Dobrý den, poslední dobou je můj notebook strašně pomalý. Dřív jsem se díval na Youtube na videa 1080p bez problémů a teď to nestačí ani na 720p. Hraní her je pro mě nemyslitelné. Mám Toshibu Satellite Pro L500-1HC s grafikou iNTEL GMA-4500M, což je nic moc, ale dřív to bohatě stačilo i na ty hry.
Děkuji za případnou pomoc.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:29, on 15.4.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6126 bytes
Zpomalený notebook
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zpomalený notebook
Příště novější verzi HJT (2.0.4.,nebo 2.0.5Beta):
http://www.trendsecure.com/portal/en-US ... s/download
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
http://www.trendsecure.com/portal/en-US ... s/download
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O13 - Gopher Prefix:
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Zpomalený notebook
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org
Verze databáze: v2012.04.15.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Martin :: MARTIN-PC [administrátor]
Ochrana: Povolena
15.4.2012 18:49:45
mbam-log-2012-04-15 (18-55-14).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 193583
Uplynulý čas: 4 minut, 26 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|administration (Trojan.Agent) -> Data: C:\Users\Martin\AppData\Roaming\whitepixel\administration.exe -> Žádná instrukce nebyla provedena.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 1
C:\Users\Martin\AppData\Roaming\whitepixel\administration.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
(konec)
www.malwarebytes.org
Verze databáze: v2012.04.15.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Martin :: MARTIN-PC [administrátor]
Ochrana: Povolena
15.4.2012 18:49:45
mbam-log-2012-04-15 (18-55-14).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 193583
Uplynulý čas: 4 minut, 26 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|administration (Trojan.Agent) -> Data: C:\Users\Martin\AppData\Roaming\whitepixel\administration.exe -> Žádná instrukce nebyla provedena.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 1
C:\Users\Martin\AppData\Roaming\whitepixel\administration.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
(konec)
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Zpomalený notebook
Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Zpomalený notebook
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org
Verze databáze: v2012.04.15.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Martin :: MARTIN-PC [administrátor]
Ochrana: Povolena
15.4.2012 19:08:10
mbam-log-2012-04-15 (19-08-10).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 193685
Uplynulý čas: 3 minut, 26 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|administration (Trojan.Agent) -> Data: C:\Users\Martin\AppData\Roaming\whitepixel\administration.exe -> Umístnění do karantény a smazání se zdařilo.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 1
C:\Users\Martin\AppData\Roaming\whitepixel\administration.exe (Trojan.Agent) -> Umístnění do karantény a smazání se zdařilo.
(konec)
ComboFix 12-04-15.02 - Martin 15.04.2012 19:17:02.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3933.2650 [GMT 2:00]
Running from: d:\downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Martin\AppData\Roaming\whitepixel
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 17:28 . 2012-04-15 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 17:17 . 2012-04-15 17:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DC62A81-C0C1-4F8F-B75C-9A945FCD2C7D}\offreg.dll
2012-04-15 16:48 . 2012-04-15 16:48 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2012-04-15 16:48 . 2012-04-15 16:48 -------- d-----w- c:\programdata\Malwarebytes
2012-04-15 16:48 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-15 12:59 . 2012-04-15 13:01 -------- d--h--w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}
2012-04-15 12:58 . 2012-04-15 12:58 -------- d-----w- c:\users\Martin\AppData\Local\PackageAware
2012-04-15 11:10 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-04-15 08:38 . 2012-04-15 08:41 -------- d-----w- c:\users\Martin\.borland
2012-04-14 19:56 . 2012-04-14 19:56 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 08:41 . 2012-04-14 11:52 -------- d-----w- c:\users\Martin\AppData\Local\Temporary Projects
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-04-13 22:51 . 2012-04-13 22:53 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-04-13 22:39 . 2012-04-13 22:39 -------- d-----w- c:\windows\symbols
2012-04-13 22:39 . 2012-04-13 22:39 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-04-13 15:55 . 2012-04-13 15:55 -------- d-----w- c:\programdata\Microsoft Visual Studio
2012-04-13 15:47 . 2012-04-13 15:47 -------- d-----w- c:\users\Martin\AppData\Roaming\Microsoft Corporation
2012-04-13 15:39 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-04-13 15:39 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-04-13 15:24 . 2012-04-13 21:50 -------- d-----w- c:\program files\Microsoft SQL Server
2012-04-13 15:23 . 2012-04-13 22:52 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-04-13 15:22 . 2012-04-13 15:22 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-04-13 15:14 . 2012-04-13 15:14 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-13 15:10 . 2012-04-13 15:10 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2012-04-13 15:07 . 2012-04-13 22:03 2117120 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-04-13 14:46 . 2012-04-13 21:49 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-04-13 14:46 . 2012-04-13 14:46 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-04-13 13:35 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DC62A81-C0C1-4F8F-B75C-9A945FCD2C7D}\mpengine.dll
2012-04-12 13:55 . 2012-04-15 16:23 -------- d-----w- c:\users\Martin\AppData\Roaming\.minecraft
2012-04-12 05:07 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-11 22:25 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 22:25 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 22:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 22:25 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 22:25 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 22:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 22:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 14:40 . 2012-02-28 05:34 860672 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-08 08:42 . 2012-04-08 08:42 -------- d-----w- c:\users\Martin\AppData\Local\Sony
2012-04-08 07:46 . 2012-02-23 12:24 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-04-06 10:05 . 2012-04-06 10:05 -------- d-----w- c:\users\Martin\AppData\Roaming\IObit
2012-04-06 10:05 . 2011-12-16 15:21 31576 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-04-06 10:05 . 2010-11-26 16:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-04-06 10:03 . 2012-04-06 10:06 -------- d-----w- c:\programdata\IObit
2012-04-06 09:49 . 2012-04-07 19:13 455680 ----a-w- c:\windows\system32\deploytk.dll
2012-04-05 22:07 . 2012-04-05 22:07 -------- d-----w- c:\program files (x86)\Java
2012-04-05 11:52 . 2012-04-05 11:52 -------- d-----w- c:\users\Martin\AppData\Local\MPlayer
2012-04-04 09:53 . 2010-11-21 03:25 296448 ----a-w- c:\windows\SysWow64\mfds.dll.bak
2012-04-04 09:50 . 2012-04-04 09:51 -------- d-----w- c:\users\Martin\AppData\Roaming\Win7codecs
2012-03-28 14:55 . 2012-04-14 19:56 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-22 17:01 . 2012-03-22 17:01 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-03-22 17:00 . 2012-03-22 17:00 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2012-03-22 14:46 . 2012-04-01 14:03 -------- d-----w- c:\programdata\TmForever
2012-03-19 17:32 . 2012-03-19 17:32 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 17:32 . 2012-03-19 17:32 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 19:56 . 2011-12-23 08:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 22:07 . 2012-01-16 21:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-16 15:37 . 2012-03-16 15:37 281600 ----a-w- c:\windows\SysWow64\cncs232.dll
2012-03-15 05:40 . 2012-03-15 05:40 4826112 ----a-w- c:\windows\SysWow64\x264vfw.dll
2012-03-06 23:15 . 2011-12-22 13:01 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-12-22 13:01 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-12-22 13:02 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-12-22 13:02 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-12-22 13:02 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-12-22 13:02 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-12-22 13:02 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-12-22 13:02 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 05:54 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 05:54 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 05:54 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 05:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 05:54 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 09:00 . 2012-02-15 09:00 1287168 ----a-w- c:\windows\SysWow64\VSFilter.dll
2012-02-10 06:36 . 2012-03-14 05:54 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 05:54 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 05:54 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 13:21 . 2012-01-25 13:21 913920 ----a-w- c:\windows\SysWow64\lameACM.acm
2012-01-25 06:38 . 2012-03-14 05:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 05:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 05:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-21 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PWRISOVM.EXE"="d:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-04-04 1082440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 19:56]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 12:49]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 12:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.240.190.4 62.240.190.34
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hp50i2ff.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-15 19:39:09
ComboFix-quarantined-files.txt 2012-04-15 17:39
.
Pre-Run: Volných bajtu: 25 179 897 856
Post-Run: Volných bajtu: 25 033 474 048
.
- - End Of File - - A483BD5FBBFDF337866F28A2C024229F
www.malwarebytes.org
Verze databáze: v2012.04.15.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Martin :: MARTIN-PC [administrátor]
Ochrana: Povolena
15.4.2012 19:08:10
mbam-log-2012-04-15 (19-08-10).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 193685
Uplynulý čas: 3 minut, 26 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|administration (Trojan.Agent) -> Data: C:\Users\Martin\AppData\Roaming\whitepixel\administration.exe -> Umístnění do karantény a smazání se zdařilo.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 1
C:\Users\Martin\AppData\Roaming\whitepixel\administration.exe (Trojan.Agent) -> Umístnění do karantény a smazání se zdařilo.
(konec)
ComboFix 12-04-15.02 - Martin 15.04.2012 19:17:02.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3933.2650 [GMT 2:00]
Running from: d:\downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Martin\AppData\Roaming\whitepixel
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 17:28 . 2012-04-15 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 17:17 . 2012-04-15 17:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DC62A81-C0C1-4F8F-B75C-9A945FCD2C7D}\offreg.dll
2012-04-15 16:48 . 2012-04-15 16:48 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2012-04-15 16:48 . 2012-04-15 16:48 -------- d-----w- c:\programdata\Malwarebytes
2012-04-15 16:48 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-15 12:59 . 2012-04-15 13:01 -------- d--h--w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}
2012-04-15 12:58 . 2012-04-15 12:58 -------- d-----w- c:\users\Martin\AppData\Local\PackageAware
2012-04-15 11:10 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-04-15 08:38 . 2012-04-15 08:41 -------- d-----w- c:\users\Martin\.borland
2012-04-14 19:56 . 2012-04-14 19:56 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 08:41 . 2012-04-14 11:52 -------- d-----w- c:\users\Martin\AppData\Local\Temporary Projects
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-04-13 22:51 . 2012-04-13 22:53 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-04-13 22:39 . 2012-04-13 22:39 -------- d-----w- c:\windows\symbols
2012-04-13 22:39 . 2012-04-13 22:39 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-04-13 15:55 . 2012-04-13 15:55 -------- d-----w- c:\programdata\Microsoft Visual Studio
2012-04-13 15:47 . 2012-04-13 15:47 -------- d-----w- c:\users\Martin\AppData\Roaming\Microsoft Corporation
2012-04-13 15:39 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-04-13 15:39 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-04-13 15:24 . 2012-04-13 21:50 -------- d-----w- c:\program files\Microsoft SQL Server
2012-04-13 15:23 . 2012-04-13 22:52 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-04-13 15:22 . 2012-04-13 15:22 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-04-13 15:14 . 2012-04-13 15:14 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-13 15:10 . 2012-04-13 15:10 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2012-04-13 15:07 . 2012-04-13 22:03 2117120 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-04-13 14:46 . 2012-04-13 21:49 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-04-13 14:46 . 2012-04-13 14:46 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-04-13 13:35 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DC62A81-C0C1-4F8F-B75C-9A945FCD2C7D}\mpengine.dll
2012-04-12 13:55 . 2012-04-15 16:23 -------- d-----w- c:\users\Martin\AppData\Roaming\.minecraft
2012-04-12 05:07 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-11 22:25 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 22:25 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 22:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 22:25 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 22:25 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 22:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 22:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 14:40 . 2012-02-28 05:34 860672 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-08 08:42 . 2012-04-08 08:42 -------- d-----w- c:\users\Martin\AppData\Local\Sony
2012-04-08 07:46 . 2012-02-23 12:24 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-04-06 10:05 . 2012-04-06 10:05 -------- d-----w- c:\users\Martin\AppData\Roaming\IObit
2012-04-06 10:05 . 2011-12-16 15:21 31576 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-04-06 10:05 . 2010-11-26 16:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-04-06 10:03 . 2012-04-06 10:06 -------- d-----w- c:\programdata\IObit
2012-04-06 09:49 . 2012-04-07 19:13 455680 ----a-w- c:\windows\system32\deploytk.dll
2012-04-05 22:07 . 2012-04-05 22:07 -------- d-----w- c:\program files (x86)\Java
2012-04-05 11:52 . 2012-04-05 11:52 -------- d-----w- c:\users\Martin\AppData\Local\MPlayer
2012-04-04 09:53 . 2010-11-21 03:25 296448 ----a-w- c:\windows\SysWow64\mfds.dll.bak
2012-04-04 09:50 . 2012-04-04 09:51 -------- d-----w- c:\users\Martin\AppData\Roaming\Win7codecs
2012-03-28 14:55 . 2012-04-14 19:56 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-22 17:01 . 2012-03-22 17:01 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-03-22 17:00 . 2012-03-22 17:00 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2012-03-22 14:46 . 2012-04-01 14:03 -------- d-----w- c:\programdata\TmForever
2012-03-19 17:32 . 2012-03-19 17:32 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 17:32 . 2012-03-19 17:32 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 19:56 . 2011-12-23 08:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 22:07 . 2012-01-16 21:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-16 15:37 . 2012-03-16 15:37 281600 ----a-w- c:\windows\SysWow64\cncs232.dll
2012-03-15 05:40 . 2012-03-15 05:40 4826112 ----a-w- c:\windows\SysWow64\x264vfw.dll
2012-03-06 23:15 . 2011-12-22 13:01 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-12-22 13:01 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-12-22 13:02 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-12-22 13:02 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-12-22 13:02 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-12-22 13:02 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-12-22 13:02 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-12-22 13:02 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 05:54 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 05:54 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 05:54 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 05:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 05:54 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 09:00 . 2012-02-15 09:00 1287168 ----a-w- c:\windows\SysWow64\VSFilter.dll
2012-02-10 06:36 . 2012-03-14 05:54 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 05:54 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 05:54 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 13:21 . 2012-01-25 13:21 913920 ----a-w- c:\windows\SysWow64\lameACM.acm
2012-01-25 06:38 . 2012-03-14 05:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 05:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 05:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-21 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PWRISOVM.EXE"="d:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-04-04 1082440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 19:56]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 12:49]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 12:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.240.190.4 62.240.190.34
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hp50i2ff.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-15 19:39:09
ComboFix-quarantined-files.txt 2012-04-15 17:39
.
Pre-Run: Volných bajtu: 25 179 897 856
Post-Run: Volných bajtu: 25 033 474 048
.
- - End Of File - - A483BD5FBBFDF337866F28A2C024229F
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Zpomalený notebook
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
DirLook::
c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}
File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000UA.job
DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Firefox::
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hp50i2ff.default\
FF - prefs.js: browser.search.selectedEngine -
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Zpomalený notebook
ComboFix 12-04-15.02 - Martin 15.04.2012 20:32:26.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3933.2813 [GMT 2:00]
Running from: d:\downloads\ComboFix.exe
Command switches used :: c:\users\Martin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000UA.job"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 18:44 . 2012-04-15 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 16:48 . 2012-04-15 16:48 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2012-04-15 16:48 . 2012-04-15 16:48 -------- d-----w- c:\programdata\Malwarebytes
2012-04-15 16:48 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-15 12:59 . 2012-04-15 13:01 -------- d--h--w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}
2012-04-15 12:58 . 2012-04-15 12:58 -------- d-----w- c:\users\Martin\AppData\Local\PackageAware
2012-04-15 11:10 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-04-15 08:38 . 2012-04-15 08:41 -------- d-----w- c:\users\Martin\.borland
2012-04-14 19:56 . 2012-04-14 19:56 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 08:41 . 2012-04-14 11:52 -------- d-----w- c:\users\Martin\AppData\Local\Temporary Projects
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-04-13 22:51 . 2012-04-13 22:53 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-04-13 22:39 . 2012-04-13 22:39 -------- d-----w- c:\windows\symbols
2012-04-13 22:39 . 2012-04-13 22:39 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-04-13 15:55 . 2012-04-13 15:55 -------- d-----w- c:\programdata\Microsoft Visual Studio
2012-04-13 15:47 . 2012-04-13 15:47 -------- d-----w- c:\users\Martin\AppData\Roaming\Microsoft Corporation
2012-04-13 15:39 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-04-13 15:39 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-04-13 15:24 . 2012-04-13 21:50 -------- d-----w- c:\program files\Microsoft SQL Server
2012-04-13 15:23 . 2012-04-13 22:52 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-04-13 15:22 . 2012-04-13 15:22 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-04-13 15:14 . 2012-04-13 15:14 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-13 15:10 . 2012-04-13 15:10 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2012-04-13 15:07 . 2012-04-13 22:03 2117120 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-04-13 14:46 . 2012-04-13 21:49 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-04-13 14:46 . 2012-04-13 14:46 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-04-13 13:35 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DC62A81-C0C1-4F8F-B75C-9A945FCD2C7D}\mpengine.dll
2012-04-12 13:55 . 2012-04-15 16:23 -------- d-----w- c:\users\Martin\AppData\Roaming\.minecraft
2012-04-12 05:07 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-11 22:25 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 22:25 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 22:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 22:25 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 22:25 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 22:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 22:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 14:40 . 2012-02-28 05:34 860672 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-08 08:42 . 2012-04-08 08:42 -------- d-----w- c:\users\Martin\AppData\Local\Sony
2012-04-08 07:46 . 2012-02-23 12:24 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-04-06 10:05 . 2012-04-06 10:05 -------- d-----w- c:\users\Martin\AppData\Roaming\IObit
2012-04-06 10:05 . 2011-12-16 15:21 31576 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-04-06 10:05 . 2010-11-26 16:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-04-06 10:03 . 2012-04-06 10:06 -------- d-----w- c:\programdata\IObit
2012-04-06 09:49 . 2012-04-07 19:13 455680 ----a-w- c:\windows\system32\deploytk.dll
2012-04-05 22:07 . 2012-04-05 22:07 -------- d-----w- c:\program files (x86)\Java
2012-04-05 11:52 . 2012-04-05 11:52 -------- d-----w- c:\users\Martin\AppData\Local\MPlayer
2012-04-04 09:53 . 2010-11-21 03:25 296448 ----a-w- c:\windows\SysWow64\mfds.dll.bak
2012-04-04 09:50 . 2012-04-04 09:51 -------- d-----w- c:\users\Martin\AppData\Roaming\Win7codecs
2012-03-28 14:55 . 2012-04-14 19:56 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-22 17:01 . 2012-03-22 17:01 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-03-22 17:00 . 2012-03-22 17:00 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2012-03-22 14:46 . 2012-04-01 14:03 -------- d-----w- c:\programdata\TmForever
2012-03-19 17:32 . 2012-03-19 17:32 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 17:32 . 2012-03-19 17:32 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 19:56 . 2011-12-23 08:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 22:07 . 2012-01-16 21:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-16 15:37 . 2012-03-16 15:37 281600 ----a-w- c:\windows\SysWow64\cncs232.dll
2012-03-15 05:40 . 2012-03-15 05:40 4826112 ----a-w- c:\windows\SysWow64\x264vfw.dll
2012-03-06 23:15 . 2011-12-22 13:01 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-12-22 13:01 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-12-22 13:02 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-12-22 13:02 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-12-22 13:02 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-12-22 13:02 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-12-22 13:02 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-12-22 13:02 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 05:54 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 05:54 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 05:54 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 05:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 05:54 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 09:00 . 2012-02-15 09:00 1287168 ----a-w- c:\windows\SysWow64\VSFilter.dll
2012-02-10 06:36 . 2012-03-14 05:54 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 05:54 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 05:54 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 13:21 . 2012-01-25 13:21 913920 ----a-w- c:\windows\SysWow64\lameACM.acm
2012-01-25 06:38 . 2012-03-14 05:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 05:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 05:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46} ----
.
2012-04-15 13:01 . 2012-04-15 13:01 0 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\{05500BA0-5731-46FD-9326-FA79A36E6D46}
2012-04-15 12:58 . 2010-09-23 18:29 111104 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\ScaleProgressDesigntime.dll\ScaleProgressRuntime.dll
2012-04-15 12:58 . 2010-09-23 18:30 1921024 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mSanctuaryDesigntime.dll\sanctuarylib.dll
2012-04-15 12:58 . 2010-09-23 18:29 98304 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\54B06EF5\73C36525\Plossum CommandLine.dll
2012-04-15 12:58 . 2010-12-30 05:39 407040 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mWinRun.dll\mWinRunExec.dll
2012-04-15 12:58 . 2010-10-20 01:13 994304 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mSanctuaryDesigntime.dll\mSanctuaryRuntime.dll
2012-04-15 12:58 . 2010-12-30 05:39 442368 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mMSI.dll\mMSIExec.dll
2012-04-15 12:58 . 2010-12-30 05:39 402944 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mJS.dll\mJSExec.dll
2012-04-15 12:58 . 2010-09-23 18:29 108032 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mIDEKillProcess.dll\mEXEKillProcess.dll
2012-04-15 12:58 . 2010-12-30 05:39 101888 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll
2012-04-15 12:58 . 2010-12-30 05:39 508928 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mDown.dll\mDownExec.dll
2012-04-15 12:58 . 2010-09-23 18:29 274432 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\89059752\73C36525\C5.dll
2012-04-15 12:58 . 2011-02-17 18:20 7680 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\9A445CB9\73C36525\WriteRegistry.exe
2012-04-15 12:58 . 2010-09-23 18:29 24576 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\7107F2D3\73C36525\UpdateDotNetConfig.exe
2012-04-15 12:58 . 2011-04-15 01:40 389632 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\5D327EB6\76FDD5B\DeleteProfile.exe
2012-04-15 12:58 . 2011-08-25 18:03 23040 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\3E326749\5B1EB07\dccosx.exe
2012-04-15 12:58 . 2011-07-07 01:51 23040 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\4503D29E\5B1EB07\dcc64.exe
2012-04-15 12:58 . 2010-09-23 18:35 23040 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\D00A4462\5B1EB07\dcc32.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-21 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-15_17.29.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-15 11:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-15 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-15 18:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-15 11:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-15 11:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-15 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-04-15 17:43 30014 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-15 17:43 42710 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-21 14:55 . 2012-04-15 17:43 10754 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4132000248-203043738-1563486082-1000_UserData.bin
- 2011-12-21 15:10 . 2012-04-15 17:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-21 15:10 . 2012-04-15 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-21 15:10 . 2012-04-15 17:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-21 15:10 . 2012-04-15 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-15 17:31 . 2012-04-15 17:31 63488 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\f0859b60211c7d2bb83fd46ca6ff0c51\Microsoft.VisualStudio.Diagnostics.Measurement.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 17920 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\e9be5b9cdaa823f8d62d21a97f2f899d\Microsoft.VisualStudio.TextTemplating.Interfaces.10.0.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\df2ea9c4098c28f36a7eed8feffa657b\Microsoft.VisualStudio.Designer.Interfaces.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 35840 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\daf64fd304a89d5ef6caf0e2fe948421\Microsoft.VisualStudio.Editor.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 51200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\aab4ec1d7fb6e7d6a81c3348f46eee3d\Microsoft.VisualStudio.Platform.AppDomainManager.ni.dll
+ 2012-04-15 17:31 . 2012-04-15 17:31 51712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\a928753a5410d820624af65078b391de\Microsoft.VisualStudio.Modeling.Components.10.0.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 27136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\a88e6bc251ec8bd64dd30a6fe61316c2\Microsoft.VisualStudio.ComponentModelHost.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 28160 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\a68706edaf2394dfc3694b9b37843180\Microsoft.VisualStudio.Language.StandardClassification.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 16384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\8378db88720d6b500bb904a7d487d493\Microsoft.VisualStudio.Shell.Immutable.10.0.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 91136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\8082947ef73b7d154cb69ff16507f031\Microsoft.VisualStudio.CoreUtility.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 36864 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\7fd7605b65dbc415d471f5683366c134\Microsoft.VisualStudio.ExtensionsExplorer.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 74752 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\7125a7ec581236bb7d5f9d9c92398de6\Microsoft.VisualStudio.TextTemplating.Modeling.10.0.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 87040 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\6c9170a59a982edc787a664eff9ef2b3\Microsoft.VisualStudio.ExtensionManager.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\16687c25aee5e323185878ff624f8f61\Microsoft.VisualStudio.ManagedInterfaces.WCF.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 28160 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\0cffbeae7712c4a4ff86300aad726a4a\Microsoft.VisualStudio.Language.GenerateType.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 12800 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Data.Sche#\0ec56a6329c1f77c896601f62970710e\Microsoft.Data.Schema.ScriptDom.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\VjsWfcBrowserStubLib\7198d223ee4e9e791b3b7dafed92a185\VjsWfcBrowserStubLib.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 49664 c:\windows\assembly\NativeImages_v2.0.50727_32\vjsvwaux\17ad3d2148484daf12f2a0e464d76709\vjsvwaux.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\vjslibcw\3c7ad3a029b3e1b5c6d4ebc97b5cde2c\vjslibcw.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\vjsjbc\dface9125702a77506022ae248b3e50b\vjsjbc.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\vjscor\737c2e7426a21e132e66cfc63a03996d\vjscor.ni.dll
- 2012-04-15 11:12 . 2012-04-15 11:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-15 18:45 . 2012-04-15 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-15 11:12 . 2012-04-15 11:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-15 18:45 . 2012-04-15 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-04-15 11:10 390380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-15 18:44 390380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-15 17:31 . 2012-04-15 17:31 356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\5f644edb4fd9228b50499b597b20f8d6\WsatConfig.ni.exe
+ 2012-04-15 17:32 . 2012-04-15 17:32 519680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Windows.D#\df9d383c659347ee8420990ef5839188\Microsoft.Windows.Design.Extensibility.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 410112 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\f39356cc4b4dc817ab86e459f162ec78\Microsoft.VisualStudio.Text.UI.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 210432 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\ecc88e7aa757219d7d832e93768ffabc\Microsoft.VisualStudio.Language.GenerateType.Implementation.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 848896 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\d90d2bdf96f27ab67fed95c233be591f\Microsoft.VisualStudio.Shell.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 247296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\beb73d2fc0be0d5edf2a8e56e13a260f\Microsoft.VisualStudio.Modeling.Sdk.Integration.Shell.10.0.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 920064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\bbab0552737cd4a11944df58c1605ec2\Microsoft.VisualStudio.Shell.9.0.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 311808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\bb444a2747f64e9e5609be02bdd24ce4\Microsoft.VisualStudio.Configuration.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 703488 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\b9400b0ddee973800fb6aa3b5ff7251c\Microsoft.VisualStudio.Diagnostics.Common.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 203264 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\b902e4b0d0dd93f3ccbbbf6b806758c6\Microsoft.VisualStudio.Modeling.Sdk.Integration.10.0.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 148992 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\ad16f5e0289a685d7b09657e823a0d45\Microsoft.VisualStudio.WizardFramework.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 922112 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\aa9c6e8199c5c458fd9ff94531ea9cf5\Microsoft.VisualStudio.AppDesigner.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 563712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\97bb7ca46d5c1e441bf1874bcda6341b\Microsoft.VisualStudio.Dialogs.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 273408 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\94e55f8fe43f25c6a89cdab847482c2f\Microsoft.VisualStudio.TextTemplating.10.0.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 306688 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\94031a7fe558652b5280f354ab7a4031\Microsoft.VisualStudio.ComponentModelHost.Implementation.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 115200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\92fc572254081c45cb59f02cb39ad96d\Microsoft.VisualStudio.Text.Internal.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 130048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\9042bd889c2e4af9512d44cc5a800dcc\Microsoft.VisualStudio.FileDiscovery.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 275456 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\8ebfe9f258bb3c55497c6d5b7b0a88ce\Microsoft.VisualStudio.CSharp.SmartTags.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 230400 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\8e6dd4b136dc5a927bcaad5861566aab\Microsoft.VisualStudio.ExtensionsExplorer.UI.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 286720 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\86e8625ba77c2de3e8b267d8bd3bdaaf\Microsoft.VisualStudio.Text.UI.Wpf.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 201216 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\824f74e1e3144d4e93d8ca8208c23edf\Microsoft.VisualStudio.TemplateWizard.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 256512 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\6f058f4b7490d48bbd340cf6c0de1b7b\Microsoft.VisualStudio.TextTemplating.VSHost.10.0.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 792576 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\4fbad5d31ea10c1da4a650db392e9343\Microsoft.VisualStudio.ExtensibilityHosting.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\456edc599fde126f48cac65c27d1a4c7\Microsoft.VisualStudio.WCFReference.Interop.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 434176 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\301771583e663ae5c216a68d54314d25\Microsoft.VisualStudio.Text.Data.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 197120 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\13e5b4c85c41f3bbe2e4dab618dfe6d4\Microsoft.VisualStudio.Language.Intellisense.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 819712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\13b51124dc8bc56dbb374fd701ee5925\Microsoft.VisualStudio.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 267264 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\0da2407d248f74f28f17464da35b1897\Microsoft.VisualStudio.Text.Logic.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\d219fde30fd34f9b0ddf279d9b49fb0a\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 757248 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Data.Sche#\ff7cfc84baccecd5f3f501290c8df942\Microsoft.Data.Schema.Utilities.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\861156abd2fbeb15a72e479fb140c9b9\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 136192 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\dda5a6b2ff35b701c4585b7845101391\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 452608 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfccw\17282312f0d5d7c1d205d9400182d5cf\vjswfccw.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\VJSharpCodeProvider\abd9f62f5984a4b9d49abe2bef3a9df0\VJSharpCodeProvider.ni.dll
- 2011-12-22 22:22 . 2012-04-14 20:28 3436014 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4132000248-203043738-1563486082-1000-8192.dat
+ 2011-12-22 22:22 . 2012-04-15 17:40 3436014 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4132000248-203043738-1563486082-1000-8192.dat
+ 2012-04-15 17:32 . 2012-04-15 17:32 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d0ae88ebdc709e940fbd0c6bafcab13c\System.Deployment.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 1328640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Windows.D#\33b8500f9048b040fe94bc90521c38bd\Microsoft.Windows.Design.Interaction.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 6048768 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\ed359216b134b1de9b7bc78553292ab8\Microsoft.VisualStudio.Editors.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 5588480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\e812704d77d7290ed5bd7fbdc52fd09d\Microsoft.VisualStudio.Platform.VSEditor.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 2900480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\dcb6130a0b6854ed40170c6e5fdc342b\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.10.0.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 2285568 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\d6324830b023c60580666d5b7cb8bed4\Microsoft.VisualStudio.Modeling.Sdk.10.0.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 1157632 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\b4d8e065a3fe0ad33a74cfccfc5f7f78\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 7111168 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\aaa36a40b8d67390c90a7b77785ebed3\Microsoft.VisualStudio.Xaml.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\a1f5ffa9843839cb6c12c367a0f8c5d7\Microsoft.VisualStudio.Modeling.Sdk.Shell.10.0.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 1376256 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\866f3d22bb2e023bc2f5ab7be7442fe5\Microsoft.VisualStudio.ExtensionManager.Implementation.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 6915584 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\807fa6c198e4889934d2226d845a9be4\Microsoft.VisualStudio.CSharp.Services.Language.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 1580032 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\7c3e103ebe2cb40e71282ff82cd4ebe7\Microsoft.VisualStudio.Shell.StartPage.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 1317888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\6e81668dd896cf901e14a2a2fec9dd7a\Microsoft.VisualStudio.Windows.Forms.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 1870848 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\614ad784d537591b9da3516c052ec1d7\Microsoft.VisualStudio.Shell.UI.Internal.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 1829376 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\56bed2d55bb0f52c09d6a28ea879a385\Microsoft.VisualStudio.Design.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 1418752 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\42cc13482711adddf7781357ff070161\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject.10.0.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 2655232 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\2cb231b3d3dc314c4682f591491d3388\Microsoft.VisualStudio.Editor.Implementation.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 2717184 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\2b8988bce37e8f40d33eaf77b9115f76\Microsoft.VisualStudio.Shell.10.0.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 1467392 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\24c7a8e67598a1c322a76829623b2f14\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 2346496 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\11342e866dbab6eb78b3a3e42b3f6167\Microsoft.VisualStudio.Platform.WindowManagement.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 1038336 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\0338aa47a66b1d3c787cb500c453275a\Microsoft.VisualStudio.VirtualTreeGrid.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 1310720 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\013c0725478613bc4e1032e4b59d5965\Microsoft.VisualStudio.Shell.ViewManager.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\9e031fe8ec3cdb919348c1bc2b35afdf\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1f54c28f39e25b121c374480ad50d384\Microsoft.VisualBasic.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 1925632 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\f77908b6a104fc412401187fce77b6c0\Microsoft.Expression.Platform.WPF.ni.dll
+ 2012-04-15 17:31 . 2012-04-15 17:31 3772416 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\944f96c21acf63edf54125f0304a2926\Microsoft.Expression.DesignModel.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 2703360 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Data.Sche#\982af1789567606149e3ed8a65ebc50e\Microsoft.Data.Schema.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 1035776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Data.Sche#\92b27be1e87372ecc205f9a3a2d39c53\Microsoft.Data.Schema.Generators.Sql.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 2873856 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\561f649c7fc75cb8d0f6f57412182f4a\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-04-15 17:31 . 2012-04-15 17:31 1931264 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\4bfe4b4fa5d4fccdcbfc10ff609e6a28\Microsoft.Build.Engine.ni.dll
+ 2012-04-15 17:31 . 2012-04-15 17:31 3262976 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfchtml\0ced13a10b4aa65cdb167c2abf3d9f5d\vjswfchtml.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 7012864 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfc\f1c2ad0f92703923fd38c278046eb18b\vjswfc.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 2560512 c:\windows\assembly\NativeImages_v2.0.50727_32\VJSSupUILib\930bee3f35fe524723aa17586b17d053\VJSSupUILib.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 7982592 c:\windows\assembly\NativeImages_v2.0.50727_32\vjslib\71c99b4d99efc58590dd57af9ef5bb36\vjslib.ni.dll
+ 2012-04-15 17:33 . 2012-04-15 17:33 10196480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Data.Sche#\bae07b6a1b8173867d4559a02ae9f108\Microsoft.Data.Schema.ScriptDom.Sql.ni.dll
+ 2012-04-15 17:33 . 2012-04-15 17:33 15003648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Data.Sche#\69d8677d5e4c77240f6f7692afe18716\Microsoft.Data.Schema.Sql.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PWRISOVM.EXE"="d:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 19:56]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 12:49]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 12:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.240.190.4 62.240.190.34
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hp50i2ff.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
d:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
.
**************************************************************************
.
Completion time: 2012-04-15 20:55:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 18:55
ComboFix2.txt 2012-04-15 17:39
.
Pre-Run: Volných bajtu: 25 085 399 040
Post-Run: Volných bajtu: 25 034 608 640
.
- - End Of File - - E70FAAF78C034AB8A3A334BDB51AECE4
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3933.2813 [GMT 2:00]
Running from: d:\downloads\ComboFix.exe
Command switches used :: c:\users\Martin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000UA.job"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 18:44 . 2012-04-15 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 16:48 . 2012-04-15 16:48 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2012-04-15 16:48 . 2012-04-15 16:48 -------- d-----w- c:\programdata\Malwarebytes
2012-04-15 16:48 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-15 12:59 . 2012-04-15 13:01 -------- d--h--w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}
2012-04-15 12:58 . 2012-04-15 12:58 -------- d-----w- c:\users\Martin\AppData\Local\PackageAware
2012-04-15 11:10 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-04-15 08:38 . 2012-04-15 08:41 -------- d-----w- c:\users\Martin\.borland
2012-04-14 19:56 . 2012-04-14 19:56 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 08:41 . 2012-04-14 11:52 -------- d-----w- c:\users\Martin\AppData\Local\Temporary Projects
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-04-13 22:51 . 2012-04-13 22:53 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-04-13 22:39 . 2012-04-13 22:39 -------- d-----w- c:\windows\symbols
2012-04-13 22:39 . 2012-04-13 22:39 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-04-13 15:55 . 2012-04-13 15:55 -------- d-----w- c:\programdata\Microsoft Visual Studio
2012-04-13 15:47 . 2012-04-13 15:47 -------- d-----w- c:\users\Martin\AppData\Roaming\Microsoft Corporation
2012-04-13 15:39 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-04-13 15:39 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-04-13 15:24 . 2012-04-13 21:50 -------- d-----w- c:\program files\Microsoft SQL Server
2012-04-13 15:23 . 2012-04-13 22:52 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-04-13 15:22 . 2012-04-13 15:22 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-04-13 15:14 . 2012-04-13 15:14 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-13 15:10 . 2012-04-13 15:10 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2012-04-13 15:07 . 2012-04-13 22:03 2117120 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-04-13 14:46 . 2012-04-13 21:49 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-04-13 14:46 . 2012-04-13 14:46 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-04-13 13:35 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DC62A81-C0C1-4F8F-B75C-9A945FCD2C7D}\mpengine.dll
2012-04-12 13:55 . 2012-04-15 16:23 -------- d-----w- c:\users\Martin\AppData\Roaming\.minecraft
2012-04-12 05:07 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-11 22:25 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 22:25 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 22:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 22:25 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 22:25 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 22:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 22:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 14:40 . 2012-02-28 05:34 860672 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-08 08:42 . 2012-04-08 08:42 -------- d-----w- c:\users\Martin\AppData\Local\Sony
2012-04-08 07:46 . 2012-02-23 12:24 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-04-06 10:05 . 2012-04-06 10:05 -------- d-----w- c:\users\Martin\AppData\Roaming\IObit
2012-04-06 10:05 . 2011-12-16 15:21 31576 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-04-06 10:05 . 2010-11-26 16:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-04-06 10:03 . 2012-04-06 10:06 -------- d-----w- c:\programdata\IObit
2012-04-06 09:49 . 2012-04-07 19:13 455680 ----a-w- c:\windows\system32\deploytk.dll
2012-04-05 22:07 . 2012-04-05 22:07 -------- d-----w- c:\program files (x86)\Java
2012-04-05 11:52 . 2012-04-05 11:52 -------- d-----w- c:\users\Martin\AppData\Local\MPlayer
2012-04-04 09:53 . 2010-11-21 03:25 296448 ----a-w- c:\windows\SysWow64\mfds.dll.bak
2012-04-04 09:50 . 2012-04-04 09:51 -------- d-----w- c:\users\Martin\AppData\Roaming\Win7codecs
2012-03-28 14:55 . 2012-04-14 19:56 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-22 17:01 . 2012-03-22 17:01 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-03-22 17:00 . 2012-03-22 17:00 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2012-03-22 14:46 . 2012-04-01 14:03 -------- d-----w- c:\programdata\TmForever
2012-03-19 17:32 . 2012-03-19 17:32 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 17:32 . 2012-03-19 17:32 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 19:56 . 2011-12-23 08:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 22:07 . 2012-01-16 21:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-16 15:37 . 2012-03-16 15:37 281600 ----a-w- c:\windows\SysWow64\cncs232.dll
2012-03-15 05:40 . 2012-03-15 05:40 4826112 ----a-w- c:\windows\SysWow64\x264vfw.dll
2012-03-06 23:15 . 2011-12-22 13:01 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-12-22 13:01 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-12-22 13:02 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-12-22 13:02 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-12-22 13:02 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-12-22 13:02 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-12-22 13:02 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-12-22 13:02 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 05:54 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 05:54 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 05:54 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 05:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 05:54 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 09:00 . 2012-02-15 09:00 1287168 ----a-w- c:\windows\SysWow64\VSFilter.dll
2012-02-10 06:36 . 2012-03-14 05:54 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 05:54 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 05:54 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 13:21 . 2012-01-25 13:21 913920 ----a-w- c:\windows\SysWow64\lameACM.acm
2012-01-25 06:38 . 2012-03-14 05:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 05:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 05:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46} ----
.
2012-04-15 13:01 . 2012-04-15 13:01 0 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\{05500BA0-5731-46FD-9326-FA79A36E6D46}
2012-04-15 12:58 . 2010-09-23 18:29 111104 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\ScaleProgressDesigntime.dll\ScaleProgressRuntime.dll
2012-04-15 12:58 . 2010-09-23 18:30 1921024 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mSanctuaryDesigntime.dll\sanctuarylib.dll
2012-04-15 12:58 . 2010-09-23 18:29 98304 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\54B06EF5\73C36525\Plossum CommandLine.dll
2012-04-15 12:58 . 2010-12-30 05:39 407040 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mWinRun.dll\mWinRunExec.dll
2012-04-15 12:58 . 2010-10-20 01:13 994304 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mSanctuaryDesigntime.dll\mSanctuaryRuntime.dll
2012-04-15 12:58 . 2010-12-30 05:39 442368 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mMSI.dll\mMSIExec.dll
2012-04-15 12:58 . 2010-12-30 05:39 402944 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mJS.dll\mJSExec.dll
2012-04-15 12:58 . 2010-09-23 18:29 108032 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mIDEKillProcess.dll\mEXEKillProcess.dll
2012-04-15 12:58 . 2010-12-30 05:39 101888 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll
2012-04-15 12:58 . 2010-12-30 05:39 508928 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\mDown.dll\mDownExec.dll
2012-04-15 12:58 . 2010-09-23 18:29 274432 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\89059752\73C36525\C5.dll
2012-04-15 12:58 . 2011-02-17 18:20 7680 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\9A445CB9\73C36525\WriteRegistry.exe
2012-04-15 12:58 . 2010-09-23 18:29 24576 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\7107F2D3\73C36525\UpdateDotNetConfig.exe
2012-04-15 12:58 . 2011-04-15 01:40 389632 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\5D327EB6\76FDD5B\DeleteProfile.exe
2012-04-15 12:58 . 2011-08-25 18:03 23040 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\3E326749\5B1EB07\dccosx.exe
2012-04-15 12:58 . 2011-07-07 01:51 23040 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\4503D29E\5B1EB07\dcc64.exe
2012-04-15 12:58 . 2010-09-23 18:35 23040 ----a-w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}\OFFLINE\D00A4462\5B1EB07\dcc32.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-21 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-15_17.29.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-15 11:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-15 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-15 18:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-15 11:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-15 11:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-15 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-04-15 17:43 30014 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-15 17:43 42710 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-21 14:55 . 2012-04-15 17:43 10754 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4132000248-203043738-1563486082-1000_UserData.bin
- 2011-12-21 15:10 . 2012-04-15 17:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-21 15:10 . 2012-04-15 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-21 15:10 . 2012-04-15 17:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-21 15:10 . 2012-04-15 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-15 17:31 . 2012-04-15 17:31 63488 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\f0859b60211c7d2bb83fd46ca6ff0c51\Microsoft.VisualStudio.Diagnostics.Measurement.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 17920 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\e9be5b9cdaa823f8d62d21a97f2f899d\Microsoft.VisualStudio.TextTemplating.Interfaces.10.0.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\df2ea9c4098c28f36a7eed8feffa657b\Microsoft.VisualStudio.Designer.Interfaces.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 35840 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\daf64fd304a89d5ef6caf0e2fe948421\Microsoft.VisualStudio.Editor.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 51200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\aab4ec1d7fb6e7d6a81c3348f46eee3d\Microsoft.VisualStudio.Platform.AppDomainManager.ni.dll
+ 2012-04-15 17:31 . 2012-04-15 17:31 51712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\a928753a5410d820624af65078b391de\Microsoft.VisualStudio.Modeling.Components.10.0.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 27136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\a88e6bc251ec8bd64dd30a6fe61316c2\Microsoft.VisualStudio.ComponentModelHost.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 28160 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\a68706edaf2394dfc3694b9b37843180\Microsoft.VisualStudio.Language.StandardClassification.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 16384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\8378db88720d6b500bb904a7d487d493\Microsoft.VisualStudio.Shell.Immutable.10.0.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 91136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\8082947ef73b7d154cb69ff16507f031\Microsoft.VisualStudio.CoreUtility.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 36864 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\7fd7605b65dbc415d471f5683366c134\Microsoft.VisualStudio.ExtensionsExplorer.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 74752 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\7125a7ec581236bb7d5f9d9c92398de6\Microsoft.VisualStudio.TextTemplating.Modeling.10.0.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 87040 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\6c9170a59a982edc787a664eff9ef2b3\Microsoft.VisualStudio.ExtensionManager.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\16687c25aee5e323185878ff624f8f61\Microsoft.VisualStudio.ManagedInterfaces.WCF.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 28160 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\0cffbeae7712c4a4ff86300aad726a4a\Microsoft.VisualStudio.Language.GenerateType.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 12800 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Data.Sche#\0ec56a6329c1f77c896601f62970710e\Microsoft.Data.Schema.ScriptDom.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\VjsWfcBrowserStubLib\7198d223ee4e9e791b3b7dafed92a185\VjsWfcBrowserStubLib.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 49664 c:\windows\assembly\NativeImages_v2.0.50727_32\vjsvwaux\17ad3d2148484daf12f2a0e464d76709\vjsvwaux.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\vjslibcw\3c7ad3a029b3e1b5c6d4ebc97b5cde2c\vjslibcw.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\vjsjbc\dface9125702a77506022ae248b3e50b\vjsjbc.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\vjscor\737c2e7426a21e132e66cfc63a03996d\vjscor.ni.dll
- 2012-04-15 11:12 . 2012-04-15 11:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-15 18:45 . 2012-04-15 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-15 11:12 . 2012-04-15 11:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-15 18:45 . 2012-04-15 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-04-15 11:10 390380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-15 18:44 390380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-15 17:31 . 2012-04-15 17:31 356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\5f644edb4fd9228b50499b597b20f8d6\WsatConfig.ni.exe
+ 2012-04-15 17:32 . 2012-04-15 17:32 519680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Windows.D#\df9d383c659347ee8420990ef5839188\Microsoft.Windows.Design.Extensibility.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 410112 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\f39356cc4b4dc817ab86e459f162ec78\Microsoft.VisualStudio.Text.UI.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 210432 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\ecc88e7aa757219d7d832e93768ffabc\Microsoft.VisualStudio.Language.GenerateType.Implementation.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 848896 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\d90d2bdf96f27ab67fed95c233be591f\Microsoft.VisualStudio.Shell.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 247296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\beb73d2fc0be0d5edf2a8e56e13a260f\Microsoft.VisualStudio.Modeling.Sdk.Integration.Shell.10.0.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 920064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\bbab0552737cd4a11944df58c1605ec2\Microsoft.VisualStudio.Shell.9.0.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 311808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\bb444a2747f64e9e5609be02bdd24ce4\Microsoft.VisualStudio.Configuration.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 703488 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\b9400b0ddee973800fb6aa3b5ff7251c\Microsoft.VisualStudio.Diagnostics.Common.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 203264 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\b902e4b0d0dd93f3ccbbbf6b806758c6\Microsoft.VisualStudio.Modeling.Sdk.Integration.10.0.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 148992 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\ad16f5e0289a685d7b09657e823a0d45\Microsoft.VisualStudio.WizardFramework.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 922112 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\aa9c6e8199c5c458fd9ff94531ea9cf5\Microsoft.VisualStudio.AppDesigner.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 563712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\97bb7ca46d5c1e441bf1874bcda6341b\Microsoft.VisualStudio.Dialogs.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 273408 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\94e55f8fe43f25c6a89cdab847482c2f\Microsoft.VisualStudio.TextTemplating.10.0.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 306688 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\94031a7fe558652b5280f354ab7a4031\Microsoft.VisualStudio.ComponentModelHost.Implementation.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 115200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\92fc572254081c45cb59f02cb39ad96d\Microsoft.VisualStudio.Text.Internal.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 130048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\9042bd889c2e4af9512d44cc5a800dcc\Microsoft.VisualStudio.FileDiscovery.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 275456 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\8ebfe9f258bb3c55497c6d5b7b0a88ce\Microsoft.VisualStudio.CSharp.SmartTags.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 230400 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\8e6dd4b136dc5a927bcaad5861566aab\Microsoft.VisualStudio.ExtensionsExplorer.UI.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 286720 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\86e8625ba77c2de3e8b267d8bd3bdaaf\Microsoft.VisualStudio.Text.UI.Wpf.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 201216 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\824f74e1e3144d4e93d8ca8208c23edf\Microsoft.VisualStudio.TemplateWizard.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 256512 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\6f058f4b7490d48bbd340cf6c0de1b7b\Microsoft.VisualStudio.TextTemplating.VSHost.10.0.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 792576 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\4fbad5d31ea10c1da4a650db392e9343\Microsoft.VisualStudio.ExtensibilityHosting.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\456edc599fde126f48cac65c27d1a4c7\Microsoft.VisualStudio.WCFReference.Interop.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 434176 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\301771583e663ae5c216a68d54314d25\Microsoft.VisualStudio.Text.Data.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 197120 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\13e5b4c85c41f3bbe2e4dab618dfe6d4\Microsoft.VisualStudio.Language.Intellisense.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 819712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\13b51124dc8bc56dbb374fd701ee5925\Microsoft.VisualStudio.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 267264 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\0da2407d248f74f28f17464da35b1897\Microsoft.VisualStudio.Text.Logic.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\d219fde30fd34f9b0ddf279d9b49fb0a\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 757248 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Data.Sche#\ff7cfc84baccecd5f3f501290c8df942\Microsoft.Data.Schema.Utilities.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\861156abd2fbeb15a72e479fb140c9b9\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 136192 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\dda5a6b2ff35b701c4585b7845101391\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 452608 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfccw\17282312f0d5d7c1d205d9400182d5cf\vjswfccw.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\VJSharpCodeProvider\abd9f62f5984a4b9d49abe2bef3a9df0\VJSharpCodeProvider.ni.dll
- 2011-12-22 22:22 . 2012-04-14 20:28 3436014 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4132000248-203043738-1563486082-1000-8192.dat
+ 2011-12-22 22:22 . 2012-04-15 17:40 3436014 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4132000248-203043738-1563486082-1000-8192.dat
+ 2012-04-15 17:32 . 2012-04-15 17:32 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d0ae88ebdc709e940fbd0c6bafcab13c\System.Deployment.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 1328640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Windows.D#\33b8500f9048b040fe94bc90521c38bd\Microsoft.Windows.Design.Interaction.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 6048768 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\ed359216b134b1de9b7bc78553292ab8\Microsoft.VisualStudio.Editors.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 5588480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\e812704d77d7290ed5bd7fbdc52fd09d\Microsoft.VisualStudio.Platform.VSEditor.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 2900480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\dcb6130a0b6854ed40170c6e5fdc342b\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.10.0.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 2285568 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\d6324830b023c60580666d5b7cb8bed4\Microsoft.VisualStudio.Modeling.Sdk.10.0.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 1157632 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\b4d8e065a3fe0ad33a74cfccfc5f7f78\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 7111168 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\aaa36a40b8d67390c90a7b77785ebed3\Microsoft.VisualStudio.Xaml.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\a1f5ffa9843839cb6c12c367a0f8c5d7\Microsoft.VisualStudio.Modeling.Sdk.Shell.10.0.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 1376256 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\866f3d22bb2e023bc2f5ab7be7442fe5\Microsoft.VisualStudio.ExtensionManager.Implementation.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 6915584 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\807fa6c198e4889934d2226d845a9be4\Microsoft.VisualStudio.CSharp.Services.Language.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 1580032 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\7c3e103ebe2cb40e71282ff82cd4ebe7\Microsoft.VisualStudio.Shell.StartPage.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 1317888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\6e81668dd896cf901e14a2a2fec9dd7a\Microsoft.VisualStudio.Windows.Forms.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 1870848 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\614ad784d537591b9da3516c052ec1d7\Microsoft.VisualStudio.Shell.UI.Internal.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 1829376 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\56bed2d55bb0f52c09d6a28ea879a385\Microsoft.VisualStudio.Design.ni.dll
+ 2012-04-15 17:36 . 2012-04-15 17:36 1418752 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\42cc13482711adddf7781357ff070161\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject.10.0.ni.dll
+ 2012-04-15 17:35 . 2012-04-15 17:35 2655232 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\2cb231b3d3dc314c4682f591491d3388\Microsoft.VisualStudio.Editor.Implementation.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 2717184 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\2b8988bce37e8f40d33eaf77b9115f76\Microsoft.VisualStudio.Shell.10.0.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 1467392 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\24c7a8e67598a1c322a76829623b2f14\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2012-04-15 17:37 . 2012-04-15 17:37 2346496 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\11342e866dbab6eb78b3a3e42b3f6167\Microsoft.VisualStudio.Platform.WindowManagement.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 1038336 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\0338aa47a66b1d3c787cb500c453275a\Microsoft.VisualStudio.VirtualTreeGrid.ni.dll
+ 2012-04-15 17:38 . 2012-04-15 17:38 1310720 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\013c0725478613bc4e1032e4b59d5965\Microsoft.VisualStudio.Shell.ViewManager.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\9e031fe8ec3cdb919348c1bc2b35afdf\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-04-15 17:34 . 2012-04-15 17:34 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1f54c28f39e25b121c374480ad50d384\Microsoft.VisualBasic.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 1925632 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\f77908b6a104fc412401187fce77b6c0\Microsoft.Expression.Platform.WPF.ni.dll
+ 2012-04-15 17:31 . 2012-04-15 17:31 3772416 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\944f96c21acf63edf54125f0304a2926\Microsoft.Expression.DesignModel.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 2703360 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Data.Sche#\982af1789567606149e3ed8a65ebc50e\Microsoft.Data.Schema.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 1035776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Data.Sche#\92b27be1e87372ecc205f9a3a2d39c53\Microsoft.Data.Schema.Generators.Sql.ni.dll
+ 2012-04-15 17:32 . 2012-04-15 17:32 2873856 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\561f649c7fc75cb8d0f6f57412182f4a\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-04-15 17:31 . 2012-04-15 17:31 1931264 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\4bfe4b4fa5d4fccdcbfc10ff609e6a28\Microsoft.Build.Engine.ni.dll
+ 2012-04-15 17:31 . 2012-04-15 17:31 3262976 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfchtml\0ced13a10b4aa65cdb167c2abf3d9f5d\vjswfchtml.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 7012864 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfc\f1c2ad0f92703923fd38c278046eb18b\vjswfc.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 2560512 c:\windows\assembly\NativeImages_v2.0.50727_32\VJSSupUILib\930bee3f35fe524723aa17586b17d053\VJSSupUILib.ni.dll
+ 2012-04-15 17:30 . 2012-04-15 17:30 7982592 c:\windows\assembly\NativeImages_v2.0.50727_32\vjslib\71c99b4d99efc58590dd57af9ef5bb36\vjslib.ni.dll
+ 2012-04-15 17:33 . 2012-04-15 17:33 10196480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Data.Sche#\bae07b6a1b8173867d4559a02ae9f108\Microsoft.Data.Schema.ScriptDom.Sql.ni.dll
+ 2012-04-15 17:33 . 2012-04-15 17:33 15003648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Data.Sche#\69d8677d5e4c77240f6f7692afe18716\Microsoft.Data.Schema.Sql.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PWRISOVM.EXE"="d:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 19:56]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 12:49]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 12:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.240.190.4 62.240.190.34
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hp50i2ff.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
d:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
.
**************************************************************************
.
Completion time: 2012-04-15 20:55:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 18:55
ComboFix2.txt 2012-04-15 17:39
.
Pre-Run: Volných bajtu: 25 085 399 040
Post-Run: Volných bajtu: 25 034 608 640
.
- - End Of File - - E70FAAF78C034AB8A3A334BDB51AECE4
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zpomalený notebook
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\user32.dll
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000UA.job
c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
DDS::
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htmZvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\user32.dll
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Zpomalený notebook
ComboFix 12-04-15.02 - Martin 15.04.2012 23:28:50.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3933.2659 [GMT 2:00]
Running from: d:\downloads\ComboFix.exe
Command switches used :: c:\users\Martin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000UA.job"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 21:39 . 2012-04-15 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 21:07 . 2012-04-15 21:07 -------- d-----w- c:\users\Martin\AppData\Roaming\BaltieProject
2012-04-15 21:06 . 2012-04-15 21:06 -------- d-----w- c:\users\Martin\AppData\Roaming\SGP Systems
2012-04-15 16:48 . 2012-04-15 16:48 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2012-04-15 16:48 . 2012-04-15 16:48 -------- d-----w- c:\programdata\Malwarebytes
2012-04-15 16:48 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-15 12:59 . 2012-04-15 13:01 -------- d--h--w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}
2012-04-15 12:58 . 2012-04-15 12:58 -------- d-----w- c:\users\Martin\AppData\Local\PackageAware
2012-04-15 11:10 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-04-15 08:38 . 2012-04-15 08:41 -------- d-----w- c:\users\Martin\.borland
2012-04-14 19:56 . 2012-04-14 19:56 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 08:41 . 2012-04-14 11:52 -------- d-----w- c:\users\Martin\AppData\Local\Temporary Projects
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-04-13 22:51 . 2012-04-13 22:53 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-04-13 22:39 . 2012-04-13 22:39 -------- d-----w- c:\windows\symbols
2012-04-13 22:39 . 2012-04-13 22:39 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-04-13 15:55 . 2012-04-13 15:55 -------- d-----w- c:\programdata\Microsoft Visual Studio
2012-04-13 15:47 . 2012-04-13 15:47 -------- d-----w- c:\users\Martin\AppData\Roaming\Microsoft Corporation
2012-04-13 15:39 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-04-13 15:39 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-04-13 15:24 . 2012-04-13 21:50 -------- d-----w- c:\program files\Microsoft SQL Server
2012-04-13 15:23 . 2012-04-13 22:52 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-04-13 15:22 . 2012-04-13 15:22 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-04-13 15:14 . 2012-04-13 15:14 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-13 15:10 . 2012-04-13 15:10 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2012-04-13 15:07 . 2012-04-13 22:03 2117120 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-04-13 14:46 . 2012-04-13 21:49 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-04-13 14:46 . 2012-04-13 14:46 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-04-13 13:35 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DC62A81-C0C1-4F8F-B75C-9A945FCD2C7D}\mpengine.dll
2012-04-12 13:55 . 2012-04-15 16:23 -------- d-----w- c:\users\Martin\AppData\Roaming\.minecraft
2012-04-12 05:07 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-11 22:25 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 22:25 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 22:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 22:25 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 22:25 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 22:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 22:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 14:40 . 2012-02-28 05:34 860672 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-08 08:42 . 2012-04-08 08:42 -------- d-----w- c:\users\Martin\AppData\Local\Sony
2012-04-08 07:46 . 2012-02-23 12:24 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-04-06 10:05 . 2012-04-06 10:05 -------- d-----w- c:\users\Martin\AppData\Roaming\IObit
2012-04-06 10:05 . 2011-12-16 15:21 31576 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-04-06 10:05 . 2010-11-26 16:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-04-06 10:03 . 2012-04-06 10:06 -------- d-----w- c:\programdata\IObit
2012-04-06 09:49 . 2012-04-07 19:13 455680 ----a-w- c:\windows\system32\deploytk.dll
2012-04-05 22:07 . 2012-04-05 22:07 -------- d-----w- c:\program files (x86)\Java
2012-04-05 11:52 . 2012-04-05 11:52 -------- d-----w- c:\users\Martin\AppData\Local\MPlayer
2012-04-04 09:53 . 2010-11-21 03:25 296448 ----a-w- c:\windows\SysWow64\mfds.dll.bak
2012-04-04 09:50 . 2012-04-04 09:51 -------- d-----w- c:\users\Martin\AppData\Roaming\Win7codecs
2012-03-28 14:55 . 2012-04-14 19:56 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-22 17:01 . 2012-03-22 17:01 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-03-22 17:00 . 2012-03-22 17:00 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2012-03-22 14:46 . 2012-04-01 14:03 -------- d-----w- c:\programdata\TmForever
2012-03-19 17:32 . 2012-03-19 17:32 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 17:32 . 2012-03-19 17:32 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 19:56 . 2011-12-23 08:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 22:07 . 2012-01-16 21:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-16 15:37 . 2012-03-16 15:37 281600 ----a-w- c:\windows\SysWow64\cncs232.dll
2012-03-15 05:40 . 2012-03-15 05:40 4826112 ----a-w- c:\windows\SysWow64\x264vfw.dll
2012-03-06 23:15 . 2011-12-22 13:01 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-12-22 13:01 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-12-22 13:02 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-12-22 13:02 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-12-22 13:02 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-12-22 13:02 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-12-22 13:02 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-12-22 13:02 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 05:54 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 05:54 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 05:54 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 05:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 05:54 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 09:00 . 2012-02-15 09:00 1287168 ----a-w- c:\windows\SysWow64\VSFilter.dll
2012-02-10 06:36 . 2012-03-14 05:54 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 05:54 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 05:54 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 13:21 . 2012-01-25 13:21 913920 ----a-w- c:\windows\SysWow64\lameACM.acm
2012-01-25 06:38 . 2012-03-14 05:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 05:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 05:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-21 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-15_18.46.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-15 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-15 21:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-15 21:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-15 18:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-15 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-15 21:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-04-15 21:42 30702 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-15 21:42 43868 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-21 14:55 . 2012-04-15 21:42 10984 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4132000248-203043738-1563486082-1000_UserData.bin
- 2011-12-21 23:48 . 2012-04-14 19:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-21 23:48 . 2012-04-15 21:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-21 23:48 . 2012-04-15 21:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-21 23:48 . 2012-04-14 19:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-15 21:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-14 19:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-21 15:10 . 2012-04-15 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-21 15:10 . 2012-04-15 21:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-21 15:10 . 2012-04-15 21:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-21 15:10 . 2012-04-15 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-15 18:45 . 2012-04-15 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-15 21:40 . 2012-04-15 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-15 18:45 . 2012-04-15 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-15 21:40 . 2012-04-15 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-04-15 21:39 390380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-15 18:44 390380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PWRISOVM.EXE"="d:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 19:56]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 12:49]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 12:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.240.190.4 62.240.190.34
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hp50i2ff.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2012-04-15 23:50:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 21:50
ComboFix2.txt 2012-04-15 18:55
ComboFix3.txt 2012-04-15 17:39
.
Pre-Run: Volných bajtu: 25 674 035 200
Post-Run: Volných bajtu: 25 473 122 304
.
- - End Of File - - 734B3CDC643F0A341CAE06841ADBFAA1
odkaz: https://www.virustotal.com/file/fdc6b8e ... 334524794/
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-15 23:55:03
-----------------------------
23:55:03.539 OS Version: Windows x64 6.1.7601 Service Pack 1
23:55:03.539 Number of processors: 2 586 0xF0D
23:55:03.555 ComputerName: MARTIN-PC UserName: Martin
23:55:05.146 Initialize success
23:55:06.082 AVAST engine defs: 12041502
23:55:08.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:55:08.781 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 3
23:55:08.797 Disk 0 MBR read successfully
23:55:08.812 Disk 0 MBR scan
23:55:08.812 Disk 0 Windows 7 default MBR code
23:55:08.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:55:08.843 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 50000 MB offset 206848
23:55:08.875 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 255143 MB offset 102606848
23:55:08.890 Disk 0 scanning C:\Windows\system32\drivers
23:55:17.720 Service scanning
23:55:54.318 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
23:56:06.236 Modules scanning
23:56:06.267 Disk 0 trace - called modules:
23:56:06.298 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spsp.sys hal.dll
23:56:06.298 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004caa3c0]
23:56:06.314 3 CLASSPNP.SYS[fffff8800199f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b10050]
23:56:06.813 AVAST engine scan C:\Windows
23:56:09.106 AVAST engine scan C:\Windows\system32
23:59:45.853 AVAST engine scan C:\Windows\system32\drivers
00:00:03.481 AVAST engine scan C:\Users\Martin
00:02:00.325 AVAST engine scan C:\ProgramData
00:02:39.715 Scan finished successfully
00:04:04.984 Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
00:04:05.000 The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3933.2659 [GMT 2:00]
Running from: d:\downloads\ComboFix.exe
Command switches used :: c:\users\Martin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000UA.job"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 21:39 . 2012-04-15 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 21:07 . 2012-04-15 21:07 -------- d-----w- c:\users\Martin\AppData\Roaming\BaltieProject
2012-04-15 21:06 . 2012-04-15 21:06 -------- d-----w- c:\users\Martin\AppData\Roaming\SGP Systems
2012-04-15 16:48 . 2012-04-15 16:48 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2012-04-15 16:48 . 2012-04-15 16:48 -------- d-----w- c:\programdata\Malwarebytes
2012-04-15 16:48 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-15 12:59 . 2012-04-15 13:01 -------- d--h--w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}
2012-04-15 12:58 . 2012-04-15 12:58 -------- d-----w- c:\users\Martin\AppData\Local\PackageAware
2012-04-15 11:10 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-04-15 08:38 . 2012-04-15 08:41 -------- d-----w- c:\users\Martin\.borland
2012-04-14 19:56 . 2012-04-14 19:56 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 08:41 . 2012-04-14 11:52 -------- d-----w- c:\users\Martin\AppData\Local\Temporary Projects
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-04-13 22:51 . 2012-04-13 22:51 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-04-13 22:51 . 2012-04-13 22:53 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-04-13 22:39 . 2012-04-13 22:39 -------- d-----w- c:\windows\symbols
2012-04-13 22:39 . 2012-04-13 22:39 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-04-13 15:55 . 2012-04-13 15:55 -------- d-----w- c:\programdata\Microsoft Visual Studio
2012-04-13 15:47 . 2012-04-13 15:47 -------- d-----w- c:\users\Martin\AppData\Roaming\Microsoft Corporation
2012-04-13 15:39 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-04-13 15:39 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-04-13 15:24 . 2012-04-13 21:50 -------- d-----w- c:\program files\Microsoft SQL Server
2012-04-13 15:23 . 2012-04-13 22:52 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-04-13 15:22 . 2012-04-13 15:22 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-04-13 15:14 . 2012-04-13 15:14 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-13 15:10 . 2012-04-13 15:10 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2012-04-13 15:07 . 2012-04-13 22:03 2117120 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-04-13 14:46 . 2012-04-13 21:49 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-04-13 14:46 . 2012-04-13 14:46 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-04-13 13:35 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DC62A81-C0C1-4F8F-B75C-9A945FCD2C7D}\mpengine.dll
2012-04-12 13:55 . 2012-04-15 16:23 -------- d-----w- c:\users\Martin\AppData\Roaming\.minecraft
2012-04-12 05:07 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-11 22:25 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 22:25 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 22:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 22:25 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 22:25 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 22:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 22:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 14:40 . 2012-02-28 05:34 860672 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-08 08:42 . 2012-04-08 08:42 -------- d-----w- c:\users\Martin\AppData\Local\Sony
2012-04-08 07:46 . 2012-02-23 12:24 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-04-06 10:05 . 2012-04-06 10:05 -------- d-----w- c:\users\Martin\AppData\Roaming\IObit
2012-04-06 10:05 . 2011-12-16 15:21 31576 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-04-06 10:05 . 2010-11-26 16:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-04-06 10:03 . 2012-04-06 10:06 -------- d-----w- c:\programdata\IObit
2012-04-06 09:49 . 2012-04-07 19:13 455680 ----a-w- c:\windows\system32\deploytk.dll
2012-04-05 22:07 . 2012-04-05 22:07 -------- d-----w- c:\program files (x86)\Java
2012-04-05 11:52 . 2012-04-05 11:52 -------- d-----w- c:\users\Martin\AppData\Local\MPlayer
2012-04-04 09:53 . 2010-11-21 03:25 296448 ----a-w- c:\windows\SysWow64\mfds.dll.bak
2012-04-04 09:50 . 2012-04-04 09:51 -------- d-----w- c:\users\Martin\AppData\Roaming\Win7codecs
2012-03-28 14:55 . 2012-04-14 19:56 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-22 17:01 . 2012-03-22 17:01 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-03-22 17:00 . 2012-03-22 17:00 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2012-03-22 14:46 . 2012-04-01 14:03 -------- d-----w- c:\programdata\TmForever
2012-03-19 17:32 . 2012-03-19 17:32 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 17:32 . 2012-03-19 17:32 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 19:56 . 2011-12-23 08:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 22:07 . 2012-01-16 21:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-16 15:37 . 2012-03-16 15:37 281600 ----a-w- c:\windows\SysWow64\cncs232.dll
2012-03-15 05:40 . 2012-03-15 05:40 4826112 ----a-w- c:\windows\SysWow64\x264vfw.dll
2012-03-06 23:15 . 2011-12-22 13:01 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-12-22 13:01 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-12-22 13:02 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-12-22 13:02 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-12-22 13:02 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-12-22 13:02 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-12-22 13:02 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-12-22 13:02 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 05:54 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 05:54 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 05:54 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 05:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 05:54 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 09:00 . 2012-02-15 09:00 1287168 ----a-w- c:\windows\SysWow64\VSFilter.dll
2012-02-10 06:36 . 2012-03-14 05:54 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 05:54 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 05:54 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 13:21 . 2012-01-25 13:21 913920 ----a-w- c:\windows\SysWow64\lameACM.acm
2012-01-25 06:38 . 2012-03-14 05:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 05:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 05:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-21 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-15_18.46.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-15 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-15 21:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-15 21:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-15 18:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-15 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-15 21:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-04-15 21:42 30702 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-15 21:42 43868 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-21 14:55 . 2012-04-15 21:42 10984 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4132000248-203043738-1563486082-1000_UserData.bin
- 2011-12-21 23:48 . 2012-04-14 19:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-21 23:48 . 2012-04-15 21:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-21 23:48 . 2012-04-15 21:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-21 23:48 . 2012-04-14 19:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-15 21:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-14 19:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-21 15:10 . 2012-04-15 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-21 15:10 . 2012-04-15 21:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-21 15:10 . 2012-04-15 21:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-21 15:10 . 2012-04-15 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-15 18:45 . 2012-04-15 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-15 21:40 . 2012-04-15 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-15 18:45 . 2012-04-15 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-15 21:40 . 2012-04-15 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-04-15 21:39 390380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-15 18:44 390380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PWRISOVM.EXE"="d:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 19:56]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 12:49]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4132000248-203043738-1563486082-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 12:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.240.190.4 62.240.190.34
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hp50i2ff.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2012-04-15 23:50:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 21:50
ComboFix2.txt 2012-04-15 18:55
ComboFix3.txt 2012-04-15 17:39
.
Pre-Run: Volných bajtu: 25 674 035 200
Post-Run: Volných bajtu: 25 473 122 304
.
- - End Of File - - 734B3CDC643F0A341CAE06841ADBFAA1
odkaz: https://www.virustotal.com/file/fdc6b8e ... 334524794/
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-15 23:55:03
-----------------------------
23:55:03.539 OS Version: Windows x64 6.1.7601 Service Pack 1
23:55:03.539 Number of processors: 2 586 0xF0D
23:55:03.555 ComputerName: MARTIN-PC UserName: Martin
23:55:05.146 Initialize success
23:55:06.082 AVAST engine defs: 12041502
23:55:08.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:55:08.781 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 3
23:55:08.797 Disk 0 MBR read successfully
23:55:08.812 Disk 0 MBR scan
23:55:08.812 Disk 0 Windows 7 default MBR code
23:55:08.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:55:08.843 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 50000 MB offset 206848
23:55:08.875 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 255143 MB offset 102606848
23:55:08.890 Disk 0 scanning C:\Windows\system32\drivers
23:55:17.720 Service scanning
23:55:54.318 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
23:56:06.236 Modules scanning
23:56:06.267 Disk 0 trace - called modules:
23:56:06.298 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spsp.sys hal.dll
23:56:06.298 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004caa3c0]
23:56:06.314 3 CLASSPNP.SYS[fffff8800199f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b10050]
23:56:06.813 AVAST engine scan C:\Windows
23:56:09.106 AVAST engine scan C:\Windows\system32
23:59:45.853 AVAST engine scan C:\Windows\system32\drivers
00:00:03.481 AVAST engine scan C:\Users\Martin
00:02:00.325 AVAST engine scan C:\ProgramData
00:02:39.715 Scan finished successfully
00:04:04.984 Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
00:04:05.000 The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zpomalený notebook
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.
Změnilo se něco?
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.
Změnilo se něco?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Zpomalený notebook
Nic moc se nezměnilo. Je to pořád strašně pomalý. Zkoušel jsem HD videa na youtube a sekalo se to dost. Minecraft se taky seká pořád stejně...
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zpomalený notebook
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Stáhni si Memtest:
Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
Je třeba zkontrolovat HDD na chyby , zkusit jeho defragmentaci ..
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Stáhni si Memtest:
Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
Je třeba zkontrolovat HDD na chyby , zkusit jeho defragmentaci ..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 85 hostů