VIRY.CZ

Dobrý deň, tento problém už mám týždeň a neviem čo s ním robiť, dočítal som sa na internete že to môže byť spôsobené malwarom, a hľadal som aj tu podobný problém ale som nenašiel, tu je log

Logfile of random's system information tool 1.09 (written by random/random)
Run by johny at 2012-02-26 18:36:11
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 34 GB (23%) free of 148 GB
Total RAM: 3066 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:01:31, on 25. 5. 2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\johny\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\TwinTouch LuxeMate\MouseElf.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\totalcmd\TOTALCMD.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\johny\Downloads\RSIT.exe
C:\Program Files\trend micro\johny.exe
C:\totalcmd\tcmadmin.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O1 - Hosts: 217.73.17.146 irc.westwood.com
O1 - Hosts: 217.73.17.146 gameres.westwood.com
O1 - Hosts: 217.73.17.146 servserv.westwood.com
O1 - Hosts: 217.73.17.146 apireg.westwood.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O3 - Toolbar: Lišta Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\TWINTO~1\MouseElf.EXE
O4 - HKLM\..\Run: [Startup Cleaner] C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - - C:\Windows\system32\regw2.exe
O23 - Service: Game Jackal Server (GJService) - Unknown owner - C:\ProgramData\{AAD0A813-CC18-4D28-A1CC-4DC0DF41A592}\Server.exe
O23 - Service: Správca pre program Google Desktop 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 12390 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://cs.start3.mozilla.com/firefox?cl ... s:official"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6, engine@conduit.com:3.3.3.2, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2, wtxpcom@mybrowserbar.com:4.7, youtubedownloader@mybrowserbar.com:4.7, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145, wrc@avast.com:6.0.1407, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =937811&p="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller 1.0.0.1
"Path"=C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GoogleDesktopMozilla.dll
GoogleDesktopMozillaStub.js
GoogleDesktopMozillaStub.xpt
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsIBitCometAgent.xpt
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npBitCometAgent.dll
npdeploytk.dll
npDivxPlayerPlugin.dll
npnul32.dll
NPOFFICE.DLL
nsIDivxPlayerPlugin.xpt
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
Cetrumcz_igeared.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\
engine@conduit.com
{20a82645-c095-46ed-80e3-08825760534b}
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\searchplugins\
askcom.xml
conduit.xml
crawlersrch.xml
daemon-search.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-03-04 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-02-23 998560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-04 142896]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll [2010-03-17 2355224]
{D5D47440-0750-463D-BAEF-A47D02414806}
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-02-23 998560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-28 6111232]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-04 526896]
"eAudio"=C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-03-07 544768]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-04-23 397312]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040]
"ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-09-23 6144]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-07-02 821768]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-17 30192]
"ZPdtWzdVitaKey MC3000"=C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2009-01-09 3607040]
"ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-05-12 147456]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-05-12 167936]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-05-12 167936]
"mouseElf"=C:\PROGRA~1\TWINTO~1\MouseElf.EXE [2004-08-26 192512]
"Startup Cleaner"=C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe [2006-07-14 118784]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 153672]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-02-07 1987976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-02-07 1987976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-02-18 3318784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2009-01-09 2972160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\johny\AppData\Local\Temp\0.47319059924956774.exe"="C:\Users\johny\AppData\Local\Temp\0.47319059924956774.exe:*:Enabled:ldrsoft"
"C:\Users\johny\AppData\Roaming\qanmbmim1eo2amtczyljflif2v2tyvu2\csrss.exe"="C:\Users\johny\AppData\Roaming\qanmbmim1eo2amtczyljflif2v2tyvu2\csrss.exe:*:Enabled:ldrsoft"
"C:\Users\johny\AppData\Roaming\xrgu222ajguulzlmomftkdihr13hunhx2\svcnost.exe"="C:\Users\johny\AppData\Roaming\xrgu222ajguulzlmomftkdihr13hunhx2\svcnost.exe:*:Enabled:ldrsoft"
"C:\Users\johny\AppData\Roaming\xkcganz3eng3w1xvcmdbhzrjfgvplpfq2\svcnost.exe"="C:\Users\johny\AppData\Roaming\xkcganz3eng3w1xvcmdbhzrjfgvplpfq2\svcnost.exe:*:Enabled:ldrsoft"
"D:\Hry\Combat Arms EU\CombatArms.exe"="D:\Hry\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Hry\Combat Arms EU\Engine.exe"="D:\Hry\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"D:\Hry\Combat Arms EU\CombatArms.exe"="D:\Hry\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Hry\Combat Arms EU\Engine.exe"="D:\Hry\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.MKVC"=KMVIDC32.DLL
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.iv32"=C:\Windows\system32\ir32_32.dll
"vidc.iv31"=C:\Windows\system32\ir32_32.dll
"msacm.siren"=sirenacm.dll
"VIDC.CFHD"=cfhd.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"VIDC.LAGS"=lagarith.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======List of files/folders created in the last 1 month======

2012-02-26 18:30:47 ----A---- C:\ComboFix.txt
2012-02-26 18:14:52 ----A---- C:\Windows\zip.exe
2012-02-26 18:14:52 ----A---- C:\Windows\SWSC.exe
2012-02-26 18:14:52 ----A---- C:\Windows\SWREG.exe
2012-02-26 18:14:52 ----A---- C:\Windows\sed.exe
2012-02-26 18:14:52 ----A---- C:\Windows\PEV.exe
2012-02-26 18:14:52 ----A---- C:\Windows\NIRCMD.exe
2012-02-26 18:14:52 ----A---- C:\Windows\MBR.exe
2012-02-26 18:14:52 ----A---- C:\Windows\grep.exe
2012-02-26 18:14:45 ----D---- C:\ComboFix
2012-02-26 18:14:35 ----D---- C:\32788R22FWJFW
2012-02-23 19:28:00 ----D---- C:\ProgramData\Trymedia
2012-02-16 15:46:12 ----A---- C:\Windows\system32\ieframe.dll
2012-02-16 15:46:11 ----A---- C:\Windows\system32\urlmon.dll
2012-02-16 15:46:11 ----A---- C:\Windows\system32\mshtml.dll
2012-02-16 15:46:10 ----A---- C:\Windows\system32\wininet.dll
2012-02-16 15:46:10 ----A---- C:\Windows\system32\mstime.dll
2012-02-16 15:46:09 ----A---- C:\Windows\system32\url.dll
2012-02-16 15:46:09 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-16 15:46:09 ----A---- C:\Windows\system32\msfeeds.dll
2012-02-16 15:46:09 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-16 15:46:09 ----A---- C:\Windows\system32\ieui.dll
2012-02-16 15:46:09 ----A---- C:\Windows\system32\iertutil.dll
2012-02-16 15:46:09 ----A---- C:\Windows\system32\iepeers.dll
2012-02-16 15:46:09 ----A---- C:\Windows\system32\ieapfltr.dll
2012-02-16 15:46:07 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-16 15:46:05 ----A---- C:\Windows\system32\win32k.sys
2012-02-12 15:28:28 ----A---- C:\Windows\system32\VB5STKIT.DLL
2012-02-12 15:28:27 ----A---- C:\Windows\system32\iwpsetup.exe
2012-02-12 12:59:01 ----D---- C:\Program Files\Conduit
2012-02-12 00:40:19 ----D---- C:\Users\johny\AppData\Roaming\Thinstall
2012-02-09 15:13:00 ----D---- C:\Program Files\LogMeIn Hamachi
2012-02-05 16:48:01 ----A---- C:\Windows\system32\quartz.dll
2012-02-05 16:48:00 ----A---- C:\Windows\system32\qdvd.dll
2012-02-05 16:47:57 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-02-05 16:47:57 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-02-05 16:47:54 ----A---- C:\Windows\system32\psisdecd.dll
2012-02-05 16:47:51 ----A---- C:\Windows\system32\winmm.dll
2012-02-05 16:47:51 ----A---- C:\Windows\system32\mciseq.dll
2012-02-05 16:47:49 ----A---- C:\Windows\system32\drivers\dfsc.sys
2012-02-05 16:47:46 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2012-02-05 16:47:46 ----A---- C:\Windows\system32\drivers\bthport.sys
2012-02-05 16:47:42 ----A---- C:\Windows\system32\ntdll.dll
2012-02-05 16:47:37 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2012-02-05 16:47:37 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2012-02-05 16:47:37 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2012-02-05 16:47:35 ----A---- C:\Windows\system32\EncDec.dll
2012-02-05 16:47:18 ----A---- C:\Windows\system32\drivers\afd.sys
2012-02-05 16:47:16 ----A---- C:\Windows\system32\drivers\srvnet.sys
2012-02-05 16:47:16 ----A---- C:\Windows\system32\drivers\srv2.sys
2012-02-05 16:46:49 ----A---- C:\Windows\system32\packager.dll
2012-02-05 16:46:45 ----A---- C:\Windows\system32\winsrv.dll
2012-02-05 16:45:38 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-02-05 16:45:31 ----A---- C:\Windows\system32\inetcomm.dll
2012-02-05 16:45:02 ----A---- C:\Windows\system32\csrsrv.dll
2012-02-05 16:44:57 ----A---- C:\Windows\system32\schannel.dll
2012-02-05 16:44:56 ----A---- C:\Windows\system32\winhttp.dll
2012-02-05 16:44:56 ----A---- C:\Windows\system32\lsasrv.dll
2012-02-05 16:44:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-02-05 16:44:55 ----A---- C:\Windows\system32\secur32.dll
2012-02-05 16:44:55 ----A---- C:\Windows\system32\lsass.exe
2012-02-05 16:44:34 ----A---- C:\Windows\system32\tzres.dll
2012-02-05 16:43:34 ----A---- C:\Windows\system32\oleacc.dll
2012-02-05 16:43:33 ----A---- C:\Windows\system32\UIAutomationCore.dll
2012-02-05 16:43:33 ----A---- C:\Windows\system32\oleaut32.dll
2012-02-05 16:43:32 ----A---- C:\Windows\system32\oleaccrc.dll
2012-02-05 16:43:07 ----A---- C:\Windows\system32\kernel32.dll
2012-02-05 16:43:05 ----A---- C:\Windows\system32\xmllite.dll
2012-02-02 16:10:38 ----D---- C:\ProgramData\Codemasters
2012-02-02 16:06:46 ----A---- C:\Windows\system32\D3DX9_42.dll

======List of files/folders modified in the last 1 month======

2012-02-26 18:36:16 ----D---- C:\Program Files\Trend Micro
2012-02-26 18:31:47 ----D---- C:\Windows
2012-02-26 18:30:49 ----D---- C:\Qoobox
2012-02-26 18:28:00 ----A---- C:\Windows\system.ini
2012-02-26 18:27:42 ----D---- C:\Windows\system32\drivers\etc
2012-02-26 18:26:51 ----D---- C:\Windows\System32
2012-02-26 18:22:48 ----D---- C:\Windows\system32\drivers
2012-02-26 18:22:48 ----D---- C:\Windows\AppPatch
2012-02-26 18:22:45 ----D---- C:\Program Files\Common Files
2012-02-26 17:45:36 ----D---- C:\Windows\Debug
2012-02-26 15:25:59 ----D---- C:\Users\johny\AppData\Roaming\Winamp
2012-02-26 12:17:11 ----D---- C:\Windows\inf
2012-02-26 12:17:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-26 11:36:57 ----D---- C:\Program Files\Google
2012-02-26 11:32:33 ----D---- C:\Windows\Prefetch
2012-02-26 11:31:17 ----D---- C:\Windows\Tasks
2012-02-26 11:31:02 ----D---- C:\Logs
2012-02-26 11:17:00 ----SHD---- C:\Windows\Installer
2012-02-26 11:14:10 ----SHD---- C:\System Volume Information
2012-02-24 12:43:26 ----D---- C:\Windows\system32\Tasks
2012-02-23 20:17:17 ----D---- C:\Users\johny\AppData\Roaming\Skype
2012-02-23 19:28:00 ----D---- C:\ProgramData
2012-02-23 17:23:21 ----A---- C:\Windows\system32\aswBoot.exe
2012-02-21 17:45:35 ----D---- C:\Users\johny\AppData\Roaming\DAEMON Tools Lite
2012-02-20 07:13:01 ----D---- C:\Windows\system32\catroot2
2012-02-17 08:46:43 ----D---- C:\Windows\Microsoft.NET
2012-02-17 07:48:46 ----D---- C:\Windows\winsxs
2012-02-17 07:31:48 ----RSD---- C:\Windows\assembly
2012-02-17 07:28:28 ----D---- C:\Windows\system32\WDI
2012-02-16 21:41:35 ----D---- C:\Windows\system32\migration
2012-02-16 21:41:35 ----D---- C:\Program Files\Internet Explorer
2012-02-16 15:53:55 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-16 15:52:50 ----D---- C:\Windows\system32\catroot
2012-02-16 15:52:44 ----D---- C:\Program Files\Windows Mail
2012-02-13 19:37:13 ----D---- C:\Program Files\Mozilla Firefox
2012-02-13 16:08:13 ----RD---- C:\Program Files
2012-02-11 20:34:39 ----A---- C:\Windows\iun6002.exe
2012-02-06 15:24:46 ----D---- C:\Windows\Logs
2012-02-05 18:09:50 ----D---- C:\Windows\rescache
2012-02-05 17:47:37 ----RSD---- C:\Windows\Fonts
2012-02-05 17:47:36 ----D---- C:\Windows\system32\sk-SK
2012-02-05 17:47:36 ----D---- C:\Windows\ehome
2012-02-05 17:01:28 ----A---- C:\Windows\win.ini
2012-02-05 16:56:04 ----D---- C:\Program Files\Common Files\System
2012-02-02 16:07:10 ----D---- C:\Program Files\BRS
2012-02-02 16:07:04 ----A---- C:\Windows\system32\wrap_oal.dll
2012-02-02 16:07:04 ----A---- C:\Windows\system32\OpenAL32.dll
2012-02-02 08:01:57 ----SD---- C:\ProgramData\Microsoft
2012-01-31 14:27:02 ----D---- C:\Windows\system32\Msdtc
2012-01-31 14:27:00 ----D---- C:\Windows\system32\wbem
2012-01-31 14:26:09 ----D---- C:\Windows\system32\config
2012-01-31 14:25:52 ----D---- C:\Windows\system32\spool
2012-01-31 14:25:51 ----D---- C:\Users\johny\AppData\Roaming\GHISLER
2012-01-31 14:25:48 ----D---- C:\Windows\registration
2012-01-30 17:51:34 ----SD---- C:\Users\johny\AppData\Roaming\Microsoft
2012-01-29 05:10:42 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AlfaFF;AlfaFF File System mini-filter; C:\Windows\system32\Drivers\AlfaFF.sys [2009-01-09 43184]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-07-20 324120]
R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2011-04-26 64512]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-03-04 18992]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-04 691696]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2012-02-23 35672]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-02-23 610648]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-02-23 337112]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-02-23 53848]
R1 ISODrive;ISO CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2007-01-24 67584]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2011-02-18 142592]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-02-23 20696]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-02-23 57688]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-02-01 279712]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-01-26 69632]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-02-01 25888]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-04 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-04 60464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2008-04-25 146688]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
R3 catchme;catchme; \??\C:\Users\johny\AppData\Local\Temp\catchme.sys []
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2008-07-02 21264]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\Windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-28 2127512]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-11-12 122984]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2011-01-08 10467656]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 15048]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 66632]
S1 prodrv03;Star Force copy protection driver v3; C:\Windows\System32\drivers\prodrv03.sys [2009-01-13 115968]
S3 a4p0y36v;a4p0y36v; C:\Windows\system32\drivers\a4p0y36v.sys []
S3 ajknzr0y;ajknzr0y; C:\Windows\system32\drivers\ajknzr0y.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]
S3 cimo;cimo; \??\C:\Windows\system32\cimo.sys [2009-08-05 51200]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\johny\AppData\Local\Temp\DRYD6E2.tmp []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-12-30 15600]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 Maplom;Maplom; C:\Windows\system32\drivers\Maplom.sys []
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-04-11 31616]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 37704]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2010-04-27 31816]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-02-23 44768]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-04 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 1373576]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 608872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-02-18 496128]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 GJService;Game Jackal Server; C:\ProgramData\{AAD0A813-CC18-4D28-A1CC-4DC0DF41A592}\Server.exe [2010-04-16 2031040]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
S2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2009-01-09 3471360]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S3 GoogleDesktopManager-051210-111108;Správca pre program Google Desktop 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-17 30192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 KFJZNW;KFJZNW; C:\Users\johny\AppData\Local\Temp\KFJZNW.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Zdravím!
Dělal jste dnes sken ComboFix. Rád bych viděl log z něho, neboť zamete všechny stopy, takže sken RSIT je zkreslen. Najdete ho v c:\combofix.txt.

áno robil som najrpv ten a potom RSIT - tu je combo log

ComboFix 12-02-25.02 - johny . 02. 2012 18:17:31.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3066.2006 [GMT 1:00]
Running from: c:\users\johny\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\tmpBA5C.tmp
c:\windows\system32\tmpBA9C.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-24 11:54 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DF302B7-204F-4FA1-BD29-D025569B6DC1}\mpengine.dll
2012-02-23 18:28 . 2012-02-23 18:28 -------- d-----w- c:\programdata\Trymedia
2012-02-16 14:45 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-12 14:28 . 1997-01-15 23:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
2012-02-12 14:28 . 2009-11-13 10:34 213856 ----a-w- c:\windows\system32\iwpsetup.exe
2012-02-12 11:59 . 2012-02-12 11:59 -------- d-----w- c:\program files\Conduit
2012-02-11 23:40 . 2012-02-11 23:40 -------- d-----w- c:\users\johny\AppData\Roaming\Thinstall
2012-02-11 23:40 . 2012-02-11 23:40 -------- d-----w- c:\users\johny\AppData\Local\Thinstall
2012-02-09 14:13 . 2012-02-09 14:13 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-05 15:48 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-02-05 15:48 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-02-05 15:46 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-02-05 15:46 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-02-05 15:45 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-05 15:45 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2012-02-05 15:45 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-05 15:44 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-02-05 15:44 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-05 15:44 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-02-05 15:44 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-05 15:44 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-02-05 15:44 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-02-05 15:44 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-05 15:43 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-02-05 15:43 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-02-05 15:43 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-02-05 15:43 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-02-05 15:42 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-02-02 15:10 . 2012-02-02 15:10 -------- d-----w- c:\programdata\Codemasters
2012-02-02 15:06 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-01-31 13:33 . 2012-01-31 13:33 0 ---ha-w- c:\users\johny\AppData\Local\BITF5E2.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:23 . 2011-02-16 11:43 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2011-02-16 11:43 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-02-26 11:52 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2011-02-16 11:43 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2011-02-16 11:43 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2011-02-16 11:43 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2011-02-16 11:43 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 16:10 . 2011-02-16 11:43 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-11 19:34 . 2012-01-10 14:32 737280 ----a-w- c:\windows\iun6002.exe
2012-02-02 15:07 . 2010-09-28 12:54 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-02 15:07 . 2010-09-28 12:54 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-29 04:10 . 2009-10-03 16:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-08 17:04 . 2012-01-08 17:05 715038 ----a-w- c:\windows\unins000.exe
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-07 18:32 . 2012-01-08 17:05 216064 ----a-w- c:\windows\system32\lagarith.dll
2011-02-17 15:22 . 2010-02-16 18:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-17 30192]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-09 3607040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"mouseElf"="c:\progra~1\TWINTO~1\MouseElf.EXE" [2004-08-26 192512]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-07-14 118784]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-01-09 18:04 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-07 12:18 1987976 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2011-02-18 12:07 3318784 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-26 07:40]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 13:47]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 13:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &U????????? - c:\program files\NamiRobot\Data\du.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-26 18:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\johny\AppData\Local\Temp\DRYD6E2.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3966806968-2824471673-2848729136-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b4,88,b4,46,81,ab,ce,b6,b5,90,48,10,2e,cf,22,1f,69,7e,7b,5a,13,ef,8d,
4a,aa,1d,ee,a2,97,e3,19,fd,9b,3e,bf,7d,9e,58,55,59,0f,fe,eb,99,12,18,89,4a,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-3966806968-2824471673-2848729136-1000\Software\SecuROM\License information*]
"datasecu"=hex:fd,cf,74,42,12,1c,47,9b,13,87,7d,cb,95,c6,0a,4c,82,94,23,78,da,
b9,03,53,c3,40,45,2a,aa,4f,98,87,36,1a,8e,30,5d,42,b3,ac,31,9d,a6,3d,22,27,\
"rkeysecu"=hex:01,e4,58,16,39,a8,01,79,3c,5e,e3,08,30,e3,75,2e
.
Completion time: 2012-02-26 18:30:46
ComboFix-quarantined-files.txt 2012-02-26 17:30
ComboFix2.txt 2011-08-07 09:24
ComboFix3.txt 2011-05-25 19:04
ComboFix4.txt 2011-05-25 18:29
.
Pre-Run: 35 097 001 984 bytes free
Post-Run: 35 049 013 248 bytes free
.
- - End Of File - - 649979F534BEABF7D4028D6F71360034

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\ConduitEngine

Collect::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

Firefox::
FF - ProfilePath - c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

Regnull::
[HKEY_USERS\S-1-5-21-3966806968-2824471673-2848729136-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-3966806968-2824471673-2848729136-1000\Software\SecuROM\License information*]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

trochu to trvalo ...

ComboFix 12-02-25.02 - johny . 02. 2012 19:45:31.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3066.1941 [GMT 1:00]
Running from: c:\users\johny\Desktop\ComboFix.exe
Command switches used :: c:\users\johny\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png
c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf
c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitAutoCompleteSearch.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitAutoCompleteSearch.xpt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitToolbar.idl
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitToolbar.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitToolbar.xpt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.xpt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.xpt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults\default_radio_skin.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults\fbAlert.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\chrome.manifest
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\chrome\softonic-eng7.jar
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\install.rdf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\lib\xpcom.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\META-INF\manifest.mf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\META-INF\zigbert.rsa
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\META-INF\zigbert.sf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.gif
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.PNG
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.src
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\setup.ini
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\version.txt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.idl
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.xpt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.xpt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineContextMenu.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineSettings.json
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib\xpcom.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.gif
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.PNG
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.src
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\setup.ini
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\components\ConduitToolbar.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\defaults\engineSettings.json
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\defaults\fbAlert.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\DualPackage\install.rdf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\chrome.manifest
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\chrome\conduitengine.jar
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\install.rdf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\lib\xpcom.js
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\META-INF\manifest.mf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\META-INF\zigbert.sf
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\searchplugin\conduit.gif
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\searchplugin\conduit.ico
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\searchplugin\conduit.src
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\searchplugin\conduit.xml
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\setup.ini
c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\extensions\engine@conduit.com\version.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 18:55 . 2012-02-26 18:58 -------- d-----w- c:\users\johny\AppData\Local\temp
2012-02-26 18:55 . 2012-02-26 18:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-26 18:55 . 2012-02-26 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-23 18:28 . 2012-02-23 18:28 -------- d-----w- c:\programdata\Trymedia
2012-02-16 14:45 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-12 14:28 . 1997-01-15 23:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
2012-02-12 14:28 . 2009-11-13 10:34 213856 ----a-w- c:\windows\system32\iwpsetup.exe
2012-02-12 11:59 . 2012-02-12 11:59 -------- d-----w- c:\program files\Conduit
2012-02-11 23:40 . 2012-02-11 23:40 -------- d-----w- c:\users\johny\AppData\Roaming\Thinstall
2012-02-11 23:40 . 2012-02-11 23:40 -------- d-----w- c:\users\johny\AppData\Local\Thinstall
2012-02-09 14:13 . 2012-02-09 14:13 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-05 15:48 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-02-05 15:48 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-02-05 15:46 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-02-05 15:46 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-02-05 15:45 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-05 15:45 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2012-02-05 15:45 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-05 15:44 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-02-05 15:44 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-05 15:44 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-02-05 15:44 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-05 15:44 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-02-05 15:44 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-02-05 15:44 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-05 15:43 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-02-05 15:43 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-02-05 15:43 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-02-05 15:43 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-02-05 15:42 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-02-02 15:10 . 2012-02-02 15:10 -------- d-----w- c:\programdata\Codemasters
2012-02-02 15:06 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-01-31 13:33 . 2012-01-31 13:33 0 ---ha-w- c:\users\johny\AppData\Local\BITF5E2.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:23 . 2011-02-16 11:43 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2011-02-16 11:43 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-02-26 11:52 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2011-02-16 11:43 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2011-02-16 11:43 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2011-02-16 11:43 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2011-02-16 11:43 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 16:10 . 2011-02-16 11:43 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-11 19:34 . 2012-01-10 14:32 737280 ----a-w- c:\windows\iun6002.exe
2012-02-08 06:03 . 2012-02-24 11:54 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DF302B7-204F-4FA1-BD29-D025569B6DC1}\mpengine.dll
2012-02-02 15:07 . 2010-09-28 12:54 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-02 15:07 . 2010-09-28 12:54 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-29 04:10 . 2009-10-03 16:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-08 17:04 . 2012-01-08 17:05 715038 ----a-w- c:\windows\unins000.exe
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-07 18:32 . 2012-01-08 17:05 216064 ----a-w- c:\windows\system32\lagarith.dll
2011-02-17 15:22 . 2010-02-16 18:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-17 30192]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-09 3607040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"mouseElf"="c:\progra~1\TWINTO~1\MouseElf.EXE" [2004-08-26 192512]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-07-14 118784]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-01-09 18:04 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-07 12:18 1987976 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2011-02-18 12:07 3318784 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 13:47]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 13:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &U????????? - c:\program files\NamiRobot\Data\du.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\johny\AppData\Roaming\Mozilla\Firefox\Profiles\uumgwdji.default\
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-26 19:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\johny\AppData\Local\Temp\DRYD6E2.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2136)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\programdata\{AAD0A813-CC18-4D28-A1CC-4DC0DF41A592}\Server.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Acer\Acer Bio Protection\BASVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-02-26 20:05:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-26 19:04
ComboFix2.txt 2012-02-26 17:30
ComboFix3.txt 2011-08-07 09:24
ComboFix4.txt 2011-05-25 19:04
ComboFix5.txt 2012-02-26 18:43
.
Pre-Run: 34 892 128 256 bytes free
Post-Run: 34 767 302 656 bytes free
.
- - End Of File - - 3555FB152B3BC991055F3C9604E28A3C
Upload was successful

Smazáno. Nastala nějaká změna?

tak neviem vám to hneď povedať, iba po pár hodinách či mi vypadne internet, ale ide rýchlejšie pripojenie tak myslím že to pomohlo, uvidíme... a ďakujem vám veľmi pekne za pomoc aj za čas

Nemáte zač! Případně se ozvěte.