przez Pele 02 Paź 2006, 13:06
wkurza mnie ze te pliki zawsze musze usuwac po wejciu na net bo sie odradzają spowrotem:C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\System32\svcchost.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
teraz są usunięte kil boxem ale jak znowu wejde na net to sie pewnie odrodzą.
daje log
[/code]
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Suek\Pulpit"
((((((((((((((((((((((((((((((( Files Created from 2006-09-02 to 2006-10-02 ))))))))))))))))))))))))))))))))))
2006-10-01 16:43 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-10-01 09:27 0 --a------ C:\WINDOWS\system32\directxclick.exe
2006-09-30 15:14 194,133 --a------ C:\WINDOWS\patcher.exe
2006-09-30 14:53 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-09-30 14:43 89,984 --a------ C:\WINDOWS\system32\drivers\sptd1981.sys
2006-09-30 14:43 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-30 14:06 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-09-28 12:50 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-21 13:28 545 --a------ C:\WINDOWS\UC.PIF
2006-09-21 13:28 545 --a------ C:\WINDOWS\RAR.PIF
2006-09-21 13:28 545 --a------ C:\WINDOWS\PKZIP.PIF
2006-09-21 13:28 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2006-09-21 13:28 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2006-09-21 13:28 545 --a------ C:\WINDOWS\LHA.PIF
2006-09-21 13:28 545 --a------ C:\WINDOWS\ARJ.PIF
2006-09-14 14:43 95,744 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-14 14:43 198,656 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-14 14:43 113,664 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-14 14:36 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2006-09-14 14:35 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2006-09-14 14:32 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-14 14:32 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-09 20:14 162,304 --a------ C:\UNWISE.EXE
2006-09-05 19:28 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-09-05 19:28 45,952 --a------ C:\WINDOWS\system32\drivers\61883.sys
2006-09-05 19:28 35,584 --a------ C:\WINDOWS\system32\drivers\avc.sys
2006-09-03 12:10 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-03 12:10 254,976 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-03 12:10 160,256 --a------ C:\WINDOWS\system32\schedsvc.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-02 12:39 -------- d-------- C:\Program Files\Neostrada TP
2006-10-02 11:32 -------- d-------- C:\Program Files\XnView
2006-10-01 20:53 -------- d---s---- C:\Documents and Settings\Sulek\Dane aplikacji\Microsoft
2006-10-01 16:09 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\SuperAdBlocker.com
2006-10-01 16:08 -------- d-------- C:\Program Files\Common Files
2006-10-01 12:13 -------- d-------- C:\Program Files\eMule
2006-10-01 11:17 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\ArcaBit
2006-10-01 10:39 -------- d-------- C:\Program Files\DAEMON Tools
2006-10-01 09:53 -------- d-------- C:\Program Files\Registry Repair
2006-10-01 09:41 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\GlarySoft
2006-09-30 18:15 -------- d-------- C:\Program Files\Registry Clean Expert
2006-09-30 16:14 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-09-30 14:10 -------- d-------- C:\Program Files\EA SPORTS
2006-09-29 12:38 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-29 12:37 -------- d-------- C:\Program Files\PowerQuest
2006-09-28 20:14 -------- d-------- C:\Program Files\ivo
2006-09-28 20:12 -------- d-------- C:\Program Files\MarBit
2006-09-28 16:18 -------- d-------- C:\Program Files\DOSBox-0.63
2006-09-27 18:21 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Help
2006-09-25 19:29 299 --a------ C:\Documents and Settings\Sulek\Dane aplikacji\internaldb1942.dat
2006-09-25 19:25 48 --a------ C:\Documents and Settings\Sulek\Dane aplikacji\internaldb41.dat
2006-09-25 19:25 23 --a------ C:\Documents and Settings\Sulek\Dane aplikacji\inifile41.ini
2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 17:40 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-09-25 17:40 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-09-25 17:39 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-09-25 17:39 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-09-25 17:37 24560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-09-20 19:46 -------- d-------- C:\Program Files\WinUAE
2006-09-15 12:42 -------- d-------- C:\Program Files\NASA
2006-09-14 20:43 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Google
2006-09-14 20:42 -------- d-------- C:\Program Files\Google
2006-09-14 14:51 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-14 14:46 -------- d-------- C:\Program Files\Windows Media Player
2006-09-14 14:43 -------- d-------- C:\Program Files\Messenger
2006-09-13 17:30 361 --a------ C:\Documents and Settings\Sulek\Dane aplikacji\AutoGK.ini
2006-09-13 14:54 -------- d-------- C:\Program Files\Rockstar Games
2006-09-12 13:38 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Media Player Classic
2006-09-09 19:15 -------- d-------- C:\Program Files\MyGlobalSearch
2006-09-08 15:18 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-07 21:00 -------- d-------- C:\Program Files\MAME32k
2006-09-03 14:55 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-03 14:55 -------- d-------- C:\Program Files\Internet Explorer
2006-09-03 14:55 -------- d-------- C:\Program Files\Common Files\System
2006-09-03 14:46 -------- d-------- C:\Program Files\Outlook Express
2006-09-03 14:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-02 22:49 -------- d-------- C:\Program Files\Lavasoft
2006-09-02 22:49 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Lavasoft
2006-09-02 15:33 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Sun
2006-09-02 15:22 -------- d-------- C:\Program Files\Java
2006-09-02 15:17 -------- d-------- C:\Program Files\Common Files\Java
2006-09-01 13:51 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Macromedia
2006-09-01 12:02 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Windows Live Safety Center
2006-09-01 11:01 -------- d-------- C:\Program Files\NetMeeting
2006-09-01 10:49 0 --a------ C:\WINDOWS\system32\eraseme_12133.exe
2006-08-31 17:02 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\XnView
2006-08-30 20:13 -------- d-------- C:\Program Files\Alcohol Soft
2006-08-30 19:27 -------- d-------- C:\Program Files\Pinnacle
2006-08-30 17:35 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-29 21:50 -------- d-------- C:\Program Files\DkZ Studio
2006-08-29 21:46 737280 --a------ C:\WINDOWS\iun6002.exe
2006-08-29 21:18 -------- d-------- C:\Program Files\KONAMI
2006-08-29 20:37 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Real
2006-08-29 20:36 -------- d-------- C:\Program Files\Real
2006-08-29 20:36 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-29 20:36 -------- d-------- C:\Program Files\Common Files\Real
2006-08-29 20:36 -------- d-------- C:\Program Files\aod
2006-08-29 20:31 -------- d-------- C:\Program Files\BitComet
2006-08-29 19:56 -------- d-------- C:\Program Files\WinRAR
2006-08-29 19:23 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Mozilla
2006-08-29 19:21 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-08-29 19:17 43668 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2006-08-29 19:17 -------- d-------- C:\Program Files\AviSynth 2.5
2006-08-29 19:17 -------- d-------- C:\Program Files\AutoGK
2006-08-29 19:16 -------- d-------- C:\Program Files\Gabest
2006-08-29 19:16 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-29 19:16 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-29 19:15 62 --ahs---- C:\Documents and Settings\Sulek\Dane aplikacji\desktop.ini
2006-08-29 18:59 -------- d-------- C:\Program Files\Gadu-Gadu
2006-08-29 18:50 -------- d-------- C:\Program Files\SAGEM
2006-08-29 18:39 -------- d-------- C:\Program Files\Alwil Software
2006-08-29 18:37 -------- d-------- C:\Program Files\C-Media 3D Audio
2006-08-29 18:31 -------- d-------- C:\Documents and Settings\Sulek\Dane aplikacji\Identities
2006-08-29 18:27 0 -rahs---- C:\MSDOS.SYS
2006-08-29 18:27 0 -rahs---- C:\IO.SYS
2006-08-29 18:27 0 --a------ C:\CONFIG.SYS
2006-08-29 18:27 0 --a------ C:\AUTOEXEC.BAT
2006-08-29 18:27 -------- d-------- C:\Program Files\xerox
2006-08-29 18:27 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-29 18:25 -------- d-------- C:\Program Files\Movie Maker
2006-08-29 18:24 -------- d-------- C:\Program Files\Common Files\Services
2006-08-29 18:24 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-29 18:23 -------- d-------- C:\Program Files\Windows NT
2006-08-29 18:23 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-29 18:23 -------- d-------- C:\Program Files\MSN
2006-08-29 18:23 -------- d-------- C:\Program Files\ComPlus Applications
2006-07-18 14:41 1019094 -rahs---- C:\Program Files\serial.zip
2006-07-18 14:41 1019094 -rahs---- C:\Program Files\serial.tde
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"WooCnxMon"="C:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"
"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"
"TkBellExe"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Moja bieżąca strona główna"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
Completion time: 2006-10-02 12:41:53.63
ComboFix.txt
Piotr
