Jak se zbavit qvo6 a v9?

[eletto]

Zdravim.

Nainstalovala jsem si program, ktery mi byl v podstate k nicemu, jenze s sebou stahnul qvo6. Ten se mi po delsi dobe podarilo odstranit, ale nastoupil dalsi jmenem v9, takze ted mi pri otevreni prohlizece naskakuje adresa: hxxp://en.v9.com/?utm_source=b&utm_medium=eBP&utm_campaign=eBP&utm_content=sc&from=eBP&uid=ST9250410ASG_5VG0VG7XXXXX5VG0VG7X&ts=1378721170.

Nevite nekdo, jak se toho ucinne zbavit? Uz jsem vyzkousela vsechny mozne navody, ale zatim nic nefungovalo. SpyHunter to sice najde, ale kdyz nemam licenci, tak me toho stejne nezbavi. AdwCleaner jsem taky vyzkousela, nasel tohle:
# AdwCleaner v3.003 - Report created 09/09/2013 at 12:04:05
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : jana - JANA-PC
# Running from : C:\Users\jana\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : IBUpdaterService
[#] Service Deleted : WsysSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files\Smiley Bar for Facebook
Folder Deleted : C:\Users\jana\AppData\Local\Temp\eIntaller
Folder Deleted : C:\Users\jana\AppData\Roaming\StatusWinks
File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\jana\Desktop\Internet Explorer.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\jana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\jana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\jana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader43961_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader43961_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_adobe-photoshop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_adobe-photoshop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSysControl

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [6680 octets] - [09/09/2013 12:03:16]
AdwCleaner[S0].txt - [5204 octets] - [09/09/2013 12:04:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5264 octets] ##########





Bohuzel nevim, co dal s tim. Samozrejme jsem dala v AdwCleaneru Clean, restartoval se pocitac, ale dal nevim. Otevira se to dal v Chrome i Exploreru.

Budu rada za rady.

[vyosek]

Zdravim, pekne poledne preji a vitam vas u nas na foru

SpyHunter odistalujte, je to kram a k nicemu

AdwCleaner byla dobra volba

Stahnete Shortcut Cleaner http://www.bleepingcomputer.com/downloa ... t-cleaner/

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Spustte tradicne dvouklikem
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v miste spusteni jako sc-cleaner.txt, ten sem vlozte

Udelejte log z FRSTL http://forum.viry.cz/viewtopic.php?f=13&t=132519

[eletto]

SpyHunter nejde odinstalovat, uz jsem to zkousela dopoledne, to to slo, ale pak kvuli obnoveni systemu z bodu se tu vzal nekde znovu, tak to nejde.

Kdyz jsem stahovala Sc-Cleaner, tak me to zas stahlo neco, coz neslo pri setup zastavit a ted uz mam nove domovskou stranku nastavenou na hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=76F7701A046915E8&affID=121240&tt=080913_ctrl&tsp=5000

Momentalne jsem uz Sc-cleaner stahla, tak jdu udelat vse podle navodu.

[vyosek]

Pockam na logy z SC a FRSTL a pak to zkusime nasilne z PC vyhazet

[eletto]

Diky, budu rada, kdyz se tech smejdu zbavim
To s tou Deltou - Delta, Delta Toolbar a 7zip nebo jak se to jmenovalo, jsem hned za tepla odinstalovala.


Shortcut Cleaner 1.2.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/downloa ... t-cleaner/

Windows Version: Windows 7 Professional Service Pack 1
Program started at: 09/09/2013 12:57:47 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\jana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\jana\Desktop


0 bad shortcuts found.

Program finished at: 09/09/2013 12:57:47 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)



FRST pred Scan


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013
Ran by jana (administrator) on JANA-PC on 09-09-2013 12:58:38
Running from C:\Users\jana\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(Woodtale Technology Inc) C:\Users\jana\AppData\Local\DProtect\DProtectSvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\aestsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd.) C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
(Creative Technology Ltd.) C:\Windows\OEM13Mon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(EasyBits Software AS) C:\ProgramData\GameXN\GameXNGO.exe
(Dropbox, Inc.) C:\Users\jana\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcfgex.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [217088 2009-06-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-16] (IDT, Inc.)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [DELL Webcam Manager] - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [OEM13Mon.exe] - C:\Windows\OEM13Mon.exe [36864 2008-01-08] (Creative Technology Ltd.)
HKLM\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-06-08] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-06-08] ()
HKCU\...\Run: [GameXN GO] - C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-03-03] (EasyBits Software AS)
Startup: C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP ... l&tsp=5000
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?babsrc=HP ... l&tsp=5000
URLSearchHook: (No Name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File
URLSearchHook: (No Name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://en.v9.com/?utm_source=b&utm_medi ... 1378718605
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={search ... l&tsp=5000
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -No Name - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No File
Toolbar: HKCU -No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.euro.dell.com/systemprof ... emLite.CAB
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 212.186.211.21 195.34.133.21

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome:
=======
CHR Extension: (Vivienne Westwood) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhehaklopgggapefjdijagkgbgeapkb\2_0
CHR Extension: (ContentBlockHelper) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnpejopbfnjicblkhclaaefhblgkfpd\8.3.3_0
CHR Extension: (Docs) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Adblock Plus) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0
CHR Extension: (Google Search) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Skype Click to Call) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\jana\AppData\Roaming\StatusWinks\statuswinks.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://en.v9.com/?utm_source=b&utm_medi ... 1378721170

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [282624 2013-02-19] (AVG Technologies CZ, s.r.o.)
R2 DPService; C:\Users\jana\AppData\Local\DProtect\DProtectSvc.exe [342592 2013-09-08] (Woodtale Technology Inc)
R2 ezGOSvc; C:\Windows\system32\ezGOSvc.dll [73600 2011-05-29] ()
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [770432 2013-07-17] (Enigma Software Group USA, LLC.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe [221266 2009-07-16] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-02-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-02-14] (AVG Technologies CZ, s.r.o.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 O2MDGRDR; C:\Windows\System32\DRIVERS\o2mdg.sys [58528 2009-05-22] (O2Micro )
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdg.sys [41504 2009-05-07] (O2Micro )
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-29] (Creative Technology Ltd.)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [181432 2012-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S2 ADILOADER; System32\Drivers\adildr.sys [x]
S3 adiusbaw; system32\DRIVERS\adiusbaw.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: ezGOSvc -> C:\Windows\system32\ezGOSvc.dll ()

==================== One Month Created Files and Folders ========

2013-09-09 12:58 - 2013-09-09 12:58 - 00000000 ____D C:\Users\jana\AppData\Local\qb30559F.3A
2013-09-09 12:58 - 2013-09-09 12:58 - 00000000 ____D C:\FRST
2013-09-09 12:58 - 2013-09-08 23:29 - 01082207 _____ (Farbar) C:\Users\jana\Desktop\FRST.exe
2013-09-09 12:57 - 2013-09-09 12:57 - 00001790 _____ C:\sc-cleaner.txt
2013-09-09 12:50 - 2013-09-09 12:50 - 00406144 _____ (Bleeping Computer, LLC) C:\Users\jana\Desktop\sc-cleaner.exe
2013-09-09 12:48 - 2013-09-09 12:48 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\Users\jana\AppData\Roaming\Babylon
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\ProgramData\Babylon
2013-09-09 12:09 - 2013-09-09 12:09 - 00522240 _____ (OldTimer Tools) C:\Users\jana\Desktop\OTM.exe
2013-09-09 12:08 - 2013-09-09 12:08 - 00005344 _____ C:\Users\jana\Desktop\AdwCleaner[S0]1.txt
2013-09-09 12:03 - 2013-09-09 12:04 - 00000000 ____D C:\AdwCleaner
2013-09-09 12:02 - 2013-09-09 12:02 - 01037278 _____ C:\Users\jana\Downloads\adwcleaner.exe
2013-09-09 11:31 - 2013-09-09 11:31 - 00000000 ____D C:\Users\jana\AppData\Roaming\AVG2013
2013-09-09 11:29 - 2013-09-09 11:29 - 00000947 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-09-09 11:28 - 2013-09-09 11:30 - 00000000 ____D C:\ProgramData\AVG2013
2013-09-09 11:28 - 2013-09-09 11:28 - 00000000 ___HD C:\$AVG
2013-09-09 11:26 - 2013-09-09 11:33 - 00000000 ____D C:\Users\jana\AppData\Local\Avg2013
2013-09-09 11:26 - 2013-09-09 11:32 - 00000000 ____D C:\ProgramData\MFAData
2013-09-09 11:26 - 2013-09-09 11:26 - 00000000 ____D C:\Users\jana\AppData\Local\MFAData
2013-09-09 11:19 - 2013-09-09 11:24 - 00588503 _____ C:\Users\jana\Downloads\avgremover.log
2013-09-09 11:19 - 2013-09-09 11:19 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\jana\Downloads\avg_remover_stf_x86_2013_3341.exe
2013-09-09 10:53 - 2013-09-09 10:53 - 00000000 ____D C:\Users\jana\AppData\Local\Avg2014
2013-09-09 08:56 - 2013-09-09 08:56 - 00001112 _____ C:\Users\jana\Desktop\JRT.txt
2013-09-09 08:43 - 2013-09-09 11:23 - 00002112 _____ C:\Windows\PFRO.log
2013-09-08 22:49 - 2013-09-09 10:57 - 00000000 ____D C:\Windows\ERUNT
2013-09-08 22:46 - 2013-09-08 22:46 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\jana\Downloads\JRT.exe
2013-09-08 22:34 - 2013-09-09 12:56 - 00001522 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-08 22:34 - 2013-09-09 12:39 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-08 22:34 - 2013-09-09 12:06 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-08 20:17 - 2013-09-08 20:17 - 00000000 ____D C:\ProgramData\LockHunter
2013-09-08 19:47 - 2013-09-09 12:06 - 00000336 _____ C:\Windows\setupact.log
2013-09-08 19:47 - 2013-09-08 19:47 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 17:28 - 2013-09-08 17:28 - 00002464 _____ C:\cc_20130908_172845.reg
2013-09-08 16:40 - 2013-09-09 11:00 - 00000000 ____D C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-09-08 16:40 - 2013-09-09 10:57 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-08 16:40 - 2013-09-08 16:40 - 00002240 _____ C:\Users\jana\Desktop\SpyHunter.lnk
2013-09-08 16:38 - 2013-09-09 10:59 - 00000000 ____D C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2013-09-08 16:38 - 2013-09-08 16:38 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-08 16:36 - 2013-09-08 16:36 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\jana\Downloads\SpyHunter-Installer.exe
2013-09-08 14:46 - 2013-09-09 10:59 - 00000000 ____D C:\Program Files\HandyUpdater
2013-09-08 14:45 - 2013-09-09 12:09 - 00000000 ____D C:\Users\jana\AppData\Local\DProtect
2013-09-08 12:38 - 2013-09-09 10:57 - 00000000 ____D C:\Program Files\Google
2013-09-07 23:59 - 2013-09-07 23:59 - 00030692 _____ C:\cc_20130907_235903.reg
2013-08-31 14:32 - 2013-08-31 14:32 - 00000000 ____D C:\Users\jana\Desktop\Lesni zkousky Dag
2013-08-22 15:42 - 2013-08-31 14:27 - 00000000 ____D C:\Users\Peta
2013-08-14 09:32 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 09:32 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 09:32 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 09:32 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 09:32 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 09:32 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 09:32 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 09:32 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 08:49 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:49 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:49 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:49 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:49 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:48 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:48 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:48 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 08:48 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:48 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:48 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:48 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-09 12:58 - 2013-09-09 12:58 - 00001790 _____ C:\Users\jana\Desktop\sc-cleaner.txt
2013-09-09 12:58 - 2013-09-09 12:58 - 00000000 ____D C:\Users\jana\AppData\Local\qb30559F.3A
2013-09-09 12:58 - 2013-09-09 12:58 - 00000000 ____D C:\FRST
2013-09-09 12:57 - 2013-09-09 12:57 - 00001790 _____ C:\sc-cleaner.txt
2013-09-09 12:57 - 2012-03-03 11:42 - 00000000 ____D C:\ProgramData\GameXN
2013-09-09 12:56 - 2013-09-08 22:34 - 00001522 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-09 12:56 - 2010-02-14 05:30 - 00001368 _____ C:\Users\jana\Desktop\Internet Explorer.lnk
2013-09-09 12:56 - 2010-02-14 04:28 - 00001398 _____ C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-09 12:51 - 2010-02-14 04:28 - 01091888 _____ C:\Windows\WindowsUpdate.log
2013-09-09 12:50 - 2013-09-09 12:50 - 00406144 _____ (Bleeping Computer, LLC) C:\Users\jana\Desktop\sc-cleaner.exe
2013-09-09 12:48 - 2013-09-09 12:48 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-09 12:48 - 2011-04-06 16:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\Users\jana\AppData\Roaming\Babylon
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\ProgramData\Babylon
2013-09-09 12:39 - 2013-09-08 22:34 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-09 12:15 - 2012-05-22 07:12 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-09 12:14 - 2009-07-14 06:34 - 00020016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-09 12:14 - 2009-07-14 06:34 - 00020016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-09 12:10 - 2010-02-14 04:31 - 01478286 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 12:09 - 2013-09-09 12:09 - 00522240 _____ (OldTimer Tools) C:\Users\jana\Desktop\OTM.exe
2013-09-09 12:09 - 2013-09-08 14:45 - 00000000 ____D C:\Users\jana\AppData\Local\DProtect
2013-09-09 12:08 - 2013-09-09 12:08 - 00005344 _____ C:\Users\jana\Desktop\AdwCleaner[S0]1.txt
2013-09-09 12:07 - 2013-05-11 19:51 - 00000000 ___RD C:\Users\jana\Dropbox
2013-09-09 12:07 - 2013-05-11 19:46 - 00000000 ____D C:\Users\jana\AppData\Roaming\Dropbox
2013-09-09 12:06 - 2013-09-08 22:34 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-09 12:06 - 2013-09-08 19:47 - 00000336 _____ C:\Windows\setupact.log
2013-09-09 12:06 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 12:04 - 2013-09-09 12:03 - 00000000 ____D C:\AdwCleaner
2013-09-09 12:02 - 2013-09-09 12:02 - 01037278 _____ C:\Users\jana\Downloads\adwcleaner.exe
2013-09-09 11:58 - 2010-02-15 17:14 - 00000000 ____D C:\Users\jana\AppData\Roaming\Skype
2013-09-09 11:33 - 2013-09-09 11:26 - 00000000 ____D C:\Users\jana\AppData\Local\Avg2013
2013-09-09 11:32 - 2013-09-09 11:26 - 00000000 ____D C:\ProgramData\MFAData
2013-09-09 11:31 - 2013-09-09 11:31 - 00000000 ____D C:\Users\jana\AppData\Roaming\AVG2013
2013-09-09 11:30 - 2013-09-09 11:28 - 00000000 ____D C:\ProgramData\AVG2013
2013-09-09 11:29 - 2013-09-09 11:29 - 00000947 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-09-09 11:28 - 2013-09-09 11:28 - 00000000 ___HD C:\$AVG
2013-09-09 11:28 - 2010-02-14 13:37 - 00000000 ____D C:\Program Files\AVG
2013-09-09 11:26 - 2013-09-09 11:26 - 00000000 ____D C:\Users\jana\AppData\Local\MFAData
2013-09-09 11:24 - 2013-09-09 11:19 - 00588503 _____ C:\Users\jana\Downloads\avgremover.log
2013-09-09 11:23 - 2013-09-09 08:43 - 00002112 _____ C:\Windows\PFRO.log
2013-09-09 11:19 - 2013-09-09 11:19 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\jana\Downloads\avg_remover_stf_x86_2013_3341.exe
2013-09-09 11:01 - 2010-02-14 04:28 - 00000000 ____D C:\Users\jana
2013-09-09 11:00 - 2013-09-08 16:40 - 00000000 ____D C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-09-09 11:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-09 10:59 - 2013-09-08 16:38 - 00000000 ____D C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2013-09-09 10:59 - 2013-09-08 14:46 - 00000000 ____D C:\Program Files\HandyUpdater
2013-09-09 10:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-09 10:57 - 2013-09-08 22:49 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 10:57 - 2013-09-08 16:40 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-09 10:57 - 2013-09-08 12:38 - 00000000 ____D C:\Program Files\Google
2013-09-09 10:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-09-09 10:53 - 2013-09-09 10:53 - 00000000 ____D C:\Users\jana\AppData\Local\Avg2014
2013-09-09 10:21 - 2009-07-14 09:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-09 08:56 - 2013-09-09 08:56 - 00001112 _____ C:\Users\jana\Desktop\JRT.txt
2013-09-09 08:45 - 2011-05-29 16:31 - 00000000 ____D C:\Users\jana\AppData\Roaming\go
2013-09-08 23:29 - 2013-09-09 12:58 - 01082207 _____ (Farbar) C:\Users\jana\Desktop\FRST.exe
2013-09-08 22:46 - 2013-09-08 22:46 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\jana\Downloads\JRT.exe
2013-09-08 22:33 - 2010-02-14 13:42 - 00000000 ____D C:\Users\jana\AppData\Local\Deployment
2013-09-08 20:17 - 2013-09-08 20:17 - 00000000 ____D C:\ProgramData\LockHunter
2013-09-08 19:47 - 2013-09-08 19:47 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 17:28 - 2013-09-08 17:28 - 00002464 _____ C:\cc_20130908_172845.reg
2013-09-08 16:40 - 2013-09-08 16:40 - 00002240 _____ C:\Users\jana\Desktop\SpyHunter.lnk
2013-09-08 16:38 - 2013-09-08 16:38 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-08 16:36 - 2013-09-08 16:36 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\jana\Downloads\SpyHunter-Installer.exe
2013-09-08 12:27 - 2010-02-15 16:48 - 00000000 ____D C:\Users\jana\AppData\Local\Google
2013-09-07 23:59 - 2013-09-07 23:59 - 00030692 _____ C:\cc_20130907_235903.reg
2013-09-05 13:37 - 2013-07-10 10:34 - 00000000 ____D C:\Users\jana\Desktop\Finsko
2013-09-05 12:33 - 2013-08-03 21:49 - 00000000 ____D C:\Users\jana\Desktop\zbytek
2013-08-31 15:57 - 2008-01-01 11:29 - 00000000 ____D C:\Users\jana\Desktop\Budapest
2013-08-31 14:32 - 2013-08-31 14:32 - 00000000 ____D C:\Users\jana\Desktop\Lesni zkousky Dag
2013-08-31 14:27 - 2013-08-22 15:42 - 00000000 ____D C:\Users\Peta
2013-08-31 00:42 - 2009-07-14 06:53 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-29 09:36 - 2010-02-14 04:32 - 00088248 _____ C:\Users\jana\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-29 09:31 - 2009-07-14 06:33 - 00369376 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-28 20:58 - 2010-05-09 15:55 - 00000000 ____D C:\ProgramData\DivX
2013-08-28 20:57 - 2010-02-15 16:56 - 00000000 ____D C:\Program Files\DivX
2013-08-28 20:57 - 2010-02-15 16:56 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-08-22 20:24 - 2010-02-15 21:12 - 00000400 _____ C:\Windows\ODBC.INI
2013-08-22 15:43 - 2011-06-30 17:22 - 00002521 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-22 15:43 - 2010-02-15 16:48 - 00000000 ____D C:\ProgramData\Skype
2013-08-21 20:15 - 2012-05-22 07:12 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-21 20:15 - 2012-05-22 07:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 20:40 - 2011-05-27 20:15 - 00000000 ___RD C:\Program Files\Skype
2013-08-16 11:41 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-14 19:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 09:40 - 2013-07-24 20:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 09:38 - 2010-02-14 14:19 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 09:33 - 2009-07-14 04:04 - 00000499 _____ C:\Windows\win.ini

Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\Users\jana\WindowsActivationUpdate.exe
C:\Users\jana\AppData\Local\Temp\KMP_3.2.0.0.exe
C:\Users\jana\AppData\Local\Temp\Quarantine.exe
C:\Users\jana\AppData\Local\Temp\SHSetup.exe
C:\Users\jana\AppData\Local\Temp\uninst1.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



==================== Alternate Data Streams (whitelisted) ====


==================== Loaded Modules (whitelisted) ============

2013-09-08 14:45 - 2013-09-08 14:45 - 00506944 _____ () C:\Users\jana\AppData\Local\DProtect\eBP.dll
2013-09-08 14:45 - 2013-09-08 14:45 - 00062016 _____ () C:\Users\jana\AppData\Local\DProtect\eBPSD.dll
2013-05-09 01:01 - 2013-05-09 01:01 - 00130736 _____ (Dropbox, Inc.) C:\Users\jana\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2010-06-03 17:36 - 2009-08-16 17:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2013-01-12 00:01 - 2012-02-18 01:12 - 00088408 _____ (TODO: <Company name>) C:\Program Files\LockHunter\LHShellExt32.dll
2010-02-14 12:42 - 2009-06-29 16:59 - 00108606 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2010-02-14 12:46 - 2009-07-16 03:47 - 03600384 _____ (IDT, Inc.) C:\Program Files\IDT\WDM\STLang.dll
2010-02-14 12:46 - 2009-07-16 03:47 - 00490496 ____N (IDT, Inc.) C:\Windows\system32\stapi32.dll
2010-02-14 13:47 - 2007-01-09 14:40 - 00327680 ____N (Creative Technology Ltd) C:\Program Files\Dell\Dell Webcam Manager\HookWnd.DLL
2010-02-14 14:08 - 2005-07-07 02:07 - 00036864 _____ (Creative Technology Ltd.) C:\Windows\system32\CtCamMgr.dll
2010-02-14 12:42 - 2009-06-29 16:59 - 00108606 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\VXDIF.DLL
2012-05-29 18:13 - 2012-06-08 13:00 - 00249344 _____ (Windows (R) Codename Longhorn DDK provider) C:\Program Files\Samsung\Kies\External\DeviceModules\UPNPDevice_Kies.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-09-08 10:54 - 2013-09-08 10:54 - 00115137 _____ () C:\Users\jana\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
2012-03-03 11:42 - 2013-07-09 17:23 - 04155376 _____ (GameXN AS) C:\ProgramData\GameXN\ezGameXN.dll
2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\jana\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\jana\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\jana\AppData\Roaming\Dropbox\bin\icudt.dll
Název chybujícího modulu: avgwd.dll, verze: 13.0.0.3390, časové razítko: 0x51eeb867
Název chybujícího modulu: avgduix.dll, verze: 13.0.0.3211, časové razítko: 0x5122e30b
Název chybujícího modulu: avgwd.dll, verze: 13.0.0.3390, časové razítko: 0x51eeb867
Název chybujícího modulu: avgduix.dll, verze: 13.0.0.3211, časové razítko: 0x5122e30b
Název chybujícího modulu: avgwd.dll, verze: 13.0.0.3390, časové razítko: 0x51eeb867
Název chybujícího modulu: avgduix.dll, verze: 13.0.0.3211, časové razítko: 0x5122e30b
Název chybujícího modulu: avgwd.dll, verze: 13.0.0.3390, časové razítko: 0x51eeb867
Název chybujícího modulu: avgduix.dll, verze: 13.0.0.3211, časové razítko: 0x5122e30b
Název chybujícího modulu: avgwd.dll, verze: 13.0.0.3390, časové razítko: 0x51eeb867
Název chybujícího modulu: avgduix.dll, verze: 13.0.0.3211, časové razítko: 0x5122e30b
Description: avgwdsvc.exe13.0.0.339051eea58davgwd.dll13.0.0.339051eeb867c0000005000807b17bc01cead3b152c3194C:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\AVG\AVG2013\avgwd.dll665600b3-192e-11e3-acb2-904ce5ff0e9a
Description: avgdiagex.exe13.0.0.330451539980avgduix.dll13.0.0.32115122e30bc0000005000527d979801cead38f8f3610bC:\Program Files\AVG\AVG2013\avgdiagex.exeC:\Program Files\AVG\AVG2013\avgduix.dll3fc4b72b-192c-11e3-8745-904ce5ff0e9a
Description: avgwdsvc.exe13.0.0.339051eea58davgwd.dll13.0.0.339051eeb867c0000005000807b1c7801cead38f5236cdbC:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\AVG\AVG2013\avgwd.dll3fa10287-192c-11e3-8745-904ce5ff0e9a
Description: avgdiagex.exe13.0.0.330451539980avgduix.dll13.0.0.32115122e30bc0000005000527d9122401cead37ea774188C:\Program Files\AVG\AVG2013\avgdiagex.exeC:\Program Files\AVG\AVG2013\avgduix.dll284eeb7f-192b-11e3-a5ed-904ce5ff0e9a
Description: avgwdsvc.exe13.0.0.339051eea58davgwd.dll13.0.0.339051eeb867c0000005000807b182001cead37e879db0dC:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\AVG\AVG2013\avgwd.dll281a46e7-192b-11e3-a5ed-904ce5ff0e9a
Description: avgdiagex.exe13.0.0.330451539980avgduix.dll13.0.0.32115122e30bc0000005000527d9175401cead37e4b6527aC:\Program Files\AVG\AVG2013\avgdiagex.exeC:\Program Files\AVG\AVG2013\avgduix.dll228dae5b-192b-11e3-a5ed-904ce5ff0e9a
Description: avgwdsvc.exe13.0.0.339051eea58davgwd.dll13.0.0.339051eeb867c0000005000807b151001cead37e2ed4a45C:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\AVG\AVG2013\avgwd.dll225bb93a-192b-11e3-a5ed-904ce5ff0e9a
Description: avgdiagex.exe13.0.0.330451539980avgduix.dll13.0.0.32115122e30bc0000005000527d93f801cead37deb80c33C:\Program Files\AVG\AVG2013\avgdiagex.exeC:\Program Files\AVG\AVG2013\avgduix.dll1c98de07-192b-11e3-a5ed-904ce5ff0e9a
Description: avgwdsvc.exe13.0.0.339051eea58davgwd.dll13.0.0.339051eeb867c0000005000807b111f401cead37dd61460cC:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\AVG\AVG2013\avgwd.dll1c58b032-192b-11e3-a5ed-904ce5ff0e9a
Description: avgdiagex.exe13.0.0.330451539980avgduix.dll13.0.0.32115122e30bc0000005000527d963801cead37d93713f0C:\Program Files\AVG\AVG2013\avgdiagex.exeC:\Program Files\AVG\AVG2013\avgduix.dll17071ce6-192b-11e3-a5ed-904ce5ff0e9a

==================== Scheduled Tasks (whitelisted) ===========

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Supplementary Scan (All) ================



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=dword:00000001
"AntiVirusOverride"=dword:00000000
"AntiSpywareOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"VIDC.YVU9"="tsbyuv.dll"
"msacm.l3acm"="C:\\Windows\\System32\\l3codeca.acm"
"vidc.cvid"="iccvid.dll"
"MSVideo8"="VfWWDM32.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"vidc.DIVX"="DivX.dll"
"vidc.yv12"="DivX.dll"


==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:232.79 GB) (Free:112.02 GB) NTFS

Available physical RAM: 1775.74 MB
Total physical RAM: 3032.96 MB
Percentage of memory in use: 41%

LastRegBack: 2013-09-02 16:57

==================== End Of Log ==============================

[eletto]

FRST po zadani Scan



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013
Ran by jana (administrator) on JANA-PC on 09-09-2013 12:58:38
Running from C:\Users\jana\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(Woodtale Technology Inc) C:\Users\jana\AppData\Local\DProtect\DProtectSvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\aestsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd.) C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
(Creative Technology Ltd.) C:\Windows\OEM13Mon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(EasyBits Software AS) C:\ProgramData\GameXN\GameXNGO.exe
(Dropbox, Inc.) C:\Users\jana\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcfgex.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [217088 2009-06-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-16] (IDT, Inc.)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [DELL Webcam Manager] - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [OEM13Mon.exe] - C:\Windows\OEM13Mon.exe [36864 2008-01-08] (Creative Technology Ltd.)
HKLM\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-06-08] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-06-08] ()
HKCU\...\Run: [GameXN GO] - C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-03-03] (EasyBits Software AS)
Startup: C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP ... l&tsp=5000
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?babsrc=HP ... l&tsp=5000
URLSearchHook: (No Name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File
URLSearchHook: (No Name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://en.v9.com/?utm_source=b&utm_medi ... 1378718605
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={search ... l&tsp=5000
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -No Name - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No File
Toolbar: HKCU -No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.euro.dell.com/systemprof ... emLite.CAB
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 212.186.211.21 195.34.133.21

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome:
=======
CHR Extension: (Vivienne Westwood) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhehaklopgggapefjdijagkgbgeapkb\2_0
CHR Extension: (ContentBlockHelper) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnpejopbfnjicblkhclaaefhblgkfpd\8.3.3_0
CHR Extension: (Docs) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Adblock Plus) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0
CHR Extension: (Google Search) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Skype Click to Call) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\jana\AppData\Roaming\StatusWinks\statuswinks.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://en.v9.com/?utm_source=b&utm_medi ... 1378721170

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [282624 2013-02-19] (AVG Technologies CZ, s.r.o.)
R2 DPService; C:\Users\jana\AppData\Local\DProtect\DProtectSvc.exe [342592 2013-09-08] (Woodtale Technology Inc)
R2 ezGOSvc; C:\Windows\system32\ezGOSvc.dll [73600 2011-05-29] ()
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [770432 2013-07-17] (Enigma Software Group USA, LLC.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe [221266 2009-07-16] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-02-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-02-14] (AVG Technologies CZ, s.r.o.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 O2MDGRDR; C:\Windows\System32\DRIVERS\o2mdg.sys [58528 2009-05-22] (O2Micro )
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdg.sys [41504 2009-05-07] (O2Micro )
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-29] (Creative Technology Ltd.)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [181432 2012-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S2 ADILOADER; System32\Drivers\adildr.sys [x]
S3 adiusbaw; system32\DRIVERS\adiusbaw.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: ezGOSvc -> C:\Windows\system32\ezGOSvc.dll ()

==================== One Month Created Files and Folders ========

2013-09-09 12:58 - 2013-09-09 12:58 - 00000000 ____D C:\Users\jana\AppData\Local\qb30559F.3A
2013-09-09 12:58 - 2013-09-09 12:58 - 00000000 ____D C:\FRST
2013-09-09 12:58 - 2013-09-08 23:29 - 01082207 _____ (Farbar) C:\Users\jana\Desktop\FRST.exe
2013-09-09 12:57 - 2013-09-09 12:57 - 00001790 _____ C:\sc-cleaner.txt
2013-09-09 12:50 - 2013-09-09 12:50 - 00406144 _____ (Bleeping Computer, LLC) C:\Users\jana\Desktop\sc-cleaner.exe
2013-09-09 12:48 - 2013-09-09 12:48 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\Users\jana\AppData\Roaming\Babylon
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\ProgramData\Babylon
2013-09-09 12:09 - 2013-09-09 12:09 - 00522240 _____ (OldTimer Tools) C:\Users\jana\Desktop\OTM.exe
2013-09-09 12:08 - 2013-09-09 12:08 - 00005344 _____ C:\Users\jana\Desktop\AdwCleaner[S0]1.txt
2013-09-09 12:03 - 2013-09-09 12:04 - 00000000 ____D C:\AdwCleaner
2013-09-09 12:02 - 2013-09-09 12:02 - 01037278 _____ C:\Users\jana\Downloads\adwcleaner.exe
2013-09-09 11:31 - 2013-09-09 11:31 - 00000000 ____D C:\Users\jana\AppData\Roaming\AVG2013
2013-09-09 11:29 - 2013-09-09 11:29 - 00000947 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-09-09 11:28 - 2013-09-09 11:30 - 00000000 ____D C:\ProgramData\AVG2013
2013-09-09 11:28 - 2013-09-09 11:28 - 00000000 ___HD C:\$AVG
2013-09-09 11:26 - 2013-09-09 11:33 - 00000000 ____D C:\Users\jana\AppData\Local\Avg2013
2013-09-09 11:26 - 2013-09-09 11:32 - 00000000 ____D C:\ProgramData\MFAData
2013-09-09 11:26 - 2013-09-09 11:26 - 00000000 ____D C:\Users\jana\AppData\Local\MFAData
2013-09-09 11:19 - 2013-09-09 11:24 - 00588503 _____ C:\Users\jana\Downloads\avgremover.log
2013-09-09 11:19 - 2013-09-09 11:19 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\jana\Downloads\avg_remover_stf_x86_2013_3341.exe
2013-09-09 10:53 - 2013-09-09 10:53 - 00000000 ____D C:\Users\jana\AppData\Local\Avg2014
2013-09-09 08:56 - 2013-09-09 08:56 - 00001112 _____ C:\Users\jana\Desktop\JRT.txt
2013-09-09 08:43 - 2013-09-09 11:23 - 00002112 _____ C:\Windows\PFRO.log
2013-09-08 22:49 - 2013-09-09 10:57 - 00000000 ____D C:\Windows\ERUNT
2013-09-08 22:46 - 2013-09-08 22:46 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\jana\Downloads\JRT.exe
2013-09-08 22:34 - 2013-09-09 12:56 - 00001522 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-08 22:34 - 2013-09-09 12:39 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-08 22:34 - 2013-09-09 12:06 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-08 20:17 - 2013-09-08 20:17 - 00000000 ____D C:\ProgramData\LockHunter
2013-09-08 19:47 - 2013-09-09 12:06 - 00000336 _____ C:\Windows\setupact.log
2013-09-08 19:47 - 2013-09-08 19:47 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 17:28 - 2013-09-08 17:28 - 00002464 _____ C:\cc_20130908_172845.reg
2013-09-08 16:40 - 2013-09-09 11:00 - 00000000 ____D C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-09-08 16:40 - 2013-09-09 10:57 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-08 16:40 - 2013-09-08 16:40 - 00002240 _____ C:\Users\jana\Desktop\SpyHunter.lnk
2013-09-08 16:38 - 2013-09-09 10:59 - 00000000 ____D C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2013-09-08 16:38 - 2013-09-08 16:38 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-08 16:36 - 2013-09-08 16:36 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\jana\Downloads\SpyHunter-Installer.exe
2013-09-08 14:46 - 2013-09-09 10:59 - 00000000 ____D C:\Program Files\HandyUpdater
2013-09-08 14:45 - 2013-09-09 12:09 - 00000000 ____D C:\Users\jana\AppData\Local\DProtect
2013-09-08 12:38 - 2013-09-09 10:57 - 00000000 ____D C:\Program Files\Google
2013-09-07 23:59 - 2013-09-07 23:59 - 00030692 _____ C:\cc_20130907_235903.reg
2013-08-31 14:32 - 2013-08-31 14:32 - 00000000 ____D C:\Users\jana\Desktop\Lesni zkousky Dag
2013-08-22 15:42 - 2013-08-31 14:27 - 00000000 ____D C:\Users\Peta
2013-08-14 09:32 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 09:32 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 09:32 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 09:32 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 09:32 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 09:32 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 09:32 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 09:32 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 08:49 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:49 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:49 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:49 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:49 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:48 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:48 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:48 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 08:48 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:48 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:48 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:48 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-09 12:58 - 2013-09-09 12:58 - 00001790 _____ C:\Users\jana\Desktop\sc-cleaner.txt
2013-09-09 12:58 - 2013-09-09 12:58 - 00000000 ____D C:\Users\jana\AppData\Local\qb30559F.3A
2013-09-09 12:58 - 2013-09-09 12:58 - 00000000 ____D C:\FRST
2013-09-09 12:57 - 2013-09-09 12:57 - 00001790 _____ C:\sc-cleaner.txt
2013-09-09 12:57 - 2012-03-03 11:42 - 00000000 ____D C:\ProgramData\GameXN
2013-09-09 12:56 - 2013-09-08 22:34 - 00001522 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-09 12:56 - 2010-02-14 05:30 - 00001368 _____ C:\Users\jana\Desktop\Internet Explorer.lnk
2013-09-09 12:56 - 2010-02-14 04:28 - 00001398 _____ C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-09 12:51 - 2010-02-14 04:28 - 01091888 _____ C:\Windows\WindowsUpdate.log
2013-09-09 12:50 - 2013-09-09 12:50 - 00406144 _____ (Bleeping Computer, LLC) C:\Users\jana\Desktop\sc-cleaner.exe
2013-09-09 12:48 - 2013-09-09 12:48 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-09 12:48 - 2011-04-06 16:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\Users\jana\AppData\Roaming\Babylon
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\ProgramData\Babylon
2013-09-09 12:39 - 2013-09-08 22:34 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-09 12:15 - 2012-05-22 07:12 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-09 12:14 - 2009-07-14 06:34 - 00020016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-09 12:14 - 2009-07-14 06:34 - 00020016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-09 12:10 - 2010-02-14 04:31 - 01478286 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 12:09 - 2013-09-09 12:09 - 00522240 _____ (OldTimer Tools) C:\Users\jana\Desktop\OTM.exe
2013-09-09 12:09 - 2013-09-08 14:45 - 00000000 ____D C:\Users\jana\AppData\Local\DProtect
2013-09-09 12:08 - 2013-09-09 12:08 - 00005344 _____ C:\Users\jana\Desktop\AdwCleaner[S0]1.txt
2013-09-09 12:07 - 2013-05-11 19:51 - 00000000 ___RD C:\Users\jana\Dropbox
2013-09-09 12:07 - 2013-05-11 19:46 - 00000000 ____D C:\Users\jana\AppData\Roaming\Dropbox
2013-09-09 12:06 - 2013-09-08 22:34 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-09 12:06 - 2013-09-08 19:47 - 00000336 _____ C:\Windows\setupact.log
2013-09-09 12:06 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 12:04 - 2013-09-09 12:03 - 00000000 ____D C:\AdwCleaner
2013-09-09 12:02 - 2013-09-09 12:02 - 01037278 _____ C:\Users\jana\Downloads\adwcleaner.exe
2013-09-09 11:58 - 2010-02-15 17:14 - 00000000 ____D C:\Users\jana\AppData\Roaming\Skype
2013-09-09 11:33 - 2013-09-09 11:26 - 00000000 ____D C:\Users\jana\AppData\Local\Avg2013
2013-09-09 11:32 - 2013-09-09 11:26 - 00000000 ____D C:\ProgramData\MFAData
2013-09-09 11:31 - 2013-09-09 11:31 - 00000000 ____D C:\Users\jana\AppData\Roaming\AVG2013
2013-09-09 11:30 - 2013-09-09 11:28 - 00000000 ____D C:\ProgramData\AVG2013
2013-09-09 11:29 - 2013-09-09 11:29 - 00000947 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-09-09 11:28 - 2013-09-09 11:28 - 00000000 ___HD C:\$AVG
2013-09-09 11:28 - 2010-02-14 13:37 - 00000000 ____D C:\Program Files\AVG
2013-09-09 11:26 - 2013-09-09 11:26 - 00000000 ____D C:\Users\jana\AppData\Local\MFAData
2013-09-09 11:24 - 2013-09-09 11:19 - 00588503 _____ C:\Users\jana\Downloads\avgremover.log
2013-09-09 11:23 - 2013-09-09 08:43 - 00002112 _____ C:\Windows\PFRO.log
2013-09-09 11:19 - 2013-09-09 11:19 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\jana\Downloads\avg_remover_stf_x86_2013_3341.exe
2013-09-09 11:01 - 2010-02-14 04:28 - 00000000 ____D C:\Users\jana
2013-09-09 11:00 - 2013-09-08 16:40 - 00000000 ____D C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-09-09 11:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-09 10:59 - 2013-09-08 16:38 - 00000000 ____D C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2013-09-09 10:59 - 2013-09-08 14:46 - 00000000 ____D C:\Program Files\HandyUpdater
2013-09-09 10:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-09 10:57 - 2013-09-08 22:49 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 10:57 - 2013-09-08 16:40 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-09 10:57 - 2013-09-08 12:38 - 00000000 ____D C:\Program Files\Google
2013-09-09 10:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-09-09 10:53 - 2013-09-09 10:53 - 00000000 ____D C:\Users\jana\AppData\Local\Avg2014
2013-09-09 10:21 - 2009-07-14 09:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-09 08:56 - 2013-09-09 08:56 - 00001112 _____ C:\Users\jana\Desktop\JRT.txt
2013-09-09 08:45 - 2011-05-29 16:31 - 00000000 ____D C:\Users\jana\AppData\Roaming\go
2013-09-08 23:29 - 2013-09-09 12:58 - 01082207 _____ (Farbar) C:\Users\jana\Desktop\FRST.exe
2013-09-08 22:46 - 2013-09-08 22:46 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\jana\Downloads\JRT.exe
2013-09-08 22:33 - 2010-02-14 13:42 - 00000000 ____D C:\Users\jana\AppData\Local\Deployment
2013-09-08 20:17 - 2013-09-08 20:17 - 00000000 ____D C:\ProgramData\LockHunter
2013-09-08 19:47 - 2013-09-08 19:47 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 17:28 - 2013-09-08 17:28 - 00002464 _____ C:\cc_20130908_172845.reg
2013-09-08 16:40 - 2013-09-08 16:40 - 00002240 _____ C:\Users\jana\Desktop\SpyHunter.lnk
2013-09-08 16:38 - 2013-09-08 16:38 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-08 16:36 - 2013-09-08 16:36 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\jana\Downloads\SpyHunter-Installer.exe
2013-09-08 12:27 - 2010-02-15 16:48 - 00000000 ____D C:\Users\jana\AppData\Local\Google
2013-09-07 23:59 - 2013-09-07 23:59 - 00030692 _____ C:\cc_20130907_235903.reg
2013-09-05 13:37 - 2013-07-10 10:34 - 00000000 ____D C:\Users\jana\Desktop\Finsko
2013-09-05 12:33 - 2013-08-03 21:49 - 00000000 ____D C:\Users\jana\Desktop\zbytek
2013-08-31 15:57 - 2008-01-01 11:29 - 00000000 ____D C:\Users\jana\Desktop\Budapest
2013-08-31 14:32 - 2013-08-31 14:32 - 00000000 ____D C:\Users\jana\Desktop\Lesni zkousky Dag
2013-08-31 14:27 - 2013-08-22 15:42 - 00000000 ____D C:\Users\Peta
2013-08-31 00:42 - 2009-07-14 06:53 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-29 09:36 - 2010-02-14 04:32 - 00088248 _____ C:\Users\jana\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-29 09:31 - 2009-07-14 06:33 - 00369376 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-28 20:58 - 2010-05-09 15:55 - 00000000 ____D C:\ProgramData\DivX
2013-08-28 20:57 - 2010-02-15 16:56 - 00000000 ____D C:\Program Files\DivX
2013-08-28 20:57 - 2010-02-15 16:56 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-08-22 20:24 - 2010-02-15 21:12 - 00000400 _____ C:\Windows\ODBC.INI
2013-08-22 15:43 - 2011-06-30 17:22 - 00002521 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-22 15:43 - 2010-02-15 16:48 - 00000000 ____D C:\ProgramData\Skype
2013-08-21 20:15 - 2012-05-22 07:12 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-21 20:15 - 2012-05-22 07:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 20:40 - 2011-05-27 20:15 - 00000000 ___RD C:\Program Files\Skype
2013-08-16 11:41 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-14 19:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 09:40 - 2013-07-24 20:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 09:38 - 2010-02-14 14:19 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 09:33 - 2009-07-14 04:04 - 00000499 _____ C:\Windows\win.ini

Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\Users\jana\WindowsActivationUpdate.exe
C:\Users\jana\AppData\Local\Temp\KMP_3.2.0.0.exe
C:\Users\jana\AppData\Local\Temp\Quarantine.exe
C:\Users\jana\AppData\Local\Temp\SHSetup.exe
C:\Users\jana\AppData\Local\Temp\uninst1.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



==================== Alternate Data Streams (whitelisted) ====


==================== Loaded Modules (whitelisted) ============

2013-09-08 14:45 - 2013-09-08 14:45 - 00506944 _____ () C:\Users\jana\AppData\Local\DProtect\eBP.dll
2013-09-08 14:45 - 2013-09-08 14:45 - 00062016 _____ () C:\Users\jana\AppData\Local\DProtect\eBPSD.dll
2013-05-09 01:01 - 2013-05-09 01:01 - 00130736 _____ (Dropbox, Inc.) C:\Users\jana\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2010-06-03 17:36 - 2009-08-16 17:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2013-01-12 00:01 - 2012-02-18 01:12 - 00088408 _____ (TODO: <Company name>) C:\Program Files\LockHunter\LHShellExt32.dll
2010-02-14 12:42 - 2009-06-29 16:59 - 00108606 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2010-02-14 12:46 - 2009-07-16 03:47 - 03600384 _____ (IDT, Inc.) C:\Program Files\IDT\WDM\STLang.dll
2010-02-14 12:46 - 2009-07-16 03:47 - 00490496 ____N (IDT, Inc.) C:\Windows\system32\stapi32.dll
2010-02-14 13:47 - 2007-01-09 14:40 - 00327680 ____N (Creative Technology Ltd) C:\Program Files\Dell\Dell Webcam Manager\HookWnd.DLL
2010-02-14 14:08 - 2005-07-07 02:07 - 00036864 _____ (Creative Technology Ltd.) C:\Windows\system32\CtCamMgr.dll
2010-02-14 12:42 - 2009-06-29 16:59 - 00108606 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\VXDIF.DLL
2012-05-29 18:13 - 2012-06-08 13:00 - 00249344 _____ (Windows (R) Codename Longhorn DDK provider) C:\Program Files\Samsung\Kies\External\DeviceModules\UPNPDevice_Kies.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-09-08 10:54 - 2013-09-08 10:54 - 00115137 _____ () C:\Users\jana\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
2012-03-03 11:42 - 2013-07-09 17:23 - 04155376 _____ (GameXN AS) C:\ProgramData\GameXN\ezGameXN.dll
2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\jana\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\jana\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\jana\AppData\Roaming\Dropbox\bin\icudt.dll
Název chybujícího modulu: avgwd.dll, verze: 13.0.0.3390, časové razítko: 0x51eeb867
Název chybujícího modulu: avgduix.dll, verze: 13.0.0.3211, časové razítko: 0x5122e30b
Název chybujícího modulu: avgwd.dll, verze: 13.0.0.3390, časové razítko: 0x51eeb867
Název chybujícího modulu: avgduix.dll, verze: 13.0.0.3211, časové razítko: 0x5122e30b
Název chybujícího modulu: avgwd.dll, verze: 13.0.0.3390, časové razítko: 0x51eeb867
Název chybujícího modulu: avgduix.dll, verze: 13.0.0.3211, časové razítko: 0x5122e30b
Název chybujícího modulu: avgwd.dll, verze: 13.0.0.3390, časové razítko: 0x51eeb867
Název chybujícího modulu: avgduix.dll, verze: 13.0.0.3211, časové razítko: 0x5122e30b
Název chybujícího modulu: avgwd.dll, verze: 13.0.0.3390, časové razítko: 0x51eeb867
Název chybujícího modulu: avgduix.dll, verze: 13.0.0.3211, časové razítko: 0x5122e30b
Description: avgwdsvc.exe13.0.0.339051eea58davgwd.dll13.0.0.339051eeb867c0000005000807b17bc01cead3b152c3194C:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\AVG\AVG2013\avgwd.dll665600b3-192e-11e3-acb2-904ce5ff0e9a
Description: avgdiagex.exe13.0.0.330451539980avgduix.dll13.0.0.32115122e30bc0000005000527d979801cead38f8f3610bC:\Program Files\AVG\AVG2013\avgdiagex.exeC:\Program Files\AVG\AVG2013\avgduix.dll3fc4b72b-192c-11e3-8745-904ce5ff0e9a
Description: avgwdsvc.exe13.0.0.339051eea58davgwd.dll13.0.0.339051eeb867c0000005000807b1c7801cead38f5236cdbC:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\AVG\AVG2013\avgwd.dll3fa10287-192c-11e3-8745-904ce5ff0e9a
Description: avgdiagex.exe13.0.0.330451539980avgduix.dll13.0.0.32115122e30bc0000005000527d9122401cead37ea774188C:\Program Files\AVG\AVG2013\avgdiagex.exeC:\Program Files\AVG\AVG2013\avgduix.dll284eeb7f-192b-11e3-a5ed-904ce5ff0e9a
Description: avgwdsvc.exe13.0.0.339051eea58davgwd.dll13.0.0.339051eeb867c0000005000807b182001cead37e879db0dC:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\AVG\AVG2013\avgwd.dll281a46e7-192b-11e3-a5ed-904ce5ff0e9a
Description: avgdiagex.exe13.0.0.330451539980avgduix.dll13.0.0.32115122e30bc0000005000527d9175401cead37e4b6527aC:\Program Files\AVG\AVG2013\avgdiagex.exeC:\Program Files\AVG\AVG2013\avgduix.dll228dae5b-192b-11e3-a5ed-904ce5ff0e9a
Description: avgwdsvc.exe13.0.0.339051eea58davgwd.dll13.0.0.339051eeb867c0000005000807b151001cead37e2ed4a45C:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\AVG\AVG2013\avgwd.dll225bb93a-192b-11e3-a5ed-904ce5ff0e9a
Description: avgdiagex.exe13.0.0.330451539980avgduix.dll13.0.0.32115122e30bc0000005000527d93f801cead37deb80c33C:\Program Files\AVG\AVG2013\avgdiagex.exeC:\Program Files\AVG\AVG2013\avgduix.dll1c98de07-192b-11e3-a5ed-904ce5ff0e9a
Description: avgwdsvc.exe13.0.0.339051eea58davgwd.dll13.0.0.339051eeb867c0000005000807b111f401cead37dd61460cC:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\AVG\AVG2013\avgwd.dll1c58b032-192b-11e3-a5ed-904ce5ff0e9a
Description: avgdiagex.exe13.0.0.330451539980avgduix.dll13.0.0.32115122e30bc0000005000527d963801cead37d93713f0C:\Program Files\AVG\AVG2013\avgdiagex.exeC:\Program Files\AVG\AVG2013\avgduix.dll17071ce6-192b-11e3-a5ed-904ce5ff0e9a

==================== Scheduled Tasks (whitelisted) ===========

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Supplementary Scan (All) ================



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=dword:00000001
"AntiVirusOverride"=dword:00000000
"AntiSpywareOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"VIDC.YVU9"="tsbyuv.dll"
"msacm.l3acm"="C:\\Windows\\System32\\l3codeca.acm"
"vidc.cvid"="iccvid.dll"
"MSVideo8"="VfWWDM32.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"vidc.DIVX"="DivX.dll"
"vidc.yv12"="DivX.dll"


==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:232.79 GB) (Free:112.02 GB) NTFS

Available physical RAM: 1775.74 MB
Total physical RAM: 3032.96 MB
Percentage of memory in use: 41%

LastRegBack: 2013-09-02 16:57

==================== End Of Log ==============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
  HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-06-08] (Samsung Electronics Co., Ltd.)
  HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
  HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
  HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
  HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
  HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-06-08] ()
  HKCU\...\Run: [GameXN GO] - C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-03-03] (EasyBits Software AS)
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP ... l&tsp=5000
  HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?babsrc=HP ... l&tsp=5000
  URLSearchHook: (No Name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File
  URLSearchHook: (No Name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No File
  StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://en.v9.com/?utm_source=b&utm_medi ... 1378718605
  SearchScopes: HKLM - DefaultScope value is missing.
  SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
  SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=76F7701A046915E8&affID=121240&tt=080913_ctrl&tsp=5000
  Toolbar: HKCU -No Name - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No File
  Toolbar: HKCU -No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
  
  CHR HKLM\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\jana\AppData\Roaming\StatusWinks\statuswinks.crx
  CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
  CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
  
  R2 ezGOSvc; C:\Windows\system32\ezGOSvc.dll [73600 2011-05-29] ()
  R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [770432 2013-07-17] (Enigma Software Group USA, LLC.)
  S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
  S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
  
  NETSVC: ezGOSvc -> C:\Windows\system32\ezGOSvc.dll ()
  
  C:\Windows\system32\ezGOSvc.dll
  C:\Program Files\Enigma Software Group
  2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\Users\jana\AppData\Roaming\Babylon
  2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\ProgramData\DSearchLink
  2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\ProgramData\Babylon
  2013-09-08 16:40 - 2013-09-09 10:57 - 00000000 ____D C:\Program Files\Enigma Software Group
  2013-09-08 16:40 - 2013-09-08 16:40 - 00002240 _____ C:\Users\jana\Desktop\SpyHunter.lnk
  2013-09-08 14:45 - 2013-09-09 12:09 - 00000000 ____D C:\Users\jana\AppData\Local\DProtect
  C:\ProgramData\ezsid.dat
  C:\Users\jana\WindowsActivationUpdate.exe
  C:\Users\jana\AppData\Local\Temp\KMP_3.2.0.0.exe
  C:\Users\jana\AppData\Local\Temp\Quarantine.exe
  C:\Users\jana\AppData\Local\Temp\SHSetup.exe
  C:\Users\jana\AppData\Local\Temp\uninst1.exe
  
  Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  
  Hosts:
  CMD: shutdown /r /f /t 2
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[eletto]

Koukam, ze uz se uklidnil SpyHunter a uz ho nevidim ani ikonkou na plose ...


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-09-2013
Ran by jana at 2013-09-09 13:29:31 Run:1
Running from C:\Users\jana\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-06-08] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-06-08] ()
HKCU\...\Run: [GameXN GO] - C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-03-03] (EasyBits Software AS)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP ... l&tsp=5000
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?babsrc=HP ... l&tsp=5000
URLSearchHook: (No Name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File
URLSearchHook: (No Name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://en.v9.com/?utm_source=b&utm_medi ... 1378718605
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={search ... l&tsp=5000
Toolbar: HKCU -No Name - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No File
Toolbar: HKCU -No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File

CHR HKLM\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\jana\AppData\Roaming\StatusWinks\statuswinks.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

R2 ezGOSvc; C:\Windows\system32\ezGOSvc.dll [73600 2011-05-29] ()
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [770432 2013-07-17] (Enigma Software Group USA, LLC.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()

NETSVC: ezGOSvc -> C:\Windows\system32\ezGOSvc.dll ()

C:\Windows\system32\ezGOSvc.dll
C:\Program Files\Enigma Software Group
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\Users\jana\AppData\Roaming\Babylon
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-09 12:47 - 2013-09-09 12:47 - 00000000 ____D C:\ProgramData\Babylon
2013-09-08 16:40 - 2013-09-09 10:57 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-08 16:40 - 2013-09-08 16:40 - 00002240 _____ C:\Users\jana\Desktop\SpyHunter.lnk
2013-09-08 14:45 - 2013-09-09 12:09 - 00000000 ____D C:\Users\jana\AppData\Local\DProtect
C:\ProgramData\ezsid.dat
C:\Users\jana\WindowsActivationUpdate.exe
C:\Users\jana\AppData\Local\Temp\KMP_3.2.0.0.exe
C:\Users\jana\AppData\Local\Temp\Quarantine.exe
C:\Users\jana\AppData\Local\Temp\SHSetup.exe
C:\Users\jana\AppData\Local\Temp\uninst1.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Hosts:
CMD: shutdown /r /f /t 2
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KiesTrayAgent => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\KiesPDLR => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GameXN GO => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{22e03916-85c5-44b0-8dc9-1830c11238d9} => Value deleted successfully.
HKCR\CLSID\{22e03916-85c5-44b0-8dc9-1830c11238d9} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Value deleted successfully.
HKCR\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{22E03916-85C5-44B0-8DC9-1830C11238D9} => Value deleted successfully.
HKCR\CLSID\{22E03916-85C5-44B0-8DC9-1830C11238D9} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Value deleted successfully.
HKCR\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih => Key deleted successfully.
"C:\Users\jana\AppData\Roaming\StatusWinks\statuswinks.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\nneajnkjbffgblleaoojgaacokifdkhm => Key deleted successfully.
C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx => Moved successfully.
ezGOSvc => Service deleted successfully.
SpyHunter 4 Service => Service deleted successfully.
esgiguard => Service deleted successfully.
EsgScanner => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ezGOSvc => Value deleted successfully.
C:\Windows\system32\ezGOSvc.dll => Moved successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Users\jana\AppData\Roaming\Babylon => Moved successfully.
C:\ProgramData\DSearchLink => Moved successfully.
C:\ProgramData\Babylon => Moved successfully.
"C:\Program Files\Enigma Software Group" => File/Directory not found.
C:\Users\jana\Desktop\SpyHunter.lnk => Moved successfully.
C:\Users\jana\AppData\Local\DProtect => Moved successfully.
C:\ProgramData\ezsid.dat => Moved successfully.
C:\Users\jana\WindowsActivationUpdate.exe => Moved successfully.
C:\Users\jana\AppData\Local\Temp\KMP_3.2.0.0.exe => Moved successfully.
C:\Users\jana\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\jana\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\jana\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========



The system needs a manual reboot.

==== End of Fixlog ====

[vyosek]

Doporucuji zmenu antiviru - Avg je spise parodie na antivir

Odinstalujte Avg a pak pouzijte jeste http://download.avg.com/filedir/util/su ... 4_4116.exe

Nainstalujte Avast Free http://www.avast.com/get/gWR5mo92

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

[eletto]

Ok, ale to AVG vymenit za Avast muzu i pozdeji, ne? Nebo je to ted bezpodminecne nutny k vyreseni? Jestli ano, tak to samozrejme udelam.

[vyosek]

Pak bude potreba docistit i po AVG, rad bych vam "odevzdal" PC cisty a v poradku

Takze prosim o zmenu a pak pokracujte dalsimi kroky

[eletto]

Mam tam avast, avg je pryc, ale nemuzu udelat log z RSIT, pise mi to:

AutoIt
Line - 1
Error: Variable used without being declared.

[eletto]

Tak to delal jen ten posledni link pro 32bit, druhy sel a mam nasledujici vysledky:


info.txt logfile of random's system information tool 1.09 2013-09-09 14:27:20

======Uninstall list======

-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -maintain plugin
Adobe Reader X (10.1.7) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA1000000001}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Ashampoo Burning Studio 6 FREE v.6.80-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe"
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Canon MP560 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0-->C:\Windows\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Combined Community Codec Pack 2010-10-10-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
DivX Converter-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall
DProtect-->C:\Users\jana\AppData\Local\DProtect\DPUninstall.exe -silence
Fotogalerie-->MsiExec.exe /X{AEA7CE08-09DC-4186-99FD-66A26F3B8B21}
Garmin USB Drivers-->MsiExec.exe /X{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\29.0.1547.66\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {99A120B0-F930-3427-A833-FAD753B85527} /parameterfolder Client
IDT Audio-->"C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Java 7 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217025FF}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017F0}
JavaFX 2.1.1-->MsiExec.exe /X{1111706F-666A-4037-7777-211328764D10}
Junk Mail filter update-->MsiExec.exe /I{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}
Laptop Integrated Webcam Driver (1.01.01.0529) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM013.uns -plugin OEM13Pin.dll -pluginres OEM13Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
LockHunter 2.0 beta 2, 32 bit-->"C:\Program Files\LockHunter\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Movie Maker-->MsiExec.exe /X{379A0618-EF50-423C-9637-EEB2D25A4BB4}
Movie Maker-->MsiExec.exe /X{45898170-E68C-4F02-AA35-C2186BF347A3}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSVCRT110-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
O2Micro Flash Memory Card Windows Driver-->"C:\Program Files\InstallShield Installation Information\{B066A843-8978-4501-A900-A28C5EFE148B}\setup.exe" -runfromtemp -l0x0405 -removeonly
O2Micro Flash Memory Card Windows Driver-->MsiExec.exe /X{B066A843-8978-4501-A900-A28C5EFE148B}
Photo Common-->MsiExec.exe /X{23AAEBF8-12B1-43EA-B75D-CDC613CA6CB4}
Photo Gallery-->MsiExec.exe /X{0F929651-F516-4956-90F2-FFBD2CD5D30E}
PowerDVD DX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall
Realtek 8136 8168 8169 Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE 10.3-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE 10.3-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Samsung Kies-->"C:\Program Files\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Samsung Kies-->MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A}
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\Samsung\USB Drivers\Uninstall.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CD6D9B8A-BBC4-3FA7-B24D-D74CE90630CF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {ECBEE23D-AB7E-3DAA-B66B-CD52003198F1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {788818B1-B191-3217-A210-7ACFDE19CE4A} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B7C20E16-9A3A-3F05-A6B5-E15AA09200E0} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CF581973-77E0-3093-A1AC-A03130DE990F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {576C07F8-777C-3981-B8BF-063A6B57254E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {90EA7C4E-7F03-31FD-BE27-B1A9B4AE56BD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {1E88AFAE-CEF7-3540-8FF6-6D00877B2767} /parameterfolder Client
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 6.6-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
SpyHunter-->MsiExec.exe /X{DB847E94-446B-49E0-AC5D-C5627EC8B0C0}
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
TOPO Czech 3.1-->MsiExec.exe /X{1BBD9C84-4FDE-4318-8A32-B31CF4CF4CF8}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {0160BA31-409C-3FD0-9C87-C7D95BF46986} /parameterfolder Client
VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_x86_neutral_3e4b654f12f06d57\grmnusb.inf
Windows Live Communications Platform-->MsiExec.exe /I{03D562B5-C4E2-4846-A920-33178788BE00}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{9976E0BD-56A6-4A32-8597-B80FCE62063A}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{8256F87F-8554-4457-8C3D-3F3324697D9F}
Windows Live Installer-->MsiExec.exe /I{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}
Windows Live Mail-->MsiExec.exe /I{B6FF40EA-AEF2-46FF-9516-9A6512901B97}
Windows Live Mail-->MsiExec.exe /I{D604900F-A275-416C-AF9D-CDEDF58B72DB}
Windows Live MIME IFilter-->MsiExec.exe /I{D8E4163F-7ED2-429A-B8C5-C7CE5B797831}
Windows Live Photo Common-->MsiExec.exe /X{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}
Windows Live PIMT Platform-->MsiExec.exe /I{E3445598-4424-4EE2-B71C-C23325F7FB71}
Windows Live SOXE Definitions-->MsiExec.exe /I{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}
Windows Live SOXE-->MsiExec.exe /I{6B6923B9-8719-425B-916C-CD2908F31AAF}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{D310DD60-9EF2-4C9C-AD66-A58185A1C7CB}
Windows Live UX Platform-->MsiExec.exe /I{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}
Windows Live Writer Resources-->MsiExec.exe /X{BADEEBDE-ABAF-4650-9149-51614651A1A0}
Windows Live Writer-->MsiExec.exe /X{EFBCA571-617D-484A-9ECA-E301BB6D0750}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: jana-PC
Event Code: 104
Message: Byl vymazán soubor protokolu Windows PowerShell.
Record Number: 389098
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130909065633.854141-000
Event Type: Informace
User: jana-PC\jana

Computer Name: jana-PC
Event Code: 104
Message: Byl vymazán soubor protokolu Media Center.
Record Number: 389097
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130909065633.791741-000
Event Type: Informace
User: jana-PC\jana

Computer Name: jana-PC
Event Code: 104
Message: Byl vymazán soubor protokolu Key Management Service.
Record Number: 389096
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130909065633.682541-000
Event Type: Informace
User: jana-PC\jana

Computer Name: jana-PC
Event Code: 104
Message: Byl vymazán soubor protokolu Internet Explorer.
Record Number: 389095
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130909065633.604541-000
Event Type: Informace
User: jana-PC\jana

Computer Name: jana-PC
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 389094
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130909065633.464140-000
Event Type: Informace
User: jana-PC\jana

=====Application event log=====

Computer Name: jana-PC
Event Code: 754
Message: Služba Modul blokového zálohování byla zastavena.
Record Number: 74332
Source Name: Microsoft-Windows-Backup
Time Written: 20130909072752.905420-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: jana-PC
Event Code: 8199
Message: Obnovení systému bylo úspěšně inicializováno: (Naplánovaný kontrolní bod).
Record Number: 74331
Source Name: System Restore
Time Written: 20130909072752.000000-000
Event Type: Informace
User:

Computer Name: jana-PC
Event Code: 8215
Message: Bod obnovení pro vrácení zpět byl úspěšně vytvořen: (Popis = Operace obnovení).
Record Number: 74330
Source Name: System Restore
Time Written: 20130909072752.000000-000
Event Type: Informace
User:

Computer Name: jana-PC
Event Code: 8224
Message: Služba VSS bude ukončena z důvodu vypršení časového limitu nečinnosti.
Record Number: 74329
Source Name: VSS
Time Written: 20130909072426.000000-000
Event Type: Informace
User:

Computer Name: jana-PC
Event Code: 753
Message: Služba Modul blokového zálohování byla úspěšně spuštěna.
Record Number: 74328
Source Name: Microsoft-Windows-Backup
Time Written: 20130909072120.675245-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: jana-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 113474
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130909072121.971319-000
Event Type: Úspěšný audit
User:

Computer Name: jana-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: JANA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x2f0
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 113473
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130909072121.971319-000
Event Type: Úspěšný audit
User:

Computer Name: jana-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 113472
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130909072120.269221-000
Event Type: Úspěšný audit
User:

Computer Name: jana-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: JANA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x2f0
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 113471
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130909072120.269221-000
Event Type: Úspěšný audit
User:

Computer Name: jana-PC
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-1289795306-176129569-353269792-1000
Název účtu: jana
Název domény: jana-PC
ID přihlášení: 0x7ae65
Record Number: 113470
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130909065633.183340-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\Windows Live\Shared;%PROGRAMFILES%\Internet Explorer
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\

-----------------EOF-----------------

[vyosek]

OK, zas ta chybka, ono RSIT uz je trosku obcas mimo...

Spustte tedy znovu FRSTL jako na zacatku a nechte udelat log z FRST

[eletto]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013
Ran by jana (administrator) on JANA-PC on 09-09-2013 16:02:59
Running from C:\Users\jana\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\aestsrv.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd.) C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
(Creative Technology Ltd.) C:\Windows\OEM13Mon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dropbox, Inc.) C:\Users\jana\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Creative Technology Ltd.) C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [217088 2009-06-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-16] (IDT, Inc.)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [DELL Webcam Manager] - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [OEM13Mon.exe] - C:\Windows\OEM13Mon.exe [36864 2008-01-08] (Creative Technology Ltd.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
Startup: C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://en.v9.com/?utm_source=b&utm_medi ... 1378721170
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.euro.dell.com/systemprof ... emLite.CAB
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 212.186.211.21 195.34.133.21

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome:
=======
CHR HomePage: hxxp://en.v9.com/?utm_source=b&utm_medium=eBP&utm_campaign=eBP&utm_content=hp&from=eBP&uid=3219913727_67194_76F7F8D4&ts=1378724488
CHR RestoreOnStartup: "hxxp://en.v9.com/?utm_source=b&utm_medium=eBP&utm_campaign=eBP&utm_content=hp&from=eBP&uid=3219913727_67194_76F7F8D4&ts=1378724488"
CHR DefaultSearchURL: (Delta Search) - http://www2.delta-search.com/?q={search ... l&tsp=5000
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Vivienne Westwood) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhehaklopgggapefjdijagkgbgeapkb\2_0
CHR Extension: (Google Docs) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://en.v9.com/?utm_source=b&utm_medi ... 1378721170

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe [221266 2009-07-16] (IDT, Inc.)
S2 DPService; C:\Users\jana\AppData\Local\DProtect\DProtectSvc.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-09-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-09-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-09-09] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 O2MDGRDR; C:\Windows\System32\DRIVERS\o2mdg.sys [58528 2009-05-22] (O2Micro )
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdg.sys [41504 2009-05-07] (O2Micro )
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-29] (Creative Technology Ltd.)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [181432 2012-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S2 ADILOADER; System32\Drivers\adildr.sys [x]
S3 adiusbaw; system32\DRIVERS\adiusbaw.sys [x]
U2 ezGOSvc;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-09 14:26 - 2013-09-09 14:26 - 00781383 _____ C:\Users\jana\Downloads\RSIT.exe
2013-09-09 14:06 - 2013-09-09 14:06 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-09 14:06 - 2013-09-09 14:06 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-09 14:06 - 2013-09-09 14:06 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-09 14:06 - 2013-09-09 14:06 - 00002075 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-09 14:06 - 2013-09-09 14:06 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-09-09 14:06 - 2013-09-09 14:06 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-09-09 14:06 - 2013-09-09 14:06 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-09-09 14:06 - 2013-05-09 10:59 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-09 14:06 - 2013-05-09 10:59 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-09 14:06 - 2013-05-09 10:59 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-09 14:06 - 2013-05-09 10:59 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-09 14:06 - 2013-05-09 10:59 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-09 14:06 - 2013-05-09 10:58 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-09 14:05 - 2013-09-09 14:05 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-09 14:05 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-09 14:03 - 2013-09-09 14:05 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-09 13:49 - 2013-09-09 14:27 - 00000000 ____D C:\rsit
2013-09-09 13:49 - 2013-09-09 14:27 - 00000000 ____D C:\Program Files\trend micro
2013-09-09 13:42 - 2013-09-09 13:49 - 117482200 _____ C:\Users\jana\Downloads\avast_free_antivirus_setup.exe
2013-09-09 13:28 - 2013-09-08 23:29 - 01082207 _____ (Farbar) C:\Users\jana\Desktop\FRST.exe
2013-09-09 13:28 - 2013-09-08 15:43 - 00045266 _____ C:\Users\jana\Desktop\logmodification.bat
2013-09-09 13:01 - 2013-09-09 13:01 - 00040212 _____ C:\Users\jana\Desktop\1FRST.txt
2013-09-09 12:58 - 2013-09-09 13:29 - 00000000 ____D C:\FRST
2013-09-09 12:58 - 2013-09-09 12:58 - 00001790 _____ C:\Users\jana\Desktop\sc-cleaner.txt
2013-09-09 12:57 - 2013-09-09 12:57 - 00001790 _____ C:\sc-cleaner.txt
2013-09-09 12:50 - 2013-09-09 12:50 - 00406144 _____ (Bleeping Computer, LLC) C:\Users\jana\Desktop\sc-cleaner.exe
2013-09-09 12:48 - 2013-09-09 12:48 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-09 12:40 - 2013-09-09 12:40 - 00364544 _____ (forum.viry.cz) C:\Users\jana\Desktop\FRSTLauncher.exe
2013-09-09 12:09 - 2013-09-09 12:09 - 00522240 _____ (OldTimer Tools) C:\Users\jana\Desktop\OTM.exe
2013-09-09 12:08 - 2013-09-09 12:08 - 00005344 _____ C:\Users\jana\Desktop\AdwCleaner[S0]1.txt
2013-09-09 12:03 - 2013-09-09 12:04 - 00000000 ____D C:\AdwCleaner
2013-09-09 12:02 - 2013-09-09 12:02 - 01037278 _____ C:\Users\jana\Downloads\adwcleaner.exe
2013-09-09 11:19 - 2013-09-09 14:00 - 01072851 _____ C:\Users\jana\Downloads\avgremover.log
2013-09-09 11:19 - 2013-09-09 11:19 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\jana\Downloads\avg_remover_stf_x86_2013_3341.exe
2013-09-09 10:53 - 2013-09-09 10:53 - 00000000 ____D C:\Users\jana\AppData\Local\Avg2014
2013-09-09 08:56 - 2013-09-09 08:56 - 00001112 _____ C:\Users\jana\Desktop\JRT.txt
2013-09-09 08:43 - 2013-09-09 13:59 - 00003730 _____ C:\Windows\PFRO.log
2013-09-08 22:49 - 2013-09-09 10:57 - 00000000 ____D C:\Windows\ERUNT
2013-09-08 22:46 - 2013-09-08 22:46 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\jana\Downloads\JRT.exe
2013-09-08 22:34 - 2013-09-09 13:30 - 00001522 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-08 20:17 - 2013-09-08 20:17 - 00000000 ____D C:\ProgramData\LockHunter
2013-09-08 19:47 - 2013-09-09 13:59 - 00000560 _____ C:\Windows\setupact.log
2013-09-08 19:47 - 2013-09-08 19:47 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 17:28 - 2013-09-08 17:28 - 00002464 _____ C:\cc_20130908_172845.reg
2013-09-08 16:40 - 2013-09-09 11:00 - 00000000 ____D C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-09-08 16:38 - 2013-09-09 10:59 - 00000000 ____D C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2013-09-08 16:38 - 2013-09-08 16:38 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-08 16:36 - 2013-09-08 16:36 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\jana\Downloads\SpyHunter-Installer.exe
2013-09-08 14:46 - 2013-09-09 10:59 - 00000000 ____D C:\Program Files\HandyUpdater
2013-09-08 12:38 - 2013-09-09 10:57 - 00000000 ____D C:\Program Files\Google
2013-09-07 23:59 - 2013-09-07 23:59 - 00030692 _____ C:\cc_20130907_235903.reg
2013-08-31 14:32 - 2013-08-31 14:32 - 00000000 ____D C:\Users\jana\Desktop\Lesni zkousky Dag
2013-08-22 15:42 - 2013-08-31 14:27 - 00000000 ____D C:\Users\Peta
2013-08-14 09:32 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 09:32 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 09:32 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 09:32 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 09:32 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 09:32 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 09:32 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 09:32 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 09:32 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 08:49 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:49 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:49 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:49 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:49 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:48 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:48 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:48 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 08:48 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:48 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:48 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:48 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-09 16:02 - 2010-02-15 17:14 - 00000000 ____D C:\Users\jana\AppData\Roaming\Skype
2013-09-09 14:27 - 2013-09-09 13:49 - 00000000 ____D C:\rsit
2013-09-09 14:27 - 2013-09-09 13:49 - 00000000 ____D C:\Program Files\trend micro
2013-09-09 14:26 - 2013-09-09 14:26 - 00781383 _____ C:\Users\jana\Downloads\RSIT.exe
2013-09-09 14:08 - 2009-07-14 06:34 - 00020016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-09 14:08 - 2009-07-14 06:34 - 00020016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-09 14:06 - 2013-09-09 14:06 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-09 14:06 - 2013-09-09 14:06 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-09 14:06 - 2013-09-09 14:06 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-09 14:06 - 2013-09-09 14:06 - 00002075 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-09 14:06 - 2013-09-09 14:06 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-09-09 14:06 - 2013-09-09 14:06 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-09-09 14:06 - 2013-09-09 14:06 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-09-09 14:06 - 2010-02-14 04:28 - 01105345 _____ C:\Windows\WindowsUpdate.log
2013-09-09 14:06 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-09 14:05 - 2013-09-09 14:05 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-09 14:05 - 2013-09-09 14:03 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-09 14:02 - 2013-05-11 19:51 - 00000000 ___RD C:\Users\jana\Dropbox
2013-09-09 14:02 - 2013-05-11 19:46 - 00000000 ____D C:\Users\jana\AppData\Roaming\Dropbox
2013-09-09 14:00 - 2013-09-09 11:19 - 01072851 _____ C:\Users\jana\Downloads\avgremover.log
2013-09-09 13:59 - 2013-09-09 08:43 - 00003730 _____ C:\Windows\PFRO.log
2013-09-09 13:59 - 2013-09-08 19:47 - 00000560 _____ C:\Windows\setupact.log
2013-09-09 13:59 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 13:49 - 2013-09-09 13:42 - 117482200 _____ C:\Users\jana\Downloads\avast_free_antivirus_setup.exe
2013-09-09 13:30 - 2013-09-08 22:34 - 00001522 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-09 13:30 - 2010-02-14 05:30 - 00001368 _____ C:\Users\jana\Desktop\Internet Explorer.lnk
2013-09-09 13:30 - 2010-02-14 04:28 - 00001398 _____ C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-09 13:29 - 2013-09-09 12:58 - 00000000 ____D C:\FRST
2013-09-09 13:29 - 2010-02-14 04:28 - 00000000 ____D C:\Users\jana
2013-09-09 13:27 - 2012-03-03 11:42 - 00000000 ____D C:\ProgramData\GameXN
2013-09-09 13:01 - 2013-09-09 13:01 - 00040212 _____ C:\Users\jana\Desktop\1FRST.txt
2013-09-09 12:58 - 2013-09-09 12:58 - 00001790 _____ C:\Users\jana\Desktop\sc-cleaner.txt
2013-09-09 12:57 - 2013-09-09 12:57 - 00001790 _____ C:\sc-cleaner.txt
2013-09-09 12:50 - 2013-09-09 12:50 - 00406144 _____ (Bleeping Computer, LLC) C:\Users\jana\Desktop\sc-cleaner.exe
2013-09-09 12:48 - 2013-09-09 12:48 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-09 12:48 - 2011-04-06 16:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-09 12:40 - 2013-09-09 12:40 - 00364544 _____ (forum.viry.cz) C:\Users\jana\Desktop\FRSTLauncher.exe
2013-09-09 12:10 - 2010-02-14 04:31 - 01478286 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 12:09 - 2013-09-09 12:09 - 00522240 _____ (OldTimer Tools) C:\Users\jana\Desktop\OTM.exe
2013-09-09 12:08 - 2013-09-09 12:08 - 00005344 _____ C:\Users\jana\Desktop\AdwCleaner[S0]1.txt
2013-09-09 12:04 - 2013-09-09 12:03 - 00000000 ____D C:\AdwCleaner
2013-09-09 12:02 - 2013-09-09 12:02 - 01037278 _____ C:\Users\jana\Downloads\adwcleaner.exe
2013-09-09 11:28 - 2010-02-14 13:37 - 00000000 ____D C:\Program Files\AVG
2013-09-09 11:19 - 2013-09-09 11:19 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\jana\Downloads\avg_remover_stf_x86_2013_3341.exe
2013-09-09 11:00 - 2013-09-08 16:40 - 00000000 ____D C:\Users\jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-09-09 11:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-09 10:59 - 2013-09-08 16:38 - 00000000 ____D C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2013-09-09 10:59 - 2013-09-08 14:46 - 00000000 ____D C:\Program Files\HandyUpdater
2013-09-09 10:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-09 10:57 - 2013-09-08 22:49 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 10:57 - 2013-09-08 12:38 - 00000000 ____D C:\Program Files\Google
2013-09-09 10:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-09-09 10:53 - 2013-09-09 10:53 - 00000000 ____D C:\Users\jana\AppData\Local\Avg2014
2013-09-09 10:21 - 2009-07-14 09:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-09 08:56 - 2013-09-09 08:56 - 00001112 _____ C:\Users\jana\Desktop\JRT.txt
2013-09-09 08:45 - 2011-05-29 16:31 - 00000000 ____D C:\Users\jana\AppData\Roaming\go
2013-09-08 23:29 - 2013-09-09 13:28 - 01082207 _____ (Farbar) C:\Users\jana\Desktop\FRST.exe
2013-09-08 22:46 - 2013-09-08 22:46 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\jana\Downloads\JRT.exe
2013-09-08 22:33 - 2010-02-14 13:42 - 00000000 ____D C:\Users\jana\AppData\Local\Deployment
2013-09-08 20:17 - 2013-09-08 20:17 - 00000000 ____D C:\ProgramData\LockHunter
2013-09-08 19:47 - 2013-09-08 19:47 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 17:28 - 2013-09-08 17:28 - 00002464 _____ C:\cc_20130908_172845.reg
2013-09-08 16:38 - 2013-09-08 16:38 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-08 16:36 - 2013-09-08 16:36 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\jana\Downloads\SpyHunter-Installer.exe
2013-09-08 15:43 - 2013-09-09 13:28 - 00045266 _____ C:\Users\jana\Desktop\logmodification.bat
2013-09-08 12:27 - 2010-02-15 16:48 - 00000000 ____D C:\Users\jana\AppData\Local\Google
2013-09-07 23:59 - 2013-09-07 23:59 - 00030692 _____ C:\cc_20130907_235903.reg
2013-09-05 13:37 - 2013-07-10 10:34 - 00000000 ____D C:\Users\jana\Desktop\Finsko
2013-09-05 12:33 - 2013-08-03 21:49 - 00000000 ____D C:\Users\jana\Desktop\zbytek
2013-08-31 15:57 - 2008-01-01 11:29 - 00000000 ____D C:\Users\jana\Desktop\Budapest
2013-08-31 14:32 - 2013-08-31 14:32 - 00000000 ____D C:\Users\jana\Desktop\Lesni zkousky Dag
2013-08-31 14:27 - 2013-08-22 15:42 - 00000000 ____D C:\Users\Peta
2013-08-31 00:42 - 2009-07-14 06:53 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-29 09:36 - 2010-02-14 04:32 - 00088248 _____ C:\Users\jana\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-29 09:31 - 2009-07-14 06:33 - 00369376 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-28 20:58 - 2010-05-09 15:55 - 00000000 ____D C:\ProgramData\DivX
2013-08-28 20:57 - 2010-02-15 16:56 - 00000000 ____D C:\Program Files\DivX
2013-08-28 20:57 - 2010-02-15 16:56 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-08-22 20:24 - 2010-02-15 21:12 - 00000400 _____ C:\Windows\ODBC.INI
2013-08-22 15:43 - 2011-06-30 17:22 - 00002521 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-22 15:43 - 2010-02-15 16:48 - 00000000 ____D C:\ProgramData\Skype
2013-08-21 20:15 - 2012-05-22 07:12 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-21 20:15 - 2012-05-22 07:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 20:40 - 2011-05-27 20:15 - 00000000 ___RD C:\Program Files\Skype
2013-08-16 11:41 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-14 19:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 09:40 - 2013-07-24 20:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 09:38 - 2010-02-14 14:19 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 09:33 - 2009-07-14 04:04 - 00000499 _____ C:\Windows\win.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 16:57

==================== End Of Log ============================