Spomalený notebook
Napsal: 07 srp 2011 10:26
Zdravím,pár dní mi ide už spomalene notebook a niekedy sa aj seká,pripájam LOG z COMBOFIXU, za pomoc vopred ďakujem
ComboFix 11-08-06.02 - johny . 08. 2011 11:06:37.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3066.1661 [GMT 2:00]
Running from: c:\users\johny\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))
.
.
2011-08-07 09:16 . 2011-08-07 09:17 -------- d-----w- c:\users\johny\AppData\Local\temp
2011-08-07 09:16 . 2011-08-07 09:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-07 09:16 . 2011-08-07 09:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-07 08:59 . 2011-04-26 00:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-07 08:59 . 2011-08-07 08:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-07 08:53 . 2011-08-07 08:53 -------- d-----w- c:\users\johny\AppData\Local\Sunbelt Software
2011-08-07 08:52 . 2011-08-07 08:52 -------- dc-h--w- c:\programdata\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
2011-08-07 08:51 . 2011-08-07 08:51 -------- d-----w- c:\program files\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-02-16 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-02-16 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-02-26 11:52 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-02-16 11:43 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-02-16 11:43 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2011-02-16 11:43 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-02-16 11:43 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2011-02-16 11:43 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-25 15:58 . 2011-05-25 15:58 388096 ----a-r- c:\users\johny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-25 05:33 . 2011-05-06 11:48 20 ----a-w- c:\windows\system32\setup.bat
2011-05-25 05:33 . 2011-05-06 11:48 1652 ----a-w- c:\windows\system32\setup.reg
2011-05-24 05:15 . 2011-05-24 05:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-23 18:30 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-09 20:46 . 2011-05-24 17:38 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A9819C2-4E93-4F76-9CDA-E9598C978D82}\mpengine.dll
2011-02-17 15:22 . 2010-02-16 18:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-18 3318784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-17 30192]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-09 3607040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"mouseElf"="c:\progra~1\TWINTO~1\MouseElf.EXE" [2004-08-26 192512]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-07-14 118784]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-01-09 18:04 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R1 prodrv03;Star Force copy protection driver v3;c:\windows\System32\drivers\prodrv03.sys [2009-01-13 115968]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2009-01-09 3471360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 cimo;cimo;c:\windows\system32\cimo.sys [2009-08-05 51200]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\johny\AppData\Local\Temp\DRYD6E2.tmp [x]
R3 GoogleDesktopManager-051210-111108;Správca pre program Google Desktop 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-17 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-26 15232]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2009-01-09 43184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-26 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-04 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-02-18 142592]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 GJService;Game Jackal Server;c:\programdata\{AAD0A813-CC18-4D28-A1CC-4DC0DF41A592}\Server.exe [2010-04-16 2031040]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LBD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 13:47]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 13:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &U????????? - c:\program files\NamiRobot\Data\du.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz Search
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-CM_DiskCleaner - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-07 11:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\johny\AppData\Local\Temp\DRYD6E2.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3966806968-2824471673-2848729136-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b4,88,b4,46,81,ab,ce,b6,b5,90,48,10,2e,cf,22,1f,69,7e,7b,5a,13,ef,8d,
4a,aa,1d,ee,a2,97,e3,19,fd,9b,3e,bf,7d,9e,58,55,59,0f,fe,eb,99,12,18,89,4a,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-3966806968-2824471673-2848729136-1000\Software\SecuROM\License information*]
"datasecu"=hex:fd,cf,74,42,12,1c,47,9b,13,87,7d,cb,95,c6,0a,4c,82,94,23,78,da,
b9,03,53,c3,40,45,2a,aa,4f,98,87,36,1a,8e,30,5d,42,b3,ac,31,9d,a6,3d,22,27,\
"rkeysecu"=hex:01,e4,58,16,39,a8,01,79,3c,5e,e3,08,30,e3,75,2e
.
Completion time: 2011-08-07 11:24:21
ComboFix-quarantined-files.txt 2011-08-07 09:24
ComboFix2.txt 2011-05-25 19:04
ComboFix3.txt 2011-05-25 18:29
.
Pre-Run: 79 806 787 584 bytes free
Post-Run: 79 749 152 768 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 2313B87A5CCA72B7F2236EBA4B8D8FA7
ComboFix 11-08-06.02 - johny . 08. 2011 11:06:37.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3066.1661 [GMT 2:00]
Running from: c:\users\johny\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))
.
.
2011-08-07 09:16 . 2011-08-07 09:17 -------- d-----w- c:\users\johny\AppData\Local\temp
2011-08-07 09:16 . 2011-08-07 09:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-07 09:16 . 2011-08-07 09:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-07 08:59 . 2011-04-26 00:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-07 08:59 . 2011-08-07 08:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-07 08:53 . 2011-08-07 08:53 -------- d-----w- c:\users\johny\AppData\Local\Sunbelt Software
2011-08-07 08:52 . 2011-08-07 08:52 -------- dc-h--w- c:\programdata\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
2011-08-07 08:51 . 2011-08-07 08:51 -------- d-----w- c:\program files\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-02-16 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-02-16 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-02-26 11:52 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-02-16 11:43 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-02-16 11:43 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2011-02-16 11:43 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-02-16 11:43 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2011-02-16 11:43 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-25 15:58 . 2011-05-25 15:58 388096 ----a-r- c:\users\johny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-25 05:33 . 2011-05-06 11:48 20 ----a-w- c:\windows\system32\setup.bat
2011-05-25 05:33 . 2011-05-06 11:48 1652 ----a-w- c:\windows\system32\setup.reg
2011-05-24 05:15 . 2011-05-24 05:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-23 18:30 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-09 20:46 . 2011-05-24 17:38 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A9819C2-4E93-4F76-9CDA-E9598C978D82}\mpengine.dll
2011-02-17 15:22 . 2010-02-16 18:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-18 3318784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-17 30192]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-09 3607040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"mouseElf"="c:\progra~1\TWINTO~1\MouseElf.EXE" [2004-08-26 192512]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-07-14 118784]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-01-09 18:04 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R1 prodrv03;Star Force copy protection driver v3;c:\windows\System32\drivers\prodrv03.sys [2009-01-13 115968]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2009-01-09 3471360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 cimo;cimo;c:\windows\system32\cimo.sys [2009-08-05 51200]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\johny\AppData\Local\Temp\DRYD6E2.tmp [x]
R3 GoogleDesktopManager-051210-111108;Správca pre program Google Desktop 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-17 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-26 15232]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2009-01-09 43184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-26 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-04 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-02-18 142592]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 GJService;Game Jackal Server;c:\programdata\{AAD0A813-CC18-4D28-A1CC-4DC0DF41A592}\Server.exe [2010-04-16 2031040]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LBD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 13:47]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 13:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &U????????? - c:\program files\NamiRobot\Data\du.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz Search
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-CM_DiskCleaner - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-07 11:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\johny\AppData\Local\Temp\DRYD6E2.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3966806968-2824471673-2848729136-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b4,88,b4,46,81,ab,ce,b6,b5,90,48,10,2e,cf,22,1f,69,7e,7b,5a,13,ef,8d,
4a,aa,1d,ee,a2,97,e3,19,fd,9b,3e,bf,7d,9e,58,55,59,0f,fe,eb,99,12,18,89,4a,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-3966806968-2824471673-2848729136-1000\Software\SecuROM\License information*]
"datasecu"=hex:fd,cf,74,42,12,1c,47,9b,13,87,7d,cb,95,c6,0a,4c,82,94,23,78,da,
b9,03,53,c3,40,45,2a,aa,4f,98,87,36,1a,8e,30,5d,42,b3,ac,31,9d,a6,3d,22,27,\
"rkeysecu"=hex:01,e4,58,16,39,a8,01,79,3c,5e,e3,08,30,e3,75,2e
.
Completion time: 2011-08-07 11:24:21
ComboFix-quarantined-files.txt 2011-08-07 09:24
ComboFix2.txt 2011-05-25 19:04
ComboFix3.txt 2011-05-25 18:29
.
Pre-Run: 79 806 787 584 bytes free
Post-Run: 79 749 152 768 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 2313B87A5CCA72B7F2236EBA4B8D8FA7