Diky za super rychlou odpoved. Zkousel jsem to spravit podle prilozenyho navodu, ale bylo to jeste horsi.
a s pocitacem se neslo domluvit.
Ze zoufalstvi jsem to projel ComboFixem a ted to vypada docela OK.
Pro jistotu prosim o kontrolu logu z ComboFixu:
ComboFix 08-02-11.2 - Pavel 2008-02-11 19:09:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.169 [GMT 1:00]
Running from: C:\Documents and Settings\Pavel\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cbxuuss.dll
C:\WINDOWS\system32\pmnki.dll
C:\WINDOWS\system32\yyjzicbh.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\
0_exception.nls
C:\WINDOWS\system32\bolamjms.ini
C:\WINDOWS\system32\cbxuuss.dll
C:\WINDOWS\system32\drivers\NdisWon.sys
C:\WINDOWS\system32\drqxfimf.dll
C:\WINDOWS\system32\embncgag.dll
C:\WINDOWS\system32\fgkqaham.dllbox
C:\WINDOWS\system32\flqusbve.dll
C:\WINDOWS\system32\fmifxqrd.ini
C:\WINDOWS\system32\gebaawx.dll
C:\WINDOWS\system32\hcnycxrx.dll
C:\WINDOWS\system32\ifuucfho.dll
C:\WINDOWS\system32\iknmp.ini
C:\WINDOWS\system32\iknmp.ini2
C:\WINDOWS\system32\lohqehts.ini
C:\WINDOWS\system32\lqvwicvb.dllbox
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mwemvksk.dll
C:\WINDOWS\system32\pbbdevkr.dll
C:\WINDOWS\system32\pmnki.dll
C:\WINDOWS\system32\rndmnyvw.ini
C:\WINDOWS\system32\stheqhol.dll
C:\WINDOWS\system32\wvynmdnr.dll
C:\WINDOWS\system32\yelliqtj.ini
C:\WINDOWS\system32\yvmlqtie.dll
C:\WINDOWS\system32\yyjzicbh.dll
C:\WINDOWS\system32\yyjzicbh.dllbox
C:\WINDOWS\system32\zizvnpdp.dllbox
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_RUNTIME
-------\NdisWon
-------\runtime
((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.
2008-02-11 17:42 . 2008-02-11 17:30 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 17:42 . 2008-02-11 17:42 3,448 --a------ C:\WINDOWS\unins000.dat
2008-02-11 17:09 . 2008-02-11 18:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-11 16:54 . 2006-03-02 13:00 389,632 --a------ C:\kmd.exe
2008-01-25 07:15 . 2008-01-26 07:58 <DIR> d-------- C:\Program Files\Opera
2008-01-24 19:49 . 2008-01-24 20:07 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-24 19:32 . 2008-01-24 22:00 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
2008-01-13 17:53 . 2008-01-13 17:53 544 --a------ C:\WINDOWS\psnetwork.ini
2008-01-13 17:53 . 2008-01-13 17:53 34 --a------ C:\WINDOWS\Powerplayer.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 11:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-13 08:12 --------- d-----w C:\Program Files\CCleaner
2008-03-13 08:11 --------- d-----w C:\Program Files\Yahoo!
2008-03-11 15:39 58,368 ----a-w C:\wpohl.exe
2008-03-11 15:39 5,624 ----a-w C:\qsdjpwpb.exe
2008-01-16 18:12 --------- d-----w C:\Program Files\PartyGaming
2008-01-11 15:28 --------- d-----w C:\Program Files\Webteh
2008-01-09 17:21 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-19 18:41 --------- d-----w C:\Program Files\DivX
2007-12-19 18:32 6,638,792 ----a-w C:\Documents and Settings\download\DivXWebPlayerInstaller.exe
2007-07-18 19:14 2,897,821 ----a-w C:\Documents and Settings\download\bsplayer137.826.exe
2007-07-17 16:42 186,976,296 ----a-w C:\Documents and Settings\download\Nero-7.10.1.0_csy_trial.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 05:52 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 21:10 339968]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 16:04 278528]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zizvnpdp]
zizvnpdp.dll
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
S4 Netcom3;NetCom3 Service;C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84edcf21-e837-11db-a1d9-00014a081794}]
\Shell\AutoRun\command - G:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - G:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3e82dc0-cfa3-11db-a1af-000e9b55c679}]
\shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-11 19:18:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
.
**************************************************************************
.
Completion time: 2008-02-11 19:20:02 - machine was rebooted [Pavel]
ComboFix-quarantined-files.txt 2008-02-11 18:19:53
.
2008-02-13 16:10:12 --- E O F ---
Diky za super rychlou odpoved. Zkousel jsem to spravit podle prilozenyho navodu, ale bylo to jeste horsi. :evil: a s pocitacem se neslo domluvit.
Ze zoufalstvi jsem to projel ComboFixem a ted to vypada docela OK.
Pro jistotu prosim o kontrolu logu z ComboFixu:
ComboFix 08-02-11.2 - Pavel 2008-02-11 19:09:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.169 [GMT 1:00]
Running from: C:\Documents and Settings\Pavel\Plocha\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cbxuuss.dll
C:\WINDOWS\system32\pmnki.dll
C:\WINDOWS\system32\yyjzicbh.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\[u]0[/u]_exception.nls
C:\WINDOWS\system32\bolamjms.ini
C:\WINDOWS\system32\cbxuuss.dll
C:\WINDOWS\system32\drivers\NdisWon.sys
C:\WINDOWS\system32\drqxfimf.dll
C:\WINDOWS\system32\embncgag.dll
C:\WINDOWS\system32\fgkqaham.dllbox
C:\WINDOWS\system32\flqusbve.dll
C:\WINDOWS\system32\fmifxqrd.ini
C:\WINDOWS\system32\gebaawx.dll
C:\WINDOWS\system32\hcnycxrx.dll
C:\WINDOWS\system32\ifuucfho.dll
C:\WINDOWS\system32\iknmp.ini
C:\WINDOWS\system32\iknmp.ini2
C:\WINDOWS\system32\lohqehts.ini
C:\WINDOWS\system32\lqvwicvb.dllbox
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mwemvksk.dll
C:\WINDOWS\system32\pbbdevkr.dll
C:\WINDOWS\system32\pmnki.dll
C:\WINDOWS\system32\rndmnyvw.ini
C:\WINDOWS\system32\stheqhol.dll
C:\WINDOWS\system32\wvynmdnr.dll
C:\WINDOWS\system32\yelliqtj.ini
C:\WINDOWS\system32\yvmlqtie.dll
C:\WINDOWS\system32\yyjzicbh.dll
C:\WINDOWS\system32\yyjzicbh.dllbox
C:\WINDOWS\system32\zizvnpdp.dllbox
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_RUNTIME
-------\NdisWon
-------\runtime
((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.
2008-02-11 17:42 . 2008-02-11 17:30 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 17:42 . 2008-02-11 17:42 3,448 --a------ C:\WINDOWS\unins000.dat
2008-02-11 17:09 . 2008-02-11 18:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-11 16:54 . 2006-03-02 13:00 389,632 --a------ C:\kmd.exe
2008-01-25 07:15 . 2008-01-26 07:58 <DIR> d-------- C:\Program Files\Opera
2008-01-24 19:49 . 2008-01-24 20:07 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-24 19:32 . 2008-01-24 22:00 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
2008-01-13 17:53 . 2008-01-13 17:53 544 --a------ C:\WINDOWS\psnetwork.ini
2008-01-13 17:53 . 2008-01-13 17:53 34 --a------ C:\WINDOWS\Powerplayer.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 11:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-13 08:12 --------- d-----w C:\Program Files\CCleaner
2008-03-13 08:11 --------- d-----w C:\Program Files\Yahoo!
2008-03-11 15:39 58,368 ----a-w C:\wpohl.exe
2008-03-11 15:39 5,624 ----a-w C:\qsdjpwpb.exe
2008-01-16 18:12 --------- d-----w C:\Program Files\PartyGaming
2008-01-11 15:28 --------- d-----w C:\Program Files\Webteh
2008-01-09 17:21 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-19 18:41 --------- d-----w C:\Program Files\DivX
2007-12-19 18:32 6,638,792 ----a-w C:\Documents and Settings\download\DivXWebPlayerInstaller.exe
2007-07-18 19:14 2,897,821 ----a-w C:\Documents and Settings\download\bsplayer137.826.exe
2007-07-17 16:42 186,976,296 ----a-w C:\Documents and Settings\download\Nero-7.10.1.0_csy_trial.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 05:52 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 21:10 339968]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 16:04 278528]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zizvnpdp]
zizvnpdp.dll
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
S4 Netcom3;NetCom3 Service;C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84edcf21-e837-11db-a1d9-00014a081794}]
\Shell\AutoRun\command - G:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - G:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3e82dc0-cfa3-11db-a1af-000e9b55c679}]
\shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 19:18:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
.
**************************************************************************
.
Completion time: 2008-02-11 19:20:02 - machine was rebooted [Pavel]
ComboFix-quarantined-files.txt 2008-02-11 18:19:53
.
2008-02-13 16:10:12 --- E O F ---