robot

[pejvlic]

zdravím,
potřebovala bych poradit jak odstranit roboty. Přikládám analýzu combo fixu a analýzu SpyBot Search Destroy, který doporučuje na tuto problematiku nápověda google, ale neumí vyhledané problémy odstranit. Problémy začali po tom co se mi na PC dostal Live PC care,který propustil NOD a AVAST ho nasel a odstranil. Ikdyž si nejsem jista zda úplně protože combo fix na něj upozorňuje.

Nevím už jak dál, díky za rady.

díky moc petra
_______________________________
ComboFix 10-01-20.07 - pepek 2010-01-21 20:13:13.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.2046.1687 [GMT 1:00]
Spuštěný z: c:\documents and settings\pepek\Dokumenty\Downloads\ComboFix.exe
AV: Live PC Care *On-access scanning enabled* (Updated) {7EF48594-AEB8-4F46-8D4B-7CD57DAFE453}
FW: Live PC Care *enabled* {553B5EEA-E090-43F2-9ED1-B14DF7E9BB28}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-21 do 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 18:55 . 2010-01-21 18:55 389632 ----a-w- c:\windows\system32\CF4804.exe
2010-01-19 22:52 . 2004-08-03 21:59 43136 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-01-19 22:52 . 2004-08-03 21:59 43136 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2010-01-19 21:25 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-19 21:25 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-19 21:25 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-19 21:25 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-19 21:25 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-19 21:25 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-19 21:25 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-19 21:25 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-19 21:24 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-19 21:24 . 2010-01-19 21:24 -------- d-----w- c:\program files\Alwil Software
2010-01-18 11:55 . 2010-01-18 12:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-15 00:26 . 2010-01-15 12:57 -------- d-----w- c:\program files\Google
2010-01-14 21:39 . 2010-01-14 21:37 389632 ----a-w- c:\windows\system32\CF27671.exe
2010-01-14 21:35 . 2010-01-14 21:33 389632 ----a-w- c:\windows\system32\CF26897.exe
2010-01-12 12:25 . 2010-01-12 12:29 -------- d-----w- c:\program files\csWord
2010-01-07 11:40 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-07 11:40 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-06 11:12 . 2010-01-06 11:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-02 20:25 . 2010-01-02 20:25 -------- d-----w- c:\program files\Winamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 13:07 . 2009-07-01 20:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-09 14:57 . 2009-07-01 20:49 -------- d-----w- c:\program files\ESET
2009-12-27 14:54 . 2009-07-02 20:54 -------- d-----w- c:\program files\Java
2009-12-06 13:12 . 2009-12-06 13:07 -------- d-----w- c:\program files\rajce
2009-12-04 14:30 . 2009-12-04 14:27 -------- d-----w- c:\program files\O2 Mobilni internet
2009-12-03 18:16 . 2009-11-26 21:06 -------- d-----w- c:\program files\ATnotes
2009-12-02 15:04 . 2009-12-02 15:04 -------- d-----w- c:\program files\Opera
2009-12-02 13:59 . 2009-12-02 13:59 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-01 16:43 . 2009-12-01 16:43 -------- d-----w- c:\program files\Common Files\Skype
2009-12-01 16:43 . 2009-12-01 16:42 -------- d-----r- c:\program files\Skype
2009-11-22 15:25 . 2001-10-25 12:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2009-11-22 15:25 . 2001-10-25 12:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2009-11-21 16:46 . 2004-08-17 13:49 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 01:25 . 2009-07-01 17:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-10 01:25 . 2009-07-01 17:06 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-29 05:48 . 2004-08-17 13:49 663040 ----a-w- c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2009-05-31 . 07DE423FB70EBAC5136677E3956FDBC3 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{95289393-33EA-4F8D-B952-483415B9C955}"= "c:\documents and settings\pepek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-02-10 119808]

[HKEY_CLASSES_ROOT\clsid\{95289393-33ea-4f8d-b952-483415b9c955}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
2009-02-10 14:56 119808 ----a-w- c:\documents and settings\pepek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Google Update"="c:\documents and settings\pepek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-10-14 133104]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-28 13145448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2009-08-19 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13762560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-09 417792]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\pepek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-01-19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-01-19 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-07-02 717296]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 00:26]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 00:26]

2010-01-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-11-19 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-PC Translator - c:\docume~1\pepek\LOCALS~1\Temp\UN32.EXE
AddRemove-QIP 2005 - c:\program files\QIP\unins001.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 20:15
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1044)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-01-21 20:17:18
ComboFix-quarantined-files.txt 2010-01-21 19:17

Před spuštěním: 1,990,086,656
Po spuštění: 1,977,315,328

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 87C27DCC8D188785781E346A7301D326

[JaRon]

prescanuj PC s MBAM

[pejvlic]

díky zkusím to

[pejvlic]

tak nepomohl

[evOKer]

Doporucuju hosta prepsat na toto:-)

# Copyright (c) 1993-1999 Microsoft Corp.
#
# Toto je uk zka souboru HOSTS pou§ˇvan‚ho slu§bou Microsoft TCP/IP for Windows.
#
# Soubor obsahuje mapov nˇ adres IP na n zvy hostitel…. Ka§d  polo§ka
# by mŘla bět na jednom ý dku. Adresa IP by mŘla bět umˇstŘna
# v prvnˇm sloupci a mŘla by bět n sledov na odpovˇdajˇcˇm n zvem hostitele.
# Adresa IP a n zev hostitele by mŘly bět oddŘleny nejm‚nŘ jednou
# mezerou.
#
# Koment ýe (jako napýˇklad tento) lze vkl dat na jednotliv‚ ý dky
# nebo za n zev hostitele, koment ý je urźen znakem '#'.
#
# Pýˇklad:
#
# 102.54.94.97 rhino.acme.com # zdrojově server
# 38.25.63.10 x.acme.com # hostitel klient… x

127.0.0.1 localhost

[evOKer]

nejdulezitejsi je ten spodni radek 127.0.0.1 local host