CPU na 100% insider.exe
Napsal: 21 led 2014 15:08
Po chvíli něčinnosti se spustí insider.exe a zatěžuje cpu na 100%. Jakmile pohnu myší, přestane a ze správce úloh zmizí. (Vista 32bit) Prosím o pomoc. Děkuji
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2014
Ran by Balda (administrator) on ASUSM50SA on 21-01-2014 14:57:37
Running from C:\Users\Balda\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
(Infineon Technologies AG) C:\Windows\System32\IFXSPMGT.exe
(Infineon Technologies AG) C:\Windows\System32\IFXTCS.exe
(Infineon Technologies AG) C:\Windows\System32\IfxPsdSv.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Windows\System32\nwtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Lavalys, Inc.) C:\Program Files\Programy\EVEREST Ultimate Edition\everest.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynAsus.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Prohlížeče internetu\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(forum.viry.cz) C:\Users\Balda\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [ATKOSD2] - C:\Program Files\ATKOSD2\ATKOSD2.exe [7737344 2007-10-18] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-10-24] (Intel Corporation)
HKLM\...\Run: [IaNvSrv] - C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [33304 2007-10-24] (Intel Corporation)
HKLM\...\Run: [IFXSPMGT] - C:\Windows\system32\ifxspmgt.exe [677408 2007-02-26] (Infineon Technologies AG)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-16] (Synaptics, Inc.)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6210840 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [NWTRAY] - C:\Windows\system32\NWTRAY.EXE [36024 2013-05-01] ()
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKCU\...\Run: [EVEREST AutoStart] - C:\Program Files\Programy\EVEREST Ultimate Edition\everest_start.exe [334928 2009-05-25] ()
HKCU\...\Run: [ShowBatteryBar] - C:\Program Files\BatteryBar\ShowBatteryBar.exe [90624 2013-04-11] ()
HKCU\...\Run: [] - [x]
HKCU\...\Run: [tsiVideo] - C:\Users\Balda\AppData\Local\Temp\\mdi164.dll [3997184 2014-01-20] () <===== ATTENTION
HKCU\...\Run: [NextLive] - C:\Users\Balda\AppData\Roaming\newnext.me\nengine.dll [1283584 2014-01-06] (NewNextDotMe)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
MountPoints2: {1197623d-052a-11e0-b9cb-001fc6782e9b} - F:\SamsungSoftware\APPInst.exe
MountPoints2: {33a538b9-e046-11e0-b880-001fc6782e9b} - H:\Install_Nokia_Ovi_Suite.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 ncv1_0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default
FF user.js: detected! => C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default\user.js
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @kb-ext.cz/PKIComponent - C:\Users\Balda\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
FF SearchPlugin: C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default\searchplugins\google-video.xml
FF Extension: Nokia Maps 3D browser plugin - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default\Extensions\maps@ovi.com [2011-10-31]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-06-18]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2013-08-29]
FF Extension: Personas Plus - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default\Extensions\personas@christopher.beard.xpi [2013-03-01]
FF Extension: Adblock Plus - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Prohlížeče internetu\firefox.exe
========================== Services (Whitelisted) =================
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 IFXSpMgtSrv; C:\Windows\system32\ifxspmgt.exe [677408 2007-02-26] (Infineon Technologies AG)
R2 IFXTCS; C:\Windows\system32\ifxtcs.exe [849440 2007-02-22] (Infineon Technologies AG)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 PersonalSecureDriveService; C:\Windows\system32\IfxPsdSv.exe [140832 2007-02-22] (Infineon Technologies AG)
S2 SkypeUpdate; C:\Program Files\Programy\skype\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [18104 2013-05-01] (Novell, Inc.)
==================== Drivers (Whitelisted) ====================
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-16] (AuthenTec, Inc.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [12800 2010-03-11] (CSR, plc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-07-26] (DT Soft Ltd)
R3 EverestDriver; C:\Users\Balda\AppData\Local\Temp\EverestDriver.sys [26736 2009-05-25] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [49664 2007-06-20] (Windows (R) Codename Longhorn DDK provider)
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [48000 2007-04-11] (JMicron Technology Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [29976 2013-05-30] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl6e766a25; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F18E4D3D-E14D-415F-BC50-8C0E8578F596}\MpKsl6e766a25.sys [40392 2014-01-21] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [92856 2013-05-01] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [97976 2013-05-01] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [62648 2013-05-01] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [112312 2013-05-01] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [23736 2013-05-01] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [28344 2013-05-28] (Novell, Inc.)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [39080 2007-01-23] (Infineon Technologies AG)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-31] ()
S3 vsbus; C:\Windows\System32\DRIVERS\vsb.sys [15264 2008-07-23] ()
S3 vserial; C:\Windows\System32\DRIVERS\vserial.sys [47744 2008-07-23] ()
U3 aq2wakil; C:\Windows\System32\Drivers\aq2wakil.sys [0 ] (Microsoft Corporation)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [67768 2013-05-01] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [65720 2013-05-01] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [42168 2013-05-28] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [19640 2013-05-01] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [67256 2013-05-01] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [31928 2013-05-01] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [46776 2013-05-01] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [29880 2013-05-01] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [23224 2013-05-01] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [29880 2013-05-01] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [46264 2013-05-01] (Novell, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 CrystalSysInfo; \??\C:\Program Files\Programy\mediacoder\SysInfo.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-21 14:57 - 2014-01-21 14:57 - 00016798 _____ C:\Users\Balda\Desktop\FRST.txt
2014-01-21 14:51 - 2014-01-21 14:51 - 00000860 _____ C:\Windows\PFRO.log
2014-01-21 14:38 - 2014-01-21 14:38 - 00000000 ____D C:\FRST
2014-01-21 14:36 - 2014-01-21 14:36 - 00112640 _____ (forum.viry.cz) C:\Users\Balda\Desktop\FRSTLauncher.exe
2014-01-21 14:35 - 2014-01-21 14:36 - 01222144 _____ (Farbar) C:\Users\Balda\Desktop\FRST.exe
2014-01-21 14:26 - 2014-01-21 14:26 - 00000913 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-21 14:26 - 2014-01-21 14:26 - 00000000 ____D C:\Users\Balda\AppData\Roaming\Malwarebytes
2014-01-21 14:26 - 2014-01-21 14:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 14:26 - 2014-01-21 14:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-21 14:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-21 12:24 - 2014-01-21 12:53 - 00000000 ____D C:\Windows\A358F2F62500420C989C25C4F22DF51E.TMP
2014-01-21 12:24 - 2014-01-21 12:24 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-21 12:24 - 2014-01-21 12:24 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-21 02:58 - 2014-01-21 03:00 - 48112321 _____ C:\Users\Balda\Desktop\DJ SHORT-E OPEN FORMAT MASHUP MIX #01 - DASH.m4a
2014-01-20 22:57 - 2014-01-21 14:53 - 00000000 ____D C:\Users\Balda\AppData\Roaming\newnext.me
2014-01-20 22:57 - 2014-01-20 22:58 - 00000000 ____D C:\Users\Balda\AppData\Local\Mobogenie
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\Documents\Mobogenie
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\AppData\Local\genienext
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\AppData\Local\cache
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\.android
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 _____ C:\Users\Balda\daemonprocess.txt
2014-01-20 22:56 - 2014-01-20 22:58 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-20 22:54 - 2014-01-20 22:59 - 00000000 ____D C:\Users\Balda\AppData\Local\SwvUpdater
2014-01-20 20:32 - 2014-01-20 20:32 - 00000037 ___SH C:\Users\Balda\AppData\Local\70149b02515b3bb20dd492.47983420
2014-01-20 20:32 - 2014-01-20 20:32 - 00000000 ____D C:\Users\Balda\AppData\Local\MetaGeek,_LLC
2014-01-20 20:27 - 2014-01-20 20:27 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-20 19:54 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-20 19:54 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-20 19:54 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-20 19:54 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-20 19:54 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-20 19:54 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-20 19:54 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-20 19:54 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-20 19:54 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-20 19:54 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-20 19:54 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-20 19:54 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-20 19:54 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-20 19:54 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-20 19:54 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-20 19:54 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-19 20:13 - 2014-01-20 21:26 - 00002379 _____ C:\Users\Balda\Desktop\inSSIDer Office.lnk
2014-01-19 20:13 - 2014-01-19 20:13 - 00000000 ____D C:\Users\Balda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
2014-01-19 20:13 - 2014-01-19 20:13 - 00000000 ____D C:\Program Files\inssider
2014-01-13 20:19 - 2014-01-13 22:46 - 1138258967 _____ C:\Users\Balda\Desktop\revival-trzr.mkv
2013-12-22 17:30 - 2013-12-22 17:30 - 00000000 ____D C:\Users\Balda\Desktop\Kontrafakt---Navždy-(2013)
==================== One Month Modified Files and Folders =======
2014-01-21 14:57 - 2014-01-21 14:57 - 00016798 _____ C:\Users\Balda\Desktop\FRST.txt
2014-01-21 14:56 - 2010-03-11 05:34 - 01255472 _____ C:\Windows\WindowsUpdate.log
2014-01-21 14:53 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\AppData\Roaming\newnext.me
2014-01-21 14:51 - 2014-01-21 14:51 - 00000860 _____ C:\Windows\PFRO.log
2014-01-21 14:51 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 14:51 - 2006-11-02 13:47 - 00004688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 14:51 - 2006-11-02 13:47 - 00004688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 14:50 - 2007-04-21 11:36 - 00000012 _____ C:\Windows\bthservsdp.dat
2014-01-21 14:50 - 2006-11-02 14:01 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-21 14:38 - 2014-01-21 14:38 - 00000000 ____D C:\FRST
2014-01-21 14:36 - 2014-01-21 14:36 - 00112640 _____ (forum.viry.cz) C:\Users\Balda\Desktop\FRSTLauncher.exe
2014-01-21 14:36 - 2014-01-21 14:35 - 01222144 _____ (Farbar) C:\Users\Balda\Desktop\FRST.exe
2014-01-21 14:32 - 2012-10-22 16:24 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 14:26 - 2014-01-21 14:26 - 00000913 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-21 14:26 - 2014-01-21 14:26 - 00000000 ____D C:\Users\Balda\AppData\Roaming\Malwarebytes
2014-01-21 14:26 - 2014-01-21 14:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 14:26 - 2014-01-21 14:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-21 12:53 - 2014-01-21 12:24 - 00000000 ____D C:\Windows\A358F2F62500420C989C25C4F22DF51E.TMP
2014-01-21 12:47 - 2010-03-11 00:07 - 00000000 ____D C:\Users\Balda\AppData\Roaming\BatteryBar
2014-01-21 12:45 - 2010-03-31 23:57 - 00000000 ____D C:\Users\Balda\AppData\Roaming\DAEMON Tools Lite
2014-01-21 12:45 - 2010-03-15 00:09 - 00000000 ____D C:\Users\Balda\AppData\Roaming\uTorrent
2014-01-21 12:30 - 2010-03-21 02:50 - 00000000 ____D C:\Users\Balda\Desktop\nový
2014-01-21 12:24 - 2014-01-21 12:24 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-21 12:24 - 2014-01-21 12:24 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-21 06:21 - 2006-11-02 11:33 - 01530458 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-21 05:13 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-21 03:00 - 2014-01-21 02:58 - 48112321 _____ C:\Users\Balda\Desktop\DJ SHORT-E OPEN FORMAT MASHUP MIX #01 - DASH.m4a
2014-01-21 01:04 - 2010-03-13 00:39 - 00105472 _____ C:\Users\Balda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-20 22:59 - 2014-01-20 22:54 - 00000000 ____D C:\Users\Balda\AppData\Local\SwvUpdater
2014-01-20 22:58 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\AppData\Local\Mobogenie
2014-01-20 22:58 - 2014-01-20 22:56 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\Documents\Mobogenie
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\AppData\Local\genienext
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\AppData\Local\cache
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\.android
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 _____ C:\Users\Balda\daemonprocess.txt
2014-01-20 22:57 - 2010-03-10 22:34 - 00000000 ____D C:\Users\Balda
2014-01-20 21:26 - 2014-01-19 20:13 - 00002379 _____ C:\Users\Balda\Desktop\inSSIDer Office.lnk
2014-01-20 20:34 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2014-01-20 20:32 - 2014-01-20 20:32 - 00000037 ___SH C:\Users\Balda\AppData\Local\70149b02515b3bb20dd492.47983420
2014-01-20 20:32 - 2014-01-20 20:32 - 00000000 ____D C:\Users\Balda\AppData\Local\MetaGeek,_LLC
2014-01-20 20:27 - 2014-01-20 20:27 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-20 20:14 - 2006-11-02 13:47 - 00332712 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-20 20:11 - 2010-03-11 06:02 - 00000000 ____D C:\Windows\system32\RTCOM
2014-01-20 19:57 - 2011-01-26 10:56 - 00001912 _____ C:\Windows\epplauncher.mif
2014-01-20 19:57 - 2011-01-26 10:55 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-20 19:54 - 2013-08-13 15:24 - 00000000 ____D C:\Windows\system32\MRT
2014-01-19 20:13 - 2014-01-19 20:13 - 00000000 ____D C:\Users\Balda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
2014-01-19 20:13 - 2014-01-19 20:13 - 00000000 ____D C:\Program Files\inssider
2014-01-19 14:21 - 2010-03-13 15:07 - 00006944 _____ C:\Users\Balda\AppData\Local\d3d9caps.dat
2014-01-19 08:32 - 2010-03-10 23:17 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 05:13 - 2010-04-04 00:51 - 00000000 ____D C:\Users\Balda\AppData\Roaming\vlc
2014-01-16 18:08 - 2012-10-11 17:05 - 00039107 _____ C:\Users\Balda\Desktop\Delegace.ods
2014-01-14 01:42 - 2011-03-03 16:14 - 00000000 ____D C:\Users\Balda\Desktop\croma
2014-01-13 22:46 - 2014-01-13 20:19 - 1138258967 _____ C:\Users\Balda\Desktop\revival-trzr.mkv
2014-01-13 03:04 - 2010-03-11 21:34 - 00000000 ____D C:\Users\Balda\AppData\Roaming\dvdcss
2014-01-07 01:21 - 2012-05-03 00:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-07 01:07 - 2010-04-04 00:50 - 00000000 ____D C:\Program Files\Přehrávače
2014-01-06 16:20 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-03 17:43 - 2012-04-16 00:58 - 00002463 _____ C:\Users\Balda\Desktop\SPMT.lnk
2014-01-03 04:40 - 2012-07-27 13:27 - 00000000 ____D C:\Users\Balda\Desktop\nový foto
2014-01-03 04:40 - 2010-06-04 23:01 - 00000000 ____D C:\Users\Balda\Desktop\Basket
2013-12-25 11:48 - 2010-12-25 12:38 - 00000000 ____D C:\Users\Balda\AppData\Roaming\Skype
2013-12-25 10:47 - 2012-11-03 19:48 - 00002513 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-22 17:30 - 2013-12-22 17:30 - 00000000 ____D C:\Users\Balda\Desktop\Kontrafakt---Navždy-(2013)
Files to move or delete:
====================
C:\Users\Balda\AppData\Local\Temp\\mdi164.dll
Some content of TEMP:
====================
C:\Users\Balda\AppData\Local\Temp\AcDeltree.exe
C:\Users\Balda\AppData\Local\Temp\mdi064.dll
C:\Users\Balda\AppData\Local\Temp\mdi164.dll
C:\Users\Balda\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Balda\Desktop" je 102273 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ADnews.lnk
C:\PROGRA~1\vag-com\AUTO-D~1\ADnews.exe [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2014
Ran by Balda (administrator) on ASUSM50SA on 21-01-2014 14:57:37
Running from C:\Users\Balda\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
(Infineon Technologies AG) C:\Windows\System32\IFXSPMGT.exe
(Infineon Technologies AG) C:\Windows\System32\IFXTCS.exe
(Infineon Technologies AG) C:\Windows\System32\IfxPsdSv.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Windows\System32\nwtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Lavalys, Inc.) C:\Program Files\Programy\EVEREST Ultimate Edition\everest.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynAsus.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Prohlížeče internetu\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(forum.viry.cz) C:\Users\Balda\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [ATKOSD2] - C:\Program Files\ATKOSD2\ATKOSD2.exe [7737344 2007-10-18] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-10-24] (Intel Corporation)
HKLM\...\Run: [IaNvSrv] - C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [33304 2007-10-24] (Intel Corporation)
HKLM\...\Run: [IFXSPMGT] - C:\Windows\system32\ifxspmgt.exe [677408 2007-02-26] (Infineon Technologies AG)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-11-16] (Synaptics, Inc.)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6210840 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [NWTRAY] - C:\Windows\system32\NWTRAY.EXE [36024 2013-05-01] ()
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKCU\...\Run: [EVEREST AutoStart] - C:\Program Files\Programy\EVEREST Ultimate Edition\everest_start.exe [334928 2009-05-25] ()
HKCU\...\Run: [ShowBatteryBar] - C:\Program Files\BatteryBar\ShowBatteryBar.exe [90624 2013-04-11] ()
HKCU\...\Run: [] - [x]
HKCU\...\Run: [tsiVideo] - C:\Users\Balda\AppData\Local\Temp\\mdi164.dll [3997184 2014-01-20] () <===== ATTENTION
HKCU\...\Run: [NextLive] - C:\Users\Balda\AppData\Roaming\newnext.me\nengine.dll [1283584 2014-01-06] (NewNextDotMe)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
MountPoints2: {1197623d-052a-11e0-b9cb-001fc6782e9b} - F:\SamsungSoftware\APPInst.exe
MountPoints2: {33a538b9-e046-11e0-b880-001fc6782e9b} - H:\Install_Nokia_Ovi_Suite.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 ncv1_0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default
FF user.js: detected! => C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default\user.js
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @kb-ext.cz/PKIComponent - C:\Users\Balda\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
FF SearchPlugin: C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default\searchplugins\google-video.xml
FF Extension: Nokia Maps 3D browser plugin - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default\Extensions\maps@ovi.com [2011-10-31]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-06-18]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2013-08-29]
FF Extension: Personas Plus - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default\Extensions\personas@christopher.beard.xpi [2013-03-01]
FF Extension: Adblock Plus - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\5f4me5go.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Prohlížeče internetu\firefox.exe
========================== Services (Whitelisted) =================
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 IFXSpMgtSrv; C:\Windows\system32\ifxspmgt.exe [677408 2007-02-26] (Infineon Technologies AG)
R2 IFXTCS; C:\Windows\system32\ifxtcs.exe [849440 2007-02-22] (Infineon Technologies AG)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 PersonalSecureDriveService; C:\Windows\system32\IfxPsdSv.exe [140832 2007-02-22] (Infineon Technologies AG)
S2 SkypeUpdate; C:\Program Files\Programy\skype\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [18104 2013-05-01] (Novell, Inc.)
==================== Drivers (Whitelisted) ====================
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-16] (AuthenTec, Inc.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [12800 2010-03-11] (CSR, plc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-07-26] (DT Soft Ltd)
R3 EverestDriver; C:\Users\Balda\AppData\Local\Temp\EverestDriver.sys [26736 2009-05-25] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [49664 2007-06-20] (Windows (R) Codename Longhorn DDK provider)
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [48000 2007-04-11] (JMicron Technology Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [29976 2013-05-30] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl6e766a25; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F18E4D3D-E14D-415F-BC50-8C0E8578F596}\MpKsl6e766a25.sys [40392 2014-01-21] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [92856 2013-05-01] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [97976 2013-05-01] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [62648 2013-05-01] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [112312 2013-05-01] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [23736 2013-05-01] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [28344 2013-05-28] (Novell, Inc.)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [39080 2007-01-23] (Infineon Technologies AG)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-31] ()
S3 vsbus; C:\Windows\System32\DRIVERS\vsb.sys [15264 2008-07-23] ()
S3 vserial; C:\Windows\System32\DRIVERS\vserial.sys [47744 2008-07-23] ()
U3 aq2wakil; C:\Windows\System32\Drivers\aq2wakil.sys [0 ] (Microsoft Corporation)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [67768 2013-05-01] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [65720 2013-05-01] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [42168 2013-05-28] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [19640 2013-05-01] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [67256 2013-05-01] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [31928 2013-05-01] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [46776 2013-05-01] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [29880 2013-05-01] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [23224 2013-05-01] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [29880 2013-05-01] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [46264 2013-05-01] (Novell, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 CrystalSysInfo; \??\C:\Program Files\Programy\mediacoder\SysInfo.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-21 14:57 - 2014-01-21 14:57 - 00016798 _____ C:\Users\Balda\Desktop\FRST.txt
2014-01-21 14:51 - 2014-01-21 14:51 - 00000860 _____ C:\Windows\PFRO.log
2014-01-21 14:38 - 2014-01-21 14:38 - 00000000 ____D C:\FRST
2014-01-21 14:36 - 2014-01-21 14:36 - 00112640 _____ (forum.viry.cz) C:\Users\Balda\Desktop\FRSTLauncher.exe
2014-01-21 14:35 - 2014-01-21 14:36 - 01222144 _____ (Farbar) C:\Users\Balda\Desktop\FRST.exe
2014-01-21 14:26 - 2014-01-21 14:26 - 00000913 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-21 14:26 - 2014-01-21 14:26 - 00000000 ____D C:\Users\Balda\AppData\Roaming\Malwarebytes
2014-01-21 14:26 - 2014-01-21 14:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 14:26 - 2014-01-21 14:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-21 14:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-21 12:24 - 2014-01-21 12:53 - 00000000 ____D C:\Windows\A358F2F62500420C989C25C4F22DF51E.TMP
2014-01-21 12:24 - 2014-01-21 12:24 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-21 12:24 - 2014-01-21 12:24 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-21 02:58 - 2014-01-21 03:00 - 48112321 _____ C:\Users\Balda\Desktop\DJ SHORT-E OPEN FORMAT MASHUP MIX #01 - DASH.m4a
2014-01-20 22:57 - 2014-01-21 14:53 - 00000000 ____D C:\Users\Balda\AppData\Roaming\newnext.me
2014-01-20 22:57 - 2014-01-20 22:58 - 00000000 ____D C:\Users\Balda\AppData\Local\Mobogenie
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\Documents\Mobogenie
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\AppData\Local\genienext
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\AppData\Local\cache
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\.android
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 _____ C:\Users\Balda\daemonprocess.txt
2014-01-20 22:56 - 2014-01-20 22:58 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-20 22:54 - 2014-01-20 22:59 - 00000000 ____D C:\Users\Balda\AppData\Local\SwvUpdater
2014-01-20 20:32 - 2014-01-20 20:32 - 00000037 ___SH C:\Users\Balda\AppData\Local\70149b02515b3bb20dd492.47983420
2014-01-20 20:32 - 2014-01-20 20:32 - 00000000 ____D C:\Users\Balda\AppData\Local\MetaGeek,_LLC
2014-01-20 20:27 - 2014-01-20 20:27 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-20 19:54 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-20 19:54 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-20 19:54 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-20 19:54 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-20 19:54 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-20 19:54 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-20 19:54 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-20 19:54 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-20 19:54 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-20 19:54 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-20 19:54 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-20 19:54 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-20 19:54 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-20 19:54 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-20 19:54 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-20 19:54 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-19 20:13 - 2014-01-20 21:26 - 00002379 _____ C:\Users\Balda\Desktop\inSSIDer Office.lnk
2014-01-19 20:13 - 2014-01-19 20:13 - 00000000 ____D C:\Users\Balda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
2014-01-19 20:13 - 2014-01-19 20:13 - 00000000 ____D C:\Program Files\inssider
2014-01-13 20:19 - 2014-01-13 22:46 - 1138258967 _____ C:\Users\Balda\Desktop\revival-trzr.mkv
2013-12-22 17:30 - 2013-12-22 17:30 - 00000000 ____D C:\Users\Balda\Desktop\Kontrafakt---Navždy-(2013)
==================== One Month Modified Files and Folders =======
2014-01-21 14:57 - 2014-01-21 14:57 - 00016798 _____ C:\Users\Balda\Desktop\FRST.txt
2014-01-21 14:56 - 2010-03-11 05:34 - 01255472 _____ C:\Windows\WindowsUpdate.log
2014-01-21 14:53 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\AppData\Roaming\newnext.me
2014-01-21 14:51 - 2014-01-21 14:51 - 00000860 _____ C:\Windows\PFRO.log
2014-01-21 14:51 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 14:51 - 2006-11-02 13:47 - 00004688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 14:51 - 2006-11-02 13:47 - 00004688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 14:50 - 2007-04-21 11:36 - 00000012 _____ C:\Windows\bthservsdp.dat
2014-01-21 14:50 - 2006-11-02 14:01 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-21 14:38 - 2014-01-21 14:38 - 00000000 ____D C:\FRST
2014-01-21 14:36 - 2014-01-21 14:36 - 00112640 _____ (forum.viry.cz) C:\Users\Balda\Desktop\FRSTLauncher.exe
2014-01-21 14:36 - 2014-01-21 14:35 - 01222144 _____ (Farbar) C:\Users\Balda\Desktop\FRST.exe
2014-01-21 14:32 - 2012-10-22 16:24 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 14:26 - 2014-01-21 14:26 - 00000913 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-21 14:26 - 2014-01-21 14:26 - 00000000 ____D C:\Users\Balda\AppData\Roaming\Malwarebytes
2014-01-21 14:26 - 2014-01-21 14:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 14:26 - 2014-01-21 14:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-21 12:53 - 2014-01-21 12:24 - 00000000 ____D C:\Windows\A358F2F62500420C989C25C4F22DF51E.TMP
2014-01-21 12:47 - 2010-03-11 00:07 - 00000000 ____D C:\Users\Balda\AppData\Roaming\BatteryBar
2014-01-21 12:45 - 2010-03-31 23:57 - 00000000 ____D C:\Users\Balda\AppData\Roaming\DAEMON Tools Lite
2014-01-21 12:45 - 2010-03-15 00:09 - 00000000 ____D C:\Users\Balda\AppData\Roaming\uTorrent
2014-01-21 12:30 - 2010-03-21 02:50 - 00000000 ____D C:\Users\Balda\Desktop\nový
2014-01-21 12:24 - 2014-01-21 12:24 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-21 12:24 - 2014-01-21 12:24 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-21 06:21 - 2006-11-02 11:33 - 01530458 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-21 05:13 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-21 03:00 - 2014-01-21 02:58 - 48112321 _____ C:\Users\Balda\Desktop\DJ SHORT-E OPEN FORMAT MASHUP MIX #01 - DASH.m4a
2014-01-21 01:04 - 2010-03-13 00:39 - 00105472 _____ C:\Users\Balda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-20 22:59 - 2014-01-20 22:54 - 00000000 ____D C:\Users\Balda\AppData\Local\SwvUpdater
2014-01-20 22:58 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\AppData\Local\Mobogenie
2014-01-20 22:58 - 2014-01-20 22:56 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\Documents\Mobogenie
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\AppData\Local\genienext
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\AppData\Local\cache
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 ____D C:\Users\Balda\.android
2014-01-20 22:57 - 2014-01-20 22:57 - 00000000 _____ C:\Users\Balda\daemonprocess.txt
2014-01-20 22:57 - 2010-03-10 22:34 - 00000000 ____D C:\Users\Balda
2014-01-20 21:26 - 2014-01-19 20:13 - 00002379 _____ C:\Users\Balda\Desktop\inSSIDer Office.lnk
2014-01-20 20:34 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2014-01-20 20:32 - 2014-01-20 20:32 - 00000037 ___SH C:\Users\Balda\AppData\Local\70149b02515b3bb20dd492.47983420
2014-01-20 20:32 - 2014-01-20 20:32 - 00000000 ____D C:\Users\Balda\AppData\Local\MetaGeek,_LLC
2014-01-20 20:27 - 2014-01-20 20:27 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-20 20:14 - 2006-11-02 13:47 - 00332712 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-20 20:11 - 2010-03-11 06:02 - 00000000 ____D C:\Windows\system32\RTCOM
2014-01-20 19:57 - 2011-01-26 10:56 - 00001912 _____ C:\Windows\epplauncher.mif
2014-01-20 19:57 - 2011-01-26 10:55 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-20 19:54 - 2013-08-13 15:24 - 00000000 ____D C:\Windows\system32\MRT
2014-01-19 20:13 - 2014-01-19 20:13 - 00000000 ____D C:\Users\Balda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
2014-01-19 20:13 - 2014-01-19 20:13 - 00000000 ____D C:\Program Files\inssider
2014-01-19 14:21 - 2010-03-13 15:07 - 00006944 _____ C:\Users\Balda\AppData\Local\d3d9caps.dat
2014-01-19 08:32 - 2010-03-10 23:17 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 05:13 - 2010-04-04 00:51 - 00000000 ____D C:\Users\Balda\AppData\Roaming\vlc
2014-01-16 18:08 - 2012-10-11 17:05 - 00039107 _____ C:\Users\Balda\Desktop\Delegace.ods
2014-01-14 01:42 - 2011-03-03 16:14 - 00000000 ____D C:\Users\Balda\Desktop\croma
2014-01-13 22:46 - 2014-01-13 20:19 - 1138258967 _____ C:\Users\Balda\Desktop\revival-trzr.mkv
2014-01-13 03:04 - 2010-03-11 21:34 - 00000000 ____D C:\Users\Balda\AppData\Roaming\dvdcss
2014-01-07 01:21 - 2012-05-03 00:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-07 01:07 - 2010-04-04 00:50 - 00000000 ____D C:\Program Files\Přehrávače
2014-01-06 16:20 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-03 17:43 - 2012-04-16 00:58 - 00002463 _____ C:\Users\Balda\Desktop\SPMT.lnk
2014-01-03 04:40 - 2012-07-27 13:27 - 00000000 ____D C:\Users\Balda\Desktop\nový foto
2014-01-03 04:40 - 2010-06-04 23:01 - 00000000 ____D C:\Users\Balda\Desktop\Basket
2013-12-25 11:48 - 2010-12-25 12:38 - 00000000 ____D C:\Users\Balda\AppData\Roaming\Skype
2013-12-25 10:47 - 2012-11-03 19:48 - 00002513 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-22 17:30 - 2013-12-22 17:30 - 00000000 ____D C:\Users\Balda\Desktop\Kontrafakt---Navždy-(2013)
Files to move or delete:
====================
C:\Users\Balda\AppData\Local\Temp\\mdi164.dll
Some content of TEMP:
====================
C:\Users\Balda\AppData\Local\Temp\AcDeltree.exe
C:\Users\Balda\AppData\Local\Temp\mdi064.dll
C:\Users\Balda\AppData\Local\Temp\mdi164.dll
C:\Users\Balda\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Balda\Desktop" je 102273 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ADnews.lnk
C:\PROGRA~1\vag-com\AUTO-D~1\ADnews.exe [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================