aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-03-21 12:37:32
-----------------------------
12:37:32.076 OS Version: Windows x64 6.1.7601 Service Pack 1
12:37:32.076 Number of processors: 4 586 0x3C03
12:37:32.076 ComputerName: BIL-PC UserName: bil
12:37:32.521 Initialize success
12:37:32.522 VM: initialized successfully
12:37:32.523 VM: Intel CPU supported
12:37:33.087 VM: supported disk I/O ataport.SYS
12:37:45.618 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
12:37:45.621 Disk 0 Vendor: Crucial_CT256MX100SSD1 MU01 Size: 244198MB BusType: 11
12:37:45.622 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
12:37:45.623 Disk 1 Vendor: ST1000DM003-1SB10C CC41 Size: 953868MB BusType: 11
12:37:45.627 VM: Disk 0 MBR read successfully
12:37:45.628 Disk 0 MBR scan
12:37:45.630 Disk 0 Windows 7 default MBR code
12:37:45.633 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:37:45.635 Disk 0 Boot: NTFS code=2
12:37:45.637 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 244096 MB offset 206848
12:37:45.642 Disk 0 scanning C:\Windows\system32\drivers
12:37:46.220 Service scanning
12:37:47.599 Service cm_km C:\Windows\system32\DRIVERS\cm_km.sys **LOCKED** 5
12:37:47.792 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
12:37:47.800 Service klbackupdisk C:\Windows\system32\DRIVERS\klbackupdisk.sys **LOCKED** 5
12:37:47.808 Service kldisk C:\Windows\system32\DRIVERS\kldisk.sys **LOCKED** 5
12:37:47.815 Service klflt C:\Windows\system32\DRIVERS\klflt.sys **LOCKED** 5
12:37:47.822 Service klhk C:\Windows\system32\DRIVERS\klhk.sys **LOCKED** 5
12:37:47.833 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
12:37:47.840 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
12:37:47.847 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
12:37:47.856 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
12:37:47.864 Service Klwtp C:\Windows\system32\DRIVERS\klwtp.sys **LOCKED** 5
12:37:47.871 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
12:37:48.988 Modules scanning
12:37:48.992 Disk 0 trace - called modules:
12:37:48.997 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:37:48.999 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007859060]
12:37:49.002 3 CLASSPNP.SYS[fffff88001e0143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80070e8680]
12:37:49.004 Disk 0 statistics 90969/0/18 @ 128,40 MB/s
12:37:49.007 Scan finished successfully
12:38:12.239 Disk 0 MBR has been saved successfully to "C:\Users\bil\Desktop\MBR.dat"
12:38:12.242 The log file has been saved successfully to "C:\Users\bil\Desktop\aswMBR.txt"
svchost.exe malware Vyřešeno
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: svchost.exe malware
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému.
Toto otestuj na Virustotal
c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
KillAll::
Folder::
c:\programdata\RogueKiller
c:\windows\AutoKMS
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Driver::
SkypeUpdate
DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému.
Toto otestuj na Virustotal
c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: svchost.exe malware
ComboFix 16-03-19.01 - bil 21.03.2016 17:30:14.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8125.6150 [GMT 1:00]
Spuštěný z: c:\users\bil\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\bil\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
FW: Kaspersky Internet Security *Disabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
SP: Kaspersky Internet Security *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.29.5\goopdate.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.29.5\psmachine.dll
c:\program files (x86)\Google\Update\1.3.29.5\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.29.5\psuser.dll
c:\program files (x86)\Google\Update\1.3.29.5\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\49.0.2623.87\49.0.2623.87_chrome_installer.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\programdata\RogueKiller
c:\programdata\RogueKiller\config.ini
c:\programdata\RogueKiller\Logs\RKreport_SCN_03202016_142209.json
c:\programdata\RogueKiller\Logs\RKreport_SCN_03202016_142521.json
c:\programdata\RogueKiller\vt.cache
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ar\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\bg\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ca\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\cs\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\da\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\de\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\el\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\en\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\es\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\fi\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\fr\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\gu\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\he\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\hr\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\hu\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\id\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\it\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ja\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ko\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\nb\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\nl\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\pl\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\pt_BR\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\pt_PT\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ro\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ru\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\sk\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\sl\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\sr\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\sv\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\tr\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\uk\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\vi\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\zh_CN\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\zh_TW\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_metadata\computed_hashes.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_metadata\verified_contents.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\adblock_safari_beforeload.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\adblock_safari_contentblocking.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\adblock_start_common.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\adblock_start_chrome.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\background.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\bandaids.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\button\popup.css
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\button\popup.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\button\popup.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\datacollection.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering\declarativewebrequest.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering\domainset.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering\filternormalizer.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering\filteroptions.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering\filterset.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering\filtertypes.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering\myfilters.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\functions.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\gab_question.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\CHANGELOG.txt
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\checkupdates.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\idlehandler.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\delete.gif
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\dropbox1.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\dropbox2.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\dropbox3.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\facebook-sprite.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\gplus-sprite.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon128.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon16.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon16_grayscale.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon16_grayscale@2x.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon19-grayscale.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon19-whitelisted.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon19.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon24.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon32.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon38-grayscale.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon38-whitelisted.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon38.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon48.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\loader.gif
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\logo.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\search\check.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\search\magnifying_glass.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\search\search-engine-card_no-shadow.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\search\search-engine-icons.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\search\search-omnibox-card_no-shadow.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\search\search_engine_select_arrow.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\twitter-sprite.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-icons_056b93_256x240.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\jquery-ui.custom.css
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\override-page.css
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\jquery-ui.custom.min.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\jquery.cookie.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\jquery.min.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\LICENSE
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\manifest.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\notificationoverlay.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\bug-report.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\bug-report.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\customize.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\customize.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\filters.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\filters.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\general.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\general.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\index.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\index.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\options.css
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\support.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\support.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\adreport.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\adreport.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\resourceblock.css
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\resourceblock.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\resourceblock.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\subscribe.css
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\subscribe.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\subscribe.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\port.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\punycode.min.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\README.markdown
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\stats.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\survey.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\translators.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\blacklisting\blacklistui.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\blacklisting\clickwatcher.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\blacklisting\elementchain.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\blacklisting\overlay.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\blacklisting\rightclick_hook.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\load_jquery_ui.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\send_content_to_back.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\top_open_blacklist_ui.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\top_open_whitelist_ui.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\ytchannel.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\AutoKMS
c:\windows\AutoKMS\AutoKMS.log
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-02-21 do 2016-03-21 )))))))))))))))))))))))))))))))
.
.
2016-03-21 11:26 . 2016-03-21 11:16 24064 ----a-w- c:\windows\zoek-delete.exe
2016-03-21 11:16 . 2016-03-21 11:24 -------- d-----w- C:\zoek_backup
2016-03-20 13:22 . 2016-03-20 13:22 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-03-20 02:07 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2016-03-20 02:07 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2016-03-20 02:07 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2016-03-20 02:07 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2016-03-20 02:07 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2016-03-20 02:07 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2016-03-20 02:06 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2016-03-20 02:06 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2016-03-20 02:04 . 2015-09-02 01:51 3209216 ----a-w- c:\windows\system32\win32k.sys
2016-03-20 02:03 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2016-03-20 02:03 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2016-03-20 02:03 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2016-03-20 02:03 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2016-03-20 02:03 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2016-03-20 02:03 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2016-03-20 02:02 . 2015-02-04 03:16 392192 ----a-w- c:\windows\system32\WMPhoto.dll
2016-03-20 02:02 . 2015-02-04 02:54 318464 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2016-03-19 14:44 . 2016-03-19 14:46 -------- d-----w- C:\KVRT_Data
2016-03-19 14:33 . 2016-03-19 14:33 -------- d-----w- c:\programdata\Bitdefender Agent
2016-03-19 14:27 . 2016-03-19 14:28 -------- d-----w- c:\programdata\HitmanPro
2016-03-19 14:21 . 2016-03-19 14:21 -------- d-----w- c:\program files\Common Files\DESIGNER
2016-03-19 13:58 . 2016-03-19 13:58 -------- d-----w- c:\programdata\Malwarebytes
2016-03-17 21:05 . 2016-03-17 21:05 -------- d-s---w- c:\program files (x86)\HLSW
2016-03-17 16:18 . 2013-05-06 07:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2016-03-17 16:18 . 2016-03-17 16:18 -------- d-----w- c:\windows\ELAMBKUP
2016-03-17 16:18 . 2016-03-21 16:33 -------- d-----w- c:\programdata\Kaspersky Lab
2016-03-17 16:18 . 2016-03-17 16:18 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2016-03-17 16:18 . 2016-03-17 16:40 934808 ----a-w- c:\windows\system32\drivers\klif.sys
2016-03-17 16:18 . 2015-12-06 10:23 227000 ----a-w- c:\windows\system32\drivers\klhk.sys
2016-03-17 16:18 . 2015-12-06 10:23 181640 ----a-w- c:\windows\system32\drivers\klflt.sys
2016-03-16 13:34 . 2016-03-16 13:34 -------- d-----w- c:\program files (x86)\Ubisoft
2016-03-15 19:01 . 2016-03-15 19:01 -------- d--h--w- c:\programdata\CanonBJ
2016-03-15 19:01 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2016-03-15 14:58 . 2016-03-15 14:58 -------- d-----w- c:\program files (x86)\Microsoft.NET
2016-03-15 14:56 . 2016-03-13 08:16 69376 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\msointl30.en-us.dll
2016-03-15 14:56 . 2016-03-13 07:43 944880 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\C2RUI.en-us.dll
2016-03-15 14:53 . 2016-03-19 14:21 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2016-03-15 14:50 . 2016-03-13 07:51 84728 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\msointl30.cs-cz.dll
2016-03-15 14:50 . 2016-03-13 07:45 946944 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\C2RUI.cs-cz.dll
2016-03-15 14:50 . 2016-03-13 07:43 1067816 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RCom.dll
2016-03-15 14:49 . 2016-03-15 14:49 -------- d-----w- c:\program files (x86)\Microsoft OneDrive
2016-03-15 14:49 . 2016-03-15 14:49 -------- d-----w- c:\programdata\Microsoft OneDrive
2016-03-15 14:47 . 2016-03-13 15:43 3685152 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-03-15 14:19 . 2016-03-15 14:36 -------- d-----w- c:\programdata\Microsoft Help
2016-03-13 18:38 . 2016-03-13 18:38 -------- d-----w- C:\Fraps
2016-03-13 11:51 . 2016-03-13 11:51 252112 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-03-13 11:51 . 2016-03-13 11:51 415520 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-03-13 11:51 . 2016-03-13 11:51 27904 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2016-03-13 01:21 . 2016-03-13 01:21 0 ----a-w- c:\windows\ativpsrm.bin
2016-03-13 01:20 . 2016-03-13 01:20 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2016-03-13 01:19 . 2016-03-13 01:20 -------- d-----w- c:\program files (x86)\AMD
2016-03-13 01:19 . 2016-03-13 01:19 -------- d-----w- c:\program files\Common Files\ATI Technologies
2016-03-13 01:19 . 2016-03-13 01:20 -------- d-----w- c:\program files\AMD
2016-03-13 01:18 . 2016-03-13 01:18 -------- d-----w- C:\AMD
2016-03-13 00:51 . 2016-03-13 00:51 -------- d-----w- c:\windows\system32\SPReview
2016-03-13 00:51 . 2016-03-13 00:51 -------- d-----w- c:\windows\system32\EventProviders
2016-03-13 00:32 . 2016-03-13 00:33 -------- d-----w- c:\windows\W7SBC
2016-03-13 00:32 . 2009-08-03 06:17 2868224 ----a-w- c:\windows\explorer_edit_w7sbc.exe
2016-03-13 00:32 . 2009-08-03 06:17 2868224 ----a-w- c:\windows\explorer_backup_w7sbc.exe
2016-03-13 00:32 . 2009-08-03 06:17 2385408 ----a-w- c:\windows\explorer.exe
2016-03-12 20:29 . 2010-11-20 13:34 71552 ----a-w- c:\windows\system32\drivers\volmgr.sys
2016-03-12 19:25 . 2016-03-21 16:14 -------- d-----w- C:\temp
2016-03-12 18:28 . 2016-03-21 15:39 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-03-12 18:28 . 2016-03-21 15:39 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-03-12 18:28 . 2016-03-12 18:28 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2016-03-12 17:28 . 2016-03-12 17:29 -------- d-----w- c:\program files (x86)\CyberGamer
2016-03-12 17:28 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2016-03-12 17:28 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2016-03-12 15:42 . 2016-03-12 15:42 -------- d-----w- c:\program files (x86)\VideoLAN
2016-03-12 15:36 . 2016-03-17 16:50 -------- d-----w- c:\windows\SysWow64\RTCOM
2016-03-12 15:35 . 2016-03-17 16:50 -------- d--h--w- c:\program files (x86)\Temp
2016-03-12 15:31 . 2016-03-12 15:31 -------- d-----w- c:\program files (x86)\Activision
2016-03-12 15:31 . 2016-03-12 15:31 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2016-03-12 15:30 . 2016-03-12 15:30 -------- d-----w- c:\programdata\Riot Games
2016-03-12 15:28 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2016-03-12 15:28 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2016-03-12 15:28 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2016-03-12 15:28 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2016-03-12 15:28 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2016-03-12 15:28 . 2016-03-12 15:28 -------- d-----w- c:\program files\WinRAR
2016-03-12 15:28 . 2016-03-12 15:28 -------- d-----w- C:\Riot Games
2016-03-12 15:25 . 2016-03-21 16:32 -------- d-----r- c:\program files (x86)\Skype
2016-03-12 15:25 . 2016-03-12 15:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2016-03-12 15:25 . 2016-03-12 15:25 -------- d-----w- c:\programdata\Skype
2016-03-12 15:02 . 2016-03-12 15:05 -------- d-----w- c:\program files (x86)\RocketDock
2016-03-12 15:01 . 2016-03-12 15:02 -------- d-----w- c:\windows\system32\MRT
2016-03-12 14:56 . 2016-03-12 14:56 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2016-03-12 14:28 . 2016-03-19 00:40 -------- d-----w- c:\program files (x86)\Steam
2016-03-12 14:28 . 2016-03-12 14:28 -------- d-----w- c:\program files (x86)\Common Files\Steam
2016-03-12 14:24 . 2016-03-21 16:33 65536 ----a-w- c:\windows\system32\spu_storage.bin
2016-03-12 14:22 . 2016-03-12 14:23 -------- d-----w- c:\program files (x86)\Raptr Inc
2016-03-12 14:18 . 2016-03-20 02:10 -------- d-sh--w- c:\windows\Installer
2016-03-12 14:15 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2016-03-12 14:15 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2016-03-12 14:15 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-03-12 14:15 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-03-12 14:15 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-03-12 14:15 . 2016-03-02 14:59 11249080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D738AC7-7CC9-443E-B11F-10B59AF3162C}\mpengine.dll
2016-03-12 14:15 . 2015-12-02 12:18 301728 ------w- c:\windows\system32\MpSigStub.exe
2016-03-12 14:13 . 2016-03-12 14:13 -------- d-----w- c:\program files (x86)\Google
2016-03-12 14:12 . 2015-10-15 12:20 116304 ----a-w- c:\windows\system32\RTNUninst64.dll
2016-03-12 14:12 . 2015-10-15 12:20 82544 ----a-w- c:\windows\system32\RtNicProp64.dll
2016-03-12 14:12 . 2015-10-15 12:20 1026304 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2016-03-12 14:12 . 2016-03-12 15:35 -------- d-----w- c:\program files (x86)\Realtek
2016-03-12 14:12 . 2016-03-17 16:50 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2016-03-12 14:05 . 2016-03-12 14:10 -------- d-----w- c:\windows\Panther
2016-03-07 23:29 . 2015-12-04 17:45 102616 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2016-03-07 23:29 . 2015-12-04 17:45 1229984 ----a-w- c:\windows\SysWow64\aticfx32.dll
2016-03-07 23:29 . 2015-12-04 17:44 8089248 ----a-w- c:\windows\SysWow64\atiumdva.dll
2016-03-07 23:29 . 2015-12-04 17:44 9070320 ----a-w- c:\windows\SysWow64\atiumdag.dll
2016-03-07 23:17 . 2016-03-07 23:17 6956032 ----a-w- c:\windows\system32\amdvlk64.dll
2016-03-07 23:13 . 2016-03-07 23:13 5420032 ----a-w- c:\windows\SysWow64\amdvlk32.dll
2016-03-07 22:38 . 2016-03-07 22:38 209920 ----a-w- c:\windows\system32\GameManager64.dll
2016-03-07 22:38 . 2016-03-07 22:38 186368 ----a-w- c:\windows\SysWow64\GameManager32.dll
2016-03-06 10:40 . 2016-03-06 10:40 20672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll
2016-03-06 08:55 . 2016-03-06 08:55 88816 ----a-w- c:\windows\system32\vcruntime140.dll
2016-03-06 08:55 . 2016-03-06 08:55 85232 ----a-w- c:\windows\SysWow64\vcruntime140.dll
2016-03-06 08:55 . 2016-03-06 08:55 635120 ----a-w- c:\windows\system32\msvcp140.dll
2016-03-06 08:55 . 2016-03-06 08:55 439536 ----a-w- c:\windows\SysWow64\msvcp140.dll
2016-03-06 08:55 . 2016-03-06 08:55 390408 ----a-w- c:\windows\system32\vccorlib140.dll
2016-03-06 08:55 . 2016-03-06 08:55 333080 ----a-w- c:\windows\system32\concrt140.dll
2016-03-06 08:55 . 2016-03-06 08:55 267008 ----a-w- c:\windows\SysWow64\vccorlib140.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-17 16:40 . 2015-06-06 07:51 77728 ----a-w- c:\windows\system32\drivers\kldisk.sys
2016-03-13 00:52 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2016-03-13 00:52 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.20500] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[-] 2009-08-03 . A7912C58A5E6090EE7D24D7397B4E906 . 2385408 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16404] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-03-15 15:00 1587912 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-03-15 15:00 1587912 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-03-15 15:00 1587912 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-03-15 15:00 1587912 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-03-15 15:00 1587912 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-03-13 14:55 1538352 ----a-w- c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-03-13 14:55 1538352 ----a-w- c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-03-13 14:55 1538352 ----a-w- c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vssbrigde64;vssbrigde64;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [x]
S0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 amdacpksd;ACP Kernel Service Driver;c:\windows\system32\drivers\amdacpksd.sys;c:\windows\SYSNATIVE\drivers\amdacpksd.sys [x]
S2 amdacpusrsvc;ACP User Service;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [x]
S2 AVP16.0.0;Služba Kaspersky Anti-Virus 16.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [x]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 PlaysService;Plays.tv Update Service;c:\program files (x86)\Raptr Inc\PlaysTV\plays_service.exe;c:\program files (x86)\Raptr Inc\PlaysTV\plays_service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-12 14:13 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-03-15 15:01 1641664 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-03-15 15:01 1641664 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-03-15 15:01 1641664 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-03-15 15:01 1641664 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-03-15 15:01 1641664 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCN"="c:\program files\AMD\CNext\CNext\cnext.exe" [2015-12-04 4867784]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: E&xportovat do Microsoft Excelu - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Od&eslat do OneNotu - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
.
**************************************************************************
.
Celkový čas: 2016-03-21 17:34:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-03-21 16:34
ComboFix2.txt 2016-03-21 11:34
.
Před spuštěním: Volných bajtů: 156 536 061 952
Po spuštění: Volných bajtů: 155 973 353 472
.
- - End Of File - - A7E4183E2260619C464E0D367C1E2102
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8125.6150 [GMT 1:00]
Spuštěný z: c:\users\bil\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\bil\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
FW: Kaspersky Internet Security *Disabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
SP: Kaspersky Internet Security *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.29.5\goopdate.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.29.5\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.29.5\psmachine.dll
c:\program files (x86)\Google\Update\1.3.29.5\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.29.5\psuser.dll
c:\program files (x86)\Google\Update\1.3.29.5\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\49.0.2623.87\49.0.2623.87_chrome_installer.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\programdata\RogueKiller
c:\programdata\RogueKiller\config.ini
c:\programdata\RogueKiller\Logs\RKreport_SCN_03202016_142209.json
c:\programdata\RogueKiller\Logs\RKreport_SCN_03202016_142521.json
c:\programdata\RogueKiller\vt.cache
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ar\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\bg\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ca\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\cs\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\da\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\de\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\el\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\en\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\es\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\fi\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\fr\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\gu\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\he\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\hr\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\hu\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\id\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\it\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ja\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ko\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\nb\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\nl\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\pl\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\pt_BR\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\pt_PT\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ro\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ru\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\sk\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\sl\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\sr\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\sv\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\tr\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\uk\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\vi\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\zh_CN\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\zh_TW\messages.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_metadata\computed_hashes.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_metadata\verified_contents.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\adblock_safari_beforeload.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\adblock_safari_contentblocking.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\adblock_start_common.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\adblock_start_chrome.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\background.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\bandaids.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\button\popup.css
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\button\popup.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\button\popup.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\datacollection.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering\declarativewebrequest.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering\domainset.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering\filternormalizer.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering\filteroptions.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering\filterset.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering\filtertypes.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering\myfilters.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\functions.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\gab_question.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\CHANGELOG.txt
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\checkupdates.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\idlehandler.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\delete.gif
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\dropbox1.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\dropbox2.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\dropbox3.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\facebook-sprite.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\gplus-sprite.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon128.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon16.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon16_grayscale.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon16_grayscale@2x.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon19-grayscale.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon19-whitelisted.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon19.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon24.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon32.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon38-grayscale.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon38-whitelisted.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon38.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\icon48.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\loader.gif
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\logo.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\search\check.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\search\magnifying_glass.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\search\search-engine-card_no-shadow.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\search\search-engine-icons.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\search\search-omnibox-card_no-shadow.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\search\search_engine_select_arrow.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\twitter-sprite.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-icons_056b93_256x240.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\jquery-ui.custom.css
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\override-page.css
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\jquery-ui.custom.min.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\jquery.cookie.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\jquery.min.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\LICENSE
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\manifest.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\notificationoverlay.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\bug-report.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\bug-report.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\customize.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\customize.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\filters.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\filters.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\general.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\general.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\index.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\index.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\options.css
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\support.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options\support.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\adreport.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\adreport.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\resourceblock.css
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\resourceblock.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\resourceblock.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\subscribe.css
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\subscribe.html
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages\subscribe.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\port.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\punycode.min.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\README.markdown
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\stats.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\survey.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\translators.json
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\blacklisting\blacklistui.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\blacklisting\clickwatcher.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\blacklisting\elementchain.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\blacklisting\overlay.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\blacklisting\rightclick_hook.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\load_jquery_ui.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\send_content_to_back.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\top_open_blacklist_ui.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\top_open_whitelist_ui.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\ytchannel.js
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
c:\users\bil\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\AutoKMS
c:\windows\AutoKMS\AutoKMS.log
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-02-21 do 2016-03-21 )))))))))))))))))))))))))))))))
.
.
2016-03-21 11:26 . 2016-03-21 11:16 24064 ----a-w- c:\windows\zoek-delete.exe
2016-03-21 11:16 . 2016-03-21 11:24 -------- d-----w- C:\zoek_backup
2016-03-20 13:22 . 2016-03-20 13:22 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-03-20 02:07 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2016-03-20 02:07 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2016-03-20 02:07 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2016-03-20 02:07 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2016-03-20 02:07 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2016-03-20 02:07 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2016-03-20 02:06 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2016-03-20 02:06 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2016-03-20 02:04 . 2015-09-02 01:51 3209216 ----a-w- c:\windows\system32\win32k.sys
2016-03-20 02:03 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2016-03-20 02:03 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2016-03-20 02:03 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2016-03-20 02:03 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2016-03-20 02:03 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2016-03-20 02:03 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2016-03-20 02:02 . 2015-02-04 03:16 392192 ----a-w- c:\windows\system32\WMPhoto.dll
2016-03-20 02:02 . 2015-02-04 02:54 318464 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2016-03-19 14:44 . 2016-03-19 14:46 -------- d-----w- C:\KVRT_Data
2016-03-19 14:33 . 2016-03-19 14:33 -------- d-----w- c:\programdata\Bitdefender Agent
2016-03-19 14:27 . 2016-03-19 14:28 -------- d-----w- c:\programdata\HitmanPro
2016-03-19 14:21 . 2016-03-19 14:21 -------- d-----w- c:\program files\Common Files\DESIGNER
2016-03-19 13:58 . 2016-03-19 13:58 -------- d-----w- c:\programdata\Malwarebytes
2016-03-17 21:05 . 2016-03-17 21:05 -------- d-s---w- c:\program files (x86)\HLSW
2016-03-17 16:18 . 2013-05-06 07:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2016-03-17 16:18 . 2016-03-17 16:18 -------- d-----w- c:\windows\ELAMBKUP
2016-03-17 16:18 . 2016-03-21 16:33 -------- d-----w- c:\programdata\Kaspersky Lab
2016-03-17 16:18 . 2016-03-17 16:18 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2016-03-17 16:18 . 2016-03-17 16:40 934808 ----a-w- c:\windows\system32\drivers\klif.sys
2016-03-17 16:18 . 2015-12-06 10:23 227000 ----a-w- c:\windows\system32\drivers\klhk.sys
2016-03-17 16:18 . 2015-12-06 10:23 181640 ----a-w- c:\windows\system32\drivers\klflt.sys
2016-03-16 13:34 . 2016-03-16 13:34 -------- d-----w- c:\program files (x86)\Ubisoft
2016-03-15 19:01 . 2016-03-15 19:01 -------- d--h--w- c:\programdata\CanonBJ
2016-03-15 19:01 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2016-03-15 14:58 . 2016-03-15 14:58 -------- d-----w- c:\program files (x86)\Microsoft.NET
2016-03-15 14:56 . 2016-03-13 08:16 69376 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\msointl30.en-us.dll
2016-03-15 14:56 . 2016-03-13 07:43 944880 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\C2RUI.en-us.dll
2016-03-15 14:53 . 2016-03-19 14:21 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2016-03-15 14:50 . 2016-03-13 07:51 84728 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\msointl30.cs-cz.dll
2016-03-15 14:50 . 2016-03-13 07:45 946944 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\C2RUI.cs-cz.dll
2016-03-15 14:50 . 2016-03-13 07:43 1067816 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RCom.dll
2016-03-15 14:49 . 2016-03-15 14:49 -------- d-----w- c:\program files (x86)\Microsoft OneDrive
2016-03-15 14:49 . 2016-03-15 14:49 -------- d-----w- c:\programdata\Microsoft OneDrive
2016-03-15 14:47 . 2016-03-13 15:43 3685152 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-03-15 14:19 . 2016-03-15 14:36 -------- d-----w- c:\programdata\Microsoft Help
2016-03-13 18:38 . 2016-03-13 18:38 -------- d-----w- C:\Fraps
2016-03-13 11:51 . 2016-03-13 11:51 252112 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-03-13 11:51 . 2016-03-13 11:51 415520 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-03-13 11:51 . 2016-03-13 11:51 27904 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2016-03-13 01:21 . 2016-03-13 01:21 0 ----a-w- c:\windows\ativpsrm.bin
2016-03-13 01:20 . 2016-03-13 01:20 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2016-03-13 01:19 . 2016-03-13 01:20 -------- d-----w- c:\program files (x86)\AMD
2016-03-13 01:19 . 2016-03-13 01:19 -------- d-----w- c:\program files\Common Files\ATI Technologies
2016-03-13 01:19 . 2016-03-13 01:20 -------- d-----w- c:\program files\AMD
2016-03-13 01:18 . 2016-03-13 01:18 -------- d-----w- C:\AMD
2016-03-13 00:51 . 2016-03-13 00:51 -------- d-----w- c:\windows\system32\SPReview
2016-03-13 00:51 . 2016-03-13 00:51 -------- d-----w- c:\windows\system32\EventProviders
2016-03-13 00:32 . 2016-03-13 00:33 -------- d-----w- c:\windows\W7SBC
2016-03-13 00:32 . 2009-08-03 06:17 2868224 ----a-w- c:\windows\explorer_edit_w7sbc.exe
2016-03-13 00:32 . 2009-08-03 06:17 2868224 ----a-w- c:\windows\explorer_backup_w7sbc.exe
2016-03-13 00:32 . 2009-08-03 06:17 2385408 ----a-w- c:\windows\explorer.exe
2016-03-12 20:29 . 2010-11-20 13:34 71552 ----a-w- c:\windows\system32\drivers\volmgr.sys
2016-03-12 19:25 . 2016-03-21 16:14 -------- d-----w- C:\temp
2016-03-12 18:28 . 2016-03-21 15:39 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-03-12 18:28 . 2016-03-21 15:39 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-03-12 18:28 . 2016-03-12 18:28 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2016-03-12 17:28 . 2016-03-12 17:29 -------- d-----w- c:\program files (x86)\CyberGamer
2016-03-12 17:28 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2016-03-12 17:28 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2016-03-12 15:42 . 2016-03-12 15:42 -------- d-----w- c:\program files (x86)\VideoLAN
2016-03-12 15:36 . 2016-03-17 16:50 -------- d-----w- c:\windows\SysWow64\RTCOM
2016-03-12 15:35 . 2016-03-17 16:50 -------- d--h--w- c:\program files (x86)\Temp
2016-03-12 15:31 . 2016-03-12 15:31 -------- d-----w- c:\program files (x86)\Activision
2016-03-12 15:31 . 2016-03-12 15:31 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2016-03-12 15:30 . 2016-03-12 15:30 -------- d-----w- c:\programdata\Riot Games
2016-03-12 15:28 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2016-03-12 15:28 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2016-03-12 15:28 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2016-03-12 15:28 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2016-03-12 15:28 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2016-03-12 15:28 . 2016-03-12 15:28 -------- d-----w- c:\program files\WinRAR
2016-03-12 15:28 . 2016-03-12 15:28 -------- d-----w- C:\Riot Games
2016-03-12 15:25 . 2016-03-21 16:32 -------- d-----r- c:\program files (x86)\Skype
2016-03-12 15:25 . 2016-03-12 15:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2016-03-12 15:25 . 2016-03-12 15:25 -------- d-----w- c:\programdata\Skype
2016-03-12 15:02 . 2016-03-12 15:05 -------- d-----w- c:\program files (x86)\RocketDock
2016-03-12 15:01 . 2016-03-12 15:02 -------- d-----w- c:\windows\system32\MRT
2016-03-12 14:56 . 2016-03-12 14:56 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2016-03-12 14:28 . 2016-03-19 00:40 -------- d-----w- c:\program files (x86)\Steam
2016-03-12 14:28 . 2016-03-12 14:28 -------- d-----w- c:\program files (x86)\Common Files\Steam
2016-03-12 14:24 . 2016-03-21 16:33 65536 ----a-w- c:\windows\system32\spu_storage.bin
2016-03-12 14:22 . 2016-03-12 14:23 -------- d-----w- c:\program files (x86)\Raptr Inc
2016-03-12 14:18 . 2016-03-20 02:10 -------- d-sh--w- c:\windows\Installer
2016-03-12 14:15 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2016-03-12 14:15 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2016-03-12 14:15 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-03-12 14:15 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-03-12 14:15 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-03-12 14:15 . 2016-03-02 14:59 11249080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D738AC7-7CC9-443E-B11F-10B59AF3162C}\mpengine.dll
2016-03-12 14:15 . 2015-12-02 12:18 301728 ------w- c:\windows\system32\MpSigStub.exe
2016-03-12 14:13 . 2016-03-12 14:13 -------- d-----w- c:\program files (x86)\Google
2016-03-12 14:12 . 2015-10-15 12:20 116304 ----a-w- c:\windows\system32\RTNUninst64.dll
2016-03-12 14:12 . 2015-10-15 12:20 82544 ----a-w- c:\windows\system32\RtNicProp64.dll
2016-03-12 14:12 . 2015-10-15 12:20 1026304 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2016-03-12 14:12 . 2016-03-12 15:35 -------- d-----w- c:\program files (x86)\Realtek
2016-03-12 14:12 . 2016-03-17 16:50 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2016-03-12 14:05 . 2016-03-12 14:10 -------- d-----w- c:\windows\Panther
2016-03-07 23:29 . 2015-12-04 17:45 102616 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2016-03-07 23:29 . 2015-12-04 17:45 1229984 ----a-w- c:\windows\SysWow64\aticfx32.dll
2016-03-07 23:29 . 2015-12-04 17:44 8089248 ----a-w- c:\windows\SysWow64\atiumdva.dll
2016-03-07 23:29 . 2015-12-04 17:44 9070320 ----a-w- c:\windows\SysWow64\atiumdag.dll
2016-03-07 23:17 . 2016-03-07 23:17 6956032 ----a-w- c:\windows\system32\amdvlk64.dll
2016-03-07 23:13 . 2016-03-07 23:13 5420032 ----a-w- c:\windows\SysWow64\amdvlk32.dll
2016-03-07 22:38 . 2016-03-07 22:38 209920 ----a-w- c:\windows\system32\GameManager64.dll
2016-03-07 22:38 . 2016-03-07 22:38 186368 ----a-w- c:\windows\SysWow64\GameManager32.dll
2016-03-06 10:40 . 2016-03-06 10:40 20672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll
2016-03-06 08:55 . 2016-03-06 08:55 88816 ----a-w- c:\windows\system32\vcruntime140.dll
2016-03-06 08:55 . 2016-03-06 08:55 85232 ----a-w- c:\windows\SysWow64\vcruntime140.dll
2016-03-06 08:55 . 2016-03-06 08:55 635120 ----a-w- c:\windows\system32\msvcp140.dll
2016-03-06 08:55 . 2016-03-06 08:55 439536 ----a-w- c:\windows\SysWow64\msvcp140.dll
2016-03-06 08:55 . 2016-03-06 08:55 390408 ----a-w- c:\windows\system32\vccorlib140.dll
2016-03-06 08:55 . 2016-03-06 08:55 333080 ----a-w- c:\windows\system32\concrt140.dll
2016-03-06 08:55 . 2016-03-06 08:55 267008 ----a-w- c:\windows\SysWow64\vccorlib140.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-17 16:40 . 2015-06-06 07:51 77728 ----a-w- c:\windows\system32\drivers\kldisk.sys
2016-03-13 00:52 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2016-03-13 00:52 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.20500] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[-] 2009-08-03 . A7912C58A5E6090EE7D24D7397B4E906 . 2385408 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16404] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-03-15 15:00 1587912 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-03-15 15:00 1587912 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-03-15 15:00 1587912 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-03-15 15:00 1587912 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-03-15 15:00 1587912 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-03-13 14:55 1538352 ----a-w- c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-03-13 14:55 1538352 ----a-w- c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-03-13 14:55 1538352 ----a-w- c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vssbrigde64;vssbrigde64;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [x]
S0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 amdacpksd;ACP Kernel Service Driver;c:\windows\system32\drivers\amdacpksd.sys;c:\windows\SYSNATIVE\drivers\amdacpksd.sys [x]
S2 amdacpusrsvc;ACP User Service;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [x]
S2 AVP16.0.0;Služba Kaspersky Anti-Virus 16.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [x]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 PlaysService;Plays.tv Update Service;c:\program files (x86)\Raptr Inc\PlaysTV\plays_service.exe;c:\program files (x86)\Raptr Inc\PlaysTV\plays_service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-12 14:13 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-03-15 15:01 1641664 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-03-15 15:01 1641664 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-03-15 15:01 1641664 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-03-15 15:01 1641664 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-03-15 15:01 1641664 ----a-w- c:\users\bil\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCN"="c:\program files\AMD\CNext\CNext\cnext.exe" [2015-12-04 4867784]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: E&xportovat do Microsoft Excelu - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Od&eslat do OneNotu - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
.
**************************************************************************
.
Celkový čas: 2016-03-21 17:34:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-03-21 16:34
ComboFix2.txt 2016-03-21 11:34
.
Před spuštěním: Volných bajtů: 156 536 061 952
Po spuštění: Volných bajtů: 155 973 353 472
.
- - End Of File - - A7E4183E2260619C464E0D367C1E2102
A36C5E4F47E84449FF07ED3517B43A31
Re: svchost.exe malware
https://www.virustotal.com/cs/file/fbe4 ... 458578561/
SHA256: fbe4f533e202ee5109647aec7c1bcba5050dbdd73cf47cffaba47b18e0cfd319
File name: integrator.exe
Detection ratio: 0 / 57
Analysis date: 2016-03-17 21:56:30 UTC ( 3 dny, 18 hodin ago )
SHA256: fbe4f533e202ee5109647aec7c1bcba5050dbdd73cf47cffaba47b18e0cfd319
File name: integrator.exe
Detection ratio: 0 / 57
Analysis date: 2016-03-17 21:56:30 UTC ( 3 dny, 18 hodin ago )
Re: svchost.exe malware
zkusil jsem dotoho https://www.virustotal.com dát svchost.exe a nic to nenašlo, přitom to tam taky kontrolu kaspersky... divný.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43292
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: svchost.exe malware
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\explorer.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Stáhni si Process Explorer z některého odkazu:
http://www.studna.cz/process-explorer-p-1406.html
http://www.slunecnice.cz/sw/process-explorer/
Poklepej na procexp.exe a spusť.Podívej se jaké procesy nejvíce vytěžují procesor.
Díky této utilitě tedy můžete mít nad svým počítačem plnou kontrolu, neboť spolehlivě zobrazí i různé spuštěné záškodníky. Dále lze Process Explorer s úspěchem využít při hledání původců různých chybových stavů a při hledání mnoha dalších užitečných informací.
Jednou ze zajímavostí co byla do Process Explorer (PE) od verze 16 přídána je spolupráce s VirusTotal (VT). Je možné přímo z PE odeslat hromadně na analýzu všechny běžící procesy nebo jen některý vybraný.
V hlavním okně se dá zobrazit sloupec s VIrusTotal a to přes menu: View => Select Columns... v otevřeném okně se přepnout na záložku Process Images a tam zatrhnout volbu Virus Total
Při prvotním zatržení se objeví informativní hláška:
You can enable lookup of VirusTotal results for all files displayed in the process and DLL views by selecting the Check VirusTotal entry in the Options menu or check individual files on-demand using the process and DLL properties dialogs.
Můžete povolit vyhledávání výsledků VirusTotal u všech zobrazených v procesu souborů a zobrazení DLL zaškrtnutím položky VirusTotal v nabídce Možnosti nebo zkontrolovat jednotlivé soubory na vyžádání pomocí procesu a DLL vlastnosti dialogy.
Otestování jednoho procesu:
- klikne se pravým tlačítkem myši na zvolený proces a zvolí se možnost Check VirusTotal. Při prvotním výběru se objeví dialog box se zprávou o potvrzení Terms of Service and Privacy Policy (ToS) a otevře se i v prohlížeči stránka s ToS
You must agree to VirusTotal's terms of service to use VirusTotal features.
When you do, Process Explorer will submit hashes for files listed in the process and DLL view to VirusTotal.com. You can submit a file's contents by using the Submit button on the process and DLL properties dialog boxes.
Musíte souhlasit s VirusTotal podmínkami služby používat funkce VirusTotal. Pokud tak učiníte, Process Explorer předloží hashe soubory uvedené v tomto procesu a DLL cílem VirusTotal.com. Můžete odeslat obsah souboru pomocí tlačítka Odeslat na proces a dialogová okna vlastností DLL.
- po potvrzení se odešle Hash na VT a v předem zobrazeném sloupci se nám zobrazí výsledek ve formě číselného zápisu 0/42. Pokud bude některý soubor detekován, dá se přímo přes tento výsledek proklinout na VT, kde bude zobrazený podrobnější výsledek testu.
Odeslání všech běžících procesů na kontrolu:
- v Menu zvolit Options => VirusTotal.com => Check VIrusTotal.com
Dále se dá ověřit i podepsání souborů ...
Toto otestuj na Virustotal
c:\windows\explorer.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Stáhni si Process Explorer z některého odkazu:
http://www.studna.cz/process-explorer-p-1406.html
http://www.slunecnice.cz/sw/process-explorer/
Poklepej na procexp.exe a spusť.Podívej se jaké procesy nejvíce vytěžují procesor.
Díky této utilitě tedy můžete mít nad svým počítačem plnou kontrolu, neboť spolehlivě zobrazí i různé spuštěné záškodníky. Dále lze Process Explorer s úspěchem využít při hledání původců různých chybových stavů a při hledání mnoha dalších užitečných informací.
Jednou ze zajímavostí co byla do Process Explorer (PE) od verze 16 přídána je spolupráce s VirusTotal (VT). Je možné přímo z PE odeslat hromadně na analýzu všechny běžící procesy nebo jen některý vybraný.
V hlavním okně se dá zobrazit sloupec s VIrusTotal a to přes menu: View => Select Columns... v otevřeném okně se přepnout na záložku Process Images a tam zatrhnout volbu Virus Total
Při prvotním zatržení se objeví informativní hláška:
You can enable lookup of VirusTotal results for all files displayed in the process and DLL views by selecting the Check VirusTotal entry in the Options menu or check individual files on-demand using the process and DLL properties dialogs.
Můžete povolit vyhledávání výsledků VirusTotal u všech zobrazených v procesu souborů a zobrazení DLL zaškrtnutím položky VirusTotal v nabídce Možnosti nebo zkontrolovat jednotlivé soubory na vyžádání pomocí procesu a DLL vlastnosti dialogy.
Otestování jednoho procesu:
- klikne se pravým tlačítkem myši na zvolený proces a zvolí se možnost Check VirusTotal. Při prvotním výběru se objeví dialog box se zprávou o potvrzení Terms of Service and Privacy Policy (ToS) a otevře se i v prohlížeči stránka s ToS
You must agree to VirusTotal's terms of service to use VirusTotal features.
When you do, Process Explorer will submit hashes for files listed in the process and DLL view to VirusTotal.com. You can submit a file's contents by using the Submit button on the process and DLL properties dialog boxes.
Musíte souhlasit s VirusTotal podmínkami služby používat funkce VirusTotal. Pokud tak učiníte, Process Explorer předloží hashe soubory uvedené v tomto procesu a DLL cílem VirusTotal.com. Můžete odeslat obsah souboru pomocí tlačítka Odeslat na proces a dialogová okna vlastností DLL.
- po potvrzení se odešle Hash na VT a v předem zobrazeném sloupci se nám zobrazí výsledek ve formě číselného zápisu 0/42. Pokud bude některý soubor detekován, dá se přímo přes tento výsledek proklinout na VT, kde bude zobrazený podrobnější výsledek testu.
Odeslání všech běžících procesů na kontrolu:
- v Menu zvolit Options => VirusTotal.com => Check VIrusTotal.com
Dále se dá ověřit i podepsání souborů ...
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: svchost.exe malware
https://www.virustotal.com/cs/file/829a ... 458651258/
+ dodatek scan svchost.exe nalezen malware http://r.virscan.org/report/f65f90bfa64 ... 11a9451374
+ dodatek scan svchost.exe nalezen malware http://r.virscan.org/report/f65f90bfa64 ... 11a9451374
Re: svchost.exe malware
https://ctrlv.cz/53Hq
+ dodatek https://ctrlv.cz/5WV4 (pouze pro mě jako lajka je divné, že je tam tolikrát svchost.exe)
+ dodatek https://ctrlv.cz/5WV4 (pouze pro mě jako lajka je divné, že je tam tolikrát svchost.exe)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43292
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: svchost.exe malware Vyřešeno
obrázky vkládej sem , jako přílohu.
Takže to máš čisté.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Takže to máš čisté.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 130 hostů