Dpbrý deň,
Chcel by som poprosiť o check mojho logu (nižšie uvedeného), systém nešiel nabootovať pripojil som disk do druhého pc zo systémového disku som vymazal súbor BOOTSECT.dat, ktorý sa mi tam vytvoril. Potom už išiel systém nabootovať ale systémový disk je plný môžte vidieť v logu. Prosím o pomoc.
Ďakujem
log.txt
Logfile of random's system information tool 1.09 (written by random/random)
Run by Janka at 2013-05-29 19:57:09
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 468 MB (0%) free of 132 GB
Total RAM: 2047 MB (20% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:57:32, on 29. 5. 2013
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Janka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2077543
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25518
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\FaceSmooch Toolbar\tbhelper.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: ToggleEN - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\prxtbTog0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: TBSB03968 - {AA61DE26-FA67-4575-9033-918671094293} - C:\Users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll
O3 - Toolbar: Toolbar fuer eBay - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll
O3 - Toolbar: FaceSmooch Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\prxtbTog0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Janka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Ovulation Calculator] "C:\Program Files (x86)\Ovulation Calculator\ovulcalc.exe" 1
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe
O4 - HKCU\..\Run: [Guvevk] C:\Users\Janka\AppData\Roaming\Guvevk.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\Windows\SysWOW64\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\SysWOW64\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9302 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {B351E210-1891-49AB-9315-195A7F46243C}
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
"C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sAUTODESKVAULT
"C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe"
C:\Windows\SysWOW64\nisvcloc.exe -s
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\Dwm.exe"
taskeng.exe {ED11F17E-28F4-4679-B2D7-6A96AD3750C3}
C:\Windows\Explorer.EXE
"C:\Windows\System32\nvraidservice.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\SysWOW64\DllHost.exe /Processid:{B366DEBE-645B-43A5-B865-DDD82C345492}
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt
"c:\program files\windows defender\MpCmdRun.exe" Scan -RestrictPrivileges -Reinvoke
"C:\Program Files\Internet Explorer\ieuser.exe" -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 612 616 624 65536 620
"C:\Users\Janka\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1679813864-1354040687-2176444434-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1679813864-1354040687-2176444434-1001UA.job
C:\Windows\tasks\User_Feed_Synchronization-{E30F88B3-9BF6-4E89-AD8A-3703147958C1}.job
C:\Windows\tasks\User_Feed_Synchronization-{F6042817-0836-47BB-A3BC-77B67B16EE0C}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
ToggleEN Toolbar - C:\Program Files (x86)\ToggleEN\prxtbTog0.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG8\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}]
TBSB03968 Class - C:\Users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll [2008-08-14 2484224]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll [2010-02-16 2495488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{000E148C-F7A7-445A-9044-93BF6CE09ECB} - Toolbar fuer eBay - C:\Users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll [2008-08-14 2484224]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - FaceSmooch Toolbar - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll [2010-02-16 2495488]
{038cb5c7-48ea-4af9-94e0-a1646542e62b} - ToggleEN Toolbar - C:\Program Files (x86)\ToggleEN\prxtbTog0.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"=C:\Windows\system32\nvraidservice.exe [2007-10-26 286752]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2716216]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1555968]
"Google Update"=C:\Users\Janka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 133104]
"Ovulation Calculator"=C:\Program Files (x86)\Ovulation Calculator\ovulcalc.exe 1 []
"NVIDIA driver monitor"=c:\users\public\nvsvc32.exe []
"Guvevk"=C:\Users\Janka\AppData\Roaming\Guvevk.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Best Malware Protection]
C:\ProgramData\0523c1\BM052_2121.exe /s /d []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2716216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2012-03-07 943504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-03-07 21392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2012-03-07 3508624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NodLogin]
C:\Program Files\ESET\ESET Smart Security\nodlogin.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-10-05 11474024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDP]
C:\Program Files (x86)\FaceSmooch Toolbar\update_checker.exe [2010-06-27 131584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Java\jre6\bin\jusched.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files (x86)\uTorrent\uTorrent.exe [2011-01-14 395640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2008-09-12 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1584184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launchy.lnk]
C:\PROGRA~2\Launchy\Launchy.exe [2008-08-05 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.scr - open - "C:\Windows\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2013-05-29 19:36:51 ----D---- C:\Program Files\trend micro
2013-05-29 19:36:49 ----D---- C:\rsit
2013-05-29 00:09:30 ----A---- C:\Windows\ntbtlog.txt
======List of files/folders modified in the last 1 month======
2013-05-29 19:57:17 ----D---- C:\Windows\Temp
2013-05-29 19:38:01 ----D---- C:\Windows\System32
2013-05-29 19:38:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-29 19:37:59 ----D---- C:\Windows\inf
2013-05-29 19:36:51 ----RD---- C:\Program Files
2013-05-29 19:34:55 ----D---- C:\Program Files (x86)\YourFileDownloader
2013-05-29 19:33:17 ----D---- C:\Windows\system32\inetsrv
2013-05-29 19:30:55 ----AD---- C:\Windows
2013-05-29 19:30:46 ----D---- C:\ProgramData\NVIDIA
2013-05-29 18:20:59 ----D---- C:\Windows\system32\drivers
2013-05-29 17:57:19 ----SHD---- C:\Windows\Installer
2013-05-29 17:55:27 ----D---- C:\ProgramData\ESET
2013-05-29 17:55:27 ----D---- C:\Program Files\ESET
2013-05-29 17:54:54 ----D---- C:\Windows\system32\catroot2
2013-05-29 17:54:51 ----SHD---- C:\System Volume Information
2013-05-29 17:48:53 ----D---- C:\Users\Janka\AppData\Roaming\uTorrent
2013-05-29 17:48:13 ----D---- C:\Windows\Prefetch
2013-05-29 17:37:58 ----D---- C:\Windows\Logs
2013-05-28 23:32:21 ----SHD---- C:\$Recycle.Bin
2013-05-16 03:03:09 ----D---- C:\ProgramData\Microsoft Help
2013-05-16 03:01:09 ----A---- C:\Windows\system32\mrt.exe
2013-05-15 17:04:32 ----D---- C:\ProgramData\Adobe
2013-05-12 00:33:33 ----D---- C:\Users\Janka\AppData\Roaming\Mozilla
2013-05-02 02:06:08 ----N---- C:\Windows\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2008-01-19 161848]
R0 hotcore3;hotcore3; C:\Windows\SysWOW64\drivers\hotcore3.sys [2007-03-07 35096]
R0 nvrd64;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd64.sys [2008-04-07 160288]
R0 nvstor64;nvstor64; C:\Windows\system32\drivers\nvstor64.sys [2008-04-07 130080]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-15 834544]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 145336]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 123200]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-18 119296]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 275456]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x64.sys [2006-10-10 742696]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [2006-10-04 273408]
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S2 Angelnt;Angelnt; C:\Windows\System32\Drivers\ANGELNT.SYS []
S2 cvintdrv;cvintdrv; C:\Windows\system32\drivers\cvintdrv.sys []
S3 aj6gx452;aj6gx452; C:\Windows\system32\drivers\aj6gx452.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys []
S3 block_reader;MPR DRV; \??\I:\Portable\Multi Password Recovery 1.1.9 Portable\block_reader.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 6144]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-10-05 2511464]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2008-01-18 30208]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 11008]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 7936]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2013-02-26 11036448]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2007-06-12 59904]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2011-12-08 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2011-12-08 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2011-12-08 161280]
S3 stus2x64;USB 2.0 IrDA Bridge; C:\Windows\system32\DRIVERS\stusb2ir.sys [2006-09-18 47872]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 46080]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 108544]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 27648]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2008-01-19 15872]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 27648]
R2 LkCitadelServer;Lookout Citadel Server; C:\Windows\SysWOW64\lkcitdl.exe [2006-06-19 688190]
R2 lkClassAds;National Instruments PSP Server Locator; C:\Windows\SysWOW64\lkads.exe [2006-07-25 45056]
R2 lkTimeSync;National Instruments Time Synchronization; C:\Windows\SysWOW64\lktsrv.exe [2006-07-25 57344]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [2006-07-25 200704]
R2 niSvcLoc;NI Service Locator; C:\Windows\SysWOW64\nisvcloc.exe [2006-02-06 49152]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 884512]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 27648]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 27648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-26 1260320]
S3 aspnet_state;@%windir%\system32\inetsrv\iisres.dll,-30009; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [2008-07-27 46088]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-09-16 79360]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 23296]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-11 115608]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]
S3 NILM License Manager;NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2006-06-27 1007616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-18 19968]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 SPTISRV;Sony SPTI Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zavírený systém, vírus zaplnil systémový disk
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavírený systém, vírus zaplnil systémový disk
Zdravím!
Dejte log ComboFix:
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zavírený systém, vírus zaplnil systémový disk
Takže spustil som combofix pomazal mi nejake foldre a subory teraz mam 43,5 GB volneho miesta nizsie pripajam log z combofix
Mam este nieco urobit?
Dakujem
log.txt
ComboFix 13-05-29.01 - Janka . 05. 2013 20:44:00.1.1 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.421.1033.18.2047.637 [GMT 2:00]
Running from: c:\users\Janka\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FaceSmooch Toolbar\tbHElper.dll
c:\users\admin\AppData\Roaming\Desktopicon
c:\users\admin\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\Janka\AppData\Roaming\Best Malware Protection
c:\users\Janka\AppData\Roaming\Best Malware Protection\cookies.sqlite
c:\users\Janka\AppData\Roaming\Best Malware Protection\Instructions.ini
c:\users\Janka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Best Malware Protection.lnk
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.exe
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.sys
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\SM.exe
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\SM.tmp
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\snl2w.drv
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Start Menu\Best Malware Protection.lnk
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Malware Protection.lnk
C:\Win
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_block_reader
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-29 )))))))))))))))))))))))))))))))
.
.
2013-05-29 18:58 . 2013-05-29 18:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-29 18:58 . 2013-05-29 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-29 18:58 . 2013-05-29 18:58 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-05-29 17:36 . 2013-05-29 17:57 -------- d-----w- c:\program files\trend micro
2013-05-29 17:36 . 2013-05-29 17:37 -------- d-----w- C:\rsit
2013-05-17 07:45 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE5D44A2-54D0-40A8-8B7A-3F63F9B6CF05}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 01:01 . 2006-11-02 12:35 75016696 ----a-w- c:\windows\system32\mrt.exe
2013-05-02 00:06 . 2009-10-04 16:02 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ToggleEN\prxtbTog0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}]
2008-08-14 13:57 2484224 ----a-w- c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224]
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"= "c:\program files (x86)\FaceSmooch Toolbar\tbcore3.dll" [2010-02-16 2495488]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files (x86)\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968]
.
[HKEY_CLASSES_ROOT\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1679813864-1354040687-2176444434-1001Core.job
- c:\users\Janka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 17:44]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1679813864-1354040687-2176444434-1001UA.job
- c:\users\Janka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 17:44]
.
2013-05-29 c:\windows\Tasks\User_Feed_Synchronization-{E30F88B3-9BF6-4E89-AD8A-3703147958C1}.job
- c:\windows\system32\msfeedssync.exe [2008-10-06 21:33]
.
2013-05-29 c:\windows\Tasks\User_Feed_Synchronization-{F6042817-0836-47BB-A3BC-77B67B16EE0C}.job
- c:\windows\system32\msfeedssync.exe [2008-10-06 21:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-10-26 286752]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
mStart Page = hxxp://home.sweetim.com
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:25518
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Janka\AppData\Roaming\Mozilla\Firefox\Profiles\1doz7wi1.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={A98212D9-F2BD-49BE-B838-DE0D9960432D}
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&barid={A98212D9-F2BD-49BE-B838-DE0D9960432D}&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-12 13:22; {2d3fbcf7-be69-4433-8858-c621a8d0e58d}; c:\users\Janka\AppData\Roaming\Mozilla\Firefox\Profiles\1doz7wi1.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
FF - ExtSQL: !HIDDEN! 2009-09-18 03:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Ovulation Calculator - c:\program files (x86)\Ovulation Calculator\ovulcalc.exe
Wow6432Node-HKCU-Run-Guvevk - c:\users\Janka\AppData\Roaming\Guvevk.exe
WebBrowser-{000E148C-F7A7-445A-9044-93BF6CE09ECB} - (no file)
WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)
AddRemove-PC Translator - c:\users\admin\AppData\Local\Temp\UN32.EXE
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2013-05-29 21:10:40 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-29 19:10
.
Pre-Run: 1 555 816 448 bytes free
Post-Run: 46 771 433 472 bytes free
.
- - End Of File - - 7924D0AE1FCBB4469A4B5D259E0A85B1
Mam este nieco urobit?
Dakujem
log.txt
ComboFix 13-05-29.01 - Janka . 05. 2013 20:44:00.1.1 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.421.1033.18.2047.637 [GMT 2:00]
Running from: c:\users\Janka\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FaceSmooch Toolbar\tbHElper.dll
c:\users\admin\AppData\Roaming\Desktopicon
c:\users\admin\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\Janka\AppData\Roaming\Best Malware Protection
c:\users\Janka\AppData\Roaming\Best Malware Protection\cookies.sqlite
c:\users\Janka\AppData\Roaming\Best Malware Protection\Instructions.ini
c:\users\Janka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Best Malware Protection.lnk
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.exe
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.sys
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\SM.exe
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\SM.tmp
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\snl2w.drv
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Start Menu\Best Malware Protection.lnk
c:\users\Janka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Malware Protection.lnk
C:\Win
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_block_reader
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-29 )))))))))))))))))))))))))))))))
.
.
2013-05-29 18:58 . 2013-05-29 18:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-29 18:58 . 2013-05-29 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-29 18:58 . 2013-05-29 18:58 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-05-29 17:36 . 2013-05-29 17:57 -------- d-----w- c:\program files\trend micro
2013-05-29 17:36 . 2013-05-29 17:37 -------- d-----w- C:\rsit
2013-05-17 07:45 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE5D44A2-54D0-40A8-8B7A-3F63F9B6CF05}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 01:01 . 2006-11-02 12:35 75016696 ----a-w- c:\windows\system32\mrt.exe
2013-05-02 00:06 . 2009-10-04 16:02 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ToggleEN\prxtbTog0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}]
2008-08-14 13:57 2484224 ----a-w- c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224]
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"= "c:\program files (x86)\FaceSmooch Toolbar\tbcore3.dll" [2010-02-16 2495488]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files (x86)\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968]
.
[HKEY_CLASSES_ROOT\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1679813864-1354040687-2176444434-1001Core.job
- c:\users\Janka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 17:44]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1679813864-1354040687-2176444434-1001UA.job
- c:\users\Janka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 17:44]
.
2013-05-29 c:\windows\Tasks\User_Feed_Synchronization-{E30F88B3-9BF6-4E89-AD8A-3703147958C1}.job
- c:\windows\system32\msfeedssync.exe [2008-10-06 21:33]
.
2013-05-29 c:\windows\Tasks\User_Feed_Synchronization-{F6042817-0836-47BB-A3BC-77B67B16EE0C}.job
- c:\windows\system32\msfeedssync.exe [2008-10-06 21:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-10-26 286752]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
mStart Page = hxxp://home.sweetim.com
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:25518
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Janka\AppData\Roaming\Mozilla\Firefox\Profiles\1doz7wi1.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={A98212D9-F2BD-49BE-B838-DE0D9960432D}
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&barid={A98212D9-F2BD-49BE-B838-DE0D9960432D}&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-12 13:22; {2d3fbcf7-be69-4433-8858-c621a8d0e58d}; c:\users\Janka\AppData\Roaming\Mozilla\Firefox\Profiles\1doz7wi1.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
FF - ExtSQL: !HIDDEN! 2009-09-18 03:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Ovulation Calculator - c:\program files (x86)\Ovulation Calculator\ovulcalc.exe
Wow6432Node-HKCU-Run-Guvevk - c:\users\Janka\AppData\Roaming\Guvevk.exe
WebBrowser-{000E148C-F7A7-445A-9044-93BF6CE09ECB} - (no file)
WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)
AddRemove-PC Translator - c:\users\admin\AppData\Local\Temp\UN32.EXE
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2013-05-29 21:10:40 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-29 19:10
.
Pre-Run: 1 555 816 448 bytes free
Post-Run: 46 771 433 472 bytes free
.
- - End Of File - - 7924D0AE1FCBB4469A4B5D259E0A85B1
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavírený systém, vírus zaplnil systémový disk
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
File::
c:\program files (x86)\ToggleEN\prxtbTog0.dll
Folder::
c:\program files (x86)\ConduitEngine
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}]
[-HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3]
[-HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[-HKEY_CLASSES_ROOT\TBSB03968.TBSB03968]
[-HKEY_CLASSES_ROOT\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}]
[-HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009]
[-HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
Firefox::
FF - ProfilePath - c:\users\Janka\AppData\Roaming\Mozilla\Firefox\Profiles\1doz7wi1.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={A98212D9-F2BD-49BE-B838-DE0D9960432D}
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&barid={A98212D9-F2BD-49BE-B838-DE0D9960432D}&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-12 13:22; {2d3fbcf7-be69-4433-8858-c621a8d0e58d}; c:\users\Janka\AppData\Roaming\Mozilla\Firefox\Profiles\1doz7wi1.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
FF - ExtSQL: !HIDDEN! 2009-09-18 03:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zavírený systém, vírus zaplnil systémový disk
Ďakujem, uz je tam 49,1 gb miesta na systemovom disku nižšie posielam reporty z CF a z RSIT, mám, mám ešte niečo urobiť?
Log.txt - rsit
Logfile of random's system information tool 1.09 (written by random/random)
Run by Janka at 2013-05-29 22:29:39
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 50 GB (38%) free of 132 GB
Total RAM: 2047 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:29:56, on 29. 5. 2013
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Janka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2077543
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25518
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: ToggleEN - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\prxtbTog0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: TBSB03968 - {AA61DE26-FA67-4575-9033-918671094293} - C:\Users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\Windows\SysWOW64\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\SysWOW64\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7399 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {B5D2312A-906E-4913-BEE9-398C59AF7356}
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
"C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sAUTODESKVAULT
"C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe"
C:\Windows\SysWOW64\nisvcloc.exe -s
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {4E1DA6C5-60F9-4156-8B6B-80361104E3A4}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
"C:\Windows\System32\nvraidservice.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\wuauclt.exe"
notepad.exe "C:\Users\Janka\AppData\Local\Temp\log.txt"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 612 616 624 65536 620
"C:\Users\Janka\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1679813864-1354040687-2176444434-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1679813864-1354040687-2176444434-1001UA.job
C:\Windows\tasks\User_Feed_Synchronization-{E30F88B3-9BF6-4E89-AD8A-3703147958C1}.job
C:\Windows\tasks\User_Feed_Synchronization-{F6042817-0836-47BB-A3BC-77B67B16EE0C}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
ToggleEN Toolbar - C:\Program Files (x86)\ToggleEN\prxtbTog0.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG8\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}]
TBSB03968 Class - C:\Users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll [2010-02-16 2495488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"=C:\Windows\system32\nvraidservice.exe [2007-10-26 286752]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1555968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Best Malware Protection]
C:\ProgramData\0523c1\BM052_2121.exe /s /d []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2012-03-07 943504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-03-07 21392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2012-03-07 3508624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NodLogin]
C:\Program Files\ESET\ESET Smart Security\nodlogin.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-10-05 11474024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDP]
C:\Program Files (x86)\FaceSmooch Toolbar\update_checker.exe [2010-06-27 131584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Java\jre6\bin\jusched.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files (x86)\uTorrent\uTorrent.exe [2011-01-14 395640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2008-09-12 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1584184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launchy.lnk]
C:\PROGRA~2\Launchy\Launchy.exe [2008-08-05 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.scr - open - "C:\Windows\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2013-05-29 22:28:09 ----D---- C:\Windows\temp
2013-05-29 22:28:06 ----A---- C:\ComboFix.txt
2013-05-29 22:19:39 ----ASH---- C:\pagefile.sys
2013-05-29 20:29:43 ----A---- C:\Windows\zip.exe
2013-05-29 20:29:43 ----A---- C:\Windows\SWSC.exe
2013-05-29 20:29:43 ----A---- C:\Windows\SWREG.exe
2013-05-29 20:29:43 ----A---- C:\Windows\sed.exe
2013-05-29 20:29:43 ----A---- C:\Windows\PEV.exe
2013-05-29 20:29:43 ----A---- C:\Windows\NIRCMD.exe
2013-05-29 20:29:43 ----A---- C:\Windows\MBR.exe
2013-05-29 20:29:43 ----A---- C:\Windows\grep.exe
2013-05-29 20:22:22 ----D---- C:\Qoobox
2013-05-29 20:20:06 ----D---- C:\Windows\erdnt
2013-05-29 19:36:51 ----D---- C:\Program Files\trend micro
2013-05-29 19:36:49 ----D---- C:\rsit
2013-05-29 00:09:30 ----A---- C:\Windows\ntbtlog.txt
======List of files/folders modified in the last 1 month======
2013-05-29 22:28:11 ----D---- C:\Windows\system32\drivers
2013-05-29 22:28:09 ----AD---- C:\Windows
2013-05-29 22:26:25 ----D---- C:\Windows\System32
2013-05-29 22:26:25 ----D---- C:\Windows\inf
2013-05-29 22:26:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-29 22:23:20 ----D---- C:\Windows\system32\inetsrv
2013-05-29 22:22:17 ----A---- C:\Windows\system.ini
2013-05-29 22:21:58 ----D---- C:\Windows\system32\drivers\etc
2013-05-29 22:20:55 ----D---- C:\ProgramData\NVIDIA
2013-05-29 22:19:49 ----SHD---- C:\System Volume Information
2013-05-29 22:17:23 ----D---- C:\Program Files (x86)
2013-05-29 22:12:33 ----D---- C:\Windows\SYSWOW64\drivers
2013-05-29 22:12:33 ----D---- C:\Windows\SysWOW64
2013-05-29 22:12:33 ----D---- C:\Windows\AppPatch
2013-05-29 22:12:31 ----D---- C:\Program Files (x86)\Common Files
2013-05-29 20:59:49 ----D---- C:\Windows\system32\config
2013-05-29 20:57:51 ----SD---- C:\Windows\Downloaded Program Files
2013-05-29 20:57:43 ----D---- C:\Program Files (x86)\FaceSmooch Toolbar
2013-05-29 20:29:21 ----SHD---- C:\Windows\Installer
2013-05-29 19:36:51 ----RD---- C:\Program Files
2013-05-29 19:34:55 ----D---- C:\Program Files (x86)\YourFileDownloader
2013-05-29 17:55:27 ----D---- C:\ProgramData\ESET
2013-05-29 17:55:27 ----D---- C:\Program Files\ESET
2013-05-29 17:54:54 ----D---- C:\Windows\system32\catroot2
2013-05-29 17:48:53 ----D---- C:\Users\Janka\AppData\Roaming\uTorrent
2013-05-29 17:48:13 ----D---- C:\Windows\Prefetch
2013-05-29 17:37:58 ----D---- C:\Windows\Logs
2013-05-16 03:03:09 ----D---- C:\ProgramData\Microsoft Help
2013-05-16 03:01:09 ----A---- C:\Windows\system32\mrt.exe
2013-05-15 17:04:32 ----D---- C:\ProgramData\Adobe
2013-05-12 00:33:33 ----D---- C:\Users\Janka\AppData\Roaming\Mozilla
2013-05-02 02:06:08 ----N---- C:\Windows\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2008-01-19 161848]
R0 hotcore3;hotcore3; C:\Windows\SysWOW64\drivers\hotcore3.sys [2007-03-07 35096]
R0 nvrd64;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd64.sys [2008-04-07 160288]
R0 nvstor64;nvstor64; C:\Windows\system32\drivers\nvstor64.sys [2008-04-07 130080]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-15 834544]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-18 119296]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 275456]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x64.sys [2006-10-10 742696]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [2006-10-04 273408]
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S2 Angelnt;Angelnt; C:\Windows\System32\Drivers\ANGELNT.SYS []
S2 cvintdrv;cvintdrv; C:\Windows\system32\drivers\cvintdrv.sys []
S3 aspmunxo;aspmunxo; C:\Windows\system32\drivers\aspmunxo.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 6144]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-10-05 2511464]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2008-01-18 30208]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 11008]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 7936]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2013-02-26 11036448]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2007-06-12 59904]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2011-12-08 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2011-12-08 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2011-12-08 161280]
S3 stus2x64;USB 2.0 IrDA Bridge; C:\Windows\system32\DRIVERS\stusb2ir.sys [2006-09-18 47872]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 46080]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 108544]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 27648]
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2008-01-19 15872]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 27648]
R2 LkCitadelServer;Lookout Citadel Server; C:\Windows\SysWOW64\lkcitdl.exe [2006-06-19 688190]
R2 lkClassAds;National Instruments PSP Server Locator; C:\Windows\SysWOW64\lkads.exe [2006-07-25 45056]
R2 lkTimeSync;National Instruments Time Synchronization; C:\Windows\SysWOW64\lktsrv.exe [2006-07-25 57344]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [2006-07-25 200704]
R2 niSvcLoc;NI Service Locator; C:\Windows\SysWOW64\nisvcloc.exe [2006-02-06 49152]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 884512]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 27648]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 27648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-26 1260320]
S3 aspnet_state;@%windir%\system32\inetsrv\iisres.dll,-30009; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [2008-07-27 46088]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-09-16 79360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-11 115608]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]
S3 NILM License Manager;NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2006-06-27 1007616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-18 19968]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 SPTISRV;Sony SPTI Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
-----------------EOF-----------------
Log.txt - ComboFix
ComboFix 13-05-29.01 - Janka . 05. 2013 22:07:15.2.1 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.421.1033.18.2047.1037 [GMT 2:00]
Running from: c:\users\Janka\Desktop\ComboFix.exe
Command switches used :: c:\users\Janka\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\ToggleEN\prxtbTog0.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngin0.dll
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\INSTALL.LOG
c:\program files (x86)\ConduitEngine\prxConduitEngin0.dll
c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
c:\program files (x86)\ConduitEngine\toolbar.cfg
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\affid.dat
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\basis.xml
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.crc
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.gif
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.inf
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\icons.bmp
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\info.txt
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\tbhelper.dll
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\uninstall.exe
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\update.exe
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\version.txt
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-29 )))))))))))))))))))))))))))))))
.
.
2013-05-29 20:18 . 2013-05-29 20:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-29 20:18 . 2013-05-29 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-29 20:18 . 2013-05-29 20:18 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-05-29 17:36 . 2013-05-29 19:34 -------- d-----w- c:\program files\trend micro
2013-05-29 17:36 . 2013-05-29 17:37 -------- d-----w- C:\rsit
2013-05-17 07:45 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE5D44A2-54D0-40A8-8B7A-3F63F9B6CF05}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 01:01 . 2006-11-02 12:35 75016696 ----a-w- c:\windows\system32\mrt.exe
2013-05-02 00:06 . 2009-10-04 16:02 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ToggleEN\prxtbTog0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1555968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1679813864-1354040687-2176444434-1001Core.job
- c:\users\Janka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 17:44]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1679813864-1354040687-2176444434-1001UA.job
- c:\users\Janka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 17:44]
.
2013-05-29 c:\windows\Tasks\User_Feed_Synchronization-{E30F88B3-9BF6-4E89-AD8A-3703147958C1}.job
- c:\windows\system32\msfeedssync.exe [2008-10-06 21:33]
.
2013-05-29 c:\windows\Tasks\User_Feed_Synchronization-{F6042817-0836-47BB-A3BC-77B67B16EE0C}.job
- c:\windows\system32\msfeedssync.exe [2008-10-06 21:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-10-26 286752]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
mStart Page = hxxp://home.sweetim.com
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:25518
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Janka\AppData\Roaming\Mozilla\Firefox\Profiles\1doz7wi1.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-04-12 13:22; {2d3fbcf7-be69-4433-8858-c621a8d0e58d}; c:\users\Janka\AppData\Roaming\Mozilla\Firefox\Profiles\1doz7wi1.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
FF - ExtSQL: !HIDDEN! 2009-09-18 03:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\prxConduitEngin0.dll
BHO-{AA61DE26-FA67-4575-9033-918671094293} - c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll
WebBrowser-{000E148C-F7A7-445A-9044-93BF6CE09ECB} - (no file)
AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-PC Translator - c:\users\admin\AppData\Local\Temp\UN32.EXE
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2013-05-29 22:28:06 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-29 20:28
ComboFix2.txt 2013-05-29 19:10
.
Pre-Run: 46 746 505 216 bytes free
Post-Run: 52 708 548 608 bytes free
.
- - End Of File - - 926674D4322DE317C1C8AC4A27BFCB44
Log.txt - rsit
Logfile of random's system information tool 1.09 (written by random/random)
Run by Janka at 2013-05-29 22:29:39
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 50 GB (38%) free of 132 GB
Total RAM: 2047 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:29:56, on 29. 5. 2013
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Janka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2077543
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25518
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: ToggleEN - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\prxtbTog0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: TBSB03968 - {AA61DE26-FA67-4575-9033-918671094293} - C:\Users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\Windows\SysWOW64\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\SysWOW64\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7399 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {B5D2312A-906E-4913-BEE9-398C59AF7356}
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
"C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sAUTODESKVAULT
"C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe"
C:\Windows\SysWOW64\nisvcloc.exe -s
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {4E1DA6C5-60F9-4156-8B6B-80361104E3A4}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
"C:\Windows\System32\nvraidservice.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\wuauclt.exe"
notepad.exe "C:\Users\Janka\AppData\Local\Temp\log.txt"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 612 616 624 65536 620
"C:\Users\Janka\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1679813864-1354040687-2176444434-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1679813864-1354040687-2176444434-1001UA.job
C:\Windows\tasks\User_Feed_Synchronization-{E30F88B3-9BF6-4E89-AD8A-3703147958C1}.job
C:\Windows\tasks\User_Feed_Synchronization-{F6042817-0836-47BB-A3BC-77B67B16EE0C}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
ToggleEN Toolbar - C:\Program Files (x86)\ToggleEN\prxtbTog0.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngin0.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG8\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}]
TBSB03968 Class - C:\Users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll [2010-02-16 2495488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"=C:\Windows\system32\nvraidservice.exe [2007-10-26 286752]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1555968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Best Malware Protection]
C:\ProgramData\0523c1\BM052_2121.exe /s /d []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2012-03-07 943504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-03-07 21392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2012-03-07 3508624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NodLogin]
C:\Program Files\ESET\ESET Smart Security\nodlogin.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-10-05 11474024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDP]
C:\Program Files (x86)\FaceSmooch Toolbar\update_checker.exe [2010-06-27 131584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Java\jre6\bin\jusched.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files (x86)\uTorrent\uTorrent.exe [2011-01-14 395640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2008-09-12 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1584184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launchy.lnk]
C:\PROGRA~2\Launchy\Launchy.exe [2008-08-05 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.scr - open - "C:\Windows\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2013-05-29 22:28:09 ----D---- C:\Windows\temp
2013-05-29 22:28:06 ----A---- C:\ComboFix.txt
2013-05-29 22:19:39 ----ASH---- C:\pagefile.sys
2013-05-29 20:29:43 ----A---- C:\Windows\zip.exe
2013-05-29 20:29:43 ----A---- C:\Windows\SWSC.exe
2013-05-29 20:29:43 ----A---- C:\Windows\SWREG.exe
2013-05-29 20:29:43 ----A---- C:\Windows\sed.exe
2013-05-29 20:29:43 ----A---- C:\Windows\PEV.exe
2013-05-29 20:29:43 ----A---- C:\Windows\NIRCMD.exe
2013-05-29 20:29:43 ----A---- C:\Windows\MBR.exe
2013-05-29 20:29:43 ----A---- C:\Windows\grep.exe
2013-05-29 20:22:22 ----D---- C:\Qoobox
2013-05-29 20:20:06 ----D---- C:\Windows\erdnt
2013-05-29 19:36:51 ----D---- C:\Program Files\trend micro
2013-05-29 19:36:49 ----D---- C:\rsit
2013-05-29 00:09:30 ----A---- C:\Windows\ntbtlog.txt
======List of files/folders modified in the last 1 month======
2013-05-29 22:28:11 ----D---- C:\Windows\system32\drivers
2013-05-29 22:28:09 ----AD---- C:\Windows
2013-05-29 22:26:25 ----D---- C:\Windows\System32
2013-05-29 22:26:25 ----D---- C:\Windows\inf
2013-05-29 22:26:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-29 22:23:20 ----D---- C:\Windows\system32\inetsrv
2013-05-29 22:22:17 ----A---- C:\Windows\system.ini
2013-05-29 22:21:58 ----D---- C:\Windows\system32\drivers\etc
2013-05-29 22:20:55 ----D---- C:\ProgramData\NVIDIA
2013-05-29 22:19:49 ----SHD---- C:\System Volume Information
2013-05-29 22:17:23 ----D---- C:\Program Files (x86)
2013-05-29 22:12:33 ----D---- C:\Windows\SYSWOW64\drivers
2013-05-29 22:12:33 ----D---- C:\Windows\SysWOW64
2013-05-29 22:12:33 ----D---- C:\Windows\AppPatch
2013-05-29 22:12:31 ----D---- C:\Program Files (x86)\Common Files
2013-05-29 20:59:49 ----D---- C:\Windows\system32\config
2013-05-29 20:57:51 ----SD---- C:\Windows\Downloaded Program Files
2013-05-29 20:57:43 ----D---- C:\Program Files (x86)\FaceSmooch Toolbar
2013-05-29 20:29:21 ----SHD---- C:\Windows\Installer
2013-05-29 19:36:51 ----RD---- C:\Program Files
2013-05-29 19:34:55 ----D---- C:\Program Files (x86)\YourFileDownloader
2013-05-29 17:55:27 ----D---- C:\ProgramData\ESET
2013-05-29 17:55:27 ----D---- C:\Program Files\ESET
2013-05-29 17:54:54 ----D---- C:\Windows\system32\catroot2
2013-05-29 17:48:53 ----D---- C:\Users\Janka\AppData\Roaming\uTorrent
2013-05-29 17:48:13 ----D---- C:\Windows\Prefetch
2013-05-29 17:37:58 ----D---- C:\Windows\Logs
2013-05-16 03:03:09 ----D---- C:\ProgramData\Microsoft Help
2013-05-16 03:01:09 ----A---- C:\Windows\system32\mrt.exe
2013-05-15 17:04:32 ----D---- C:\ProgramData\Adobe
2013-05-12 00:33:33 ----D---- C:\Users\Janka\AppData\Roaming\Mozilla
2013-05-02 02:06:08 ----N---- C:\Windows\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2008-01-19 161848]
R0 hotcore3;hotcore3; C:\Windows\SysWOW64\drivers\hotcore3.sys [2007-03-07 35096]
R0 nvrd64;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd64.sys [2008-04-07 160288]
R0 nvstor64;nvstor64; C:\Windows\system32\drivers\nvstor64.sys [2008-04-07 130080]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-15 834544]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-18 119296]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 275456]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x64.sys [2006-10-10 742696]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [2006-10-04 273408]
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S2 Angelnt;Angelnt; C:\Windows\System32\Drivers\ANGELNT.SYS []
S2 cvintdrv;cvintdrv; C:\Windows\system32\drivers\cvintdrv.sys []
S3 aspmunxo;aspmunxo; C:\Windows\system32\drivers\aspmunxo.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 6144]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-10-05 2511464]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2008-01-18 30208]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 11008]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 7936]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2013-02-26 11036448]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2007-06-12 59904]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2011-12-08 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2011-12-08 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2011-12-08 161280]
S3 stus2x64;USB 2.0 IrDA Bridge; C:\Windows\system32\DRIVERS\stusb2ir.sys [2006-09-18 47872]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 46080]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 108544]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 27648]
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2008-01-19 15872]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 27648]
R2 LkCitadelServer;Lookout Citadel Server; C:\Windows\SysWOW64\lkcitdl.exe [2006-06-19 688190]
R2 lkClassAds;National Instruments PSP Server Locator; C:\Windows\SysWOW64\lkads.exe [2006-07-25 45056]
R2 lkTimeSync;National Instruments Time Synchronization; C:\Windows\SysWOW64\lktsrv.exe [2006-07-25 57344]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [2006-07-25 200704]
R2 niSvcLoc;NI Service Locator; C:\Windows\SysWOW64\nisvcloc.exe [2006-02-06 49152]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 884512]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 27648]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 27648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-26 1260320]
S3 aspnet_state;@%windir%\system32\inetsrv\iisres.dll,-30009; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [2008-07-27 46088]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-09-16 79360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-11 115608]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]
S3 NILM License Manager;NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2006-06-27 1007616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-18 19968]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 SPTISRV;Sony SPTI Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
-----------------EOF-----------------
Log.txt - ComboFix
ComboFix 13-05-29.01 - Janka . 05. 2013 22:07:15.2.1 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.421.1033.18.2047.1037 [GMT 2:00]
Running from: c:\users\Janka\Desktop\ComboFix.exe
Command switches used :: c:\users\Janka\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\ToggleEN\prxtbTog0.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngin0.dll
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\INSTALL.LOG
c:\program files (x86)\ConduitEngine\prxConduitEngin0.dll
c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
c:\program files (x86)\ConduitEngine\toolbar.cfg
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\affid.dat
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\basis.xml
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.crc
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.gif
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.inf
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\icons.bmp
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\info.txt
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\tbhelper.dll
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\uninstall.exe
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\update.exe
c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\version.txt
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-29 )))))))))))))))))))))))))))))))
.
.
2013-05-29 20:18 . 2013-05-29 20:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-29 20:18 . 2013-05-29 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-29 20:18 . 2013-05-29 20:18 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-05-29 17:36 . 2013-05-29 19:34 -------- d-----w- c:\program files\trend micro
2013-05-29 17:36 . 2013-05-29 17:37 -------- d-----w- C:\rsit
2013-05-17 07:45 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE5D44A2-54D0-40A8-8B7A-3F63F9B6CF05}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 01:01 . 2006-11-02 12:35 75016696 ----a-w- c:\windows\system32\mrt.exe
2013-05-02 00:06 . 2009-10-04 16:02 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ToggleEN\prxtbTog0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1555968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1679813864-1354040687-2176444434-1001Core.job
- c:\users\Janka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 17:44]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1679813864-1354040687-2176444434-1001UA.job
- c:\users\Janka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 17:44]
.
2013-05-29 c:\windows\Tasks\User_Feed_Synchronization-{E30F88B3-9BF6-4E89-AD8A-3703147958C1}.job
- c:\windows\system32\msfeedssync.exe [2008-10-06 21:33]
.
2013-05-29 c:\windows\Tasks\User_Feed_Synchronization-{F6042817-0836-47BB-A3BC-77B67B16EE0C}.job
- c:\windows\system32\msfeedssync.exe [2008-10-06 21:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-10-26 286752]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
mStart Page = hxxp://home.sweetim.com
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:25518
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Janka\AppData\Roaming\Mozilla\Firefox\Profiles\1doz7wi1.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-04-12 13:22; {2d3fbcf7-be69-4433-8858-c621a8d0e58d}; c:\users\Janka\AppData\Roaming\Mozilla\Firefox\Profiles\1doz7wi1.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
FF - ExtSQL: !HIDDEN! 2009-09-18 03:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\prxConduitEngin0.dll
BHO-{AA61DE26-FA67-4575-9033-918671094293} - c:\users\admin\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll
WebBrowser-{000E148C-F7A7-445A-9044-93BF6CE09ECB} - (no file)
AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-PC Translator - c:\users\admin\AppData\Local\Temp\UN32.EXE
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2013-05-29 22:28:06 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-29 20:28
ComboFix2.txt 2013-05-29 19:10
.
Pre-Run: 46 746 505 216 bytes free
Post-Run: 52 708 548 608 bytes free
.
- - End Of File - - 926674D4322DE317C1C8AC4A27BFCB44
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavírený systém, vírus zaplnil systémový disk
Log již vypadá OK. Pokud není ještě nějaký problém, je to vše.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zavírený systém, vírus zaplnil systémový disk
Dakujem pekne za pomoc 
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavírený systém, vírus zaplnil systémový disk
Nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?