VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu

https://forum.viry.cz:443/viewtopic.php?t=137645

Stránka 1 z 1

Prosím o kontrolu

Napsal: 26 dub 2014 07:20
od LukeK
Zdravím, mám problém se spuštěním 2 procesů ihned po startu PC (před spuštěním logu jsem tyto 2 procesy vypnul), viz přiložený obrázek. Jedná se o mssraulva a msgvlogrm, oba procesy mi neúměrně zatěžují procesor. Pomocí Google jsem nenašel info k těmto souborům. U procesu msgvlogrm jsem si otevřel jeho umístění a vede do složky C:\Windows\Inf\msgvlorgm, kde jsou soubory jako třeba diablo130302.cl, diakgcn121016.cl, libcurl.dll, libusb-1.0.dll, phatk121016.cl, scrypt130511.cl apod. Nic mi to neříká, proto mám obavu, jestli se nejedná o nějaký škodlivý software.

Obrázek - správce úloh Obrázek

Přikládám také soubor Adition.txt:
Addition.rar
Addition
(9.45 KiB) Staženo 45 x
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2014 01
Ran by doma (administrator) on S on 26-04-2014 07:59:41
Running from C:\Users\doma\Desktop
Windows 8 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(CyberLink Corp.) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Nero AG) E:\_PROGRAMY\HTC\HSMServiceEntry.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(CyberLink) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink) c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-23] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-13] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [msejnrSrv] => C:\windows\inf\msejnr.vbe [1558 2013-08-27] ()
HKLM-x32\...\Run: [msoookSrv] => C:\windows\inf\msoook.vbe [1558 2013-08-27] ()
HKU\S-1-5-21-935193591-3175071362-3684239170-1001\...\Run: [BackgroundContainer] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\doma\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-935193591-3175071362-3684239170-1001\...\Run: [DAEMON Tools Lite] => E:\_PROGRAMY\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-935193591-3175071362-3684239170-1001\...\MountPoints2: {029518f8-8783-11e3-be6e-806e6f6e6963} - "J:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-935193591-3175071362-3684239170-1001\...\MountPoints2: {0a84e686-be3c-11e3-be7c-78e3b5c7e5ea} - "G:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-935193591-3175071362-3684239170-1001\...\MountPoints2: {4f54daf3-c5f0-11e3-be7e-78e3b5c7e5ea} - "G:\HTC_Sync_Manager_PC.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=hpdtdfjs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPDTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPDTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPDTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPDTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPDTDFJS
URLSearchHook: HKLM-x32 - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
URLSearchHook: HKCU - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPDTDFJS
SearchScopes: HKLM - {8CE8B45E-1E3D-4315-8FC0-1183A6CB6178} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPDTDFJS
SearchScopes: HKLM-x32 - {8CE8B45E-1E3D-4315-8FC0-1183A6CB6178} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPDTDFJS
SearchScopes: HKCU - {1192B3D0-2243-44FA-8E06-FB0E42907A0D} URL = http://search.conduit.com/ResultsExt.as ... 13618&UM=1
SearchScopes: HKCU - {8CE8B45E-1E3D-4315-8FC0-1183A6CB6178} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - E:\_PROGRAMY\Microsoft Office 2013\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - E:\_PROGRAMY\Microsoft Office 2013\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\_PROGRAMY\Microsoft Office 2013\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\kfgpn7fo.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 - E:\_PROGRAMY\Microsoft Office 2013\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Angry Birds) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-02-05]
CHR Extension: (Dokumenty Google) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-05]
CHR Extension: (Disk Google) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-05]
CHR Extension: (YouTube) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-05]
CHR Extension: (Vyhledávání Google) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-05]
CHR Extension: (Cryptocat) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij [2014-02-05]
CHR Extension: (Peněženka Google) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-05]
CHR Extension: (Gmail) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-05]

==================== Services (Whitelisted) =================

R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-10] (CyberLink Corp.)
S2 CLKMSVC10_99E320F5; c:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [240392 2013-06-07] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-10] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-10] (CyberLink)
R2 HTCMonitorService; E:\_PROGRAMY\HTC\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-01-27] (Disc Soft Ltd)
R3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-26 07:59 - 2014-04-26 07:59 - 00018176 _____ () C:\Users\doma\Desktop\FRST.txt
2014-04-26 07:58 - 2014-04-26 07:59 - 00000000 ____D () C:\FRST
2014-04-26 07:56 - 2014-04-26 07:56 - 02061824 _____ (Farbar) C:\Users\doma\Desktop\FRST64.exe
2014-04-22 14:43 - 2014-04-25 14:41 - 00000000 ____D () C:\Users\doma\AppData\Local\HTC MediaHub
2014-04-22 14:43 - 2014-04-22 14:43 - 00001639 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk
2014-04-22 14:43 - 2014-04-22 14:43 - 00000000 ____D () C:\Users\doma\Documents\HTC
2014-04-22 14:43 - 2014-04-22 14:43 - 00000000 ____D () C:\Users\doma\AppData\Roaming\HTC
2014-04-22 14:43 - 2014-04-22 14:43 - 00000000 ____D () C:\Users\doma\AppData\Roaming\Apple Computer
2014-04-22 14:43 - 2014-04-22 14:43 - 00000000 ____D () C:\Users\doma\AppData\Local\Apple Computer
2014-04-22 14:43 - 2014-04-22 14:43 - 00000000 ____D () C:\Users\doma\.android
2014-04-22 14:42 - 2014-04-22 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2014-04-22 14:42 - 2014-04-22 14:42 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2014-04-22 14:40 - 2014-04-22 14:42 - 00024096 _____ () C:\windows\DPINST.LOG
2014-04-22 14:40 - 2014-04-22 14:42 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-04-22 14:40 - 2014-04-22 14:40 - 00000000 ____D () C:\ProgramData\HTC
2014-04-22 14:34 - 2014-04-22 14:38 - 00000000 ____D () C:\Users\doma\Desktop\SGS3
2014-04-22 06:01 - 2014-04-22 06:01 - 00007667 _____ () C:\Users\doma\AppData\Local\Resmon.ResmonCfg
2014-04-18 13:10 - 2014-04-18 14:17 - 00000000 ____D () C:\Users\doma\Desktop\deltaxi volvo
2014-04-13 09:56 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-13 09:56 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-13 09:56 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-13 09:56 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-13 09:56 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-13 09:56 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-13 09:56 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-04-13 09:56 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-13 09:56 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-13 09:56 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-13 09:56 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-13 09:56 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-13 09:56 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-13 09:56 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-13 09:56 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-13 09:56 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-04-13 09:56 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-04-13 09:56 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-13 09:56 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-13 09:56 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-13 09:56 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-13 09:56 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-13 09:56 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-04-13 09:56 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2014-04-13 09:56 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-13 09:56 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-13 09:56 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-13 09:56 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-04-13 09:56 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-13 09:56 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-04-13 09:56 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-13 09:56 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-04-13 09:56 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-04-13 09:56 - 2014-01-27 01:17 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml
2014-04-13 09:56 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2014-04-13 09:56 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-04-13 09:56 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-04-13 09:56 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-04-13 09:56 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-04-13 09:56 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-09 21:10 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 21:10 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-04-09 21:10 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-04-09 21:10 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 20:36 - 2014-04-09 20:36 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-04-09 20:35 - 2014-04-09 20:35 - 02003352 _____ (Acro Software Inc. ) C:\Users\doma\Desktop\CuteWriter.exe
2014-04-09 20:35 - 2014-04-09 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-04-09 20:35 - 2014-04-09 20:35 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-04-09 20:35 - 2013-10-23 14:24 - 00087600 _____ () C:\windows\system32\cpwmon64.dll
2014-04-09 07:04 - 2014-04-09 07:04 - 00034422 _____ () C:\Users\doma\Desktop\audiowide.zip
2014-04-07 16:45 - 2014-04-07 16:45 - 00000000 ____D () C:\Users\doma\Documents\Criterion Games
2014-04-07 12:11 - 2014-04-07 12:11 - 00000000 _____ () C:\Users\doma\regbcm
2014-04-07 12:04 - 2014-04-12 11:21 - 00433792 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-07 12:01 - 2014-04-07 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2014-04-05 11:05 - 2014-04-05 11:05 - 00000000 ____D () C:\Users\doma\Desktop\2014-04 (IV)
2014-04-04 17:33 - 2014-04-04 20:50 - 00043008 _____ () C:\Users\doma\Desktop\prijem.xls
2014-04-04 17:33 - 2014-04-04 17:33 - 00016896 _____ () C:\Users\doma\Desktop\pokladni-prijmovy-doklad.xls
2014-04-04 17:33 - 2014-04-04 17:33 - 00016896 _____ () C:\Users\doma\Desktop\pokladni-prijmovy-doklad (1).xls
2014-04-03 10:12 - 2014-04-03 10:12 - 00058368 _____ () C:\Users\doma\Desktop\TDV_vyvoj_(2013_-_2014).xls
2014-04-02 10:36 - 2014-04-02 10:41 - 00000000 ____D () C:\Users\doma\Desktop\audi
2014-04-01 09:34 - 2014-04-01 09:35 - 51479527 _____ () C:\Users\doma\Desktop\8.11.finally.rar
2014-04-01 08:06 - 2014-04-01 08:06 - 11211267 _____ () C:\Users\doma\Downloads\svatební deník v3.0.mp4
2014-03-31 16:08 - 2014-03-31 16:08 - 00043447 _____ () C:\Users\doma\Desktop\minimizetotray-0.0.1.2006102615+-fx+zm+sb+tb.xpi
2014-03-31 11:26 - 2014-03-31 11:26 - 00000835 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-03-31 11:26 - 2014-03-31 11:26 - 00000835 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-03-31 11:26 - 2014-03-31 11:26 - 00000000 ____D () C:\Users\doma\AppData\Roaming\Thunderbird
2014-03-31 11:26 - 2014-03-31 11:26 - 00000000 ____D () C:\Users\doma\AppData\Local\Thunderbird

==================== One Month Modified Files and Folders =======

2014-04-26 07:59 - 2014-04-26 07:59 - 00018176 _____ () C:\Users\doma\Desktop\FRST.txt
2014-04-26 07:59 - 2014-04-26 07:58 - 00000000 ____D () C:\FRST
2014-04-26 07:59 - 2014-01-25 19:11 - 01690419 _____ () C:\windows\WindowsUpdate.log
2014-04-26 07:56 - 2014-04-26 07:56 - 02061824 _____ (Farbar) C:\Users\doma\Desktop\FRST64.exe
2014-04-26 07:54 - 2014-01-25 19:17 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-935193591-3175071362-3684239170-1001
2014-04-26 07:51 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-04-26 07:50 - 2014-01-28 08:10 - 00648192 ___SH () C:\Users\doma\Desktop\Thumbs.db
2014-04-26 07:49 - 2014-02-05 11:27 - 00000958 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-25 19:44 - 2014-02-05 11:27 - 00000962 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-25 14:59 - 2013-11-06 22:09 - 00713972 _____ () C:\windows\system32\perfh005.dat
2014-04-25 14:59 - 2013-11-06 22:09 - 00164160 _____ () C:\windows\system32\perfc005.dat
2014-04-25 14:59 - 2012-07-26 09:28 - 01722298 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-25 14:41 - 2014-04-22 14:43 - 00000000 ____D () C:\Users\doma\AppData\Local\HTC MediaHub
2014-04-25 07:35 - 2014-01-25 19:11 - 00000000 ____D () C:\Users\doma\AppData\Local\Packages
2014-04-23 13:44 - 2014-01-25 19:22 - 00000000 ____D () C:\Users\doma\AppData\Roaming\Skype
2014-04-22 14:43 - 2014-04-22 14:43 - 00001639 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk
2014-04-22 14:43 - 2014-04-22 14:43 - 00000000 ____D () C:\Users\doma\Documents\HTC
2014-04-22 14:43 - 2014-04-22 14:43 - 00000000 ____D () C:\Users\doma\AppData\Roaming\HTC
2014-04-22 14:43 - 2014-04-22 14:43 - 00000000 ____D () C:\Users\doma\AppData\Roaming\Apple Computer
2014-04-22 14:43 - 2014-04-22 14:43 - 00000000 ____D () C:\Users\doma\AppData\Local\Apple Computer
2014-04-22 14:43 - 2014-04-22 14:43 - 00000000 ____D () C:\Users\doma\.android
2014-04-22 14:43 - 2014-04-22 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2014-04-22 14:43 - 2014-01-25 19:11 - 00000000 ____D () C:\Users\doma
2014-04-22 14:43 - 2012-07-26 09:21 - 00107117 _____ () C:\windows\setupact.log
2014-04-22 14:42 - 2014-04-22 14:42 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2014-04-22 14:42 - 2014-04-22 14:40 - 00024096 _____ () C:\windows\DPINST.LOG
2014-04-22 14:42 - 2014-04-22 14:40 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-04-22 14:42 - 2014-01-28 08:37 - 00000000 ____D () C:\Users\doma\AppData\Local\Downloaded Installations
2014-04-22 14:40 - 2014-04-22 14:40 - 00000000 ____D () C:\ProgramData\HTC
2014-04-22 14:38 - 2014-04-22 14:34 - 00000000 ____D () C:\Users\doma\Desktop\SGS3
2014-04-22 06:01 - 2014-04-22 06:01 - 00007667 _____ () C:\Users\doma\AppData\Local\Resmon.ResmonCfg
2014-04-18 14:17 - 2014-04-18 13:10 - 00000000 ____D () C:\Users\doma\Desktop\deltaxi volvo
2014-04-17 07:27 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-04-17 07:23 - 2014-01-25 19:11 - 00000000 ___RD () C:\Users\doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 07:23 - 2014-01-25 19:11 - 00000000 ___RD () C:\Users\doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-17 07:22 - 2013-11-06 13:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-17 07:22 - 2013-04-03 17:01 - 00719286 _____ () C:\windows\PFRO.log
2014-04-17 07:22 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-16 18:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData
2014-04-16 18:16 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-04-15 11:42 - 2014-01-25 20:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-15 11:41 - 2012-07-26 07:26 - 00000202 _____ () C:\windows\win.ini
2014-04-15 11:40 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-12 11:21 - 2014-04-07 12:04 - 00433792 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-12 11:21 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-04-12 07:55 - 2014-02-22 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-04-12 07:54 - 2014-01-27 08:41 - 00000000 ____D () C:\windows\system32\MRT
2014-04-12 07:53 - 2014-02-02 15:17 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-10 16:38 - 2014-01-26 13:09 - 00000000 ____D () C:\Users\doma\AppData\Local\CrashDumps
2014-04-10 12:30 - 2014-01-27 16:45 - 00000000 ____D () C:\Users\doma\Documents\Moje naskenované obrázky
2014-04-09 20:36 - 2014-04-09 20:36 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-04-09 20:35 - 2014-04-09 20:35 - 02003352 _____ (Acro Software Inc. ) C:\Users\doma\Desktop\CuteWriter.exe
2014-04-09 20:35 - 2014-04-09 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-04-09 20:35 - 2014-04-09 20:35 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-04-09 07:04 - 2014-04-09 07:04 - 00034422 _____ () C:\Users\doma\Desktop\audiowide.zip
2014-04-08 15:03 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\LiveKernelReports
2014-04-08 12:51 - 2014-02-12 16:21 - 00000000 ____D () C:\Users\doma\Desktop\hry
2014-04-07 16:45 - 2014-04-07 16:45 - 00000000 ____D () C:\Users\doma\Documents\Criterion Games
2014-04-07 12:12 - 2014-01-26 10:14 - 00000000 ____D () C:\Users\doma\AppData\Roaming\NVIDIA
2014-04-07 12:11 - 2014-04-07 12:11 - 00000000 _____ () C:\Users\doma\regbcm
2014-04-07 12:04 - 2014-01-25 19:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-07 12:01 - 2014-04-07 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2014-04-07 11:59 - 2013-11-06 13:27 - 00143732 _____ () C:\windows\DirectX.log
2014-04-07 11:59 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-06 09:20 - 2014-02-24 14:45 - 00000000 ____D () C:\Users\doma\Desktop\Pretty Company
2014-04-05 11:05 - 2014-04-05 11:05 - 00000000 ____D () C:\Users\doma\Desktop\2014-04 (IV)
2014-04-04 20:50 - 2014-04-04 17:33 - 00043008 _____ () C:\Users\doma\Desktop\prijem.xls
2014-04-04 17:33 - 2014-04-04 17:33 - 00016896 _____ () C:\Users\doma\Desktop\pokladni-prijmovy-doklad.xls
2014-04-04 17:33 - 2014-04-04 17:33 - 00016896 _____ () C:\Users\doma\Desktop\pokladni-prijmovy-doklad (1).xls
2014-04-03 17:06 - 2014-01-25 19:26 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-03 10:12 - 2014-04-03 10:12 - 00058368 _____ () C:\Users\doma\Desktop\TDV_vyvoj_(2013_-_2014).xls
2014-04-02 10:41 - 2014-04-02 10:36 - 00000000 ____D () C:\Users\doma\Desktop\audi
2014-04-01 09:35 - 2014-04-01 09:34 - 51479527 _____ () C:\Users\doma\Desktop\8.11.finally.rar
2014-04-01 08:06 - 2014-04-01 08:06 - 11211267 _____ () C:\Users\doma\Downloads\svatební deník v3.0.mp4
2014-04-01 07:18 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-03-31 23:18 - 2012-07-26 10:14 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2012-07-26 10:14 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 16:08 - 2014-03-31 16:08 - 00043447 _____ () C:\Users\doma\Desktop\minimizetotray-0.0.1.2006102615+-fx+zm+sb+tb.xpi
2014-03-31 12:39 - 2014-02-05 11:27 - 00003934 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-31 12:39 - 2014-02-05 11:27 - 00003698 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 11:26 - 2014-03-31 11:26 - 00000835 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-03-31 11:26 - 2014-03-31 11:26 - 00000835 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-03-31 11:26 - 2014-03-31 11:26 - 00000000 ____D () C:\Users\doma\AppData\Roaming\Thunderbird
2014-03-31 11:26 - 2014-03-31 11:26 - 00000000 ____D () C:\Users\doma\AppData\Local\Thunderbird

ZeroAccess:
C:\Windows\Installer\{08a38ffb-6567-756d-99bd-85110e50db76}

Some content of TEMP:
====================
C:\Users\doma\AppData\Local\Temp\AutoRun.exe
C:\Users\doma\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\doma\AppData\Local\Temp\bitool.dll
C:\Users\doma\AppData\Local\Temp\converter.exe
C:\Users\doma\AppData\Local\Temp\nsiE559.tmp.tbBS_P.dll
C:\Users\doma\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-24 07:24

==================== End Of Log ============================

Re: Prosím o kontrolu

Napsal: 26 dub 2014 08:56
od Márty84
Zdravim :)

:arrow: Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Re: Prosím o kontrolu

Napsal: 26 dub 2014 11:49
od LukeK
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 26. 4. 2014
Čas skenování: 12:48:26
Protokol: mbam1.txt
Správce: Ano

Verze: 2.00.1.1004
Databáze malwaru: v2014.04.26.01
Databáze rootkitů: v2014.03.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Chameleon: Vypnuto

OS: Windows 8
CPU: x64
Souborový systém: NTFS
Uživatel: doma

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 262009
Uplynulý čas: 4 min, 46 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Shuriken: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 2
BitcoinMiner, C:\Windows\Inf\mssraulva\mssraulva.exe, 4708, , [2cbd0f1fd4a75ed8d2075f99f50b8c74]
BitcoinMiner, C:\Windows\Inf\msgvlorgm\msgvlorgm.exe, 3844, , [9158200e82f90b2bca0fee0a936d9a66]

Moduly: 0
(No malicious items detected)

Klíče registru: 1
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IECT1750559, , [e207e44aed8ea294e791243f7f836d93],

Hodnoty registru: 3
Trojan.Agent.VBSGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|msejnrSrv, C:\windows\inf\msejnr.vbe, , [0adf9b93631891a5b0efb3ce748e52ae]
Trojan.Agent.VBSGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|msoookSrv, C:\windows\inf\msoook.vbe, , [8564939b7efd6dc95847c5bc8f736b95]
PUP.Optional.Conduit, HKU\S-1-5-21-935193591-3175071362-3684239170-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BackgroundContainer, "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\doma\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun, , [dd0c86a8ea91b87e335c2188729113ed]

Data registru: 0
(No malicious items detected)

Složky: 3
PUP.Optional.Conduit.A, C:\Users\doma\AppData\Local\Temp\CT1750559, , [00e96fbf493241f5184cbba855ad0000],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, , [e207e44aed8ea294e791243f7f836d93],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT1750559, , [e207e44aed8ea294e791243f7f836d93],

Soubory: 22
BitcoinMiner, C:\Windows\Inf\mssraulva\mssraulva.exe, , [2cbd0f1fd4a75ed8d2075f99f50b8c74],
BitcoinMiner, C:\Windows\Inf\msgvlorgm\msgvlorgm.exe, , [9158200e82f90b2bca0fee0a936d9a66],
PUP.Optional.Conduit, C:\Users\doma\AppData\Local\Temp\nsiE559.tmp.tbBS_P.dll, , [53967eb05922a591cfacac83eb15ee12],
PUP.Optional.Somoto, C:\Users\doma\AppData\Local\Temp\nsq3F52.tmp, , [f5f4fd31dd9e39fd28b18e3643c06d93],
PUP.Optional.Somoto, C:\Users\doma\AppData\Local\Temp\bitool.dll, , [5b8e30fe26550d2922e859a7b54d817f],
PUP.Optional.Somoto, C:\Users\doma\AppData\Local\Temp\nsxEF5.tmp, , [4b9e6cc281fa59dd00d9289c788b51af],
PUP.Optional.Conduit.A, C:\Users\doma\AppData\Local\Temp\CT1750559\ctbe.exe, , [ffea37f7403b4ee8027da17d18e859a7],
PUP.Optional.Conduit.A, C:\Users\doma\AppData\Local\Temp\CT1750559\ieLogic.exe, , [04e5cb631764e74fadbbc05819e823dd],
PUP.Optional.Conduit.A, C:\Users\doma\AppData\Local\Temp\CT1750559\statisticsStub.exe, , [c821eb432358b87e826b768cc73af60a],
PUP.Optional.OpenCandy, C:\Users\doma\AppData\Local\Temp\nsw89CA.tmp\OCSetupHlp.dll, , [648532fcb9c2f54152a689caad57c23e],
PUP.Optional.Conduit.A, C:\Users\doma\AppData\Local\Temp\nsw89CA.tmp\BI\BI.exe, , [c22747e7b7c4e84e9db5fb2958a825db],
PUP.Optional.Conduit.A, C:\Users\doma\AppData\Local\Temp\nsw89CA.tmp\DynamicOffer1\SecondOffer1.exe, , [37b239f5f586d066c9505cd111ef6997],
PUP.Optional.Conduit.A, C:\Users\doma\AppData\Local\Conduit\CT1750559\BS_Player_ControlBarAutoUpdateHelper.exe, , [42a7c26cbcbf79bdc168c35b38c84eb2],
PUP.Optional.Conduit, C:\Windows\System32\Tasks\BackgroundContainer Startup Task, , [5f8a0c22f487c86eea00089d26dd9c64],
Trojan.Agent.VBSGen, C:\Windows\Inf\msejnr.vbe, , [0adf9b93631891a5b0efb3ce748e52ae],
Trojan.Agent.VBSGen, C:\Windows\Inf\msoook.vbe, , [8564939b7efd6dc95847c5bc8f736b95],
PUP.Optional.Conduit.A, C:\Users\doma\AppData\Local\Temp\CT1750559\chromeid.txt, , [00e96fbf493241f5184cbba855ad0000],
PUP.Optional.Conduit.A, C:\Users\doma\AppData\Local\Temp\CT1750559\ddt.csf, , [00e96fbf493241f5184cbba855ad0000],
PUP.Optional.Conduit.A, C:\Users\doma\AppData\Local\Temp\CT1750559\setup.ini.txt, , [00e96fbf493241f5184cbba855ad0000],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT1750559\configutaion.json, , [e207e44aed8ea294e791243f7f836d93],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT1750559\SetupIcon.ico, , [e207e44aed8ea294e791243f7f836d93],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT1750559\UninstallerUI.exe, , [e207e44aed8ea294e791243f7f836d93],

Fyzické sektory: 0
(No malicious items detected)


(end)

Re: Prosím o kontrolu

Napsal: 26 dub 2014 11:52
od Márty84
Vsechno nechte odstranit. Po odstraneni a restartu pc test zopakujte, at vime, jestli se to nevraci. Napiste vysledek a podle toho zvolim dalsi postup.

Re: Prosím o kontrolu

Napsal: 26 dub 2014 12:47
od LukeK
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 26. 4. 2014
Čas skenování: 13:46:23
Protokol: mbam2.txt
Správce: Ano

Verze: 2.00.1.1004
Databáze malwaru: v2014.04.26.01
Databáze rootkitů: v2014.03.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Chameleon: Vypnuto

OS: Windows 8
CPU: x64
Souborový systém: NTFS
Uživatel: doma

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 261288
Uplynulý čas: 4 min, 7 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Shuriken: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Klíče registru: 0
(No malicious items detected)

Hodnoty registru: 0
(No malicious items detected)

Data registru: 0
(No malicious items detected)

Složky: 0
(No malicious items detected)

Soubory: 0
(No malicious items detected)

Fyzické sektory: 0
(No malicious items detected)


(end)

Re: Prosím o kontrolu

Napsal: 26 dub 2014 13:07
od Márty84
:arrow: MBAM odinstalujte.

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

Re: Prosím o kontrolu

Napsal: 26 dub 2014 15:50
od LukeK
# AdwCleaner v3.203 - Report created 26/04/2014 at 16:49:01
# Updated 26/04/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : doma - OFFICE
# Running from : C:\Users\doma\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\BS_Player_ControlBar
Folder Deleted : C:\Users\doma\.android
Folder Deleted : C:\Users\doma\AppData\Local\Conduit
Folder Deleted : C:\Users\doma\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\doma\AppData\LocalLow\BS_Player_ControlBar
Folder Deleted : C:\Users\doma\AppData\Roaming\pdfforge
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{055DD326-956C-4827-9467-A172509E81B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{055DD326-956C-4827-9467-A172509E81B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{049D3DC0-9BB9-440D-BF30-FF6B393256FD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA6FC626-D1BF-4FCF-80D3-5EBE5B693B47}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\BS_Player_ControlBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\BS_Player_ControlBar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\kfgpn7fo.default\prefs.js ]


-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3471 octets] - [26/04/2014 16:47:07]
AdwCleaner[S0].txt - [3320 octets] - [26/04/2014 16:49:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3380 octets] ##########

Re: Prosím o kontrolu

Napsal: 26 dub 2014 16:09
od Márty84
:arrow: Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte



31.5. pro neaktivitu :lock: http://forum.viry.cz/viewtopic.php?f=12&t=123975
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz