PLEASE HELP - multiproblém Vaio (více níže) Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: PLEASE HELP - multiproblém Vaio (více níže)
To nemusíš hlásit.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: PLEASE HELP - multiproblém Vaio (více níže)
já vím, já chtěla. Aby bylo poznat, že tu jsem a nepíšeš to zbytečně. Takže zde je ComboFix:ComboFix 14-02-05.02 - Kari 10.02.2014 20:37:00.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3566.1722 [GMT 1:00]
Spuštěný z: c:\users\Kari\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kari\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\sho9DF8.tmp"
"c:\windows\SysWow64\shoCC48.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\@RestoreQuarantine
c:\@restorequarantine\2014-Feb-06_18hour\Preferences
c:\@restorequarantine\2014-Feb-06_18hour\Web Data
c:\program files (x86)\ESET
c:\program files (x86)\ESET\ESET Online Scanner\esets_apiA.dll
c:\program files (x86)\ESET\ESET Online Scanner\esets_apiW.dll
c:\program files (x86)\ESET\ESET Online Scanner\esets_apiW_a.dll
c:\program files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver
c:\program files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
c:\program files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner.inf
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner.ocx
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner64.ocx
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerLang.dll
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
c:\program files (x86)\ESET\ESET Online Scanner\unicows.dll
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.22.3\goopdate.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.22.3\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.22.3\psmachine.dll
c:\program files (x86)\Google\Update\1.3.22.3\psuser.dll
c:\program files (x86)\Google\Update\Download\{3C122445-AECE-4309-90B7-85A6AEF42AC0}\0.0.0.0\gsync.msi
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.3\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{487458B1-E20A-4C18-B484-19DE73CF24F9}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.107\32.0.1700.107_32.0.1700.102_chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\7.1.2.2041\GoogleEarth-Win-Bundle-7.1.2.2041.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\windows\SysWow64\sho9DF8.tmp
c:\windows\SysWow64\shoCC48.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-10 do 2014-02-10 )))))))))))))))))))))))))))))))
.
.
2014-02-10 19:51 . 2014-02-10 19:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-10 19:51 . 2014-02-10 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-09 12:50 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{712ADC39-3917-4160-B140-72AC6953F658}\mpengine.dll
2014-02-09 10:47 . 2014-02-09 10:47 110 ----a-w- c:\users\Kari\find.bat
2014-02-09 04:15 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-23 13:30 . 2013-10-18 15:23 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{737114BB-56D9-473F-B1FA-C69D573EBE95}\gapaengine.dll
2014-01-16 20:15 . 2014-02-08 07:19 -------- d-----w- c:\users\Kari\AppData\Roaming\SUPERAntiSpyware.com
2014-01-16 20:15 . 2014-01-16 20:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-09 17:08 . 2012-04-03 14:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-09 17:08 . 2012-04-03 14:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33 . 2011-08-01 12:47 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-04 04:40 . 2014-01-04 04:40 134122 ----a-w- c:\windows\ColorPic Uninstaller.exe
2013-12-20 01:06 . 2013-12-20 01:06 309760 ----a-r- c:\users\Kari\AppData\Roaming\Microsoft\Installer\{AA38CC00-F12C-495E-AF00-7EE413D3BFB2}\EvinceIcon2.exe
2013-12-20 01:06 . 2013-12-20 01:06 309760 ----a-r- c:\users\Kari\AppData\Roaming\Microsoft\Installer\{AA38CC00-F12C-495E-AF00-7EE413D3BFB2}\EvinceIcon1.exe
2013-12-14 02:49 . 2011-08-01 16:22 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-26 04:23 . 2013-11-26 04:23 386680 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-08-26 1989920]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-10 543]
"mncldckSrv"="c:\windows\inf\mncldck.vbe" [2014-01-19 1342]
.
c:\users\Kari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2013-11-11 9625456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 ActiveSMART Service;ActiveSMART Service;c:\program files (x86)\ActiveSMART 2.95\ASmartService.exe;c:\program files (x86)\ActiveSMART 2.95\ASmartService.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Kari\AppData\Local\Temp\GPU-Z.sys;c:\users\Kari\AppData\Local\Temp\GPU-Z.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
R4 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R4 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-03 21:28 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{A3BBF46B-A159-4BF4-B070-5D52FC44EA02}: NameServer = 188.92.8.18,188.92.11.3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Driver Genius Professional Edition_is1 - c:\program files (x86)\Driver-Soft\DriverGenius\unins000.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-631192769-3211946637-3999503593-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E9DF2BA2-6E72-EA76-C493-6EF8C7281227}*]
"nakpgeohafmlmffddhgdjmmganfk"=hex:6b,61,61,62,66,6a,68,69,65,6b,70,6b,69,61,
65,6d,70,6f,69,61,70,6c,00,00
"oampebidehheadoghooamfneoakppg"=hex:6b,61,61,62,66,6a,68,69,65,6b,70,6b,69,61,
65,6d,70,6f,69,61,70,6c,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="83985480B6A617D62D4944A11486D80FB1DCB12BADA8005BB4108ADFFDC2FC47871824EB9E3FE7F289955F5467DA3A7192D274BC250B0F756AD5347ED5B480CDD4BEEF88823A8BB12CFCE4199BCC035D8F48B83DEF991C7E94F88CA9AAC281EF1824165D6AA3F9489B0A519360EC1FB3A75EBF8D860E24A3CBD035A25CE7ACC72670B6273F5BB25C835EE71F49227C4880490CC5C570A505CD4513DCB1F2316273E3B757D098B588B0AA2E49CDA50E61E051642E6DA0A4B8FAD3CD7ED389C5421AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A2D97226D213B555BA7FD869164D6794A6A0AC4980AC7933957B88B926F15F6C2DB56DFC5F266243C8B1F53A4E5F2F3C54F0466E425F7F39741CB05952DA3DDF1944CBBE96547C22DD4DD5BB33FE4AD43B51ECA62CB8CA6385A80BFE918FA280BDF4E3F8F754B0F6333B04053CC72502F219467923CBD03888819944BC2BDB849086152B1EF3BB34123EDA1EEA57050E3BADCC1CACA4057BD3C714A5FC4F2A4B997DF33BF9834AF0DAD96BF5144F276665B1AD25A3D64E174DE3E481519C435478A2C673CE56FE657D58F9DF6055B9A0DB13C98FB4F80A94F280A89E0CBC4EC4DB028A8034C66EEF02478013CB135EF117FC37BB61A608A5540D3425555B6BE48A6B6CF4953123938076AA2729352EB5A762BFEC01FC0B9C163C8C2027A62823DD7352C4B4F49B752AFBD79C1BEEB2E9317B604A3B9F4E726F066D014FD38C8F437253CAA3F64ADD3FB01F569B756CB2E8BECBDE10B4F943AE25441CF29A8FDE3A043942492195BD97B1C698F5024DD69DECE59A4F67B0CEB198342986359F6A598785CE63DFD4A59BDFCB104DD23C412B0849D0206506F66EA31345D5E31DAE4B226AF40123D8CACAE0DFC994A8140186D542B97B6281C66B4D6CF1FE6A5CCC4BBC511D86DFE287B69E66B8164A254737DF546E2F159F68C7E0FD907611278AAA02D3962A8E295A8644F7B16D81B1EC577433EF5E37CF2CB1EC3A6B81A23B4FCF63C191792CD4E373C3E0718A1A706B97A64922FC88F5856E4649AFBB6F482833932024D1B8046BCCD3239534E60DE3B94CB4CAD5CAEA0E550383EB934BF347620CA3476AB949D974EA712003BDA696967EC59786457A7F527D78964B8C5700FE083BD7C7382BBDE0493677E178CE6C181D02150141653AE755EA85798F7FCCBD880418C73FA2491B6D8C6713740F6EBEC824390A8FDC42A76E51770B34ECC9E8D1522D19E01E51C31D451C2B13DFCD9C68195A3D020C41BCEF550C3C5E9537DBEAADA1C0B000D00B6264A892BAB1DB5AA5813386ED8E80E044D6C721F4E1FA8A21516094481E64388AA3040754E710B16FB464A82F7271651B6791A064AE1E77032D3CC243C1"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\hasplms.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2014-02-10 21:08:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-10 20:08
ComboFix2.txt 2014-02-10 13:43
ComboFix3.txt 2013-02-02 19:50
ComboFix4.txt 2013-02-02 18:08
ComboFix5.txt 2014-02-10 19:35
.
Před spuštěním: Volných bajtů: 130 253 012 992
Po spuštění: Volných bajtů: 129 827 299 328
.
- - End Of File - - 165D573BFD8C1E8C214D7A965EFF8F9C
Re: PLEASE HELP - multiproblém Vaio (více níže)
Další:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-10 21:19:02
-----------------------------
21:19:02.685 OS Version: Windows x64 6.1.7600
21:19:02.685 Number of processors: 2 586 0x2505
21:19:02.685 ComputerName: KARI-VAIO UserName: Kari
21:19:03.808 Initialize success
21:19:13.378 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:19:13.394 Disk 0 Vendor: ST932032 0006 Size: 305245MB BusType: 3
21:19:13.534 Disk 0 MBR read successfully
21:19:13.534 Disk 0 MBR scan
21:19:13.534 Disk 0 Windows 7 default MBR code
21:19:13.550 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15543 MB offset 2048
21:19:13.565 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31834112
21:19:13.581 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 289600 MB offset 32038912
21:19:13.643 Disk 0 scanning C:\Windows\system32\drivers
21:19:23.440 Service scanning
21:19:45.780 Modules scanning
21:19:45.780 Disk 0 trace - called modules:
21:19:45.858 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys sptd.sys hal.dll
21:19:45.873 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057a3060]
21:19:46.388 3 CLASSPNP.SYS[fffff88001c2e43f] -> nt!IofCallDriver -> [0xfffffa8003448640]
21:19:46.388 5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800386e050]
21:19:46.404 Scan finished successfully
21:20:05.748 Disk 0 MBR has been saved successfully to "C:\Users\Kari\Desktop\MBR.dat"
21:20:05.763 The log file has been saved successfully to "C:\Users\Kari\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-10 21:19:02
-----------------------------
21:19:02.685 OS Version: Windows x64 6.1.7600
21:19:02.685 Number of processors: 2 586 0x2505
21:19:02.685 ComputerName: KARI-VAIO UserName: Kari
21:19:03.808 Initialize success
21:19:13.378 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:19:13.394 Disk 0 Vendor: ST932032 0006 Size: 305245MB BusType: 3
21:19:13.534 Disk 0 MBR read successfully
21:19:13.534 Disk 0 MBR scan
21:19:13.534 Disk 0 Windows 7 default MBR code
21:19:13.550 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15543 MB offset 2048
21:19:13.565 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31834112
21:19:13.581 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 289600 MB offset 32038912
21:19:13.643 Disk 0 scanning C:\Windows\system32\drivers
21:19:23.440 Service scanning
21:19:45.780 Modules scanning
21:19:45.780 Disk 0 trace - called modules:
21:19:45.858 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys sptd.sys hal.dll
21:19:45.873 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057a3060]
21:19:46.388 3 CLASSPNP.SYS[fffff88001c2e43f] -> nt!IofCallDriver -> [0xfffffa8003448640]
21:19:46.388 5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800386e050]
21:19:46.404 Scan finished successfully
21:20:05.748 Disk 0 MBR has been saved successfully to "C:\Users\Kari\Desktop\MBR.dat"
21:20:05.763 The log file has been saved successfully to "C:\Users\Kari\Desktop\aswMBR.txt"
Re: PLEASE HELP - multiproblém Vaio (více níže)
Jen vsuvka k těm 4 exe:
atiecl.exe AMD (AHA, TO JSEM NEVĚDĚLA.... TAK ASI V POŘÁDKU)
csrss.exe Windows (TAKÉ JSEM NEVĚDĚLA, ALE ZŘEJMĚ I ZDE V POŘÁDKU)
winlog.exe není to winlogon.exe (microsoft)?? (NE, NIC DALŠÍHO TAM NENÍ. A JELIKOŽ MÁM JEN JEDEN ÚČET, NEZADÁVÁM PŘI STARTU HESLO)
VAIOUpd.exe Vaio (MÁM POCIT, ŽE JSEM HO ALE VIDĚLA V NOŤASU 2X, DVA RŮZNÉ SOUBORY....NEJSEM SI ALE JISTÁ. POKUD NEŠKODÍ, TAK ASI NEMUSÍME ŘEŠIT).
atiecl.exe AMD (AHA, TO JSEM NEVĚDĚLA.... TAK ASI V POŘÁDKU)
csrss.exe Windows (TAKÉ JSEM NEVĚDĚLA, ALE ZŘEJMĚ I ZDE V POŘÁDKU)
winlog.exe není to winlogon.exe (microsoft)?? (NE, NIC DALŠÍHO TAM NENÍ. A JELIKOŽ MÁM JEN JEDEN ÚČET, NEZADÁVÁM PŘI STARTU HESLO)
VAIOUpd.exe Vaio (MÁM POCIT, ŽE JSEM HO ALE VIDĚLA V NOŤASU 2X, DVA RŮZNÉ SOUBORY....NEJSEM SI ALE JISTÁ. POKUD NEŠKODÍ, TAK ASI NEMUSÍME ŘEŠIT).
Re: PLEASE HELP - multiproblém Vaio (více níže)
SystemLook 30.07.11 by jpshortstuff
Log created at 21:32 on 10/02/2014 by Kari
Administrator - Elevation successful
========== filefind ==========
Searching for "MSASGui.exe.*"
C:\Users\Kari\AppData\Local\CrashDumps\MSASGui.exe.3620.dmp --a---- 6130544 bytes [07:24 08/02/2014] [07:25 08/02/2014] FD44EB98734A1450F819BFD7F80E1E33
C:\Users\Kari\AppData\Local\CrashDumps\MSASGui.exe.4632.dmp --a---- 6130544 bytes [17:11 09/02/2014] [17:11 09/02/2014] A71E49AD8CE1C55825F8AB19B9BBA65E
C:\Users\Kari\AppData\Local\CrashDumps\MSASGui.exe.5028.dmp --a---- 6130544 bytes [12:00 10/02/2014] [12:00 10/02/2014] 2FB00FBDCBF7843AB6D29FE739EC3D75
C:\Windows\inf\MSASGui.exe --a---- 528398 bytes [21:44 05/02/2014] [11:26 05/04/2013] EEDF9D5B3F2CCF830B4FB0E4C1631CBE
Searching for "Mncldck.exe.*"
C:\Users\Kari\AppData\Local\CrashDumps\mncldck.exe.3324.dmp --a---- 497332 bytes [12:02 10/02/2014] [12:02 10/02/2014] 512259B5318F36C6D8002B0E8F031F89
C:\Users\Kari\AppData\Local\CrashDumps\mncldck.exe.3340.dmp --a---- 497332 bytes [17:13 09/02/2014] [17:13 09/02/2014] 41CDD9981C299BB0C00E5990D132AD4D
C:\Users\Kari\AppData\Local\CrashDumps\mncldck.exe.4988.dmp --a---- 6266806 bytes [07:26 08/02/2014] [07:26 08/02/2014] 545A30B09F8E5392EDC8754B7AD6A34A
C:\Windows\inf\mncldck\mncldck.exe --a-s-- 972814 bytes [21:44 05/02/2014] [19:30 26/10/2013] 2AC6F8E3DFA1F5E8CC78C457016E29E1
-= EOF =-
Log created at 21:32 on 10/02/2014 by Kari
Administrator - Elevation successful
========== filefind ==========
Searching for "MSASGui.exe.*"
C:\Users\Kari\AppData\Local\CrashDumps\MSASGui.exe.3620.dmp --a---- 6130544 bytes [07:24 08/02/2014] [07:25 08/02/2014] FD44EB98734A1450F819BFD7F80E1E33
C:\Users\Kari\AppData\Local\CrashDumps\MSASGui.exe.4632.dmp --a---- 6130544 bytes [17:11 09/02/2014] [17:11 09/02/2014] A71E49AD8CE1C55825F8AB19B9BBA65E
C:\Users\Kari\AppData\Local\CrashDumps\MSASGui.exe.5028.dmp --a---- 6130544 bytes [12:00 10/02/2014] [12:00 10/02/2014] 2FB00FBDCBF7843AB6D29FE739EC3D75
C:\Windows\inf\MSASGui.exe --a---- 528398 bytes [21:44 05/02/2014] [11:26 05/04/2013] EEDF9D5B3F2CCF830B4FB0E4C1631CBE
Searching for "Mncldck.exe.*"
C:\Users\Kari\AppData\Local\CrashDumps\mncldck.exe.3324.dmp --a---- 497332 bytes [12:02 10/02/2014] [12:02 10/02/2014] 512259B5318F36C6D8002B0E8F031F89
C:\Users\Kari\AppData\Local\CrashDumps\mncldck.exe.3340.dmp --a---- 497332 bytes [17:13 09/02/2014] [17:13 09/02/2014] 41CDD9981C299BB0C00E5990D132AD4D
C:\Users\Kari\AppData\Local\CrashDumps\mncldck.exe.4988.dmp --a---- 6266806 bytes [07:26 08/02/2014] [07:26 08/02/2014] 545A30B09F8E5392EDC8754B7AD6A34A
C:\Windows\inf\mncldck\mncldck.exe --a-s-- 972814 bytes [21:44 05/02/2014] [19:30 26/10/2013] 2AC6F8E3DFA1F5E8CC78C457016E29E1
-= EOF =-
Re: PLEASE HELP - multiproblém Vaio (více níže)
A ty dvě potvory (MSASGui.exe + Mncldck.exe) mi po restartu naběhly zas.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: PLEASE HELP - multiproblém Vaio (více níže)
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
KillAll::
File::
c:\windows\inf\mncldck.vbe
c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mncldckSrv"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Printsrv"=-
RegLock::
[HKEY_USERS\S-1-5-21-631192769-3211946637-3999503593-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E9DF2BA2-6E72-EA76-C493-6EF8C7281227}*]
"nakpgeohafmlmffddhgdjmmganfk"=hex:6b,61,61,62,66,6a,68,69,65,6b,70,6b,69,61,
65,6d,70,6f,69,61,70,6c,00,00
"oampebidehheadoghooamfneoakppg"=hex:6b,61,61,62,66,6a,68,69,65,6b,70,6b,69,61,
65,6d,70,6f,69,61,70,6c,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
C:\Users\Kari\AppData\Local\CrashDumps\MSASGui.exe.4632.dmp
C:\Users\Kari\AppData\Local\CrashDumps\MSASGui.exe.5028.dmp
C:\Windows\inf\MSASGui.exe
C:\Users\Kari\AppData\Local\CrashDumps\mncldck.exe.3324.dmp
C:\Users\Kari\AppData\Local\CrashDumps\mncldck.exe.3340.dmp
C:\Users\Kari\AppData\Local\CrashDumps\mncldck.exe.4988.dmp
C:\Windows\inf\mncldck\mncldck.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:
Kód: Vybrat vše
:filefind
winlog.exe.*
Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: PLEASE HELP - multiproblém Vaio (více níže)
ComboFix 14-02-11.01 - Kari 11.02.2014 17:28:58.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3566.2222 [GMT 1:00]
Spuštěný z: c:\users\Kari\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kari\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\inf\mncldck.vbe"
"c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\inf\mncldck.vbe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-11 do 2014-02-11 )))))))))))))))))))))))))))))))
.
.
2014-02-11 16:39 . 2014-02-11 16:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-11 16:39 . 2014-02-11 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-10 20:04 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FB0E4D0-7155-4946-915A-533E04470CC6}\mpengine.dll
2014-02-09 12:50 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-09 10:47 . 2014-02-09 10:47 110 ----a-w- c:\users\Kari\find.bat
2014-01-23 13:30 . 2013-10-18 15:23 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{737114BB-56D9-473F-B1FA-C69D573EBE95}\gapaengine.dll
2014-01-16 20:15 . 2014-02-08 07:19 -------- d-----w- c:\users\Kari\AppData\Roaming\SUPERAntiSpyware.com
2014-01-16 20:15 . 2014-01-16 20:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-09 17:08 . 2012-04-03 14:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-09 17:08 . 2012-04-03 14:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33 . 2011-08-01 12:47 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-04 04:40 . 2014-01-04 04:40 134122 ----a-w- c:\windows\ColorPic Uninstaller.exe
2013-12-20 01:06 . 2013-12-20 01:06 309760 ----a-r- c:\users\Kari\AppData\Roaming\Microsoft\Installer\{AA38CC00-F12C-495E-AF00-7EE413D3BFB2}\EvinceIcon2.exe
2013-12-20 01:06 . 2013-12-20 01:06 309760 ----a-r- c:\users\Kari\AppData\Roaming\Microsoft\Installer\{AA38CC00-F12C-495E-AF00-7EE413D3BFB2}\EvinceIcon1.exe
2013-12-14 02:49 . 2011-08-01 16:22 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-26 04:23 . 2013-11-26 04:23 386680 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-08-26 1989920]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-10 543]
.
c:\users\Kari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2013-11-11 9625456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 ActiveSMART Service;ActiveSMART Service;c:\program files (x86)\ActiveSMART 2.95\ASmartService.exe;c:\program files (x86)\ActiveSMART 2.95\ASmartService.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Kari\AppData\Local\Temp\GPU-Z.sys;c:\users\Kari\AppData\Local\Temp\GPU-Z.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
R4 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R4 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-03 21:28 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{A3BBF46B-A159-4BF4-B070-5D52FC44EA02}: NameServer = 188.92.8.18,188.92.11.3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Driver Genius Professional Edition_is1 - c:\program files (x86)\Driver-Soft\DriverGenius\unins000.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-631192769-3211946637-3999503593-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E9DF2BA2-6E72-EA76-C493-6EF8C7281227}*]
"nakpgeohafmlmffddhgdjmmganfk"=hex:6b,61,61,62,66,6a,68,69,65,6b,70,6b,69,61,
65,6d,70,6f,69,61,70,6c,00,00
"oampebidehheadoghooamfneoakppg"=hex:6b,61,61,62,66,6a,68,69,65,6b,70,6b,69,61,
65,6d,70,6f,69,61,70,6c,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="83985480B6A617D62D4944A11486D80FB1DCB12BADA8005BB4108ADFFDC2FC47871824EB9E3FE7F289955F5467DA3A7192D274BC250B0F756AD5347ED5B480CDD4BEEF88823A8BB12CFCE4199BCC035D8F48B83DEF991C7E94F88CA9AAC281EF1824165D6AA3F9489B0A519360EC1FB3A75EBF8D860E24A3CBD035A25CE7ACC72670B6273F5BB25C835EE71F49227C4880490CC5C570A505CD4513DCB1F2316273E3B757D098B588B0AA2E49CDA50E61E051642E6DA0A4B8FAD3CD7ED389C5421AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A2D97226D213B555BA7FD869164D6794A6A0AC4980AC7933957B88B926F15F6C2DB56DFC5F266243C8B1F53A4E5F2F3C54F0466E425F7F39741CB05952DA3DDF1944CBBE96547C22DD4DD5BB33FE4AD43B51ECA62CB8CA6385A80BFE918FA280BDF4E3F8F754B0F6333B04053CC72502F219467923CBD03888819944BC2BDB849086152B1EF3BB34123EDA1EEA57050E3BADCC1CACA4057BD3C714A5FC4F2A4B997DF33BF9834AF0DAD96BF5144F276665B1AD25A3D64E174DE3E481519C435478A2C673CE56FE657D58F9DF6055B9A0DB13C98FB4F80A94F280A89E0CBC4EC4DB028A8034C66EEF02478013CB135EF117FC37BB61A608A5540D3425555B6BE48A6B6CF4953123938076AA2729352EB5A762BFEC01FC0B9C163C8C2027A62823DD7352C4B4F49B752AFBD79C1BEEB2E9317B604A3B9F4E726F066D014FD38C8F437253CAA3F64ADD3FB01F569B756CB2E8BECBDE10B4F943AE25441CF29A8FDE3A043942492195BD97B1C698F5024DD69DECE59A4F67B0CEB198342986359F6A598785CE63DFD4A59BDFCB104DD23C412B0849D0206506F66EA31345D5E31DAE4B226AF40123D8CACAE0DFC994A8140186D542B97B6281C66B4D6CF1FE6A5CCC4BBC511D86DFE287B69E66B8164A254737DF546E2F159F68C7E0FD907611278AAA02D3962A8E295A8644F7B16D81B1EC577433EF5E37CF2CB1EC3A6B81A23B4FCF63C191792CD4E373C3E0718A1A706B97A64922FC88F5856E4649AFBB6F482833932024D1B8046BCCD3239534E60DE3B94CB4CAD5CAEA0E550383EB934BF347620CA3476AB949D974EA712003BDA696967EC59786457A7F527D78964B8C5700FE083BD7C7382BBDE0493677E178CE6C181D02150141653AE755EA85798F7FCCBD880418C73FA2491B6D8C6713740F6EBEC824390A8FDC42A76E51770B34ECC9E8D1522D19E01E51C31D451C2B13DFCD9C68195A3D020C41BCEF550C3C5E9537DBEAADA1C0B000D00B6264A892BAB1DB5AA5813386ED8E80E044D6C721F4E1FA8A21516094481E64388AA3040754E710B16FB464A82F7271651B6791A064AE1E77032D3CC243C1"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\hasplms.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files (x86)\TechSmith\Snagit 11\TSCHelp.exe
c:\program files (x86)\TechSmith\Snagit 11\snagiteditor.exe
.
**************************************************************************
.
Celkový čas: 2014-02-11 17:59:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-11 16:58
ComboFix2.txt 2014-02-10 20:08
ComboFix3.txt 2014-02-10 13:43
ComboFix4.txt 2013-02-02 19:50
ComboFix5.txt 2014-02-11 16:25
.
Před spuštěním: Volných bajtů: 138 616 532 992
Po spuštění: Volných bajtů: 141 784 100 864
.
- - End Of File - - 7B886941447B79EBF70FF81080054C02
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3566.2222 [GMT 1:00]
Spuštěný z: c:\users\Kari\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kari\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\inf\mncldck.vbe"
"c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\inf\mncldck.vbe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-11 do 2014-02-11 )))))))))))))))))))))))))))))))
.
.
2014-02-11 16:39 . 2014-02-11 16:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-11 16:39 . 2014-02-11 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-10 20:04 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FB0E4D0-7155-4946-915A-533E04470CC6}\mpengine.dll
2014-02-09 12:50 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-09 10:47 . 2014-02-09 10:47 110 ----a-w- c:\users\Kari\find.bat
2014-01-23 13:30 . 2013-10-18 15:23 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{737114BB-56D9-473F-B1FA-C69D573EBE95}\gapaengine.dll
2014-01-16 20:15 . 2014-02-08 07:19 -------- d-----w- c:\users\Kari\AppData\Roaming\SUPERAntiSpyware.com
2014-01-16 20:15 . 2014-01-16 20:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-09 17:08 . 2012-04-03 14:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-09 17:08 . 2012-04-03 14:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33 . 2011-08-01 12:47 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-04 04:40 . 2014-01-04 04:40 134122 ----a-w- c:\windows\ColorPic Uninstaller.exe
2013-12-20 01:06 . 2013-12-20 01:06 309760 ----a-r- c:\users\Kari\AppData\Roaming\Microsoft\Installer\{AA38CC00-F12C-495E-AF00-7EE413D3BFB2}\EvinceIcon2.exe
2013-12-20 01:06 . 2013-12-20 01:06 309760 ----a-r- c:\users\Kari\AppData\Roaming\Microsoft\Installer\{AA38CC00-F12C-495E-AF00-7EE413D3BFB2}\EvinceIcon1.exe
2013-12-14 02:49 . 2011-08-01 16:22 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-26 04:23 . 2013-11-26 04:23 386680 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-08-26 1989920]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-10 543]
.
c:\users\Kari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2013-11-11 9625456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 ActiveSMART Service;ActiveSMART Service;c:\program files (x86)\ActiveSMART 2.95\ASmartService.exe;c:\program files (x86)\ActiveSMART 2.95\ASmartService.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Kari\AppData\Local\Temp\GPU-Z.sys;c:\users\Kari\AppData\Local\Temp\GPU-Z.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
R4 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R4 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-03 21:28 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{A3BBF46B-A159-4BF4-B070-5D52FC44EA02}: NameServer = 188.92.8.18,188.92.11.3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Driver Genius Professional Edition_is1 - c:\program files (x86)\Driver-Soft\DriverGenius\unins000.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-631192769-3211946637-3999503593-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E9DF2BA2-6E72-EA76-C493-6EF8C7281227}*]
"nakpgeohafmlmffddhgdjmmganfk"=hex:6b,61,61,62,66,6a,68,69,65,6b,70,6b,69,61,
65,6d,70,6f,69,61,70,6c,00,00
"oampebidehheadoghooamfneoakppg"=hex:6b,61,61,62,66,6a,68,69,65,6b,70,6b,69,61,
65,6d,70,6f,69,61,70,6c,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="83985480B6A617D62D4944A11486D80FB1DCB12BADA8005BB4108ADFFDC2FC47871824EB9E3FE7F289955F5467DA3A7192D274BC250B0F756AD5347ED5B480CDD4BEEF88823A8BB12CFCE4199BCC035D8F48B83DEF991C7E94F88CA9AAC281EF1824165D6AA3F9489B0A519360EC1FB3A75EBF8D860E24A3CBD035A25CE7ACC72670B6273F5BB25C835EE71F49227C4880490CC5C570A505CD4513DCB1F2316273E3B757D098B588B0AA2E49CDA50E61E051642E6DA0A4B8FAD3CD7ED389C5421AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A2D97226D213B555BA7FD869164D6794A6A0AC4980AC7933957B88B926F15F6C2DB56DFC5F266243C8B1F53A4E5F2F3C54F0466E425F7F39741CB05952DA3DDF1944CBBE96547C22DD4DD5BB33FE4AD43B51ECA62CB8CA6385A80BFE918FA280BDF4E3F8F754B0F6333B04053CC72502F219467923CBD03888819944BC2BDB849086152B1EF3BB34123EDA1EEA57050E3BADCC1CACA4057BD3C714A5FC4F2A4B997DF33BF9834AF0DAD96BF5144F276665B1AD25A3D64E174DE3E481519C435478A2C673CE56FE657D58F9DF6055B9A0DB13C98FB4F80A94F280A89E0CBC4EC4DB028A8034C66EEF02478013CB135EF117FC37BB61A608A5540D3425555B6BE48A6B6CF4953123938076AA2729352EB5A762BFEC01FC0B9C163C8C2027A62823DD7352C4B4F49B752AFBD79C1BEEB2E9317B604A3B9F4E726F066D014FD38C8F437253CAA3F64ADD3FB01F569B756CB2E8BECBDE10B4F943AE25441CF29A8FDE3A043942492195BD97B1C698F5024DD69DECE59A4F67B0CEB198342986359F6A598785CE63DFD4A59BDFCB104DD23C412B0849D0206506F66EA31345D5E31DAE4B226AF40123D8CACAE0DFC994A8140186D542B97B6281C66B4D6CF1FE6A5CCC4BBC511D86DFE287B69E66B8164A254737DF546E2F159F68C7E0FD907611278AAA02D3962A8E295A8644F7B16D81B1EC577433EF5E37CF2CB1EC3A6B81A23B4FCF63C191792CD4E373C3E0718A1A706B97A64922FC88F5856E4649AFBB6F482833932024D1B8046BCCD3239534E60DE3B94CB4CAD5CAEA0E550383EB934BF347620CA3476AB949D974EA712003BDA696967EC59786457A7F527D78964B8C5700FE083BD7C7382BBDE0493677E178CE6C181D02150141653AE755EA85798F7FCCBD880418C73FA2491B6D8C6713740F6EBEC824390A8FDC42A76E51770B34ECC9E8D1522D19E01E51C31D451C2B13DFCD9C68195A3D020C41BCEF550C3C5E9537DBEAADA1C0B000D00B6264A892BAB1DB5AA5813386ED8E80E044D6C721F4E1FA8A21516094481E64388AA3040754E710B16FB464A82F7271651B6791A064AE1E77032D3CC243C1"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\hasplms.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files (x86)\TechSmith\Snagit 11\TSCHelp.exe
c:\program files (x86)\TechSmith\Snagit 11\snagiteditor.exe
.
**************************************************************************
.
Celkový čas: 2014-02-11 17:59:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-11 16:58
ComboFix2.txt 2014-02-10 20:08
ComboFix3.txt 2014-02-10 13:43
ComboFix4.txt 2013-02-02 19:50
ComboFix5.txt 2014-02-11 16:25
.
Před spuštěním: Volných bajtů: 138 616 532 992
Po spuštění: Volných bajtů: 141 784 100 864
.
- - End Of File - - 7B886941447B79EBF70FF81080054C02
Re: PLEASE HELP - multiproblém Vaio (více níže)
Zde jsou výsledky těch souborů, dala jsem pro jistotu otestovat i ty, které už testované byly:
https://www.virustotal.com/cs/file/1b76 ... 392138212/
https://www.virustotal.com/cs/file/a6f7 ... 392138356/
https://www.virustotal.com/cs/file/05b3 ... 392138504/
https://www.virustotal.com/cs/file/4ef9 ... 392138619/
https://www.virustotal.com/cs/file/c792 ... 392139514/
https://www.virustotal.com/cs/file/46a0 ... 392139585/
https://www.virustotal.com/cs/file/1c97 ... 392139654/
https://www.virustotal.com/cs/file/1b76 ... 392138212/
https://www.virustotal.com/cs/file/a6f7 ... 392138356/
https://www.virustotal.com/cs/file/05b3 ... 392138504/
https://www.virustotal.com/cs/file/4ef9 ... 392138619/
https://www.virustotal.com/cs/file/c792 ... 392139514/
https://www.virustotal.com/cs/file/46a0 ... 392139585/
https://www.virustotal.com/cs/file/1c97 ... 392139654/
Re: PLEASE HELP - multiproblém Vaio (více níže)
SystemLook 30.07.11 by jpshortstuff
Log created at 18:32 on 11/02/2014 by Kari
Administrator - Elevation successful
========== filefind ==========
Searching for "winlog.exe.*"
No files found.
-= EOF =-
Log created at 18:32 on 11/02/2014 by Kari
Administrator - Elevation successful
========== filefind ==========
Searching for "winlog.exe.*"
No files found.
-= EOF =-
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 99 hostů