VIRY.CZ

Logfile of random's system information tool 1.08 (written by random/random)
Run by Robo at 2013-04-05 00:47:03
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 224 GB (55%) free of 405 GB
Total RAM: 3552 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:47:09, on 5. 4. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
P:\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Robo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\SFT AC\core.exe
C:\Windows\apnschost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Robo\Downloads\RSIT-1.06.exe
C:\Program Files (x86)\trend micro\Robo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112572 ... ff975da12d
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Robo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Steam] "P:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ESL Wire] "C:\Program Files\EslWire\wire.exe" --tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Robo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Facebook Messenger.lnk = C:\Users\Robo\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files (x86)\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESL Wire Helper Service (EslWireHelper) - Unknown owner - C:\Program Files\EslWire\service\WireHelperSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10091 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-839734280-2009061390-904715615-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-839734280-2009061390-904715615-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-01-03 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-31 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-01-03 170416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll [2013-02-12 233288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-31 1227736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-10-26 343168]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2012-12-10 2254768]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-31 4297136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=C:\Users\Robo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-27 138096]
"Steam"=P:\Steam\steam.exe [2013-03-29 1631144]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-11-06 3673728]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08 18706176]
"ESL Wire"=C:\Program Files\EslWire\wire.exe [2013-02-26 3939840]

C:\Users\Robo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Robo\AppData\Roaming\Dropbox\bin\Dropbox.exe
Facebook Messenger.lnk - C:\Users\Robo\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2013-04-05 00:47:03 ----D---- C:\rsit
2013-04-05 00:47:03 ----D---- C:\Program Files (x86)\trend micro
2013-04-05 00:31:27 ----D---- C:\ProgramData\ESL Wire
2013-03-29 18:25:01 ----D---- C:\Program Files (x86)\MP3 Audio CD Burner
2013-03-26 14:57:46 ----D---- C:\Windows\SysWOW64\xlive
2013-03-26 14:57:39 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-03-25 17:39:50 ----A---- C:\Windows\SysWOW64\mkl_blueripple.dll
2013-03-25 17:39:49 ----A---- C:\Windows\SysWOW64\rapture3d_oal.dll
2013-03-25 17:39:48 ----D---- C:\Program Files (x86)\BRS
2013-03-25 17:39:44 ----D---- C:\Program Files (x86)\OpenAL
2013-03-25 17:39:43 ----RA---- C:\Windows\SysWOW64\tmpD91D.tmp
2013-03-25 17:39:43 ----A---- C:\Windows\SysWOW64\wrap_oal.dll
2013-03-25 17:39:43 ----A---- C:\Windows\SysWOW64\OpenAL32.dll
2013-03-25 17:23:31 ----D---- C:\Program Files (x86)\Codemasters
2013-03-24 15:01:18 ----D---- C:\Users\Robo\AppData\Roaming\Hotspot Shield
2013-03-24 12:32:31 ----A---- C:\Windows\SysWOW64\aswBoot.exe
2013-03-24 12:32:12 ----D---- C:\ProgramData\AVAST Software
2013-03-24 12:13:41 ----D---- C:\ProgramData\ESET
2013-03-24 02:27:09 ----D---- C:\Users\Robo\AppData\Roaming\Opera
2013-03-24 02:26:59 ----D---- C:\Program Files (x86)\Opera
2013-03-24 00:19:10 ----SHD---- C:\Windows\SysWOW64\%APPDATA%
2013-03-22 16:50:24 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-21 21:40:33 ----D---- C:\Users\Robo\AppData\Roaming\Guitar Pro 6
2013-03-21 21:40:33 ----D---- C:\ProgramData\Guitar Pro 6
2013-03-21 21:21:23 ----D---- C:\Program Files (x86)\Guitar Pro 6
2013-03-19 14:52:03 ----D---- C:\Local Publish
2013-03-19 14:48:23 ----A---- C:\Windows\iun6002.exe
2013-03-19 14:44:32 ----D---- C:\Users\Robo\AppData\Roaming\CoffeeCup Software
2013-03-18 19:08:16 ----D---- C:\ProgramData\RegClean
2013-03-18 19:08:04 ----D---- C:\ProgramData\TEMP
2013-03-18 19:07:42 ----D---- C:\Users\Robo\AppData\Roaming\Macromedia
2013-03-15 02:46:36 ----D---- C:\Users\Robo\AppData\Roaming\inkscape
2013-03-15 02:41:18 ----D---- C:\Program Files (x86)\Inkscape
2013-03-11 22:29:52 ----D---- C:\Users\Robo\AppData\Roaming\Scribus
2013-03-11 22:13:25 ----D---- C:\ProgramData\Package Cache
2013-03-07 12:04:07 ----D---- C:\Windows\SysWOW64\Hotspot Shield
2013-03-06 21:53:57 ----D---- C:\Users\Robo\AppData\Roaming\{C64C782F-F116-458F-971F-3CFEC4CD44CF}
2013-03-06 21:52:54 ----D---- C:\TEMP
2013-03-05 17:42:25 ----D---- C:\Users\Robo\AppData\Roaming\CodeBlocks
2013-03-05 17:41:35 ----D---- C:\Program Files (x86)\CodeBlocks
2013-03-05 16:22:31 ----D---- C:\Users\Robo\AppData\Roaming\MiKTeX
2013-03-05 16:00:34 ----D---- C:\ProgramData\MiKTeX
2013-03-05 15:55:59 ----D---- C:\Program Files (x86)\MiKTeX 2.9
2013-03-05 15:55:00 ----D---- C:\Program Files (x86)\Texmaker
2013-03-04 12:36:08 ----D---- C:\Program Files (x86)\Euro Truck Simulator 2
2013-03-02 19:24:16 ----D---- C:\Program Files (x86)\Gophoto.it
2013-03-02 19:23:08 ----D---- C:\ProgramData\Tarma Installer
2013-03-01 19:44:44 ----D---- C:\Program Files (x86)\Czech Soccer Manager 2002 FE
2013-02-27 21:25:28 ----D---- C:\Users\Robo\AppData\Roaming\HideIPEasy
2013-02-27 21:25:28 ----D---- C:\Users\Robo\AppData\Roaming\Adobe
2013-02-27 21:25:28 ----D---- C:\ProgramData\HideIPEasy
2013-02-21 23:33:09 ----D---- C:\Users\Robo\AppData\Roaming\Skype
2013-02-21 23:32:49 ----D---- C:\Program Files (x86)\Common Files\Skype
2013-02-21 23:32:48 ----RD---- C:\Program Files (x86)\Skype
2013-02-21 23:32:39 ----D---- C:\ProgramData\Skype
2013-02-19 14:14:06 ----D---- C:\Program Files (x86)\Creative
2013-02-19 14:14:06 ----A---- C:\Windows\SysWOW64\eax.dll
2013-02-19 14:14:00 ----A---- C:\Windows\IsUninst.exe
2013-02-19 13:35:00 ----D---- C:\Users\Robo\AppData\Roaming\xm1
2013-02-15 19:23:58 ----D---- C:\Program Files (x86)\Lavalys
2013-01-20 14:57:06 ----D---- C:\Users\Robo\AppData\Roaming\Dropbox
2013-01-18 16:47:04 ----A---- C:\Windows\apnschost.exe
2013-01-18 01:27:23 ----D---- C:\Users\Robo\AppData\Roaming\PhotoScape
2013-01-18 01:27:10 ----D---- C:\Program Files (x86)\PhotoScape
2013-01-15 17:07:36 ----D---- C:\Users\Robo\AppData\Roaming\YourFileDownloader
2013-01-15 17:07:36 ----D---- C:\Program Files (x86)\YourFileDownloader
2013-01-13 00:49:45 ----D---- C:\Users\Robo\AppData\Roaming\$_win
2013-01-13 00:49:05 ----A---- C:\Windows\SysWOW64\msvcr100d.dll
2013-01-11 02:24:23 ----D---- C:\Users\Robo\AppData\Roaming\Babylon
2013-01-11 02:24:23 ----D---- C:\ProgramData\Babylon
2013-01-11 02:24:20 ----D---- C:\Users\Robo\AppData\Roaming\GoforFiles
2013-01-11 02:24:20 ----D---- C:\Program Files (x86)\GoforFiles
2013-01-09 23:24:19 ----D---- C:\Users\Robo\AppData\Roaming\Tunngle
2013-01-09 22:33:24 ----D---- C:\Call of Duty- Modern Warfare 3
2013-01-07 18:04:56 ----D---- C:\Program Files (x86)\Aspyr
2013-01-07 17:39:59 ----D---- C:\Downloads
2013-01-07 17:39:39 ----D---- C:\Users\Robo\AppData\Roaming\BitSpirit
2013-01-07 17:39:33 ----D---- C:\Program Files (x86)\Common Files\BitSpirit
2013-01-07 17:39:33 ----D---- C:\Program Files (x86)\BitSpirit
2013-01-07 17:27:58 ----D---- C:\Program Files (x86)\TornTV.com
2013-01-07 01:34:21 ----D---- C:\Program Files (x86)\Valve
2013-01-07 01:10:28 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2013-01-07 00:50:20 ----D---- C:\Users\Robo\AppData\Roaming\DAEMON Tools Lite
2013-01-07 00:50:17 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2013-01-06 22:44:10 ----A---- C:\Windows\SysWOW64\d2d1.dll
2013-01-06 22:36:47 ----D---- C:\Windows\SysWOW64\Macromed
2013-01-06 22:33:25 ----D---- C:\Users\Robo\AppData\Roaming\InstallShield Installation Information
2013-01-06 22:30:45 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2013-01-06 19:57:38 ----A---- C:\Windows\War3Unin.pif
2013-01-06 19:57:38 ----A---- C:\Windows\War3Unin.exe
2013-01-06 19:25:20 ----A---- C:\Windows\SysWOW64\XAudio2_7.dll
2013-01-06 19:25:20 ----A---- C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-01-06 19:25:19 ----A---- C:\Windows\SysWOW64\xactengine3_7.dll
2013-01-06 19:25:19 ----A---- C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-01-06 19:25:18 ----A---- C:\Windows\SysWOW64\d3dx11_43.dll
2013-01-06 19:25:18 ----A---- C:\Windows\SysWOW64\d3dcsx_43.dll
2013-01-06 19:25:15 ----A---- C:\Windows\SysWOW64\d3dx10_43.dll
2013-01-06 19:25:14 ----A---- C:\Windows\SysWOW64\D3DX9_43.dll
2013-01-06 19:25:12 ----A---- C:\Windows\SysWOW64\XAudio2_6.dll
2013-01-06 19:25:12 ----A---- C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-01-06 19:25:10 ----A---- C:\Windows\SysWOW64\xactengine3_6.dll
2013-01-06 19:25:10 ----A---- C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-01-06 19:25:08 ----A---- C:\Windows\SysWOW64\XAudio2_5.dll
2013-01-06 19:25:07 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll
2013-01-06 19:25:07 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-01-06 19:25:06 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll
2013-01-06 19:25:05 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll
2013-01-06 19:25:04 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll
2013-01-06 19:25:04 ----A---- C:\Windows\SysWOW64\d3dx10_42.dll
2013-01-06 19:25:03 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2013-01-06 19:25:03 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-01-06 19:25:02 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2013-01-06 19:25:02 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-01-06 19:25:02 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2013-01-06 19:25:00 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2013-01-06 19:25:00 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-01-06 19:24:59 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2013-01-06 19:24:59 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-01-06 19:24:58 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2013-01-06 19:24:57 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll
2013-01-06 19:24:57 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-01-06 19:24:56 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll
2013-01-06 19:24:56 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-01-06 19:24:55 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2013-01-06 19:24:55 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-01-06 19:24:55 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2013-01-06 19:24:55 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2013-01-06 19:24:55 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-01-06 19:24:54 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2013-01-06 19:24:53 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2013-01-06 19:24:53 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-01-06 19:24:53 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2013-01-06 19:24:52 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-01-06 19:24:51 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2013-01-06 19:24:51 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-01-06 19:24:49 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2013-01-06 19:24:49 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2013-01-06 19:24:48 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2013-01-06 19:24:47 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-01-06 19:24:46 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2013-01-06 19:24:46 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-01-06 19:24:45 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2013-01-06 19:24:45 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2013-01-06 19:24:43 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2013-01-06 19:24:43 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-01-06 19:24:42 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2013-01-06 19:24:40 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2013-01-06 19:24:40 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2013-01-06 19:24:40 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-01-06 19:24:39 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2013-01-06 19:24:38 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2013-01-06 19:24:38 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-01-06 19:24:38 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2013-01-06 19:24:38 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-01-06 19:24:37 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2013-01-06 19:24:37 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2013-01-06 19:24:37 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2013-01-06 19:24:36 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2013-01-06 19:24:36 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2013-01-06 19:24:36 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-01-06 19:24:35 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2013-01-06 19:24:34 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2013-01-06 19:24:34 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2013-01-06 19:24:33 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2013-01-06 19:24:33 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2013-01-06 19:24:33 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
2013-01-06 19:24:32 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2013-01-06 19:24:31 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2013-01-06 19:24:31 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2013-01-06 19:24:31 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2013-01-06 19:24:31 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2013-01-06 19:24:30 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2013-01-06 19:24:23 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2013-01-06 19:24:22 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2013-01-06 19:24:22 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2013-01-06 19:24:22 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2013-01-06 19:24:21 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2013-01-06 19:24:20 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2013-01-06 19:24:19 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2013-01-06 19:24:18 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2013-01-06 19:24:18 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2013-01-06 17:13:09 ----D---- C:\ProgramData\Hotspot Shield
2013-01-06 17:13:06 ----D---- C:\Program Files (x86)\Hotspot Shield
2013-01-06 17:13:03 ----D---- C:\Program Files (x86)\uTorrent
2013-01-06 17:12:33 ----D---- C:\Users\Robo\AppData\Roaming\uTorrent

======List of files/folders modified in the last 3 months======

2013-04-05 00:47:09 ----D---- C:\Windows\Prefetch
2013-04-05 00:47:03 ----RD---- C:\Program Files (x86)
2013-04-05 00:43:02 ----D---- C:\Users\Robo\AppData\Roaming\TS3Client
2013-04-05 00:33:22 ----D---- C:\Windows\Temp
2013-04-05 00:31:27 ----HD---- C:\ProgramData
2013-04-05 00:31:26 ----RD---- C:\Program Files
2013-04-05 00:30:49 ----SHD---- C:\Windows\Installer
2013-04-05 00:30:42 ----D---- C:\Windows\winsxs
2013-04-04 15:48:29 ----D---- C:\Windows\System32
2013-04-04 15:48:29 ----D---- C:\Windows\inf
2013-04-03 21:46:57 ----D---- C:\Program Files (x86)\Common Files\Steam
2013-04-03 21:11:37 ----D---- C:\Users\Robo\AppData\Roaming\vlc
2013-03-29 18:24:57 ----D---- C:\Windows\SysWOW64
2013-03-26 15:55:12 ----D---- C:\Windows
2013-03-26 15:08:42 ----SHD---- C:\System Volume Information
2013-03-25 17:22:40 ----SD---- C:\ProgramData\Microsoft
2013-03-25 00:57:55 ----RSD---- C:\Windows\Fonts
2013-03-24 16:05:19 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-03-24 02:40:52 ----D---- C:\Windows\Tasks
2013-03-24 02:08:18 ----D---- C:\Program Files (x86)\Google
2013-03-14 22:52:31 ----SD---- C:\Users\Robo\AppData\Roaming\Microsoft
2013-03-07 17:36:59 ----RSD---- C:\Windows\assembly
2013-02-21 23:32:49 ----D---- C:\Program Files (x86)\Common Files
2013-01-15 16:43:10 ----D---- C:\Windows\Logs
2013-01-13 00:49:10 ----D---- C:\SFT AC
2013-01-07 00:51:51 ----D---- C:\ProgramData\DAEMON Tools Lite
2013-01-06 19:24:25 ----D---- C:\Windows\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 aswKbd;aswKbd; C:\Windows\SysWOW64\drivers\aswKbd.sys []
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 HssDRV6;Hotspot Shield Routing Driver 6; C:\Windows\system32\DRIVERS\hssdrv6.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R2 ESLWireAC;ESLWireAC; \??\C:\Windows\system32\drivers\ESLWireACD.sys []
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys []
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-31 44808]
R2 EslWireHelper;ESL Wire Helper Service; C:\Program Files\EslWire\service\WireHelperSvc.exe [2012-12-17 678416]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe []
R2 hshld;Hotspot Shield Service; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-02-13 536360]
R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe [2013-02-12 444712]
R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-02-13 389928]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-03-29 543656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24 116648]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24 116648]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [2013-02-12 78512]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravím, tohle fixni v HJT :

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Robo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

HJT najdeš zde :

C:\Program Files (x86)\trend micro\Robo.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

ComboFix 13-04-14.01 - Robo . 04. 2013 21:47:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1033.18.3552.2547 [GMT 2:00]
Running from: c:\users\Robo\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{336a4084-2012-87f0-f194-095115427148}\@
c:\windows\Installer\{336a4084-2012-87f0-f194-095115427148}\L\00000004.@
c:\windows\Installer\{336a4084-2012-87f0-f194-095115427148}\L\00000008.@
c:\windows\Installer\{336a4084-2012-87f0-f194-095115427148}\L\201d3dde
c:\windows\Installer\{336a4084-2012-87f0-f194-095115427148}\L\6715e287
c:\windows\Installer\{336a4084-2012-87f0-f194-095115427148}\L\76603ac3
c:\windows\Installer\{336a4084-2012-87f0-f194-095115427148}\U\00000004.@
c:\windows\Installer\{336a4084-2012-87f0-f194-095115427148}\U\00000008.@
c:\windows\Installer\{336a4084-2012-87f0-f194-095115427148}\U\000000cb.@
c:\windows\Installer\{336a4084-2012-87f0-f194-095115427148}\U\80000000.@
c:\windows\Installer\{336a4084-2012-87f0-f194-095115427148}\U\trz325C.tmp
c:\windows\iun6002.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\tmpD8CE.tmp
c:\windows\SysWow64\tmpD91D.tmp
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-14 to 2013-04-14 )))))))))))))))))))))))))))))))
.
.
2013-04-14 19:36 . 2013-04-14 19:36 -------- d-----w- c:\program files\CCleaner
2013-04-10 18:28 . 2013-04-10 18:28 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-04-10 18:20 . 2013-04-10 18:20 -------- d-----w- c:\users\Robo\AppData\Local\Geniaware
2013-04-10 18:20 . 2013-04-10 18:20 -------- d-----w- c:\programdata\Steam
2013-04-10 14:36 . 2013-04-10 18:24 -------- d-----w- c:\program files (x86)\Lords of Football
2013-04-04 22:47 . 2013-04-14 19:34 -------- d-----w- c:\program files (x86)\trend micro
2013-04-04 22:47 . 2013-04-04 22:47 -------- d-----w- C:\rsit
2013-04-04 22:31 . 2013-04-13 22:44 -------- d-----w- c:\users\Robo\AppData\Local\ESL Wire Game Client
2013-04-04 22:31 . 2012-12-17 09:39 160784 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2013-04-04 22:31 . 2013-04-04 22:31 -------- d-----w- c:\programdata\ESL Wire
2013-04-04 22:31 . 2013-04-04 22:31 -------- d-----w- c:\program files\EslWire
2013-03-29 16:25 . 2013-03-29 16:25 -------- d-----w- c:\program files (x86)\MP3 Audio CD Burner
2013-03-26 12:57 . 2013-03-26 12:57 -------- d-----w- c:\windows\SysWow64\xlive
2013-03-26 12:57 . 2013-03-26 12:57 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-03-25 15:39 . 2010-09-22 12:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2013-03-25 15:39 . 2011-03-19 14:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2013-03-25 15:39 . 2013-03-25 15:39 -------- d-----w- c:\program files (x86)\BRS
2013-03-25 15:39 . 2013-03-25 15:39 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-03-25 15:39 . 2013-03-25 15:39 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-03-25 15:39 . 2013-03-25 15:39 -------- d-----w- c:\program files (x86)\OpenAL
2013-03-25 15:39 . 2013-03-25 15:39 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-03-25 15:39 . 2013-03-25 15:39 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-03-25 15:23 . 2013-03-25 15:23 -------- d-----w- c:\program files (x86)\Codemasters
2013-03-24 13:01 . 2013-03-24 13:01 -------- d-----w- c:\users\Robo\AppData\Roaming\Hotspot Shield
2013-03-24 10:33 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-24 10:33 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-24 10:33 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-24 10:33 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-24 10:33 . 2012-10-30 22:51 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-03-24 10:33 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-24 10:33 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-24 10:33 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-24 10:32 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-03-24 10:32 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-03-24 10:32 . 2013-03-24 10:32 -------- d-----w- c:\programdata\AVAST Software
2013-03-24 10:32 . 2013-03-24 10:32 -------- d-----w- c:\program files\AVAST Software
2013-03-24 10:13 . 2013-03-24 10:13 -------- d-----w- c:\program files\ESET
2013-03-24 00:27 . 2013-03-24 00:27 -------- d-----w- c:\users\Robo\AppData\Local\Opera
2013-03-24 00:26 . 2013-03-24 14:10 -------- d-----w- c:\program files (x86)\Opera
2013-03-23 22:19 . 2013-03-23 22:19 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-03-22 14:50 . 2013-03-24 00:40 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-22 14:50 . 2013-03-24 00:40 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-22 14:50 . 2013-03-22 14:50 -------- d-----w- c:\windows\system32\Macromed
2013-03-21 19:40 . 2013-03-21 19:50 -------- d-----w- c:\users\Robo\AppData\Roaming\Guitar Pro 6
2013-03-21 19:40 . 2013-03-21 19:40 -------- d-----w- c:\programdata\Guitar Pro 6
2013-03-21 19:21 . 2013-03-21 19:21 -------- d-----w- c:\program files (x86)\Guitar Pro 6
2013-03-19 12:52 . 2013-03-19 12:52 -------- d-----w- C:\Local Publish
2013-03-19 12:44 . 2013-03-19 12:44 -------- d-----w- c:\users\Robo\AppData\Roaming\CoffeeCup Software
2013-03-18 17:08 . 2013-03-18 17:08 -------- d-----w- c:\programdata\RegClean
2013-03-18 17:07 . 2013-03-18 17:07 -------- d-----w- c:\users\Robo\AppData\Local\PackageAware
2013-03-18 14:57 . 2013-03-18 14:57 -------- d-----w- c:\users\Robo\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 19:57 . 2013-04-14 19:57 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{734F9F54-BCE5-4215-B31B-700CFC14F074}\offreg.dll
2013-02-12 20:51 . 2013-02-12 20:51 42184 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-01-19 18:09 . 2013-01-18 14:47 68608 ----a-w- c:\windows\apnschost.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2013-02-12 19:39 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Robo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Robo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Robo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-30 1255736]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-06 283200]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-02-12 42184]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-25 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-12-17 160784]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe [2012-12-17 678416]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-02-13 536360]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2013-02-13 389928]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 23:12 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-839734280-2009061390-904715615-1000Core.job
- c:\users\Robo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-27 16:19]
.
2013-04-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-839734280-2009061390-904715615-1000UA.job
- c:\users\Robo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-27 16:19]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24 00:07]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24 00:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Robo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Robo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Robo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Robo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=112572&tt=0313_5&babsrc=HP_ss&mntrId=325d7e3300000000000000ff975da12d
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download Using &BitSpirit - c:\program files (x86)\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
.
**************************************************************************
.
Completion time: 2013-04-14 22:01:31 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-14 20:01
.
Pre-Run: 227 954 233 344 bytes free
Post-Run: 227 491 295 232 bytes free
.
- - End Of File - - CBF7DCE9F07CB69F2B59D3E201E80C77

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo dole klikni na Search.

Po té proběhne sken a po jeho skončení na Tebe vypadne log, který mi sem zkopíruj.

# AdwCleaner v2.200 - Logfile created 04/16/2013 at 09:31:53
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Robo - ROBO-PC
# Boot Mode : Normal
# Running from : C:\Users\Robo\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Users\Robo\AppData\Roaming\Mozilla\Firefox\Profiles\63qf8slv.default\searchplugins\babylon1.xml
File Found : C:\Users\Robo\AppData\Roaming\Mozilla\Firefox\Profiles\63qf8slv.default\searchplugins\BrowserProtect.xml
File Found : C:\Users\Robo\AppData\Roaming\Mozilla\Firefox\Profiles\63qf8slv.default\searchplugins\delta.xml
File Found : C:\Users\Robo\Desktop\TornTV.lnk
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Found : C:\Program Files (x86)\TornTV.com
Folder Found : C:\Program Files (x86)\yourfiledownloader
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\RegClean
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Robo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Folder Found : C:\Users\Robo\AppData\Local\PackageAware
Folder Found : C:\Users\Robo\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Robo\AppData\LocalLow\Delta
Folder Found : C:\Users\Robo\AppData\Roaming\Babylon
Folder Found : C:\Users\Robo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Found : C:\Users\Robo\AppData\Roaming\Mozilla\Firefox\Profiles\63qf8slv.default\jetpack
Folder Found : C:\Users\Robo\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\delta LTD
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourFileDownloader
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\YourFileDownloader
Key Found : HKCU\Software\584db8db369ef42
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\Software\YourFileDownloader
Key Found : HKU\S-1-5-21-839734280-2009061390-904715615-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112572&tt=0313_5&babsrc=HP_ss&mntrId=325d7e3300000000000000ff975da12d

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Robo\AppData\Roaming\Mozilla\Firefox\Profiles\63qf8slv.default\prefs.js

Found : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=112572&tt=0313_5&babsrc=HP[...]
Found : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Found : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.id", "325d7e3300000000000000ff975da12d");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15720");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.rvrt", "false");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112572&tt=0313_5");
Found : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119776&tt=031[...]
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.216:13:21");
Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112572&tt=0313_5&babsrc=HP_s[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Robo\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.27] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Found [l.30] : keyword = "babylon.com",
Found [l.34] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=112572&tt=0313_5&babsrc=SP_ss&mntrId=325d7e3300000000000000ff975da12d",

-\\ Opera v [Unable to get version]

File : C:\Users\Robo\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7224 octets] - [16/04/2013 09:31:53]

########## EOF - C:\AdwCleaner[R1].txt - [7284 octets] ##########

Znovu spusť AdwCleaner ale tentokrát klikni na Delete,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té na Tebe opět vypadne log který mi sem zkopíruj.


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !