VIRY.CZ

ComboFix 11-01-17.05 - Omikron123 . 01. 2011 21:45:32.4.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.3071.2043 [GMT 1:00]
Running from: c:\users\Omikron123\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))
.

2011-01-18 20:48 . 2011-01-18 20:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-18 20:48 . 2011-01-18 20:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-17 19:09 . 2011-01-17 19:09 236544 ----a-w- c:\windows\Jqesib.exe
2011-01-15 07:35 . 2011-01-15 07:35 -------- d-----w- c:\program files\NCH Swift Sound
2011-01-15 07:15 . 2011-01-15 07:15 -------- d-----w- c:\program files\Cool Record Edit Pro
2011-01-15 07:10 . 2011-01-15 20:14 -------- d-----w- c:\users\Omikron123\AppData\Roaming\Cool Record Edit Pro
2011-01-14 21:53 . 2011-01-14 22:03 -------- d-----w- c:\users\Omikron123\AppData\Roaming\AV Audio Editor
2011-01-11 23:41 . 2011-01-14 22:08 -------- d-----w- c:\users\Omikron123\AppData\Roaming\Cool Record Edit Deluxe
2011-01-11 23:41 . 2005-03-28 14:52 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll
2011-01-11 22:08 . 2011-01-15 07:35 -------- d-----w- c:\users\Omikron123\AppData\Roaming\NCH Swift Sound
2011-01-11 22:08 . 2011-01-11 23:28 -------- d-----w- c:\programdata\NCH Swift Sound
2011-01-11 19:47 . 2011-01-11 19:47 -------- d-----w- c:\users\Omikron123\AppData\Roaming\Stardock
2011-01-08 23:37 . 2011-01-08 23:37 -------- d-----w- c:\program files\HyperSnap 6
2011-01-08 22:29 . 2011-01-08 22:29 -------- d-----w- c:\users\Omikron123\AppData\Roaming\Inbit
2011-01-08 22:26 . 2011-01-08 22:26 -------- d-----w- c:\programdata\Inbit
2011-01-08 18:26 . 2011-01-08 19:02 -------- d-----w- c:\users\Omikron123\AppData\Roaming\SolidDocuments
2011-01-08 18:26 . 2011-01-08 18:26 -------- d-----w- c:\programdata\SolidDocuments
2011-01-08 16:13 . 2011-01-08 16:13 -------- d-----w- c:\program files\Windows Media Adapter v615
2011-01-08 16:13 . 2011-01-08 16:13 -------- d-----w- C:\PixelMetrics Logs
2011-01-04 19:37 . 2011-01-04 19:37 -------- d-----w- c:\windows\system32\drivers\mycodec
2010-12-30 21:16 . 2010-12-30 21:16 -------- d-----w- c:\users\Omikron123\AppData\Local\VS Revo Group
2010-12-30 21:16 . 2009-12-30 10:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-12-30 21:16 . 2010-12-30 21:16 -------- d-----w- c:\program files\VS Revo Group
2010-12-30 21:12 . 2010-12-30 21:12 -------- d-----w- c:\users\Omikron123\AppData\Local\Helicon
2010-12-30 21:12 . 2010-12-30 21:12 -------- d-----w- c:\program files\Common Files\Nikon
2010-12-28 13:58 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2010-12-26 14:57 . 2010-12-26 14:57 -------- d-----w- c:\program files\CCleaner
2010-12-24 11:59 . 2010-12-25 22:59 -------- d-----w- c:\program files\Unlocker
2010-12-20 15:23 . 2010-12-20 15:23 -------- d-----w- c:\users\Omikron123\AppData\Roaming\DonationCoder
2010-12-19 21:21 . 2010-12-19 21:21 -------- d-----w- c:\users\Omikron123\AppData\Local\assembly
2010-12-19 21:21 . 2010-12-19 21:21 -------- d-----w- c:\programdata\TechSmith
2010-12-19 21:21 . 2010-12-19 21:21 -------- d-----w- c:\users\Omikron123\AppData\Local\TechSmith
2010-12-19 21:21 . 2010-12-19 21:21 -------- d-----w- c:\program files\TechSmith

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-05 328056]
"TpScrex"="c:\programdata\TpScrex\TpScrex.exe" [2010-11-05 12800]
"HiDownload"="c:\program files\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe" [2010-11-19 5281792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-06 9394792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Pro]
0 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 13:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-28 23:25 497648 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 176128]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2010-10-20 196928]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-20 67904]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 6380032]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 221696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-07-15 101904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-09-03 279656]


--- Other Services/Drivers In Memory ---

*Deregistered* - MpNWMon
*Deregistered* - NisDrv
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2117678
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Omikron123\AppData\Roaming\Mozilla\Firefox\Profiles\nbxo7t7l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://sk.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-18 21:49:58
ComboFix-quarantined-files.txt 2011-01-18 20:49
ComboFix2.txt 2010-11-25 19:49
ComboFix3.txt 2010-11-25 19:43
ComboFix4.txt 2010-11-25 19:32

Pre-Run: 25 426 243 584 bytes free
Post-Run: 25 359 577 088 bytes free

- - End Of File - - 9646207A11E91D42AB7F224210DB88EE


Ďakujem

Zdravicko.

tuto haluzinku c:\windows\Jqesib.exe prosim zrarujte a upnite na leteckaposta.cz ... odkaz tu potom dajte.

Mám problém! Keď som chcel požadovaný súbor zrarovať, dostal som oznam, že prístup bol odmietnutý! Takže momentálne neviem ako ďalej...

skopni ho na plochu a potom zraruj

Mám druhý problém. Súbor som už spakoval, rar som uploadol na leteckaposta.cz ale nepoznám Tvoj email...

posli mi to v poste tu na fore

Nech sa páči.... Sorry, súbor je tam 2x

klikni tento navod : http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35

podla navodu do okna skopiruj:

files to delete:
c:\windows\Jqesib.exe

klik na EXECUTE >> ANO|YES|OK

Po resete sem daj log, ktory sa nacita po vstupe do ok.

Trochu som zblbol a súbor Jqesib.exe som neskopíroval na plochu ale presunul! Preto pri spustení avenger nemal čo mazať... Znova som raz skopíroval inkriminovaný súbor do adresára Windows a opäť zrunoval avengera. Súbor bol úspešne zmazaný, ale objavili sa tam nejaké iné hlášky...

Takže tak

povedal si, ze ked si sa ho pokusal zrarovat, neslo, som myslel, ze je zavedeny, preto ten avenger..treba ho zmazat, nemal si ho tam znova kopirovat, ale co uz..

uz v pc nie je? ake hlasky

Posielam aktuálny stav môjho PC

skopiruj sem do fora obsah toho subora .ini

Prosím pekne...

Posielam obsah súboru

[rename]
nul=c:\tempjunk2370.tmp
c:\tempjunk8231.tmp=C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\tempjunk2370.tmp=C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

ok, mozes to zmazat.