Prosím o kontrolu logu - wnp.dll

Příspěvekod **jaro3** » 18 dub 2014 10:05

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\Netl\vbs.vbs

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Reklama

asusmaniac · Příspěvekod **asusmaniac** » 18 dub 2014 10:34

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-18 10:30:55
-----------------------------
10:30:55.790 OS Version: Windows x64 6.1.7600
10:30:55.790 Number of processors: 4 586 0x2A07
10:30:55.790 ComputerName: NOTEBOOK UserName: nothing
10:30:56.102 Initialize success
10:31:03.623 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:31:03.623 Disk 0 Vendor: INTEL_SS 400i Size: 171705MB BusType: 3
10:31:03.638 Disk 0 MBR read successfully
10:31:03.638 Disk 0 MBR scan
10:31:03.638 Disk 0 Windows 7 default MBR code
10:31:03.638 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:31:03.638 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 171603 MB offset 206848
10:31:03.654 Disk 0 scanning C:\Windows\system32\drivers
10:31:04.372 Service scanning
10:31:05.542 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:31:06.353 Modules scanning
10:31:06.353 Disk 0 trace - called modules:
10:31:06.353 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys spxm.sys hal.dll
10:31:06.353 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80099f1060]
10:31:06.868 3 CLASSPNP.SYS[fffff8800163b43f] -> nt!IofCallDriver -> [0xfffffa8007e4dd20]
10:31:06.868 5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007e4c050]
10:31:06.868 Scan finished successfully
10:31:14.777 Disk 0 MBR has been saved successfully to "C:\Users\nothing\Desktop\MBR.dat"
10:31:14.777 The log file has been saved successfully to "C:\Users\nothing\Desktop\aswMBR.txt"

https://www.virustotal.com/cs/file/fcbf ... 397809952/

Příspěvekod **jaro3** » 18 dub 2014 18:27

Odinstaluj:
Trend Micro\UniClient pokud najdeš..

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3045069583-2507868210-2992496998-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3045069583-2507868210-2992496998-1000UA.job

Folder::
c:\program files (x86)\Skype\Updater
c:\users\nothing\AppData\Local\Facebook\Update
c:\program files\Trend Micro\AMSP

Driver::
SkypeUpdate
Amsp

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

asusmaniac · Příspěvekod **asusmaniac** » 20 dub 2014 08:50

ComboFix 14-04-19.01 - nothing 20.04.2014 8:42.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.8103.6327 [GMT 2:00]
Spuštěný z: c:\users\nothing\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\nothing\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3045069583-2507868210-2992496998-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3045069583-2507868210-2992496998-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\program files\Trend Micro\AMSP
c:\program files\Trend Micro\AMSP\AMSP_LogServer.exe
c:\program files\Trend Micro\AMSP\AmspConfig.ini
c:\program files\Trend Micro\AMSP\AmspLogFilter.ini
c:\program files\Trend Micro\AMSP\AmspLogList.ini
c:\program files\Trend Micro\AMSP\amspreg.xml
c:\program files\Trend Micro\AMSP\amspreg_setup.xml
c:\program files\Trend Micro\AMSP\backup\1000001\uniclient_options.xml
c:\program files\Trend Micro\AMSP\backup\5\component_info.cfg
c:\program files\Trend Micro\AMSP\backup\5\feature_component_mapping.cfg
c:\program files\Trend Micro\AMSP\backup\5\product_fs.cfg
c:\program files\Trend Micro\AMSP\backup\5\scan_options.cfg
c:\program files\Trend Micro\AMSP\backup\5\system_config.cfg
c:\program files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
c:\program files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
c:\program files\Trend Micro\AMSP\CommonScanCache.cfg
c:\program files\Trend Micro\AMSP\CommonScanCache.db
c:\program files\Trend Micro\AMSP\component_info.cfg
c:\program files\Trend Micro\AMSP\coreConfigRepository.dll
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\program files\Trend Micro\AMSP\coreServiceShell.exe
c:\program files\Trend Micro\AMSP\debug\10001\placeholder.txt
c:\program files\Trend Micro\AMSP\debug\10002\placeholder.txt
c:\program files\Trend Micro\AMSP\debug\10005\placeholder.txt
c:\program files\Trend Micro\AMSP\debug\10007\placeholder.txt
c:\program files\Trend Micro\AMSP\debug\10008\placeholder.txt
c:\program files\Trend Micro\AMSP\debug\10009\placeholder.txt
c:\program files\Trend Micro\AMSP\debug\10010\placeholder.txt
c:\program files\Trend Micro\AMSP\debug\10011\placeholder.txt
c:\program files\Trend Micro\AMSP\debug\7\placeholder.txt
c:\program files\Trend Micro\AMSP\debug\Amsp_DebugLog.log
c:\program files\Trend Micro\AMSP\debug\Amsp_DebugLog.log.0.bak
c:\program files\Trend Micro\AMSP\debug\Amsp_DebugLog.log.1.bak
c:\program files\Trend Micro\AMSP\debug\Amsp_DebugLog.log.2.bak
c:\program files\Trend Micro\AMSP\debug\Amsp_DebugLog.log.3.bak
c:\program files\Trend Micro\AMSP\debug\Amsp_DebugLog.log.4.bak
c:\program files\Trend Micro\AMSP\debug\Amsp_DebugLog.log.5.bak
c:\program files\Trend Micro\AMSP\debug\Amsp_DebugLog.log.6.bak
c:\program files\Trend Micro\AMSP\debug\Amsp_DebugLog.log.7.bak
c:\program files\Trend Micro\AMSP\debug\Amsp_DebugLog.log.8.bak
c:\program files\Trend Micro\AMSP\debug\Amsp_DebugLog.log.9.bak
c:\program files\Trend Micro\AMSP\debug\Amsp_Event.log
c:\program files\Trend Micro\AMSP\debug\script\AMSP_copy_config.bat
c:\program files\Trend Micro\AMSP\debug\script\AMSP_ipconfig.bat
c:\program files\Trend Micro\AMSP\debug\script\AMSP_processes_list.bat
c:\program files\Trend Micro\AMSP\debug\script\AMSP_registry.bat
c:\program files\Trend Micro\AMSP\debug\script\AMSP_systeminfo.bat
c:\program files\Trend Micro\AMSP\debug\script\CollectICRCPerfmon.bat
c:\program files\Trend Micro\AMSP\debug\TmWatchDog.log
c:\program files\Trend Micro\AMSP\feature_component_mapping.cfg
c:\program files\Trend Micro\AMSP\id_mapping.xml
c:\program files\Trend Micro\AMSP\inner_AMSP_ClientLibrary.dll
c:\program files\Trend Micro\AMSP\instInstallationLibrary.dll
c:\program files\Trend Micro\AMSP\libprotobuf.dll
c:\program files\Trend Micro\AMSP\log.ini
c:\program files\Trend Micro\AMSP\module\1\1.5.1381\coreFrameworkBuilder.dll
c:\program files\Trend Micro\AMSP\module\10\1.5.1381\coreActionManager.dll
c:\program files\Trend Micro\AMSP\module\1000001\1.5.1332\paCoreProductAdaptor.dll
c:\program files\Trend Micro\AMSP\module\1000001\1.5.1332\utilUniClient.dll
c:\program files\Trend Micro\AMSP\module\11\1.5.1381\coreScanManager.dll
c:\program files\Trend Micro\AMSP\module\2\1.5.1381\coreCommandManager.dll
c:\program files\Trend Micro\AMSP\module\2\cmder.db
c:\program files\Trend Micro\AMSP\module\3\1.5.1381\coreEventManager.dll
c:\program files\Trend Micro\AMSP\module\4\1.5.1381\coreTaskManager.dll
c:\program files\Trend Micro\AMSP\module\5\1.5.1381\coreConfigRepository.dll
c:\program files\Trend Micro\AMSP\module\6\1.5.1381\coreReportManager.dll
c:\program files\Trend Micro\AMSP\module\7\1.5.1381\coreUpdateManager.dll
c:\program files\Trend Micro\AMSP\outer_AMSP_ClientLibrary.dll
c:\program files\Trend Micro\AMSP\plugin_info.cfg
c:\program files\Trend Micro\AMSP\product_fs.cfg
c:\program files\Trend Micro\AMSP\restore.ini
c:\program files\Trend Micro\AMSP\restore.txt
c:\program files\Trend Micro\AMSP\scan_options.cfg
c:\program files\Trend Micro\AMSP\Session_Agent.ini
c:\program files\Trend Micro\AMSP\snapshot\snapshotManagement.cfg
c:\program files\Trend Micro\AMSP\snapshotRangeList.cfg
c:\program files\Trend Micro\AMSP\sqlite3.dll
c:\program files\Trend Micro\AMSP\system_config.cfg
c:\program files\Trend Micro\AMSP\tmdbg20.dll
c:\program files\Trend Micro\AMSP\update\iau_sdk\iau.cfg
c:\program files\Trend Micro\AMSP\update\iau_sdk\iau.dll
c:\program files\Trend Micro\AMSP\update\iau_sdk\iaucore\7z.dll
c:\program files\Trend Micro\AMSP\update\iau_sdk\iaucore\iaucore.dll
c:\program files\Trend Micro\AMSP\update\iau_sdk\iaucore\libs\ciuas64.dll
c:\program files\Trend Micro\AMSP\update\iau_sdk\iaucore\libs\ciussi64.dll
c:\program files\Trend Micro\AMSP\update\iau_sdk\iaucore\libs\patchw64.dll
c:\program files\Trend Micro\AMSP\update\iau_sdk\iaucore\Microsoft.VC80.CRT.manifest
c:\program files\Trend Micro\AMSP\update\iau_sdk\iaucore\msvcm80.dll
c:\program files\Trend Micro\AMSP\update\iau_sdk\iaucore\msvcp80.dll
c:\program files\Trend Micro\AMSP\update\iau_sdk\iaucore\msvcr80.dll
c:\program files\Trend Micro\AMSP\update\iau_sdk\Microsoft.VC80.CRT.manifest
c:\program files\Trend Micro\AMSP\update\iau_sdk\msvcm80.dll
c:\program files\Trend Micro\AMSP\update\iau_sdk\msvcp80.dll
c:\program files\Trend Micro\AMSP\update\iau_sdk\msvcr80.dll
c:\program files\Trend Micro\AMSP\util3rdComponentInstall.dll
c:\program files\Trend Micro\AMSP\utilAccessControl.dll
c:\program files\Trend Micro\AMSP\utilComponentInfo.dll
c:\program files\Trend Micro\AMSP\utilDebugLog.dll
c:\program files\Trend Micro\AMSP\utilGenericLoader.dll
c:\program files\Trend Micro\AMSP\utilInstallation.dll
c:\program files\Trend Micro\AMSP\utilIPC.dll
c:\program files\Trend Micro\AMSP\utilJsonHandle.dll
c:\program files\Trend Micro\AMSP\utilMsgBuffer.dll
c:\program files\Trend Micro\AMSP\utilNetCtrl.dll
c:\program files\Trend Micro\AMSP\utilRollback.exe
c:\program files\Trend Micro\AMSP\utilRPC.dll
c:\program files\Trend Micro\AMSP\utilThread.dll
c:\program files\Trend Micro\AMSP\utilUIProfile.dll
c:\users\nothing\AppData\Local\Facebook\Update
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\nothing\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\nothing\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3045069583-2507868210-2992496998-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3045069583-2507868210-2992496998-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Amsp
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-20 do 2014-04-20 )))))))))))))))))))))))))))))))
.
.
2014-04-20 06:45 . 2014-04-20 06:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-04-20 06:45 . 2014-04-20 06:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-17 18:43 . 2014-04-20 06:45 -------- d-----w- c:\users\nothing\AppData\Local\CrashDumps
2014-04-17 07:56 . 2014-04-17 07:56 -------- d-----w- c:\windows\ERUNT
2014-04-16 16:52 . 2014-04-20 06:46 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 16:52 . 2014-04-16 16:52 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-16 16:52 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-16 16:52 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 16:50 . 2014-04-17 07:53 -------- d-----w- C:\AdwCleaner
2014-04-16 07:47 . 2014-04-16 07:47 388096 ----a-r- c:\users\nothing\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-04-16 07:47 . 2014-04-16 07:47 -------- d-----w- c:\program files (x86)\Trend Micro
2014-03-26 21:42 . 2014-03-26 21:42 -------- d-----w- c:\users\nothing\AppData\Local\Razer
2014-03-26 21:39 . 2014-03-26 22:03 -------- d-----w- c:\programdata\Razer
2014-03-26 21:39 . 2014-03-26 22:03 -------- d-----w- c:\program files (x86)\Razer
2014-03-24 10:05 . 2014-03-24 10:05 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-20 06:46 . 2013-10-07 19:06 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-04-04 20:05 . 2013-11-11 17:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-04 20:05 . 2013-11-11 17:53 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-03 07:50 . 2013-01-31 09:19 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-25 1821888]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-03-16 3588952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"WD Spindown Utility"="c:\program files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe" [2004-08-09 278528]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"MFFSum_Pro_LL2"="c:\program files (x86)\Companion Suite Pro LL2\MFFSUM.exe" [2010-01-08 24576]
"MFPrintServer_Pro_LL2"="c:\program files (x86)\Companion Suite Pro LL2\MFPrintServer.exe" [2010-01-08 73728]
"VB"="c:\windows\Netl\vbs.vbs" [2013-07-08 139]
"AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Protokol Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\Drivers\XMLDIUSB.sys;c:\windows\SYSNATIVE\Drivers\XMLDIUSB.sys [x]
R4 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 FUSServices;Session Launcher Service;c:\windows\SysWOW64\FUSServices.exe;c:\windows\SysWOW64\FUSServices.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 AMPPAL;Virtuální adaptér Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
*Deregistered* - MBAMWebAccessControl
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 19:00 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-13 192520]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MBAMWebAccessControl]
"ImagePath"="\??\c:\windows\system32\drivers\mwac.sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\program files (x86)\Companion Suite Pro LL2\MFServices.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Celkový čas: 2014-04-20 08:47:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-20 06:47
ComboFix2.txt 2014-04-17 18:44
.
Před spuštěním: Volných bajtů: 87 974 932 480
Po spuštění: Volných bajtů: 87 635 648 512
.
- - End Of File - - 2660A7DAFE168737AC51DD1654904E5B

asusmaniac · Příspěvekod **asusmaniac** » 20 dub 2014 08:51

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:50:52, on 20.4.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Companion Suite Pro LL2\MFFSUM.exe
C:\Program Files (x86)\Companion Suite Pro LL2\MFPrintServer.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Companion Suite Pro LL2\MFServices.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Program Files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MFFSum_Pro_LL2] "C:\Program Files (x86)\Companion Suite Pro LL2\MFFSUM.exe"
O4 - HKLM\..\Run: [MFPrintServer_Pro_LL2] "C:\Program Files (x86)\Companion Suite Pro LL2\MFPrintServer.exe"
O4 - HKLM\..\Run: [VB] C:\Windows\Netl\vbs.vbs
O4 - HKLM\..\Run: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Session Launcher Service (FUSServices) - Unknown owner - C:\Windows\SysWOW64\FUSServices.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9737 bytes

Příspěvekod **Orcus** » 20 dub 2014 09:05

V HJT fixni:

Kód: Vybrat vše

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VB] C:\Windows\Netl\vbs.vbs
O4 - HKLM\..\Run: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

====================================================

Vyčisti systém CCleanerem

====================================================

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?

asusmaniac · Příspěvekod **asusmaniac** » 22 dub 2014 11:28

# DelFix v10.6 - Logfile created 22/04/2014 at 11:26:56
# Updated 11/11/2013 by Xplode
# Username : nothing - NOTEBOOK
# Operating System : Windows 7 Home Premium (64 bits)

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner
Deleted : C:\Users\nothing\Desktop\RK_Quarantine
Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
Deleted : C:\AdwCleaner[R3].txt
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.2.8.16.0_17.04.2014_15.15.39_log.txt
Deleted : C:\TDSSKiller.3.0.0.31_17.04.2014_15.17.01_log.txt
Deleted : C:\TDSSKiller.3.0.0.31_17.04.2014_15.17.14_log.txt
Deleted : C:\Users\nothing\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\nothing\Desktop\aswmbr.exe
Deleted : C:\Users\nothing\Desktop\aswMBR.txt
Deleted : C:\Users\nothing\Desktop\JRT.exe
Deleted : C:\Users\nothing\Desktop\JRT.txt
Deleted : C:\Users\nothing\Desktop\HiJackThis.lnk
Deleted : C:\Users\nothing\Desktop\MBR.dat
Deleted : C:\Users\nothing\Desktop\RKreport[0]_D_04172014_151414.txt
Deleted : C:\Users\nothing\Desktop\RKreport[0]_S_04172014_102453.txt
Deleted : C:\Users\nothing\Desktop\RKreport[0]_S_04172014_151408.txt
Deleted : C:\Users\nothing\Desktop\RogueKillerX64.exe
Deleted : C:\Users\nothing\Desktop\TDSSKiller.exe
Deleted : C:\Users\nothing\Desktop\tdsskiller.zip
Deleted : C:\Users\nothing\Downloads\adwcleaner.exe
Deleted : C:\Users\nothing\Downloads\HiJackThis.msi
Deleted : C:\Users\nothing\Downloads\tdsskiller.zip
Deleted : C:\Users\nothing\Downloads\TFC (1).exe
Deleted : C:\Users\nothing\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Error when deleting (1) : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

New restore point created !

########## - EOF - ##########

Problémy se neozvaly od začátku řešení, tak nevím :) .. ale vypadá to, že je vše v pořádku!

Příspěvekod **jaro3** » 22 dub 2014 18:36

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

Prosím o kontrolu logu - wnp.dll Vyřešeno

Re: Prosím o kontrolu logu - wnp.dll

Re: Prosím o kontrolu logu - wnp.dll

Re: Prosím o kontrolu logu - wnp.dll

Re: Prosím o kontrolu logu - wnp.dll

Re: Prosím o kontrolu logu - wnp.dll

Re: Prosím o kontrolu logu - wnp.dll

Re: Prosím o kontrolu logu - wnp.dll

Re: Prosím o kontrolu logu - wnp.dll Vyřešeno

Kdo je online