PC-HELP.CZ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:00, on 5.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\TEMP\winB9E.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
A:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.evias.cz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = os24aisa.sme.cz:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\Helper8.dll
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winB9E.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: .protected
O4 - Startup: findfast.exe
O4 - Global Startup: .protected
O4 - Global Startup: autorun.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet.evias.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EVIAS.CZ
O17 - HKLM\Software\..\Telephony: DomainName = EVIAS.CZ
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CDED965-D07B-4CB5-8168-8D6EBF326416}: NameServer = 10.205.254.200,10.1.220.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EVIAS.CZ
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = EVIAS.CZ
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = EVIAS.CZ
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: winhup32 - C:\WINDOWS\SYSTEM32\winhup32.dll
O21 - SSODL: zip - {d5aeff37-063f-4f72-834e-65a9f1bc80dc} - C:\WINDOWS\Installer\{d5aeff37-063f-4f72-834e-65a9f1bc80dc}\zip.dll
O21 - SSODL: SysAlrt - {4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7} - C:\WINDOWS\Installer\{4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7}\SysAlrt.dll
O21 - SSODL: DrivePrx - {e548ee75-c8af-4109-8a14-cbd9839777e2} - C:\WINDOWS\Installer\{e548ee75-c8af-4109-8a14-cbd9839777e2}\DrivePrx.dll
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4923 bytes

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis

Jenom pro upřesnění. Nejde o můj počítač a než jsem si přečet tvou odpověď tak jsem nainstaloval NOD32 a dvakrát s ním projel počítač. Virů tam bylo požehnaně. A tady jsou aktuální logy

ComboFix 08-02.05.3 - Administrator 2008-02-06 7:34:15.1 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
C:\Documents and Settings\Administrator\Data aplikací\Ultimate Cleaner
C:\Documents and Settings\Administrator\Data aplikací\Ultimate Cleaner\settings.dat
C:\Documents and Settings\Administrator\Data aplikací\ultra
C:\Documents and Settings\Administrator\Data aplikací\ultra\uninstall.bat
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\.protected
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\.protected
C:\Documents and Settings\All Users\Nabídka Start\Programy\Ultimate Defender
C:\Documents and Settings\All Users\Nabídka Start\Programy\Ultimate Defender\Ultimate Defender Uninstall.lnk
C:\Documents and Settings\All Users\Nabídka Start\Programy\Ultimate Defender\Ultimate Defender.lnk
C:\Program Files\Helper
C:\Program Files\SystemDefender
C:\WINDOWS\.protected
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\winhup32.dll

----- BITS: Possible infected sites -----

hxxp://10.147.1.11
.
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-05 12:16 . 2008-02-05 12:15 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-02-05 12:16 . 2008-02-05 12:15 274,432 --a------ C:\WINDOWS\system32\imon.dll
2008-02-05 12:15 . 2008-02-05 12:21 <DIR> d-------- C:\Program Files\ESET
2008-02-05 10:22 . 2008-02-05 10:22 10,240 --a------ C:\Program Files\tmp5550300.exe
2008-02-05 07:49 . 2008-02-05 07:49 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-04 10:28 . 2008-02-04 10:28 10,240 --a------ C:\Program Files\2223627.exe
2008-02-04 08:40 . 2008-02-04 08:40 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-04 08:17 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-02-04 08:17 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-02-04 08:17 . 2006-08-21 13:27 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-02-04 08:16 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-02-04 08:16 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-02-04 08:16 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-02-04 08:15 . 2008-02-04 08:15 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-04 08:13 . 2008-02-04 08:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-04 08:13 . 2008-02-04 08:14 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-04 08:08 . 2008-02-05 07:56 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-02-04 08:06 . 2002-09-23 13:00 68,608 --a------ C:\WINDOWS\system32\plugin.ocx
2008-02-04 08:06 . 2002-09-23 13:00 68,608 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx
2008-02-04 07:48 . 2007-02-28 17:05 2,182,528 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-02-04 07:47 . 2007-05-17 12:30 549,376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2008-02-04 07:47 . 2007-03-17 14:45 292,864 -----c--- C:\WINDOWS\system32\dllcache\winsrv.dll
2008-02-04 07:47 . 2007-03-08 16:38 40,960 -----c--- C:\WINDOWS\system32\dllcache\mf3216.dll
2008-02-04 07:45 . 2007-10-29 23:44 1,290,240 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-02-04 07:45 . 2007-11-07 10:29 720,896 -----c--- C:\WINDOWS\system32\dllcache\lsasrv.dll
2008-02-04 07:45 . 2006-10-20 02:39 713,728 -----c--- C:\WINDOWS\system32\dllcache\sxs.dll
2008-02-04 07:45 . 2006-10-12 12:09 256,512 -----c--- C:\WINDOWS\system32\dllcache\agentsvr.exe
2008-02-04 07:45 . 2007-04-25 15:22 144,896 -----c--- C:\WINDOWS\system32\dllcache\schannel.dll
2008-02-04 07:45 . 2007-03-09 14:48 57,344 --a--c--- C:\WINDOWS\system32\dllcache\agentdpv.dll
2008-02-04 07:45 . 2006-10-12 15:05 42,496 -----c--- C:\WINDOWS\system32\dllcache\agentdp2.dll
2008-02-04 07:44 . 2007-10-11 07:10 1,055,232 -----c--- C:\WINDOWS\system32\dllcache\danim.dll
2008-02-04 07:44 . 2007-02-09 12:10 574,464 -----c--- C:\WINDOWS\system32\dllcache\ntfs.sys
2008-02-04 07:44 . 2007-10-11 07:10 151,552 -----c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-01 11:35 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-01 11:35 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-02-01 11:35 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-02-01 11:35 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-02-01 11:35 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-02-01 11:35 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-02-01 07:09 . 2008-02-01 07:09 <DIR> d-------- C:\Documents and Settings\LocalService\Nabˇdka Start
2008-02-01 06:53 . 2008-02-01 07:10 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-02-01 06:52 . 2004-08-17 15:48 96,768 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-02-01 06:44 . 2008-02-01 06:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-01 06:32 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002327_.tmp
2008-02-01 06:24 . 2008-02-01 06:51 <DIR> d-------- C:\WINDOWS\EHome
2008-01-31 12:08 . 2006-08-14 11:34 332,928 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-01-31 12:08 . 2006-08-17 13:29 332,288 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-01-31 12:08 . 2006-08-16 10:37 225,664 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-01-31 12:08 . 2006-08-16 12:59 100,352 -----c--- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-01-31 12:00 . 2007-06-26 07:10 1,104,896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2008-01-31 11:56 . 2006-09-04 07:13 1,494,528 --a--c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-01-31 11:56 . 2006-06-22 06:18 1,437,696 -----c--- C:\WINDOWS\system32\dllcache\query.dll
2008-01-31 11:56 . 2007-01-23 20:31 546,304 -----c--- C:\WINDOWS\system32\dllcache\hhctrl.ocx
2008-01-31 11:56 . 2006-06-22 11:48 181,248 -----c--- C:\WINDOWS\system32\dllcache\rasmans.dll
2008-01-31 11:56 . 2006-06-22 06:18 69,120 -----c--- C:\WINDOWS\system32\dllcache\ciodm.dll
2008-01-31 11:55 . 2007-10-25 17:44 8,464,384 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
2008-01-31 11:54 . 2007-04-16 16:54 983,040 -----c--- C:\WINDOWS\system32\dllcache\kernel32.dll
2008-01-31 11:54 . 2006-08-25 16:51 617,472 -----c--- C:\WINDOWS\system32\dllcache\comctl32.dll
2008-01-31 11:54 . 2006-05-18 06:43 450,560 --a--c--- C:\WINDOWS\system32\dllcache\jscript.dll
2008-01-31 11:54 . 2007-10-30 18:20 360,064 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-01-31 11:54 . 2006-05-19 14:42 110,592 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2008-01-31 11:54 . 2006-05-19 14:42 95,744 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2008-01-31 11:53 . 2006-03-17 01:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-01-31 11:52 . 2006-06-20 09:50 453,248 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-01-31 11:52 . 2006-05-05 10:47 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys
2008-01-31 11:52 . 2006-06-26 18:45 148,480 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-01-31 11:52 . 2006-06-26 18:45 8,192 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-01-31 11:47 . 2008-01-31 11:47 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-31 11:45 . 2008-02-04 08:40 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-31 11:45 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-07 07:02 . 2008-01-07 07:02 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 10:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-04 10:40 --------- d-----w C:\Program Files\Foxit Software
2007-12-14 08:20 --------- d-----w C:\Program Files\DIFX
2007-12-14 08:19 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-12-14 08:19 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-14 08:18 --------- d-----w C:\Program Files\Nokia
2007-12-14 08:17 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-07 09:29 720,896 ------w C:\WINDOWS\system32\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S7UB Start"="C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2003-12-17 23:20 110645]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [ ]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-02-05 12:15 921600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {d5aeff37-063f-4f72-834e-65a9f1bc80dc} - C:\WINDOWS\Installer\{d5aeff37-063f-4f72-834e-65a9f1bc80dc}\zip.dll [2008-02-04 10:22 39462]
"SysAlrt"= {4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7} - C:\WINDOWS\Installer\{4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7}\SysAlrt.dll [2008-02-05 07:25 14374]
"DrivePrx"= {e548ee75-c8af-4109-8a14-cbd9839777e2} - C:\WINDOWS\Installer\{e548ee75-c8af-4109-8a14-cbd9839777e2}\DrivePrx.dll [2008-02-05 07:25 14374]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1292428093-1606980848-725345543-17979\Scripts\Logon\0\0]
"Script"=fonts

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1292428093-1606980848-725345543-17979\Scripts\Logon\0\1]
"Script"=userlogon.bat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

R2 almservice;Automation License Manager Service;"C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe" [2004-07-19 16:04]
R2 Dpmtrcdd;Dpmtrcdd;C:\WINDOWS\system32\DRIVERS\dpmtrcdd.sys [2004-04-15 14:38]
R2 s7asysvx;S7 Global Services;C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe [2004-07-26 20:13]
R2 s7oiehsx;SIMATIC IEPG Help Service;C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [2004-07-22 10:20]
R2 s7snsrtx;PROFINET IO RT-Protocol;C:\WINDOWS\system32\DRIVERS\s7snsrtx.sys [2004-07-08 12:32]
R2 scpdrv;scpdrv;C:\PROGRAM FILES\COMMON FILES\SIEMENS\SWS\PLUGINS\SCP\scpdrv.sys [2003-11-10 17:22]
R2 SNTIE;SIMATIC Industrial Ethernet (ISO);C:\WINDOWS\system32\DRIVERS\sntie.sys [2004-05-28 18:21]
R3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys [2001-08-17 21:10]
R3 maestro;ESS Maestro 3 Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198x.sys [2001-08-17 21:19]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 WDHAALBA;WDHAALBAMiniPCI Winmodem;C:\WINDOWS\system32\DRIVERS\WDHAALBA.sys [2001-08-17 22:28]
S3 S5AS511;S5AS511;C:\WINDOWS\system32\drivers\S5AS511.sys [2003-11-11 07:23]
S3 S5MCD;S5MCD;C:\WINDOWS\system32\drivers\S5MCD.sys [2003-11-11 07:23]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;C:\WINDOWS\system32\drivers\s7oefs_x.sys [2002-10-18 01:34]
S3 SCTCARD;SCTCARD;C:\WINDOWS\system32\drivers\sctpccrd.sys [2000-06-19 11:36]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 08:08:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\Installer\{4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7}\SysAlrt.dll
-> C:\WINDOWS\Installer\{e548ee75-c8af-4109-8a14-cbd9839777e2}\DrivePrx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
.
**************************************************************************
.
Completion time: 2008-02-06 8:12:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-06 07:12:31

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:29, on 6.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
A:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.evias.cz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = os24aisa.sme.cz:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet.evias.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EVIAS.CZ
O17 - HKLM\Software\..\Telephony: DomainName = EVIAS.CZ
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CDED965-D07B-4CB5-8168-8D6EBF326416}: NameServer = 10.205.254.200,10.1.220.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EVIAS.CZ
O21 - SSODL: zip - {d5aeff37-063f-4f72-834e-65a9f1bc80dc} - C:\WINDOWS\Installer\{d5aeff37-063f-4f72-834e-65a9f1bc80dc}\zip.dll
O21 - SSODL: SysAlrt - {4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7} - C:\WINDOWS\Installer\{4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7}\SysAlrt.dll
O21 - SSODL: DrivePrx - {e548ee75-c8af-4109-8a14-cbd9839777e2} - C:\WINDOWS\Installer\{e548ee75-c8af-4109-8a14-cbd9839777e2}\DrivePrx.dll
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4212 bytes

Tak jsem ještě nainstaloval Spybot a ten opravil 33 problémů a znovu projel NODEM
Tady je aktuální log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:26, on 6.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
A:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.evias.cz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = os24aisa.sme.cz:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet.evias.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EVIAS.CZ
O17 - HKLM\Software\..\Telephony: DomainName = EVIAS.CZ
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CDED965-D07B-4CB5-8168-8D6EBF326416}: NameServer = 10.205.254.200,10.1.220.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EVIAS.CZ
O21 - SSODL: zip - {d5aeff37-063f-4f72-834e-65a9f1bc80dc} - C:\WINDOWS\Installer\{d5aeff37-063f-4f72-834e-65a9f1bc80dc}\zip.dll
O21 - SSODL: SysAlrt - {4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7} - C:\WINDOWS\Installer\{4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7}\SysAlrt.dll
O21 - SSODL: DrivePrx - {e548ee75-c8af-4109-8a14-cbd9839777e2} - C:\WINDOWS\Installer\{e548ee75-c8af-4109-8a14-cbd9839777e2}\DrivePrx.dll
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4625 bytes

fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe

stáhni si killbox Obrázek

rozbal,spust a do okýnka zkopíruj tučné
C:\WINDOWS\system32\ctfmona.exe
zaškrtni Delete on Reboot a klikni na křížek.stroj pude do restartu

po něm pošli nový log z hjt,info o problému

toto
C:\WINDOWS\Installer\{d5aeff37-063f-4f72-834e-65a9f1bc80dc}\zip.dll
C:\WINDOWS\Installer\{e548ee75-c8af-4109-8a14-cbd9839777e2}\DrivePrx.dll
C:\WINDOWS\Installer\{4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7}\SysAlrt.dll
nech zkontrolovat on-line http://www.virustotal.com/flash/index_en.html
nepoužívej "Procházet" ale vlož do okna celou cestu,tučně označenou,k souboru metodou Ctrl+C > Ctrl+V

a pošli výsledky s tím logem z hjt

Po killboxu nešel počítač do restartu, ale hodil tuhle hlášku (v příloze)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:31, on 7.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Plocha\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.evias.cz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = os24aisa.sme.cz:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet.evias.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EVIAS.CZ
O17 - HKLM\Software\..\Telephony: DomainName = EVIAS.CZ
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CDED965-D07B-4CB5-8168-8D6EBF326416}: NameServer = 10.205.254.200,10.1.220.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EVIAS.CZ
O21 - SSODL: zip - {d5aeff37-063f-4f72-834e-65a9f1bc80dc} - C:\WINDOWS\Installer\{d5aeff37-063f-4f72-834e-65a9f1bc80dc}\zip.dll
O21 - SSODL: SysAlrt - {4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7} - C:\WINDOWS\Installer\{4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7}\SysAlrt.dll
O21 - SSODL: DrivePrx - {e548ee75-c8af-4109-8a14-cbd9839777e2} - C:\WINDOWS\Installer\{e548ee75-c8af-4109-8a14-cbd9839777e2}\DrivePrx.dll
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4724 bytes

Soubor zip.dll_ přijatý 2008.02.07 06:15:15 (CET)

Výsledek: 13/32 (40.62%)

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.06 TR/Dldr.BHO.CM.1
Authentium 4.93.8 2008.02.06 -
Avast 4.7.1098.0 2008.02.06 -
AVG 7.5.0.516 2008.02.06 BHO.DCJ
BitDefender 7.2 2008.02.07 -
CAT-QuickHeal 9.00 2008.02.04 -
ClamAV 0.92 2008.02.07 -
DrWeb 4.44.0.09170 2008.02.06 -
eSafe 7.0.15.0 2008.01.28 Suspicious File
eTrust-Vet 31.3.5517 2008.02.07 -
Ewido 4.0 2008.02.06 -
FileAdvisor 1 2008.02.07 -
Fortinet 3.14.0.0 2008.02.06 -
F-Prot 4.4.2.54 2008.02.06 -
F-Secure 6.70.13260.0 2008.02.07 Trojan-Downloader.Win32.BHO.cm
Ikarus T3.1.1.20 2008.02.07 Trojan-Clicker.Win32.Small.BG
Kaspersky 7.0.0.125 2008.02.07 Trojan-Downloader.Win32.BHO.cm
McAfee 5224 2008.02.06 -
Microsoft 1.3204 2008.02.06 -
NOD32v2 2854 2008.02.06 -
Norman 5.80.02 2008.02.06 W32/DLoader.dam
Panda 9.0.0.4 2008.02.07 Suspicious file
Prevx1 V2 2008.02.07 E404Bho:Adware-b
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.07 -
Sunbelt 2.2.907.0 2008.02.07 VIPRE.Suspicious
Symantec 10 2008.02.07 -
TheHacker 6.2.9.211 2008.02.06 Trojan/Downloader.BHO.cm
VBA32 3.12.6.0 2008.02.07 Trojan-Downloader.Win32.BHO.cm
VirusBuster 4.3.26:9 2008.02.06 -
Webwasher-Gateway 6.6.2 2008.02.07 Trojan.Dldr.BHO.CM.1
Rozšiřující informace
File size: 39462 bytes
MD5: 653d06d736a3ad1f3bb189c2df6934aa
SHA1: f43ec96e535fbceaa89222287658fed183345b97
PEiD: PECompact 2.xx --> BitSum Technologies
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramtext. ... 0029F8BDB5
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Soubor DrivePrx.dll_ přijatý 2008.02.07 06:27:37 (CET)

Výsledek: 17/32 (53.13%)

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.06 TR/Agent.evy
Authentium 4.93.8 2008.02.06 -
Avast 4.7.1098.0 2008.02.06 -
AVG 7.5.0.516 2008.02.06 Agent.NWL
BitDefender 7.2 2008.02.07 Trojan.Clicker.Small.YI
CAT-QuickHeal 9.00 2008.02.04 -
ClamAV 0.92 2008.02.07 -
DrWeb 4.44.0.09170 2008.02.06 Trojan.Click.16987
eSafe 7.0.15.0 2008.01.28 Suspicious File
eTrust-Vet 31.3.5517 2008.02.07 -
Ewido 4.0 2008.02.06 -
FileAdvisor 1 2008.02.07 -
Fortinet 3.14.0.0 2008.02.06 -
F-Prot 4.4.2.54 2008.02.06 -
F-Secure 6.70.13260.0 2008.02.07 Trojan.Win32.Agent.evy
Ikarus T3.1.1.20 2008.02.07 Trojan-Clicker.Win32.Small.BG
Kaspersky 7.0.0.125 2008.02.07 Trojan.Win32.Agent.evy
McAfee 5224 2008.02.06 -
Microsoft 1.3204 2008.02.06 Trojan:Win32/Agent
NOD32v2 2854 2008.02.06 -
Norman 5.80.02 2008.02.06 W32/Agent.dam
Panda 9.0.0.4 2008.02.07 Trj/Agent.HYM
Prevx1 V2 2008.02.07 Backdoor.Trojan
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.07 Mal/Heuri-E
Sunbelt 2.2.907.0 2008.02.07 VIPRE.Suspicious
Symantec 10 2008.02.07 Backdoor.Trojan
TheHacker 6.2.9.211 2008.02.06 Trojan/Agent.evy
VBA32 3.12.6.0 2008.02.07 -
VirusBuster 4.3.26:9 2008.02.06 -
Webwasher-Gateway 6.6.2 2008.02.07 Trojan.Agent.evy
Rozšiřující informace
File size: 14374 bytes
MD5: 700e93e0faa98d7138109ba8b7f3be72
SHA1: f3da96a312163a8999aec79a05eed5d383de4e57
PEiD: PECompact 2.xx --> BitSum Technologies
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramtext. ... 0073F8B4C8
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Soubor SysAlrt.dll_ přijatý 2008.02.07 06:34:55 (CET)

Výsledek: 17/32 (53.13%)

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.06 TR/Agent.evy
Authentium 4.93.8 2008.02.06 -
Avast 4.7.1098.0 2008.02.06 -
AVG 7.5.0.516 2008.02.06 Agent.NWL
BitDefender 7.2 2008.02.07 Trojan.Clicker.Small.YI
CAT-QuickHeal 9.00 2008.02.04 -
ClamAV 0.92 2008.02.07 -
DrWeb 4.44.0.09170 2008.02.06 Trojan.Click.16987
eSafe 7.0.15.0 2008.01.28 Suspicious File
eTrust-Vet 31.3.5517 2008.02.07 -
Ewido 4.0 2008.02.06 -
FileAdvisor 1 2008.02.07 -
Fortinet 3.14.0.0 2008.02.06 -
F-Prot 4.4.2.54 2008.02.06 -
F-Secure 6.70.13260.0 2008.02.07 Trojan.Win32.Agent.evy
Ikarus T3.1.1.20 2008.02.07 Trojan-Clicker.Win32.Small.BG
Kaspersky 7.0.0.125 2008.02.07 Trojan.Win32.Agent.evy
McAfee 5224 2008.02.06 -
Microsoft 1.3204 2008.02.06 Trojan:Win32/Agent
NOD32v2 2854 2008.02.06 -
Norman 5.80.02 2008.02.06 W32/Agent.dam
Panda 9.0.0.4 2008.02.07 Trj/Agent.HYM
Prevx1 V2 2008.02.07 Backdoor.Trojan
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.07 Mal/Heuri-E
Sunbelt 2.2.907.0 2008.02.07 VIPRE.Suspicious
Symantec 10 2008.02.07 Backdoor.Trojan
TheHacker 6.2.9.211 2008.02.06 Trojan/Agent.evy
VBA32 3.12.6.0 2008.02.07 -
VirusBuster 4.3.26:9 2008.02.06 -
Webwasher-Gateway 6.6.2 2008.02.07 Trojan.Agent.evy
Rozšiřující informace
File size: 14374 bytes
MD5: f593e064c4e4940de5aece2b0dfcfd49
SHA1: 5f434cdc11f53dd7b366dd45b731925b82663454
PEiD: PECompact 2.xx --> BitSum Technologies
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramtext. ... 00893087E4
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

použij Avenger http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35
a vlož tento skript

Kód: Vybrat vše

Files to delete:
C:\WINDOWS\system32\ctfmona.exe 
C:\WINDOWS\Installer\{d5aeff37-063f-4f72-834e-65a9f1bc80dc}\zip.dll 
C:\WINDOWS\Installer\{e548ee75-c8af-4109-8a14-cbd9839777e2}\DrivePrx.dll
C:\WINDOWS\Installer\{4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7}\SysAlrt.dll

potvrď restart,po něm pošli log z avengera a novej log z hijackthis

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cknnbqmo

*******************

Script file located at: \??\C:\Program Files\ikqyomtf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\ctfmona.exe not found!
Deletion of file C:\WINDOWS\system32\ctfmona.exe failed!

Could not process line:
C:\WINDOWS\system32\ctfmona.exe
Status: 0xc0000034

File C:\WINDOWS\Installer\{d5aeff37-063f-4f72-834e-65a9f1bc80dc}\zip.dll deleted successfully.
File C:\WINDOWS\Installer\{e548ee75-c8af-4109-8a14-cbd9839777e2}\DrivePrx.dll deleted successfully.
File C:\WINDOWS\Installer\{4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7}\SysAlrt.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:14, on 8.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Plocha\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.evias.cz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = os24aisa.sme.cz:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet.evias.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EVIAS.CZ
O17 - HKLM\Software\..\Telephony: DomainName = EVIAS.CZ
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CDED965-D07B-4CB5-8168-8D6EBF326416}: NameServer = 10.205.254.200,10.1.220.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EVIAS.CZ
O21 - SSODL: zip - {d5aeff37-063f-4f72-834e-65a9f1bc80dc} - C:\WINDOWS\Installer\{d5aeff37-063f-4f72-834e-65a9f1bc80dc}\zip.dll (file missing)
O21 - SSODL: SysAlrt - {4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7} - C:\WINDOWS\Installer\{4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7}\SysAlrt.dll (file missing)
O21 - SSODL: DrivePrx - {e548ee75-c8af-4109-8a14-cbd9839777e2} - C:\WINDOWS\Installer\{e548ee75-c8af-4109-8a14-cbd9839777e2}\DrivePrx.dll (file missing)
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4692 bytes

fajn
ještě fixni
O21 - SSODL: zip - {d5aeff37-063f-4f72-834e-65a9f1bc80dc} - C:\WINDOWS\Installer\{d5aeff37-063f-4f72-834e-65a9f1bc80dc}\zip.dll (file missing)
O21 - SSODL: SysAlrt - {4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7} - C:\WINDOWS\Installer\{4a64a31e-891f-4e7f-8b23-8a3cbcaee2e7}\SysAlrt.dll (file missing)
O21 - SSODL: DrivePrx - {e548ee75-c8af-4109-8a14-cbd9839777e2} - C:\WINDOWS\Installer\{e548ee75-c8af-4109-8a14-cbd9839777e2}\DrivePrx.dll (file missing)

chtělo by to firewall
vyber si tady,doporučuju ZoneAlarm nebo Comodo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18

takže,jak se chová komp?

Zatím díky moc, ale dřív jak v pondělí se k tomu kompu nedostanu.
Pak se zas ozvu

fajn.a vem si pásy,takle tě to vyhodí z první zatáčky :lol:

Sedí od chlápka na letící kouli :lol:

PC-HELP.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu