virus alebo len plany poplach?

zdravim vas . mam problem tak ze zacnem od zaciatku .... proste volaco som hladal v googli aj som nasiel len overil som nodom a vypisalo ze nebol najdeny ziaden vyrus ako nahle som to otvoril internet explorer 7 zacal mi vypisovat ze: Your system is infected with dangerous virus! Note: Stronglyy recommend to install antispyware program to clean your system and avoid crash of your computer! click ok to download the antispyware . (Recommended).... tak som klikol ok vtom mi zacalo stahovat nejaky IEefender aj stiahlo a moj spywaredoctor co mam mi hlasil skodlivu nakazu tak som ten defender hned odfajcil ... dal som scan pocitaca spyware doctorom a nasiel mi tam nejake virusy a odstranil som ich ... Nod mi nehlasi ziaden virus a ked dam stale scan pocitaca nic vsetko v poriadku... akonahle pustim internet explorel mi vypise hentu hovadinu co som napisal v uvode s tym Your system ..... to iste aj ked otvorim tento pocitac a vzdy po otvoreni nejakeho suboru ..... Neviem si rady moze mi niekto poradit prosim?????

skus naslepo podla navodu v safe mode: http://www.viry.cz/forum/viewtopic.php?t=16475

ak nepomoze, logy z Hjt + combofixu

Skusal si spustit aj iny internetovy browser ci to vypise? A log z hijack thisu. Pravdepodobne to bude niejaka haved.

hm no tie logy z hjt+ combofixu to ako na to alebo co s tym sorac to je prvykrat co mam taketo daco s pc takze skusenosti s takymito vecami moc nemam

http://www.pcforum.sk/cistime-napadnuty ... 27265.html

hm v mozille mi to nerobi ...

mno tak ckelo som ten navod na to hjt co si ma dal a vytvorilo mi to takyto hijackthis.log :Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:36:37, on 29.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programy\Sony ericsson\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Programy\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programy\TuneUp 2007\MemOptimizer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Programy\Sony ericsson\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programy\Spyware Doctor\pctsAuxs.exe
C:\Programy\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Programy\ICQ\ICQ.exe
C:\Programy\HJT\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programy\FlashGet - downloader\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: IE - {7B7F5ACA-0A87-4214-B867-7D9BC8F7EBF5} - C:\WINDOWS\ikdoxu.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programy\FlashGet - downloader\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programy\Sony ericsson\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programy\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programy\TuneUp 2007\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Stiahnuť položku pomocou FlashGetu - C:\Programy\FLASHG~1\jc_link.htm
O8 - Extra context menu item: &Stiahnuť všetky položky pomocou FlashGetu - C:\Programy\FLASHG~1\jc_all.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programy\FlashGet - downloader\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programy\FlashGet - downloader\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programy\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programy\Spyware Doctor\pctsSvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 8165 bytes




Co dalej?? dufam ze to neni nejaky zasrany virus alebo co .. uz mam nervy na krajicku ale dakujem za ochotu mi pomoct

fix:
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: IE - {7B7F5ACA-0A87-4214-B867-7D9BC8F7EBF5} - C:\WINDOWS\ikdoxu.dll

potom si precitaj navod na combofix http://www.pcforum.sk/cistime-napadnuty ... 27265.html a vloz do scriptu toto:



a log co ti vytvori vloz sem...bude to trvat cca 10 minut...

Prebehni to spyboot s&d, nainštalovalo ti to nejaký script alebo čo.
Nikdy neklikaj na také hovadiny.
IE ti len tak nenapíše, že je niekde vírus.
Mal som to isté. Tým že si dal download tak si nainštaloval program, ktorý ti teraz hlási, že si máš kúpiť soft na ochranu PC a zrejme ti aj otvorí následne alebo po kliknutí stránku, kde si za "pár" dolárov môžeš kúpiť ten soft...

tkze ten log co mi vytvorilo : ComboFix 08-05-28.4 - User 2008-05-29 15:00:40.1 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.1556 [GMT 2:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\smp.bat
C:\WINDOWS\boot.ini
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-29 13:09 . 2008-05-29 13:09 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-05-29 13:09 . 2008-05-29 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-29 13:09 . 2008-05-29 13:09 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-05-13 19:31 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-13 19:31 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-13 19:31 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-13 19:31 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-13 19:30 . 2008-05-13 19:30 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2008-05-08 15:34 . 2008-05-08 15:34 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-05-08 15:34 . 2008-05-08 15:34 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-04-29 14:48 . 2008-04-29 14:48 <DIR> d-------- C:\Program Files\Autodesk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 13:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 13:00 --------- d-----w C:\Program Files\Eset
2008-05-28 10:22 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-28 10:22 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-26 20:15 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-05-14 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 17:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-07 18:34 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-04-26 07:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-04-26 07:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-14 11:32 --------- d-----w C:\Documents and Settings\User\Application Data\Hamachi
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 13:58 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-19 13:55 22,328 ----a-w C:\Documents and Settings\User\Application Data\PnkBstrK.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"TuneUp MemOptimizer"="C:\Programy\TuneUp 2007\MemOptimizer.exe" [2006-12-26 14:30 313864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Sony Ericsson PC Suite"="C:\Programy\Sony ericsson\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-08 15:34 921600]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 15:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Programy\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Print]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-02-23 21:10 35328 C:\Programy\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
"Comrade.exe"=C:\Program Files\GameSpy\Comrade\Comrade.exe
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"Flashget"=C:\Programy\FlashGet - downloader\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Hry\\battlefield 2\\BF2.exe"=
"C:\\Hry\\counter-strike 1.6\\hl.exe"=
"C:\\Programy\\ICQ\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programy\\FlashGet - downloader\\flashget.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Hry\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Hry\\crysis\\Bin32\\Crysis.exe"=
"C:\\Hry\\crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Hry\\counter-strike 1.6\\hlds.exe"=
"C:\\Hry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Hry\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Hry\\Age of Empires III\\age3y.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-05-29 13:09]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 14:00]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-03 20:16]
S3 lredbooo;lredbooo;C:\DOCUME~1\User\LOCALS~1\Temp\lredbooo.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a59c082-49c0-11dc-a976-0013d3c9f5a4}]
\Shell\AutoRun\command - explorer.exe .\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb812110-bf28-11da-a68a-0013d3c9f5a4}]
\Shell\AutoRun\command - E:\autorun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 15:16:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programy\TuneUp 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 15:02:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-05-29 15:04:41
ComboFix-quarantined-files.txt 2008-05-29 13:03:58

Pre-Run: 24,156,561,408 bytes free
Post-Run: 24,211,103,744 bytes free

178 --- E O F --- 2008-05-28 12:02:24

Vypni rezidentny stit antiviraka a antispywera. A log este raz.

edit: ten script ten log ma vlozit do toho C:\WINDOWS\ikdoxu.dll lenze ja to tam nemam kurnik

sak som vypol antiviraky... kde sa to este da vypnut?

Aj antispywer? Neviem ale nico si nevypol lebo tam mas Resident AV is active.

vypni spyware doctor a potom pravym tlacitkom klikni na ikonku ESS a daj vypnut a daj vypnut antivirusovu a antispywarovu ochranu

hej vypol som vsetko aj firewall mam vypnut mozno to je tym neviem...?
a potom este raz scan?

neviem co sa stalo ale nejak mi to uz nevypisuje mozno to je iba docasne neviem piste prosim vstko co by som mal spravit keby sa mi to nahodou znova objavi bo musim teraz cca na 2 hodiny odbehnut ale potom sa tomu budem urcite venovat a dakujem vsetkym co sa mi snazia v tejto situacii pomoct thx

Neklikať nabudúce na takéto blbosti a veriť len internému antivíru.