smitfraud-c.coreservice (Vyřešeno) Vyřešeno

[m4rt!n]

nemam jeste zkusit ten smitfraudfix po tom co jsem odinstaloval spybota a vypnul rezidentni stity v mcafee?

[Reklama]

[Baron Prášil]

toto najdi a smaž
C:\Users\m4rt!n\SR.vbs

a řekni,co problém?

[m4rt!n]

tak jsem to smazal a okno porad vyskakuje

[m4rt!n]

ten soubor jak jsem mel smazat vytvari jedna z tech cisticich utilit myslim pac jsem je jeste znova pouzival a vytvoril se tam znova. pomalu zacinam premyslet o reinstalu. nasel jsem jak nekdo resil stejny problem ale nejak si na to netroufam, kdyby ti to nejak pomohlo: http://www.geekstogo.com/forum/Smitfrau ... 85424.html
jinak ten smejd je podle me tady C:\Windows\system32\drivers\core.cache.dsk akorat to nejde smazat.

[Baron Prášil]

je třeba spouštět combofix s admin.účtu. takže ho udělej ještě jednou.

[m4rt!n]

to bych rekl ze jsem delal, ale zkusim to jeste jednou, je potreba pouzit tcleaner nebo ccleaner predtim?
ps: diky za pomoc

[Baron Prášil]

ne,použij T-Cleaner smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

combo jsi spouštěl s usera

[m4rt!n]

dal jsem spustiti jako spravce, tak doufam ze uz to bude v poradku.

ComboFix 08-03-26.1 - m4rt!n 2008-03-27 17:36:15.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.1235 [GMT 1:00]
Running from: C:\Users\m4rt!n\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 16:28 241 ----a-w C:\Users\m4rt!n\SR.vbs
2008-03-27 16:19 --------- d-----w C:\Program Files\SysMetrix
2008-03-26 19:18 91,614 ----a-w C:\Users\m4rt!n\AppData\Roaming\nvModes.dat
2008-03-25 23:34 167,545 ----a-w C:\Windows\system32\drivers\core.cache.dsk
2008-03-25 23:15 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-25 23:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-25 16:53 --------- d-----w C:\Program Files\CCleaner
2008-03-22 23:32 --------- d-----w C:\ProgramData\Test Drive Unlimited
2008-03-16 18:29 --------- d-----w C:\Program Files\Webteh
2008-03-12 19:57 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 19:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-12 10:34 --------- d-----w C:\ProgramData\PowerDesigner 12
2008-03-12 10:32 --------- d-----w C:\Program Files\Sybase
2008-03-12 08:51 --------- d-----w C:\Program Files\BitLord
2008-03-11 21:43 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-11 21:06 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\ICQ
2008-03-09 10:25 --------- d-----w C:\Program Files\TC UP
2008-03-09 09:18 --------- d-----w C:\ProgramData\FLEXnet
2008-03-08 13:33 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\HEXelon
2008-03-08 13:21 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\GHISLER
2008-03-02 17:12 --------- d-----w C:\Program Files\ICQ6
2008-03-02 16:51 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-02 14:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-02 14:26 --------- d-----w C:\ProgramData\ALM
2008-03-02 14:21 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\Adobe Fireworks CS3
2008-03-02 14:15 --------- d-----w C:\Program Files\QuickTime
2008-03-02 14:02 --------- d-----w C:\Program Files\Bonjour
2008-03-02 13:56 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-26 05:49 --------- d-----w C:\Program Files\McAfee
2008-02-22 20:59 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\teamspeak2
2008-02-22 20:59 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-02-14 22:34 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 22:32 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-14 22:32 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-14 22:32 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-14 22:32 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-14 22:32 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-14 22:32 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-14 22:32 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-14 22:32 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-14 22:29 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 22:29 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 22:29 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 22:29 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 22:29 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 22:29 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 22:29 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 22:28 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 22:28 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 22:28 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 22:28 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 22:26 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-06 08:51 171,400 ----a-w C:\Windows\system32\drivers\mfehidk.sys
2008-02-02 20:43 --------- d-----w C:\Program Files\MSI
2008-02-02 20:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 20:15 --------- d-----w C:\Program Files\AVEO
2008-02-02 20:13 --------- d-----w C:\Program Files\System Control Manager
2008-02-02 14:36 --------- d-----w C:\ProgramData\McAfee
2008-02-02 14:34 --------- d-----w C:\Program Files\McAfee.com
2008-02-02 14:34 --------- d-----w C:\Program Files\Common Files\McAfee
2008-02-02 14:18 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\Application Data
2007-10-25 10:49 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-11-30 15:53 1266936]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"PMCRemote"="" []
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 08:15 109640]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-25 11:33 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-20 05:21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-20 05:21 8462336]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-20 05:21 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 12:26 4702208 C:\Windows\RtHDVCpl.exe]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"PinnacleDriverCheck"="C:\Windows\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [2007-09-07 15:38 561152]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 08:46 624248]
"Adobe_ID0EZEHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-04-27 14:31 1884160]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2006-02-25 21:09 2637824]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{6189D1A9-43D1-4264-8877-FD2720D1B824}C:\\program files\\msi\\i-speeder\\i-speeder.exe"= UDP:C:\program files\msi\i-speeder\i-speeder.exe:i-Speeder
"UDP Query User{7D97FD54-E7C1-44E3-B854-08EAE1BF4BF8}C:\\program files\\msi\\i-speeder\\i-speeder.exe"= TCP:C:\program files\msi\i-speeder\i-speeder.exe:i-Speeder
"TCP Query User{204B0C8E-4EDA-453D-805B-99D958ECB297}C:\\program files\\valve\\steam\\steam.exe"= UDP:C:\program files\valve\steam\steam.exe:Steam
"UDP Query User{CFF21D79-D1B9-4260-BC07-1ECF18A0A2C0}C:\\program files\\valve\\steam\\steam.exe"= TCP:C:\program files\valve\steam\steam.exe:Steam
"TCP Query User{83F75589-1E4A-4286-A51D-DCBF33CFA2BA}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"UDP Query User{72BFDD55-E901-4C01-9FEB-55F46ADB158B}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"TCP Query User{FA8DC94C-BB9A-454F-8DDD-10F6635ECC5B}C:\\program files\\totalcmd\\totalcmd.exe"= UDP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{6F4BE418-CA78-48AF-A102-15956592B558}C:\\program files\\totalcmd\\totalcmd.exe"= TCP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{4120E0E1-8B98-4844-82C0-52236EF937B7}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{81375C28-A5C9-4507-9533-97CA993049FE}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"{3A11881C-73F3-4802-B76F-B25FE0885F3E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{89060870-C5EA-4DA8-B741-5C41A5979B74}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5A8AD111-B947-4A30-B0FA-A5B350B5EAFF}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"UDP Query User{CBE961BB-7D12-40EB-9972-CE21BE8EE587}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"TCP Query User{A1A184F4-3C9E-4058-9851-282D38D444ED}C:\\program files\\totalcmd\\totalcmd.exe"= UDP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{8E2C56B0-D046-465D-8861-AFC3EF4F040B}C:\\program files\\totalcmd\\totalcmd.exe"= TCP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"{8D36F227-C505-4980-8C01-7E3CD33A6278}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{7A52920B-EEF9-49C5-AA53-95352C7340F6}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"TCP Query User{CFDB45BD-20C8-4326-9009-B7ADEA96FFA9}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{51B767A6-F7AA-4B35-9C1C-3FF04E73B5D9}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{06B60C9F-D955-4DA4-BC32-FA5A183000A2}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{7F803385-B460-4080-B13C-74F472873A51}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{981AC18B-8FF9-4A3E-97A0-35FDA5B4526C}C:\\users\\m4rt!n\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\m4rt!n\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{8A04E9A8-6C48-4AF9-B2C3-4E9CDE911754}C:\\users\\m4rt!n\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\m4rt!n\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{9F789893-CA8B-489C-B290-8CAC8E4F27AE}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{4AEF3662-1420-47B2-AF21-88CF70BE6629}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{2B62B25F-41DD-4EA9-B948-C0630A28F9B0}"= UDP:990:LocalSubnet:LocalSubnet|IF={4DE0BB10-CD63-4744-9CE8-63104EB86B73}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{853D7F83-696E-4D19-84CC-1162F65DDCCD}C:\\program files\\pinnacle\\mediacenter\\pmc.exe"= UDP:C:\program files\pinnacle\mediacenter\pmc.exe:
"UDP Query User{40E6AAF7-9632-4EA5-B539-C907FF6903C0}C:\\program files\\pinnacle\\mediacenter\\pmc.exe"= TCP:C:\program files\pinnacle\mediacenter\pmc.exe:
"TCP Query User{5605E4F1-5299-4B5C-9378-A079E97AA3F0}C:\\program files\\pinnacle\\mediacenter\\psst.exe"= UDP:C:\program files\pinnacle\mediacenter\psst.exe:PSST
"UDP Query User{3EDAE4D6-4183-433D-853D-85FCC02AC5DF}C:\\program files\\pinnacle\\mediacenter\\psst.exe"= TCP:C:\program files\pinnacle\mediacenter\psst.exe:PSST
"TCP Query User{2215FF54-662E-4A22-BA07-C60A81912C8D}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{FA00D41B-4A6A-42A8-AB98-DBB7661BBAFE}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{1F645A3B-2D23-41DB-BC1D-82BE00C2DBC8}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{5AC0E380-88B4-449C-968E-36B51DD4F18B}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"{6F81AF91-5BE1-4E70-A70D-FA4DEFF5B49E}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{8F15EFA2-25E4-4998-BF1A-8A432264403C}"= UDP:3703:Adobe Version Cue CS3 Server
"{51DEE834-321A-4B7C-A267-AFB04F312A09}"= UDP:3704:Adobe Version Cue CS3 Server
"{BE35843E-D729-43BA-9218-1BD1FB63DFD8}"= UDP:50900:Adobe Version Cue CS3 Server
"{3B04D65E-2E5C-4F48-A775-86FB969CA919}"= UDP:50901:Adobe Version Cue CS3 Server
"{7EE50972-B292-45E7-B1FA-1EE7C46D534C}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{8BD2DEA1-B90F-4B4B-B0B4-3FEED2BFDC8E}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys [2007-06-01 18:29]
R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2007-10-25 11:35]
R1 VD_FileDisk;VD_FileDisk;C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 14:00]
R2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [2007-08-23 14:37]
R2 RapiMgr;Připojení zařízení se systémem Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55]
R2 WcesComm;Připojení zařízení se systémem Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 09:26]
R3 MGHwCtrl;MGHwCtrl;C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 05:21]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-11 20:39]
S3 USB28xxBGA;PCTV 320e Device;C:\Windows\system32\DRIVERS\emBDA.sys [2007-08-07 13:39]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-08-07 13:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.
Contents of the 'Scheduled Tasks' folder
"2008-03-26 18:26:47 C:\Windows\Tasks\At1.job"
- C:\Users\m4rt!n\Desktop\Look2Me-Destroyer.exe
"2008-03-26 18:26:47 C:\Windows\Tasks\At2.job"
- C:\Users\m4rt!n\Desktop\Look2Me-Destroyer.exe
"2008-03-15 01:19:22 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-01 00:00:45 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-03-26 16:24:30 C:\Windows\Tasks\User_Feed_Synchronization-{BD5604EC-C3CF-43BD-81AD-3E6CC3469406}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 17:44:14
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
.
**************************************************************************
.
Completion time: 2008-03-27 17:48:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-27 16:47:55
Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.
Syst‚m nem…§e nal‚zt text zpr vy źˇslo 0x2379 v˙souboru zpr v pro Application.
.
2008-03-26 16:27:32 --- E O F ---

[Baron Prášil]

použij superantispyware
Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

[m4rt!n]

jdu na to

[m4rt!n]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/27/2008 at 08:22 PM

Application Version : 4.0.1154

Core Rules Database Version : 3426
Trace Rules Database Version: 1418

Scan type : Complete Scan
Total Scan Time : 00:33:16

Memory items scanned : 739
Memory threats detected : 0
Registry items scanned : 7082
Registry threats detected : 0
File items scanned : 25251
File threats detected : 4

Adware.Tracking Cookie
C:\Users\m4rt!n\AppData\Roaming\Microsoft\Windows\Cookies\m4rt!n@www.getstats[1].txt
C:\Users\m4rt!n\AppData\Roaming\Microsoft\Windows\Cookies\m4rt!n@partypoker[1].txt

RootKit.TnCore/Trace
C:\Windows\system32\drivers\core.cache.dsk

Trojan.Unclassified-Packed/Suspicious
C:\PROGRAM FILES\TC UP\PLUGINS\LIBRARY\TCUPSHELLEXT.DLL

[Baron Prášil]

použij avenger dle návodu tady http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35

a skript

Kód: Vybrat vše

Files to delete:
C:\Windows\system32\drivers\core.cache.dsk
C:\Users\m4rt!n\AppData\Roaming\Microsoft\Windows\Cookies\m4rt!n@www.getstats[1].txt
C:\Users\m4rt!n\AppData\Roaming\Microsoft\Windows\Cookies\m4rt!n@partypoker[1].txt

pošli log z avengera

toto C:\PROGRAM FILES\TC UP\PLUGINS\LIBRARY\TCUPSHELLEXT.DLL
nech zkontrolovat tady http://www.virustotal.com/flash/index_en.html
nepoužívej "Procházet" ale vlož do okna celou cestu,tučně označenou,k souboru metodou Ctrl+C > Ctrl+V

//Stáhni si Suspicious File Packer
Rozbal ho a spusť ho (soubor sfp.exe)
Do okna které se ti zobrazí zkopíruj a vlož tento tučně označený text:
C:\Windows\system32\drivers\arcc.sys
pak klikni na tlačítko Continue
Program se ti přepne do druhého okna Step2: Create archive
Zavři program.
Na ploše se ti vytvoří soubor requested-files[2007-07-30_HH_MM].cab (místo 2007-07-30 budeš mít aktuální datum a kde HH - hodina a MM minuty)

Pokud se ti daný soubor vytvoří zabal ho např. do zipu a vlož ho ke svému příspěvku jako přílohu.