 Bytes CALL 769276F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtQueryFullAttributesFile + B 77925FF3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtSetInformationFile + 6 7792663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtSetInformationFile + B 77926643 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtSetInformationThread + 6 7792669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtSetInformationThread + B 779266A3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 1 Byte [68]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3864] ntdll.dll!NtUnmapViewOfSection + B 779269C3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtCreateFile + 6 779255CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtCreateFile + B 779255D3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtMapViewOfSection + 6 77925C2E 1 Byte [28]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtMapViewOfSection + 6 77925C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtMapViewOfSection + B 77925C33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenFile + 6 77925CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenFile + B 77925CE3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcess + 6 77925D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcess + B 77925D93 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessToken + 6 77925D9E 4 Bytes CALL 769264A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessToken + B 77925DA3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessTokenEx + 6 77925DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenProcessTokenEx + B 77925DB3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThread + 6 77925E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThread + B 77925E13 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadToken + 6 77925E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadToken + B 77925E23 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadTokenEx + 6 77925E2E 4 Bytes CALL 76926535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtOpenThreadTokenEx + B 77925E33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryAttributesFile + 6 77925F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryAttributesFile + B 77925F43 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryFullAttributesFile + 6 77925FEE 4 Bytes CALL 769266F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtQueryFullAttributesFile + B 77925FF3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationFile + 6 7792663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationFile + B 77926643 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationThread + 6 7792669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtSetInformationThread + B 779266A3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 1 Byte [68]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3912] ntdll.dll!NtUnmapViewOfSection + B 779269C3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtCreateFile + 6 779255CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtCreateFile + B 779255D3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtMapViewOfSection + 6 77925C2E 1 Byte [28]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtMapViewOfSection + 6 77925C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtMapViewOfSection + B 77925C33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenFile + 6 77925CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenFile + B 77925CE3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcess + 6 77925D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcess + B 77925D93 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcessToken + 6 77925D9E 4 Bytes CALL 769264A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcessToken + B 77925DA3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcessTokenEx + 6 77925DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcessTokenEx + B 77925DB3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThread + 6 77925E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThread + B 77925E13 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThreadToken + 6 77925E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThreadToken + B 77925E23 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThreadTokenEx + 6 77925E2E 4 Bytes CALL 76926535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThreadTokenEx + B 77925E33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtQueryAttributesFile + 6 77925F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtQueryAttributesFile + B 77925F43 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtQueryFullAttributesFile + 6 77925FEE 4 Bytes CALL 769266F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtQueryFullAttributesFile + B 77925FF3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtSetInformationFile + 6 7792663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtSetInformationFile + B 77926643 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtSetInformationThread + 6 7792669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtSetInformationThread + B 779266A3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 1 Byte [68]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtUnmapViewOfSection + B 779269C3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtCreateFile + 6 779255CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtCreateFile + B 779255D3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtMapViewOfSection + 6 77925C2E 1 Byte [28]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtMapViewOfSection + 6 77925C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtMapViewOfSection + B 77925C33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenFile + 6 77925CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenFile + B 77925CE3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcess + 6 77925D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcess + B 77925D93 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessToken + 6 77925D9E 4 Bytes CALL 769264A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessToken + B 77925DA3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessTokenEx + 6 77925DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessTokenEx + B 77925DB3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThread + 6 77925E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThread + B 77925E13 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadToken + 6 77925E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadToken + B 77925E23 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadTokenEx + 6 77925E2E 4 Bytes CALL 76926535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadTokenEx + B 77925E33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryAttributesFile + 6 77925F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryAttributesFile + B 77925F43 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryFullAttributesFile + 6 77925FEE 4 Bytes CALL 769266F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryFullAttributesFile + B 77925FF3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationFile + 6 7792663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationFile + B 77926643 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationThread + 6 7792669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationThread + B 779266A3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 1 Byte [68]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtUnmapViewOfSection + B 779269C3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtCreateFile + 6 779255CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtCreateFile + B 779255D3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtMapViewOfSection + 6 77925C2E 1 Byte [28]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtMapViewOfSection + 6 77925C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtMapViewOfSection + B 77925C33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtOpenFile + 6 77925CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtOpenFile + B 77925CE3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtOpenProcess + 6 77925D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtOpenProcess + B 77925D93 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtOpenProcessToken + 6 77925D9E 4 Bytes CALL 769274A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtOpenProcessToken + B 77925DA3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtOpenProcessTokenEx + 6 77925DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtOpenProcessTokenEx + B 77925DB3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtOpenThread + 6 77925E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtOpenThread + B 77925E13 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtOpenThreadToken + 6 77925E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtOpenThreadToken + B 77925E23 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtOpenThreadTokenEx + 6 77925E2E 4 Bytes CALL 76927535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtOpenThreadTokenEx + B 77925E33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtQueryAttributesFile + 6 77925F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtQueryAttributesFile + B 77925F43 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtQueryFullAttributesFile + 6 77925FEE 4 Bytes CALL 769276F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtQueryFullAttributesFile + B 77925FF3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtSetInformationFile + 6 7792663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtSetInformationFile + B 77926643 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtSetInformationThread + 6 7792669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtSetInformationThread + B 779266A3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 1 Byte [68]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4012] ntdll.dll!NtUnmapViewOfSection + B 779269C3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtCreateFile + 6 779255CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtCreateFile + B 779255D3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtMapViewOfSection + 6 77925C2E 1 Byte [28]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtMapViewOfSection + 6 77925C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtMapViewOfSection + B 77925C33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenFile + 6 77925CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenFile + B 77925CE3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcess + 6 77925D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcess + B 77925D93 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessToken + 6 77925D9E 4 Bytes CALL 769264A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessToken + B 77925DA3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessTokenEx + 6 77925DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenProcessTokenEx + B 77925DB3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThread + 6 77925E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThread + B 77925E13 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadToken + 6 77925E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadToken + B 77925E23 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadTokenEx + 6 77925E2E 4 Bytes CALL 76926535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtOpenThreadTokenEx + B 77925E33 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryAttributesFile + 6 77925F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryAttributesFile + B 77925F43 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryFullAttributesFile + 6 77925FEE 4 Bytes CALL 769266F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtQueryFullAttributesFile + B 77925FF3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationFile + 6 7792663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationFile + B 77926643 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationThread + 6 7792669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtSetInformationThread + B 779266A3 1 Byte [E2]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 1 Byte [68]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtUnmapViewOfSection + 6 779269BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe[4056] ntdll.dll!NtUnmapViewOfSection + B 779269C3 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[3124] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759BFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[3124] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759BFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[3124] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759BFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[3124] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759BFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[3124] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759BFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[3124] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759BFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:3504] A3854F2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Atheros AR5007EG \x2013 adaptér bezdrátové sítě 1?
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Upgrade\BTHPORT (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Upgrade\HidBth\Devices (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Upgrade\HidBth\Devices\001d603cec22001b5953b1ca (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Upgrade\HidBth\Devices\001d603cec22001b5953b1ca@ConnectionAuthenticated 0
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Upgrade\HidBth\Devices\001d603cec22001b5953b1ca@VirtuallyCabled 0
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Atheros AR5007EG \x2013 adaptér bezdrátové sítě 1?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\BTHPORT
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth\Devices
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth\Devices\001d603cec22001b5953b1ca
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth\Devices\001d603cec22001b5953b1ca@ConnectionAuthenticated 0
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth\Devices\001d603cec22001b5953b1ca@VirtuallyCabled 0
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Atheros AR5007EG \x2013 adaptér bezdrátové sítě 1?
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\BTHPORT (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\HidBth\Devices (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\HidBth\Devices\001d603cec22001b5953b1ca (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\HidBth\Devices\001d603cec22001b5953b1ca@ConnectionAuthenticated 0
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\HidBth\Devices\001d603cec22001b5953b1ca@VirtuallyCabled 0
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)

---- EOF - GMER 1.0.15 ----

[vyosek]

Logy tez ciste

[Pajinek88]

Ano je to zapeklyté ale co yb zničeho nic jen tak prostě zablokovali spouštění defendru nebo i mse..

[vyosek]

Spustte znovu ComboFix a uvidime Log pak sem

[Pajinek88]

log s combofixu

ComboFix 11-07-26.02 - Chevy opava 26.07.2011 10:27:16.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.1919.808 [GMT 2:00]
Spuštěný z: c:\users\Chevy opava\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\~.inf
.
c:\windows\system32\Drivers\atapi.sys . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 09:01 . 2011-07-26 09:22 -------- d-----w- c:\users\Chevy opava\AppData\Local\temp
2011-07-26 09:01 . 2011-07-26 09:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-25 20:24 . 2011-07-20 07:44 6881616 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-25 12:21 . 2011-07-25 12:24 373297 ----a-w- c:\windows\system32\~.tmp
2011-07-25 10:11 . 2011-07-25 10:11 -------- d-----w- c:\programdata\Kaspersky Lab
2011-07-22 13:25 . 2011-07-22 13:25 -------- d-----w- c:\users\Chevy opava\AppData\Roaming\Malwarebytes
2011-07-22 13:25 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-22 13:24 . 2011-07-22 13:24 -------- d-----w- c:\programdata\Malwarebytes
2011-07-22 13:24 . 2011-07-22 13:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-22 13:24 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 07:47 . 2011-07-22 07:50 -------- d-----w- c:\program files\trend micro
2011-07-13 12:54 . 2011-07-13 12:54 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-13 12:52 . 2011-07-13 12:52 -------- d-----w- c:\windows\system32\SPReview
2011-07-13 12:51 . 2011-07-13 12:51 -------- d-----w- c:\windows\system32\EventProviders
2011-07-13 12:50 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-07-13 12:50 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-07-13 12:50 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-07-13 08:52 . 2011-07-13 08:52 -------- d-----w- c:\program files\Selteco
2011-07-13 06:05 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-07-13 06:05 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-07-13 06:05 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-13 06:05 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-07-13 06:05 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-07-13 06:05 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-07-13 06:05 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-07-13 06:05 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2011-06-30 07:07 . 2011-06-30 07:07 -------- d-----w- c:\program files\Common Files\Java
2011-06-29 06:22 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 06:22 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-06-29 06:22 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 06:22 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 06:22 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 06:22 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 06:22 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 06:22 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 06:22 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 06:22 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 06:22 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 06:05 . 2011-05-27 07:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 15:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-26 06:54 . 2011-05-26 06:54 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-05-24 17:14 . 2011-05-24 07:08 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-18 10:37 . 2011-05-26 06:24 6962000 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C79C17B-5F69-422E-A550-2DC3468CCF04}\mpengine.dll
2011-05-04 02:52 . 2010-08-12 08:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 04:30 . 2011-06-20 06:40 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46 . 2011-06-20 06:40 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46 . 2011-06-20 06:40 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46 . 2011-06-20 06:40 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 13:25 . 2011-04-27 13:25 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-02-15 17:07 4390912 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-11-23 13:27 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-27 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 SBS_GM_TOMCAT6;SBS_GM_TOMCAT6;c:\program files\Snap-on Business Solutions\Global EPC\GM\Tomcat\bin\tomcat6.exe //RS//SBS_GM_TOMCAT6 [x]
S2 SBS_GM_TRANSBASE;SBS_GM_TRANSBASE;c:\program files\Snap-on Business Solutions\Global EPC\GM\Transbase\tbmux32.exe [2009-09-03 417792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-19 24576]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet - adaptér;c:\windows\system32\DRIVERS\l260x86.sys [2009-07-13 29184]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-06-06 1260672]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Chevy opava\AppData\Roaming\Mozilla\Firefox\Profiles\4v1eqds4.default\
FF - prefs.js: browser.startup.homepage - hxxp://autosalon-schromm.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Express Tab: {6236BA26-C117-4007-928C-DE0716C7FA82} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2216)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\windows\system32\taskhost.exe
c:\program files\Snap-on Business Solutions\Global EPC\GM\Tomcat\bin\tomcat6.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\windows\system32\conhost.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Snap-on Business Solutions\Global EPC\GM\Transbase\tbkern32.exe
c:\program files\Snap-on Business Solutions\Global EPC\GM\Transbase\tbkern32.exe
c:\program files\Snap-on Business Solutions\Global EPC\GM\Transbase\tbkern32.exe
c:\program files\Snap-on Business Solutions\Global EPC\GM\Transbase\tbkern32.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\totalcmd\TOTALCMD.EXE
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\system32\rundll32.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Chevy opava\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 11:28:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 09:28
.
Před spuštěním: Volných bajtů: 38 406 557 696
Po spuštění: Volných bajtů: 38 288 867 328
.
- - End Of File - - AA3AA04B07AB2B19ED5D657688376C76

[vyosek]

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• c:\windows\system32\Drivers\atapi.sys/color]
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Send File
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

[Pajinek88]

tady by to mělo být
http://www.virustotal.com/file-scan/rep ... 311677089#

Activex vyřešen stále ještě zbývá zapnutí služby zabezpečení. MSE je nainstalován ale nejde spustit..

[Pajinek88]

Tak už běží vše.

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

A pokud nejsou problemy ci dotazy, je to vse

[Pajinek88]

Děkuji za všechny postupy co jste tu semnou prošel ..

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy