Prosim o kontrolu

Stanley73 · Napísal **Stanley73**: 19.12.2007 19:40

Mam tam nejaku zakernost, defender ju nenasie a ani Adaware 2007, trosku ma to rozculuje, pri spusteni Firefoxa obcas vyhodi reklamnu stranku

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:32, on 19.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\windows\system32\qmbtqudmvz.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\nsinet.exe /res
O4 - HKCU\..\Run: [hqgnfv] c:\windows\system32\hqgnfv.exe hqgnfv
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9527654703
O17 - HKLM\System\CCS\Services\Tcpip\..\{103BBD77-7342-45A3-834F-1F5CBE9B1048}: NameServer = 195.146.128.62,195.146.132.59
O17 - HKLM\System\CS1\Services\Tcpip\..\{103BBD77-7342-45A3-834F-1F5CBE9B1048}: NameServer = 195.146.128.62,195.146.132.59
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7069 bytes

Tomas1 · Napísal **Tomas1**: 19.12.2007 19:48

Fixni:

O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\nsinet.exe /res
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

Cez Avenger zmaz toto:

Kód:

C:\WINDOWS\system32\nsinet.exe /res

potom novy log

yaJohny · Napísal **yaJohny**: 19.12.2007 19:50

C:\windows\system32\qmbtqudmvz.exe
O4 - HKCU\..\Run: [hqgnfv] c:\windows\system32\hqgnfv.exe hqgnfv

a toto?

Stanley73 · Napísal autor témy **Stanley73**: 19.12.2007 20:06

Urobilsom presne podla navodu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:51, on 19.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\windows\system32\qmbtqudmvz.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [hqgnfv] c:\windows\system32\hqgnfv.exe hqgnfv
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9527654703
O17 - HKLM\System\CCS\Services\Tcpip\..\{103BBD77-7342-45A3-834F-1F5CBE9B1048}: NameServer = 195.146.128.62,195.146.132.59
O17 - HKLM\System\CS1\Services\Tcpip\..\{103BBD77-7342-45A3-834F-1F5CBE9B1048}: NameServer = 195.146.128.62,195.146.132.59
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6868 bytes

Stanley73 · Napísal autor témy **Stanley73**: 19.12.2007 20:42

Uz je to v poriadku?

Tomas1 · Napísal **Tomas1**: 20.12.2007 17:15

Toto poznaš?

C:\windows\system32\qmbtqudmvz.exe

ak to nepoznaš tak to fixni

A vyskakuje ti este ta reklamna stranka...alebo je este nejaky problem

Horalka · Napísal **Horalka**: 22.12.2007 12:31

C:\windows\system32\qmbtqudmvz.exe
C:\windows\system32\hqgnfv.exe

Otestuj na virustotal.com

Stanley73 · Napísal autor témy **Stanley73**: 23.12.2007 14:23

Stale mi vyskakuje nejaka stranka na instant acces a na online kontrolu malware. Urobil som vsetko ako ste povedali, fixol som vsetko, ale stale bez vysledku. Neviem urobit kontrolu cez virustotal.com, najnovsi log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:49, on 23.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6\ICQ.exe
C:\windows\system32\nivvgdbxn.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9527654703
O17 - HKLM\System\CCS\Services\Tcpip\..\{103BBD77-7342-45A3-834F-1F5CBE9B1048}: NameServer = 195.146.128.62,195.146.132.59
O17 - HKLM\System\CS1\Services\Tcpip\..\{103BBD77-7342-45A3-834F-1F5CBE9B1048}: NameServer = 195.146.128.62,195.146.132.59
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7002 bytes

Tomas1 · Napísal **Tomas1**: 23.12.2007 14:48

Toto sa mi nepáči

C:\windows\system32\nivvgdbxn.exe

Otestuj to na www.virustotal.com klikneš na vyhladať..daš tam ten subor a potom už len kliknes na send file a čakaš

Potom sem hod link s vysledkami.

Horalka · Napísal **Horalka**: 23.12.2007 18:04

tomino0123 píše:

C:\windows\system32\nivvgdbxn.exe

Otestuj to na www.virustotal.com klikneš na vyhladať..daš tam ten subor a potom už len kliknes na send file a čakaš

Potom sem hod link s vysledkami.

+

C:\windows\system32\qmbtqudmvz.exe
C:\windows\system32\hqgnfv.exe

Roberbo · Napísal **Roberbo**: 23.12.2007 23:45

Skus este takto:

Skus:

1. Odznac si "skryt zname pripony suborov.." v menu Tento pocitac. moznosti zlozky.
2. Na ploche vytvor novy textovy subor. Premenuj ho na zistim.bat
zistim.bat musi mat ikonu "servisne koliesko". Ak nema vrat sa k bodu 1.

Pravym tlacitkom daj nan - upravit a vloz tam toto:

Kód:

if exist mam.txt del mam.txt
echo Pozri (rb) c: >> mam.txt
for /f "delims=" %%a in ('dir /a:-d /o:-d c:') do echo C:\%%a >> 1.txt
for /f "delims=" %%b in (1.txt) do echo %%~azxntb >> 2.txt
findstr /n "\." 2.txt > 3.txt
for /l %%a in (1,1,42) do findstr /b "%%a:" 3.txt >> mam.txt
del 1.txt 2.txt 3.txt
echo Skryte na c: (rb) >> mam.txt
dir "c:\" /A:S /A:H /O:N >> mam.txt
echo Pozri %Windir% co nove >> mam.txt
for /f "delims=" %%a in ('dir /a:-d /o:-d %Windir%') do echo %Windir%\%%a >> 1.txt
for /f "delims=" %%b in (1.txt) do echo %%~azxntb >> 2.txt
findstr /n "\." 2.txt > 3.txt
for /l %%a in (1,1,42) do findstr /b "%%a:" 3.txt >> mam.txt
del 1.txt 2.txt 3.txt
echo Pozri %Windir%\system32 >> mam.txt
for /f "delims=" %%a in ('dir /a:-d /o:-d %Windir%\system32') do echo %Windir%\system32\%%a >> 1.txt
for /f "delims=" %%b in (1.txt) do echo %%~azxntb >> 2.txt
findstr /n "\." 2.txt > 3.txt
for /l %%a in (1,1,42) do findstr /b "%%a:" 3.txt >> mam.txt
del 1.txt 2.txt 3.txt
notepad mam.txt

Uloz a spusti zistim.bat.
Zobrazeny obsah suboru mam.txt skopiruj sem do fora.

Stanley73 · Napísal autor témy **Stanley73**: 24.12.2007 12:03

tomino0123 píše:

Toto sa mi nepáči

C:\windows\system32\nivvgdbxn.exe

Otestuj to na www.virustotal.com klikneš na vyhladať..daš tam ten subor a potom už len kliknes na send file a čakaš

Potom sem hod link s vysledkami.

nenasiel som ten subor a nai ostane, co pisal MiNoR, ale nasiel som jeden podozrivy otestoval som ho cez virustotal.com a toto je vysledok:
File nsinet.exe received on 12.24.2007 11:54:33 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 14/32 (43.75%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.12.24.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.24 DIAL/157856.A
Authentium 4.93.8 2007.12.23 -
Avast 4.7.1098.0 2007.12.24 -
AVG 7.5.0.516 2007.12.23 Potentially harmful program Dialer.GUW
BitDefender 7.2 2007.12.24 -
CAT-QuickHeal 9.00 2007.12.22 PornDialer.EgroupDial.ae (Not a Virus)
ClamAV 0.91.2 2007.12.24 -
DrWeb 4.44.0.09170 2007.12.24 -
eSafe 7.0.15.0 2007.12.23 Suspicious File
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.24 -
FileAdvisor 1 2007.12.24 -
Fortinet 3.14.0.0 2007.12.24 -
F-Prot 4.4.2.54 2007.12.23 -
F-Secure 6.70.13030.0 2007.12.24 W32/Dialer.BXAS
Ikarus T3.1.1.15 2007.12.24 not-a-virus:Porn-Dialer.Win32.EgroupDial.x
Kaspersky 7.0.0.125 2007.12.24 not-a-virus:Porn-Dialer.Win32.EgroupDial.ae
McAfee 5191 2007.12.21 -
Microsoft 1.3109 2007.12.24 -
NOD32v2 2744 2007.12.23 -
Norman 5.80.02 2007.12.24 W32/Dialer.BXAS
Panda 9.0.0.4 2007.12.23 Suspicious file
Prevx1 V2 2007.12.24 Heuristic: Suspicious Self Modifying EXE
Rising 20.24.01.00 2007.12.24 -
Sophos 4.24.0 2007.12.24 -
Sunbelt 2.2.907.0 2007.12.21 VIPRE.Suspicious
Symantec 10 2007.12.24 -
TheHacker 6.2.9.168 2007.12.22 Trojan/Dialer.EgroupDial.ae
VBA32 3.12.2.5 2007.12.22 Porn-Dialer.Win32.EgroupDial.ae
VirusBuster 4.3.26:9 2007.12.23 -
Webwasher-Gateway 6.6.2 2007.12.24 Dialer.157856.A
Additional information
File size: 164712 bytes
MD5: 279126ef62bcea7ce1460f7b462c0ce0
SHA1: b258605cc81378db1e3aa1c7eaaade8306e6959a
PEiD: PECompact 2.xx (Slim Loader) --> BitSum Technologies
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramtext. ... 000FF039EB
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Stanley73 · Napísal autor témy **Stanley73**: 24.12.2007 12:09

Roberbo píše:

Skus este takto:

Skus:

1. Odznac si "skryt zname pripony suborov.." v menu Tento pocitac. moznosti zlozky.
2. Na ploche vytvor novy textovy subor. Premenuj ho na zistim.bat
zistim.bat musi mat ikonu "servisne koliesko". Ak nema vrat sa k bodu 1.

Pravym tlacitkom daj nan - upravit a vloz tam toto:

Kód:

if exist mam.txt del mam.txt
echo Pozri (rb) c: >> mam.txt
for /f "delims=" %%a in ('dir /a:-d /o:-d c:') do echo C:\%%a >> 1.txt
for /f "delims=" %%b in (1.txt) do echo %%~azxntb >> 2.txt
findstr /n "\." 2.txt > 3.txt
for /l %%a in (1,1,42) do findstr /b "%%a:" 3.txt >> mam.txt
del 1.txt 2.txt 3.txt
echo Skryte na c: (rb) >> mam.txt
dir "c:" /A:S /A:H /O:N >> mam.txt
echo Pozri %Windir% co nove >> mam.txt
for /f "delims=" %%a in ('dir /a:-d /o:-d %Windir%') do echo %Windir%\%%a >> 1.txt
for /f "delims=" %%b in (1.txt) do echo %%~azxntb >> 2.txt
findstr /n "\." 2.txt > 3.txt
for /l %%a in (1,1,42) do findstr /b "%%a:" 3.txt >> mam.txt
del 1.txt 2.txt 3.txt
echo Pozri %Windir%\system32 >> mam.txt
for /f "delims=" %%a in ('dir /a:-d /o:-d %Windir%\system32') do echo %Windir%\system32\%%a >> 1.txt
for /f "delims=" %%b in (1.txt) do echo %%~azxntb >> 2.txt
findstr /n "\." 2.txt > 3.txt
for /l %%a in (1,1,42) do findstr /b "%%a:" 3.txt >> mam.txt
del 1.txt 2.txt 3.txt
notepad mam.txt

Uloz a spusti zistim.bat.
Zobrazeny obsah suboru mam.txt skopiruj sem do fora.

Urobil som ako si prikazal:

Pozri (rb) c:
4:24.12.2007 12:07 16 mam.txt
5:24.12.2007 12:07 1˙016 zistim.bat
6:23.12.2007 07:36 1˙253˙888 vianoce(2).xls
7:20.12.2007 14:15 2˙559 GTA Liberty City.lnk
8:19.12.2007 20:01 130˙048 avenger.exe
9:19.12.2007 18:41 1˙469˙992 GenuineCheck.exe
10:16.12.2007 12:06 640 Mp3 Knife.lnk
11:16.12.2007 10:46 1˙548 CCleaner.lnk
12:08.12.2007 10:57 609 Odkaz na Warcraft III.lnk
13:08.12.2007 09:51 2˙581 Microsoft Office Word 2003.lnk
14:18.11.2007 17:09 2˙539 Microsoft Office Excel 2003.lnk
15:09.11.2007 18:13 778 Trophy Bass 2007.lnk
16:12.09.2007 17:15 104 Tento poźˇtaź.lnk
17:10.09.2007 18:12 885 Pinball.lnk
Skryte na c: (rb)
Zv„zok v jednotke C nem §iadnu menovku.
S‚riov‚ źˇslo zv„zku je EC72-1915

Věpis adres ra c:\

11.09.2007 15:42 211 boot.ini
19.12.2007 18:43 <DIR> Config.Msi
10.09.2007 18:15 0 IO.SYS
10.09.2007 18:15 0 MSDOS.SYS
10.09.2007 18:26 <DIR> MSOCache
11.09.2007 15:37 47˙564 NTDETECT.COM
11.09.2007 15:37 250˙032 ntldr
24.12.2007 10:52 805˙306˙368 pagefile.sys
11.09.2007 16:14 <DIR> RECYCLER
11.09.2007 15:54 <DIR> System Volume Information
6 sŁborov, 805˙604˙175 bajtov
4 adres rov, 49˙198˙575˙616 vo–něch bajtov
Pozri C:\WINDOWS co nove
4:24.12.2007 12:06 413 MAILTRAN.INI
5:24.12.2007 11:14 49 wiaservc.log
6:24.12.2007 11:13 1˙835˙608 WindowsUpdate.log
7:24.12.2007 10:52 0 0.log
8:24.12.2007 10:52 159 wiadebug.log
9:24.12.2007 10:52 2˙048 bootstat.dat
10:24.12.2007 10:43 32˙554 SchedLgU.Txt
11:24.12.2007 04:38 3˙969 wmsetup.log
12:23.12.2007 15:12 69 NeroDigital.ini
13:23.12.2007 14:23 1˙683 TRNCOM.INI
14:22.12.2007 16:48 33˙519 setupapi.log
15:22.12.2007 09:52 6˙736 iis6.log
16:22.12.2007 09:52 2˙057 comsetup.log
17:22.12.2007 09:52 311 tabletoc.log
18:22.12.2007 09:52 2˙821 tsoc.log
19:22.12.2007 09:52 342 ocmsn.log
20:22.12.2007 09:52 1˙247 ntdtcsetup.log
21:22.12.2007 09:52 1˙393 imsins.log
22:22.12.2007 09:52 6˙295 KB946627.log
23:22.12.2007 09:52 2˙916 ocgen.log
24:22.12.2007 09:52 425 MedCtrOC.log
25:22.12.2007 09:52 1˙083 netfxocm.log
26:22.12.2007 09:52 309 msgsocm.log
27:22.12.2007 09:52 6˙183 FaxSetup.log
28:22.12.2007 09:52 1˙906 msmqinst.log
29:22.12.2007 09:52 0 setupact.log
30:22.12.2007 09:52 0 setuperr.log
31:19.12.2007 21:06 0 mngui.INI
32:16.12.2007 15:33 436 Directx.log
33:16.12.2007 15:28 643 eReg.dat
34:16.12.2007 12:21 981˙364 DPINST.LOG
35:11.12.2007 19:12 169 RtlRack.ini
36:11.12.2007 18:53 802 dialerexe.ini
37:04.11.2007 10:11 1˙287 mozver.dat
38:20.10.2007 17:44 151 PhotoSnapViewer.INI
39:20.09.2007 22:44 2˙222 Wdict32.INI
40:16.09.2007 08:22 221 NCLogConfig.ini
41:11.09.2007 18:57 117˙185 hpoins11.dat
42:11.09.2007 18:57 572 win.ini
Pozri C:\WINDOWS\system32
4:24.12.2007 12:07 5˙600 nivvgdbxn.dat
5:24.12.2007 12:07 1˙511 nivvgdbxn_navps.dat
6:24.12.2007 10:52 2˙206 wpa.dbl
7:23.12.2007 11:42 541 qmbtqudmvz_navps.dat
8:23.12.2007 11:42 5˙706 qmbtqudmvz.dat
9:19.12.2007 20:59 289˙280 nivvgdbxn.exe
10:17.12.2007 18:13 297˙984 ynsngclutk.exe
11:16.12.2007 11:41 66˙512 perfc009.dat
12:16.12.2007 11:41 427˙728 perfh009.dat
13:16.12.2007 11:41 503˙200 PerfStringBackup.INI
14:16.12.2007 11:00 362˙173 qmbtqudmvz_nav.dat
15:16.12.2007 11:00 303˙104 qmbtqudmvz.exe
16:16.12.2007 10:47 2˙626 CONFIG.NT
17:15.12.2007 18:54 362˙173 nivvgdbxn_nav.dat
18:13.12.2007 16:07 266˙466 TZLog.log
19:11.12.2007 18:53 22 nvs2.inf
20:11.12.2007 17:44 164˙712 nsinet.exe
21:04.12.2007 14:04 837˙496 aswBoot.exe
22:04.12.2007 13:54 95˙608 AvastSS.scr
23:03.12.2007 00:00 18˙684˙536 MRT.exe
24:14.11.2007 08:26 450˙560 jscript.dll
25:13.11.2007 12:31 60˙416 tzchange.exe
26:30.10.2007 10:55 3˙065˙856 mshtml.dll
27:29.10.2007 23:43 1˙287˙680 quartz.dll
28:29.10.2007 11:04 350˙720 xpsp3res.dll
29:27.10.2007 17:40 222˙720 wmasf.dll
30:26.10.2007 04:34 8˙460˙288 shell32.dll
31:11.10.2007 14:12 1˙468˙968 LegitCheckControl.DLL
32:11.10.2007 06:57 666˙112 wininet.dll
33:11.10.2007 06:57 474˙112 shlwapi.dll
34:11.10.2007 06:57 617˙984 urlmon.dll
35:11.10.2007 06:57 1˙498˙112 shdocvw.dll
36:11.10.2007 06:57 39˙424 pngfilt.dll
37:11.10.2007 06:57 532˙480 mstime.dll
38:11.10.2007 06:57 146˙432 msrating.dll
39:11.10.2007 06:57 449˙024 mshtmled.dll
40:11.10.2007 06:57 251˙904 iepeers.dll
41:11.10.2007 06:57 16˙384 jsproxy.dll
42:11.10.2007 06:57 96˙256 inseng.dll

Tomas1 · Napísal **Tomas1**: 24.12.2007 15:41

Ten subor čo si testoval.. nsinet.exe tak ten je malware takže ho zlikviduj

A ktomu
C:\windows\system32\nivvgdbxn.exe

Tak ten subor tam musi byť lebo je aj spusteny;)

Jednoducho chod na www.virustotal.com a do kolkonky vyhladať skopiruj
C:\windows\system32\nivvgdbxn.exe

a potom aj tento.

C:\windows\system32\qmbtqudmvz.exe

A potom sem daj len link na tie vysledky

Stanley73 · Napísal autor témy **Stanley73**: 24.12.2007 18:27

tu je 1.:

File nivvgdbxn.exe received on 12.24.2007 18:18:01 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 2/32 (6.25%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.24 -
Authentium 4.93.8 2007.12.23 -
Avast 4.7.1098.0 2007.12.24 -
AVG 7.5.0.516 2007.12.24 -
BitDefender 7.2 2007.12.24 -
CAT-QuickHeal 9.00 2007.12.24 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.12.24 -
DrWeb 4.44.0.09170 2007.12.24 -
eSafe 7.0.15.0 2007.12.24 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.24 -
FileAdvisor 1 2007.12.24 -
Fortinet 3.14.0.0 2007.12.24 -
F-Prot 4.4.2.54 2007.12.23 -
F-Secure 6.70.13030.0 2007.12.24 -
Ikarus T3.1.1.15 2007.12.24 -
Kaspersky 7.0.0.125 2007.12.24 -
McAfee 5192 2007.12.24 -
Microsoft 1.3109 2007.12.24 -
NOD32v2 2745 2007.12.24 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.24 -
Prevx1 V2 2007.12.24 Heuristic: Suspicious Self Modifying EXE
Rising 20.24.02.00 2007.12.24 -
Sophos 4.24.0 2007.12.24 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.24 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 -
VirusBuster 4.3.26:9 2007.12.24 -
Webwasher-Gateway 6.6.2 2007.12.24 -
Additional information
File size: 289280 bytes
MD5: 8672dd3dafe45040314db505d04090e5
SHA1: f38a05367b0d6cdb3f42ffbcedf36e02dc93e94b
PEiD: Armadillo v1.71
Prevx info: http://info.prevx.com/aboutprogramtext. ... 001291C7E3

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

a tu je 2.:

File qmbtqudmvz.exe received on 12.24.2007 18:23:49 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/32 (3.13%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.24 -
Authentium 4.93.8 2007.12.23 -
Avast 4.7.1098.0 2007.12.24 -
AVG 7.5.0.516 2007.12.24 -
BitDefender 7.2 2007.12.24 -
CAT-QuickHeal 9.00 2007.12.24 -
ClamAV 0.91.2 2007.12.24 -
DrWeb 4.44.0.09170 2007.12.24 -
eSafe 7.0.15.0 2007.12.24 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.24 -
FileAdvisor 1 2007.12.24 -
Fortinet 3.14.0.0 2007.12.24 -
F-Prot 4.4.2.54 2007.12.23 -
F-Secure 6.70.13030.0 2007.12.24 -
Ikarus T3.1.1.15 2007.12.24 -
Kaspersky 7.0.0.125 2007.12.24 -
McAfee 5192 2007.12.24 -
Microsoft 1.3109 2007.12.24 -
NOD32v2 2745 2007.12.24 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.24 -
Prevx1 V2 2007.12.24 Heuristic: Suspicious Self Modifying EXE
Rising 20.24.02.00 2007.12.24 -
Sophos 4.24.0 2007.12.24 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.24 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 -
VirusBuster 4.3.26:9 2007.12.24 -
Webwasher-Gateway 6.6.2 2007.12.24 -
Additional information
File size: 303104 bytes
MD5: 41a5a214e0457ec7f884c2945f9a4bb0
SHA1: 7326e29d3b00c756bd73320323bad2fb6a90af84
PEiD: Armadillo v1.71
Prevx info: http://info.prevx.com/aboutprogramtext. ... 0009A582CE

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Horalka · Napísal **Horalka**: 24.12.2007 18:38

Použi ComboFix...
http://www.techsupportforum.com/combofix.exe
Potom sem vlož log...

Stanley73 · Napísal autor témy **Stanley73**: 25.12.2007 11:48

Start Time= ut 25.12.2007 11:46:28,10

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-12-25 11:45:02 ( .D... ) "C:\Program Files\Mozilla Firefox"
2007-12-19 19:36:52 ( .D... ) "C:\Program Files\Trend Micro"
2007-12-19 18:43:36 ( .D... ) "C:\Program Files\Windows Defender"
2007-12-17 18:13:12 297984 ( A.... ) "C:\WINDOWS\system32\ynsngclutk.exe"
2007-12-17 15:34:24 ( .D... ) "C:\Program Files\ICQToolbar"
2007-12-16 18:56:04 ( .D... ) "C:\Documents and Settings\Frantisek\Application Data\ICQ Toolbar"
2007-12-16 15:47:14 ( .D... ) "C:\Program Files\GameSpy Arcade"
2007-12-16 15:28:38 ( .D... ) "C:\Documents and Settings\Frantisek\Application Data\Help"
2007-12-16 15:24:42 ( .D... ) "C:\Program Files\directx"
2007-12-16 14:55:36 ( .D... ) "C:\Program Files\ICQ6"
2007-12-16 14:53:40 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2007-12-16 14:51:18 ( .D... ) "C:\Documents and Settings\Frantisek\Application Data\ICQ"
2007-12-16 14:49:44 ( .D... ) "C:\Documents and Settings\Frantisek\Application Data\InstallShield"
2007-12-16 12:21:26 ( .D... ) "C:\Documents and Settings\Frantisek\Application Data\Sony Ericsson"
2007-12-16 12:21:24 ( .D... ) "C:\Documents and Settings\Frantisek\Application Data\Teleca"
2007-12-16 12:18:50 ( .D... ) "C:\Program Files\Sony Ericsson"
2007-12-16 12:18:50 ( .D... ) "C:\Program Files\Common Files\Teleca Shared"
2007-12-16 12:06:34 ( .D... ) "C:\Program Files\Mp3 Knife"
2007-12-16 11:41:24 ( .D... ) "C:\Documents and Settings\Frantisek\Application Data\Samsung"
2007-12-16 11:37:36 ( .D... ) "C:\Program Files\Samsung"
2007-12-16 11:00:04 303104 ( A.... ) "C:\WINDOWS\system32\qmbtqudmvz.exe"
2007-12-16 10:44:06 ( .D... ) "C:\Program Files\FastStone Image Viewer"
2007-12-16 10:39:46 ( .D... ) "C:\Documents and Settings\Frantisek\Application Data\skypePM"
2007-12-16 10:39:24 ( .D... ) "C:\Program Files\Common Files\Skype"
2007-12-16 10:27:18 ( .D... ) "C:\Program Files\Unreal Commander"
2007-12-15 17:38:04 ( .D... ) "C:\Program Files\Empire Interactive"
2007-12-15 17:35:02 ( .D... ) "C:\Documents and Settings\Frantisek\Application Data\Adobe"
2007-12-15 17:34:42 ( .D... ) "C:\Program Files\Common Files\Adobe"
2007-12-13 16:06:20 ( .D... ) "C:\Program Files\Internet Explorer"
2007-12-04 14:04:28 837496 ( A.... ) "C:\WINDOWS\system32\aswBoot.exe"
2007-12-04 13:54:04 95608 ( A.... ) "C:\WINDOWS\system32\AvastSS.scr"
2007-12-03 00:00:06 18684536 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2007-11-23 19:16:40 ( .D... ) "C:\Program Files\Rockstar Games"
2007-11-14 08:26:56 450560 ( A.... ) "C:\WINDOWS\system32\jscript.dll"
2007-11-13 12:31:12 60416 ( ..... ) "C:\WINDOWS\system32\tzchange.exe"
2007-11-09 18:14:32 ( .D... ) "C:\Program Files\Trophy Bass 2007"
2007-10-30 10:55:22 3065856 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2007-10-29 23:43:04 1287680 ( A.... ) "C:\WINDOWS\system32\quartz.dll"
2007-10-29 11:04:04 350720 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2007-10-27 17:40:30 222720 ( A.... ) "C:\WINDOWS\system32\wmasf.dll"
2007-10-26 17:37:20 ( .D... ) "C:\Program Files\SEGA"
2007-10-26 04:34:02 8460288 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2007-10-11 14:12:48 1468968 ( A.... ) "C:\WINDOWS\system32\LegitCheckControl.DLL"
2007-10-11 06:57:42 666112 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2007-10-11 06:57:40 1498112 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"
2007-10-11 06:57:40 617984 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2007-10-11 06:57:40 474112 ( A.... ) "C:\WINDOWS\system32\shlwapi.dll"
2007-10-11 06:57:38 532480 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2007-10-11 06:57:38 39424 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2007-10-11 06:57:36 449024 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2007-10-11 06:57:36 146432 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2007-10-11 06:57:32 251904 ( A.... ) "C:\WINDOWS\system32\iepeers.dll"
2007-10-11 06:57:32 96256 ( A.... ) "C:\WINDOWS\system32\inseng.dll"
2007-10-11 06:57:32 16384 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2007-10-11 06:57:30 1054208 ( A.... ) "C:\WINDOWS\system32\danim.dll"
2007-10-11 06:57:30 1024000 ( A.... ) "C:\WINDOWS\system32\browseui.dll"
2007-10-11 06:57:30 357888 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
2007-10-11 06:57:30 205824 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
2007-10-11 06:57:30 151040 ( A.... ) "C:\WINDOWS\system32\cdfview.dll"
2007-10-11 06:57:30 55808 ( ..... ) "C:\WINDOWS\system32\extmgr.dll"
2007-10-04 17:14:00 8491008 ( A.... ) "C:\WINDOWS\system32\nvcpl.dll"
2007-10-04 17:14:00 6750208 ( A.... ) "C:\WINDOWS\system32\nvoglnt.dll"
2007-10-04 17:14:00 6344704 ( A.... ) "C:\WINDOWS\system32\nvdisps.dll"
2007-10-04 17:14:00 5783424 ( A.... ) "C:\WINDOWS\system32\nv4_disp.dll"
2007-10-04 17:14:00 5509120 ( A.... ) "C:\WINDOWS\system32\nvdispsr.dll"
2007-10-04 17:14:00 3629056 ( A.... ) "C:\WINDOWS\system32\nvvitvsr.dll"
2007-10-04 17:14:00 3551232 ( A.... ) "C:\WINDOWS\system32\nvvitvs.dll"
2007-10-04 17:14:00 3334144 ( A.... ) "C:\WINDOWS\system32\nvgames.dll"
2007-10-04 17:14:00 3166208 ( A.... ) "C:\WINDOWS\system32\nvgamesr.dll"
2007-10-04 17:14:00 2854912 ( A.... ) "C:\WINDOWS\system32\nvmoblsr.dll"
2007-10-04 17:14:00 2441216 ( A.... ) "C:\WINDOWS\system32\nvwssr.dll"
2007-10-04 17:14:00 2371584 ( A.... ) "C:\WINDOWS\system32\nvwss.dll"
2007-10-04 17:14:00 1703936 ( A.... ) "C:\WINDOWS\system32\nvwdmcpl.dll"
2007-10-04 17:14:00 1626112 ( A.... ) "C:\WINDOWS\system32\nwiz.exe"
2007-10-04 17:14:00 1478656 ( A.... ) "C:\WINDOWS\system32\nview.dll"
2007-10-04 17:14:00 1339392 ( A.... ) "C:\WINDOWS\system32\nvdspsch.exe"
2007-10-04 17:14:00 1150976 ( A.... ) "C:\WINDOWS\system32\nvmobls.dll"
2007-10-04 17:14:00 1073152 ( A.... ) "C:\WINDOWS\system32\nvcpluir.dll"
2007-10-04 17:14:00 1019904 ( A.... ) "C:\WINDOWS\system32\nvwimg.dll"
2007-10-04 17:14:00 753664 ( A.... ) "C:\WINDOWS\system32\nvcplui.exe"
2007-10-04 17:14:00 466944 ( A.... ) "C:\WINDOWS\system32\nvshell.dll"
2007-10-04 17:14:00 458752 ( A.... ) "C:\WINDOWS\system32\nvmccssr.dll"
2007-10-04 17:14:00 442368 ( A.... ) "C:\WINDOWS\system32\nvappbar.exe"
2007-10-04 17:14:00 425984 ( A.... ) "C:\WINDOWS\system32\keystone.exe"
2007-10-04 17:14:00 364544 ( A.... ) "C:\WINDOWS\system32\nvapi.dll"
2007-10-04 17:14:00 335872 ( A.... ) "C:\WINDOWS\system32\nvwrses.dll"
2007-10-04 17:14:00 335872 ( A.... ) "C:\WINDOWS\system32\nvwrsel.dll"
2007-10-04 17:14:00 327680 ( A.... ) "C:\WINDOWS\system32\nvwrsfr.dll"
2007-10-04 17:14:00 327680 ( A.... ) "C:\WINDOWS\system32\nvwrsesm.dll"
2007-10-04 17:14:00 327680 ( A.... ) "C:\WINDOWS\system32\nvrshe.dll"
2007-10-04 17:14:00 327680 ( A.... ) "C:\WINDOWS\system32\nvrsar.dll"
2007-10-04 17:14:00 323584 ( A.... ) "C:\WINDOWS\system32\nvwrspt.dll"
2007-10-04 17:14:00 323584 ( A.... ) "C:\WINDOWS\system32\nvwrsit.dll"
2007-10-04 17:14:00 319488 ( A.... ) "C:\WINDOWS\system32\nvwrsptb.dll"
2007-10-04 17:14:00 319488 ( A.... ) "C:\WINDOWS\system32\nvwrsnl.dll"
2007-10-04 17:14:00 315392 ( A.... ) "C:\WINDOWS\system32\nvwrsru.dll"
2007-10-04 17:14:00 315392 ( A.... ) "C:\WINDOWS\system32\nvwrshu.dll"
2007-10-04 17:14:00 311296 ( A.... ) "C:\WINDOWS\system32\nvwrsde.dll"
2007-10-04 17:14:00 307200 ( A.... ) "C:\WINDOWS\system32\nvexpbar.dll"
2007-10-04 17:14:00 303104 ( A.... ) "C:\WINDOWS\system32\nvwrstr.dll"
2007-10-04 17:14:00 303104 ( A.... ) "C:\WINDOWS\system32\nvwrssl.dll"
2007-10-04 17:14:00 303104 ( A.... ) "C:\WINDOWS\system32\nvwrsfi.dll"
2007-10-04 17:14:00 299008 ( A.... ) "C:\WINDOWS\system32\nvwrssk.dll"
2007-10-04 17:14:00 299008 ( A.... ) "C:\WINDOWS\system32\nvwrsno.dll"
2007-10-04 17:14:00 294912 ( A.... ) "C:\WINDOWS\system32\nvwrssv.dll"
2007-10-04 17:14:00 294912 ( A.... ) "C:\WINDOWS\system32\nvwrspl.dll"
2007-10-04 17:14:00 294912 ( A.... ) "C:\WINDOWS\system32\nvwrsda.dll"
2007-10-04 17:14:00 290816 ( A.... ) "C:\WINDOWS\system32\nvwrsth.dll"
2007-10-04 17:14:00 286720 ( A.... ) "C:\WINDOWS\system32\nvwrseng.dll"
2007-10-04 17:14:00 286720 ( A.... ) "C:\WINDOWS\system32\nvwrscs.dll"
2007-10-04 17:14:00 286720 ( A.... ) "C:\WINDOWS\system32\nvnt4cpl.dll"
2007-10-04 17:14:00 282624 ( A.... ) "C:\WINDOWS\system32\nvwrsar.dll"
2007-10-04 17:14:00 282624 ( A.... ) "C:\WINDOWS\system32\nvrsfr.dll"
2007-10-04 17:14:00 282624 ( A.... ) "C:\WINDOWS\system32\nvrses.dll"
2007-10-04 17:14:00 282624 ( A.... ) "C:\WINDOWS\system32\nvrsel.dll"
2007-10-04 17:14:00 278528 ( A.... ) "C:\WINDOWS\system32\nvwrshe.dll"
2007-10-04 17:14:00 278528 ( A.... ) "C:\WINDOWS\system32\nvrsit.dll"
2007-10-04 17:14:00 278528 ( A.... ) "C:\WINDOWS\system32\nvrsde.dll"
2007-10-04 17:14:00 274432 ( A.... ) "C:\WINDOWS\system32\nvrspt.dll"
2007-10-04 17:14:00 274432 ( A.... ) "C:\WINDOWS\system32\nvrsnl.dll"
2007-10-04 17:14:00 274432 ( A.... ) "C:\WINDOWS\system32\nvrsesm.dll"
2007-10-04 17:14:00 270336 ( A.... ) "C:\WINDOWS\system32\nvrsru.dll"
2007-10-04 17:14:00 266240 ( A.... ) "C:\WINDOWS\system32\nvrsptb.dll"
2007-10-04 17:14:00 266240 ( A.... ) "C:\WINDOWS\system32\nvrsja.dll"
2007-10-04 17:14:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrstr.dll"
2007-10-04 17:14:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrssl.dll"
2007-10-04 17:14:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrssk.dll"
2007-10-04 17:14:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrsko.dll"
2007-10-04 17:14:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrshu.dll"
2007-10-04 17:14:00 253952 ( A.... ) "C:\WINDOWS\system32\nvrsth.dll"
2007-10-04 17:14:00 253952 ( A.... ) "C:\WINDOWS\system32\nvrssv.dll"
2007-10-04 17:14:00 253952 ( A.... ) "C:\WINDOWS\system32\nvrspl.dll"
2007-10-04 17:14:00 253952 ( A.... ) "C:\WINDOWS\system32\nvrsno.dll"
2007-10-04 17:14:00 253952 ( A.... ) "C:\WINDOWS\system32\nvrsda.dll"
2007-10-04 17:14:00 249856 ( A.... ) "C:\WINDOWS\system32\nvrsfi.dll"
2007-10-04 17:14:00 249856 ( A.... ) "C:\WINDOWS\system32\nvrscs.dll"
2007-10-04 17:14:00 245760 ( A.... ) "C:\WINDOWS\system32\nvrseng.dll"
2007-10-04 17:14:00 229376 ( A.... ) "C:\WINDOWS\system32\nvmccs.dll"
2007-10-04 17:14:00 225280 ( A.... ) "C:\WINDOWS\system32\nvrszhc.dll"
2007-10-04 17:14:00 212992 ( A.... ) "C:\WINDOWS\system32\nvwrsja.dll"
2007-10-04 17:14:00 196608 ( A.... ) "C:\WINDOWS\system32\nvwrsko.dll"
2007-10-04 17:14:00 188416 ( A.... ) "C:\WINDOWS\system32\nvmccss.dll"
2007-10-04 17:14:00 167936 ( A.... ) "C:\WINDOWS\system32\nvwrszht.dll"
2007-10-04 17:14:00 163840 ( A.... ) "C:\WINDOWS\system32\nvwrszhc.dll"
2007-10-04 17:14:00 155716 ( A.... ) "C:\WINDOWS\system32\nvsvc32.exe"
2007-10-04 17:14:00 147456 ( A.... ) "C:\WINDOWS\system32\nvcolor.exe"
2007-10-04 17:14:00 126976 ( A.... ) "C:\WINDOWS\system32\nvrszht.dll"
2007-10-04 17:14:00 81920 ( A.... ) "C:\WINDOWS\system32\nvwddi.dll"
2007-10-04 17:14:00 81920 ( A.... ) "C:\WINDOWS\system32\nvmctray.dll"
2007-10-04 17:14:00 45056 ( A.... ) "C:\WINDOWS\system32\nvmccsrs.dll"
2007-10-04 17:14:00 36864 ( A.... ) "C:\WINDOWS\system32\nvcodins.dll"
2007-10-04 17:14:00 36864 ( A.... ) "C:\WINDOWS\system32\nvcod.dll"

((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"ISUSPM"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"WEBTRAN"=""
"OEXPRESS"=""
"ICQ"="\"C:\\Program Files\\ICQ6\\ICQ.exe\" silent"
"nivvgdbxn"="c:\\windows\\system32\\nivvgdbxn.exe nivvgdbxn"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: ut 25.12.2007 11:47:18,45
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

Horalka · Napísal **Horalka**: 25.12.2007 13:35

Ako sa správa PC? ComboFix si použil v normálnom režime?

Stanley73 · Napísal autor témy **Stanley73**: 25.12.2007 14:17

Stale vyskakuje stranka na testovanie spyware online. Combofix som pustil v normalnom rezime.

yaJohny · Napísal **yaJohny**: 25.12.2007 14:31

chlapec

mozes urobit screen tej stranky, co vyskakuje?

+ novy log

Prosim o kontrolu

Podobné témy