Prosím o kontrolu logu- děkuji

[breb]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:56, on 28.3.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Users\Breb\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\OpenOffice.org 3\program\scalc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\LibreOffice 4.0\program\swriter.exe
C:\Program Files\LibreOffice 4.0\program\soffice.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\LibreOffice 4.0\program\soffice.bin
C:\Program Files\WTouch\WTouchUser.exe
C:\Users\Breb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Breb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Breb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Breb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Breb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Breb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Breb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Breb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Breb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Breb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Breb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Users\Breb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Breb\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=1198 ... 119674EB40
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPConnectionManager] c:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [HPQuickWebProxy] "c:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IFXSPMGT] "c:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
O4 - HKLM\..\Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\windows\is-5JTO0.exe" /REG
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Breb\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - Startup: Dropbox.lnk = C:\Users\Breb\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nová poznámka - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - c:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP DayStarter\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Services\IPT\jhi_service.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system32\ArcVCapRender\uArcCapture.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

--
End of file - 15125 bytes

[Reklama]

[Žbeky]

Fixni:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=1198 ... 119674EB40
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\windows\is-5JTO0.exe" /REG
O4 - HKCU\..\Run: [Google Update] "C:\Users\Breb\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O20 - AppInit_DLLs: c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[breb]

Dobré ráno, vkládám výsledky, které jsem získal..
nejprve z Malwarebytes' Anti-Malware:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.03.28.12

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Breb :: BREB-HP [administrátor]

Ochrana: Povolena

28.3.2013 22:29:18
MBAM-log-2013-03-29 (06-58-00).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 202409
Uplynulý čas: 8 hodin, 26 minut, 7 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Users\Breb\Downloads\pdfedit-setup.exe (PUP.Adware.Agent) -> Nebyla provedena žádná instrukce.

(konec)

a nyní z AdwCleaner:

# AdwCleaner v2.115 - Log vytvooen 29/03/2013 v 07:00:09
# Aktualizováno 17/03/2013 Xplode
# Operaení systém : Windows 7 Professional (32 bits)
# Uživatel : Breb - BREB-HP
# Spuštin systém : Normální
# Spuštino z : C:\Users\Breb\Downloads\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****

Nalezeno : BrowserProtect

***** [Soubory / Složky] *****

Složka Nalezeno : C:\ProgramData\Babylon
Složka Nalezeno : C:\ProgramData\BrowserProtect
Složka Nalezeno : C:\Users\Breb\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Složka Nalezeno : C:\Users\Breb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Složka Nalezeno : C:\Users\Breb\AppData\Roaming\BabSolution
Složka Nalezeno : C:\Users\Breb\AppData\Roaming\Babylon
Složka Nalezeno : C:\Users\Breb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Složka Nalezeno : C:\Users\Breb\AppData\Roaming\pdfforge
Soubor Nalezeno : C:\Users\Breb\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Soubor Nalezeno : C:\Users\Breb\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

***** [Registry] *****

Data Nalezeno : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Hodnota Nalezeno : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Klíe Nalezeno : HKCU\Software\a6d8dfe13dbf17
Klíe Nalezeno : HKCU\Software\APN PIP
Klíe Nalezeno : HKCU\Software\BabylonToolbar
Klíe Nalezeno : HKCU\Software\DataMngr
Klíe Nalezeno : HKCU\Software\DataMngr_Toolbar
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Klíe Nalezeno : HKLM\SOFTWARE\a6d8dfe13dbf17
Klíe Nalezeno : HKLM\Software\Babylon
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Prod.cap
Klíe Nalezeno : HKLM\Software\DataMngr
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserProtect
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Klíe Nalezeno : HKLM\Software\PIP
Klíe Nalezeno : HKU\S-1-5-21-1504759668-3704817700-1960757950-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klíe Nalezeno : HKU\S-1-5-21-1504759668-3704817700-1960757950-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16470

[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.delta-search.com/?affID=1198 ... 119674EB40

-\\ Google Chrome v26.0.1410.43

Soubor : C:\Users\Breb\AppData\Local\Google\Chrome\User Data\Default\Preferences

Nalezeno [l.2037] : homepage = "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=A06608119674EB40",
Nalezeno [l.2367] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=A06608119674EB40" ]

*************************

AdwCleaner[R1].txt - [3988 octets] - [29/03/2013 07:00:09]

########## EOF - C:\AdwCleaner[R1].txt - [4048 octets] ##########


Co mám dělat nyní? Mám týden starý počítač - instalovaný Norton Internet Security od výrobce, ale nevím, jak je účinný. Na starém počítači, kde mám instalovaný NOD jsem podobné problémy nikdy neměl.

Děkuji moc za pomoc.

[memphisto]

V Mbam i AdwCleaner nech vše smazat.

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[breb]

Dobré ráno,
provedl jsem všechny doporučované akce. Pouze program Combofix jsem musel ručně uzavřít a počítač restartovat. Log vyběhnul po přihlášení.
Děkuji za další informace, jak dále postupovat.
J.F.

data z TDSSKiller vkládám jako připojený soubor - je tam příliš mnoho znaků..

data z ComboFix (by sUBs):
ComboFix 13-03-30.01 - Breb 30.03.2013 7:00.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3014.1381 [GMT 1:00]
Spuštěný z: c:\users\Breb\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system64
c:\windows\system64\msvcp100.dll
c:\windows\system64\msvcr100.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-28 do 2013-03-30 )))))))))))))))))))))))))))))))
.
.
2013-03-30 06:10 . 2013-03-30 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-28 21:27 . 2013-03-28 21:27 -------- d-----w- c:\programdata\Malwarebytes
2013-03-28 21:27 . 2013-03-28 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-28 21:27 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-27 13:01 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2013-03-25 20:38 . 2013-03-25 20:38 -------- d-----w- c:\programdata\Kamar
2013-03-25 20:38 . 2013-03-25 20:41 -------- d-----w- C:\Kamar
2013-03-25 20:28 . 2013-03-25 20:32 -------- d-----w- C:\ERGOM
2013-03-25 18:27 . 2013-03-25 18:27 -------- d-----w- c:\program files\Common Files\Skype
2013-03-25 18:27 . 2013-03-25 18:27 -------- d-----r- c:\program files\Skype
2013-03-25 18:27 . 2013-03-25 18:27 -------- d-----w- c:\programdata\Skype
2013-03-25 07:05 . 2013-03-25 07:05 -------- d-----w- c:\program files\Foxit Software
2013-03-25 06:31 . 2013-03-25 06:31 -------- d-----w- c:\programdata\FileOpen
2013-03-25 06:30 . 2013-03-25 06:30 -------- d-----w- c:\programdata\Nitro
2013-03-25 06:24 . 2013-03-25 06:24 -------- d-----w- c:\program files\Common Files\Java
2013-03-25 06:24 . 2013-03-25 06:24 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-25 06:24 . 2013-03-25 06:24 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-25 06:24 . 2013-03-25 06:24 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-25 06:24 . 2013-03-25 06:24 -------- d-----w- c:\program files\Java
2013-03-25 06:00 . 2013-03-25 06:00 -------- d-----w- c:\programdata\PDF Architect
2013-03-25 05:50 . 2013-01-11 10:39 88576 ----a-w- c:\windows\system32\pdfcmon.dll
2013-03-25 05:50 . 2013-01-09 13:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2013-03-25 05:50 . 2012-05-05 09:54 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2013-03-25 05:50 . 2012-05-05 09:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2013-03-25 05:50 . 2012-05-05 09:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2013-03-25 05:50 . 2013-03-25 05:51 -------- d-----w- c:\program files\PDFCreator
2013-03-25 05:28 . 2013-03-25 05:28 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2013-03-25 05:18 . 2013-03-25 05:52 -------- d-----w- c:\program files\Tracker Software
2013-03-25 04:27 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-24 11:21 . 2013-03-24 11:21 -------- d-----w- c:\programdata\VirtualizedApplications
2013-03-24 11:17 . 2013-03-24 11:46 -------- d-----w- c:\programdata\Microsoft Help
2013-03-24 09:39 . 2013-03-24 09:39 -------- d-----w- c:\program files\T-Mobile
2013-03-24 09:23 . 2013-03-24 09:23 -------- d-----w- c:\program files\Huawei
2013-03-24 09:05 . 2013-03-24 09:06 -------- d-----w- c:\program files\LibreOffice 4.0
2013-03-24 07:11 . 2013-03-25 04:27 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2013-03-24 07:11 . 2013-03-24 07:11 -------- d-----w- c:\windows\PCHEALTH
2013-03-24 06:51 . 2013-03-24 06:53 -------- d-----w- c:\program files\totalcmd
2013-03-24 06:51 . 2012-08-03 07:01 545 ----a-w- c:\windows\UC.PIF
2013-03-24 06:51 . 2012-08-03 07:01 545 ----a-w- c:\windows\RAR.PIF
2013-03-24 06:51 . 2012-08-03 07:01 545 ----a-w- c:\windows\PKZIP.PIF
2013-03-24 06:51 . 2012-08-03 07:01 545 ----a-w- c:\windows\PKUNZIP.PIF
2013-03-24 06:51 . 2012-08-03 07:01 545 ----a-w- c:\windows\LHA.PIF
2013-03-24 06:51 . 2012-08-03 07:01 545 ----a-w- c:\windows\ARJ.PIF
2013-03-23 17:27 . 2011-03-29 03:07 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-03-23 17:27 . 2011-03-29 03:06 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-03-23 17:27 . 2011-03-29 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-03-23 17:27 . 2011-03-29 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-03-23 17:27 . 2011-03-29 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-03-23 17:27 . 2011-03-29 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-03-23 17:27 . 2011-03-29 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-03-23 17:26 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2013-03-23 17:26 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-03-23 17:26 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-03-23 17:26 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-03-23 17:26 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-03-23 17:26 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-03-23 17:26 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2013-03-23 17:26 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2013-03-23 17:26 . 2012-07-06 21:42 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-03-23 17:26 . 2012-07-06 21:42 393216 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-03-23 16:53 . 2013-03-23 16:59 -------- d-----w- c:\program files\Fakturky
2013-03-23 16:48 . 2013-03-23 16:51 -------- d-----w- C:\BREB
2013-03-22 20:56 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-03-22 20:56 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-03-22 20:28 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-22 20:28 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-22 20:28 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-22 20:27 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-22 20:27 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-22 20:27 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-22 20:27 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-22 20:27 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-22 20:27 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-22 20:27 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-22 20:26 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-03-22 20:26 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2013-03-22 20:26 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2013-03-22 20:22 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2013-03-22 19:52 . 2013-03-22 19:52 -------- d-----w- c:\windows\system32\Wat
2013-03-22 19:32 . 2013-02-12 13:51 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-22 05:18 . 2012-11-09 04:49 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-03-22 05:17 . 2012-06-02 04:51 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-03-22 05:16 . 2013-01-04 04:55 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-22 05:15 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-22 05:14 . 2012-11-20 05:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2013-03-22 05:13 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll
2013-03-22 05:00 . 2013-03-22 05:00 -------- d-----w- c:\programdata\Synaptics
2013-03-21 23:12 . 2013-03-21 23:12 -------- d-----w- c:\program files\XnView
2013-03-21 23:09 . 2013-03-21 23:09 -------- d-----w- c:\windows\system32\searchplugins
2013-03-21 23:09 . 2013-03-21 23:09 -------- d-----w- c:\windows\system32\Extensions
2013-03-21 23:09 . 2013-03-21 23:09 -------- d-----w- c:\programdata\BrowserProtect
2013-03-21 23:08 . 2013-03-21 23:08 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-21 23:08 . 2013-03-21 23:08 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-03-21 23:07 . 2013-03-21 23:07 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-03-21 23:06 . 2013-03-21 23:06 -------- d-----w- c:\program files\CCleaner
2013-03-21 22:50 . 2013-03-25 06:48 -------- d-----w- c:\program files\OpenOffice.org 3
2013-03-21 22:02 . 2013-03-21 22:02 -------- d-----w- c:\program files\FreeCommander
2013-03-21 21:52 . 2013-03-21 21:52 -------- d-----w- c:\program files\Winamp Detect
2013-03-21 21:52 . 2013-03-21 21:52 -------- d-----w- c:\program files\Winamp
2013-03-21 21:50 . 2013-03-21 21:50 -------- d-----w- c:\program files\VideoLAN
2013-03-21 21:07 . 2013-02-19 03:58 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{534A0686-E4F5-438D-AD0B-8D7247C5889B}\mpengine.dll
2013-03-21 21:07 . 2013-01-17 00:28 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-03-21 21:06 . 2013-03-21 21:06 -------- d-----w- c:\programdata\Symantec
2013-03-21 21:06 . 2013-03-22 21:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-03-21 21:06 . 2013-03-22 05:08 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-03-21 21:05 . 2013-03-25 04:58 -------- d-----w- c:\windows\system32\drivers\NIS
2013-03-21 21:05 . 2013-03-21 21:05 -------- d-----w- c:\program files\Norton Internet Security
2013-03-21 21:05 . 2013-03-21 21:06 -------- d-----w- c:\programdata\Norton
2013-03-21 21:05 . 2013-03-21 21:05 -------- d-----w- c:\program files\NortonInstaller
2013-03-21 20:56 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2013-03-21 20:56 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-03-21 20:53 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-03-21 20:53 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-03-21 20:53 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-03-21 20:53 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-03-21 20:53 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-03-21 20:53 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-03-21 20:53 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-03-21 20:53 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-03-21 20:53 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-03-21 20:50 . 2013-03-24 13:04 -------- d-----w- c:\users\Breb
2013-03-09 00:32 . 2013-03-09 00:32 353776 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-03-09 00:32 . 2013-03-09 00:32 175856 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-03-09 00:32 . 2013-03-09 00:32 1048576 ----a-w- c:\windows\system32\syndata.bin
2013-03-09 00:32 . 2013-03-09 00:32 143088 ----a-w- c:\windows\system32\SynTPCo16.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-09 00:32 . 2011-04-18 19:41 532208 ----a-w- c:\windows\system32\SynCOM.dll
2013-02-28 01:14 . 2013-02-28 01:14 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-02-28 01:14 . 2013-02-28 01:14 421200 ----a-w- c:\windows\system32\msvcp100.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Breb\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Breb\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Breb\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2012-08-22 1368768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2011-02-25 658424]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-03-17 13880]
"Desktop Disc Tool"="c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2011-01-12 514544]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-04-15 312376]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-03-10 12277760]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 176920]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 178456]
"HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264]
"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-03-30 76344]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-03-04 1138780]
"IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2011-01-20 1125728]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2011-03-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-03-09 2408176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Breb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Breb\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 26043088]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-3-19 1086816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-03-07 17:59 75392 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1207020.003\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1207020.003\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130322.001\BHDrvx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130329.001\IDSvix86.sys [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1207020.003\SYMNETS.SYS [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\system32\ArcVCapRender\uArcCapture.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [x]
S3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1504759668-3704817700-1960757950-1001Core.job
- c:\users\Breb\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-21 21:38]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1504759668-3704817700-1960757950-1001UA.job
- c:\users\Breb\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-21 21:38]
.
2013-03-30 c:\windows\Tasks\HPCeeScheduleForBREB-HP$.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-03-30 c:\windows\Tasks\HPCeeScheduleForBreb.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.bing.com?pc=CMNTDF
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nová poznámka - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.100.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(7864)
c:\users\Breb\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
c:\program files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
.
**************************************************************************
.
Celkový čas: 2013-03-30 07:46:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-30 06:46
.
Před spuštěním: Volných bajtů: 258 010 857 472
Po spuštění: Volných bajtů: 258 333 229 056
.
- - End Of File - - B7C95555FB5D777E8A7E06DBCCD5EA3E

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\Skype\Updater
c:\users\Breb\AppData\Local\Google\Update

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1504759668-3704817700-1960757950-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1504759668-3704817700-1960757950-1001UA.job

Driver::
SkypeUpdate

DDS::
mStart Page = hxxp://www.bing.com?pc=CMNTDF

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu