Wolna praca kompa i neta + zielony ekran


(Fenomen K0x) #1

Witam! Od paru dni mam problemy z wirusem (winmgrd.exe) Robilem to co tutaj http://forum.dobreprogramy.pl/viewtopic ... ht=winmgrd

i nie widac poprawy, a wirusa juz niby nie ma. Komputer dalej sie muli, mam zielony ekran a takze wysokie pingi w grach. Nie wiem co mam robic.. nic nie pomoglo tu sa moje logi z combofix i hjt:

Combofix:

ComboFix 07-06-13.3 - C:\Documents and Settings\Admin\Pulpit\ComboFix.exe

"Admin" - 2007-06-17 16:10:45 NTFS [sAFE MODE]

((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))

2007-06-17 15:33 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 11:20

2007-06-17 11:14 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-17 11:03 40,960 -r-hs---- C:\WINDOWS\system\msdll.exe

2007-06-17 02:16

2007-06-17 00:13 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-06-17 00:13 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-06-17 00:13 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-06-17 00:13 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-06-17 00:13 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-06-17 00:13 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-06-17 00:13 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-17 00:13

2007-06-17 00:10

2007-06-17 00:10

2007-06-16 23:53 56,448 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2007-06-16 23:52 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-06-16 23:52 24,960 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-06-16 21:40

2007-06-16 21:03

2007-06-16 20:21

2007-06-16 20:08

2007-06-16 20:06

2007-06-16 20:05

2007-06-16 20:04

2007-06-16 20:03 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2007-06-16 20:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2007-06-16 20:02 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

2007-06-16 20:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2007-06-16 20:02 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2007-06-16 20:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2007-06-16 20:00

2007-06-16 20:00

2007-06-16 19:59

2007-06-16 19:59

2007-06-16 19:58 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2007-06-16 19:58 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll

2007-06-16 19:58 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL

2007-06-16 19:58 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL

2007-06-16 19:58 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL

2007-06-16 19:58 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL

2007-06-16 19:58 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe

2007-06-16 19:58 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL

2007-06-16 19:58 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL

2007-06-16 19:58 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll

2007-06-16 19:58 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll

2007-06-16 19:58 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL

2007-06-16 19:58 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL

2007-06-16 19:58 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll

2007-06-16 19:58 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys

2007-06-16 19:58 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll

2007-06-16 19:58 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll

2007-06-16 19:58 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll

2007-06-16 19:58 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys

2007-06-16 19:58 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll

2007-06-16 19:58 1,317,152 --a------ C:\WINDOWS\system32\drivers\lvcm.sys

2007-06-16 19:58 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-06-16 19:58 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll

2007-06-16 19:58

2007-06-16 19:57 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll

2007-06-16 19:57 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll

2007-06-16 19:57 69,504 --a------ C:\WINDOWS\hpoins05.dat

2007-06-16 19:57 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll

2007-06-16 19:57 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL

2007-06-16 19:57 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll

2007-06-16 19:57 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll

2007-06-16 19:57 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll

2007-06-16 19:57 19,696 --------- C:\WINDOWS\hpomdl05.dat

2007-06-16 19:57 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll

2007-06-16 19:57 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll

2007-06-16 19:57 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL

2007-06-16 19:56

2007-06-16 19:55

2007-06-16 19:55

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-17 09:08:27 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-06-17 09:08:27 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-16 15:59:51 -------- d-----w C:\Program Files\Usługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdslTaskBar"="stmctrl.dll" [2006-06-02 11:01 C:\WINDOWS\system32\stmctrl.dll]

"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49]

"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05]

"Cmaudio"="cmicnfg.cpl" []

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]

"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]

"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]

"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 19:29]

"Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-16 18:46]

"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]

"staeck122"="C:\WINDOWS\system32\mfceee.exe" []

[HKEY_USERS.default\software\microsoft\windows\currentversion\runonce]

"^SetupICWDesktop"=

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

"staeck122"=C:\WINDOWS\System32\2.exe

"Windows Service Update"=C:\WINDOWS\System32\mswsgs.exe

((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))

2007-06-16 20:21

2007-06-16 17:57

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-17 09:08:27 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-06-17 09:08:27 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-16 15:59:51 -------- d-----w C:\Program Files\Usługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdslTaskBar"="stmctrl.dll" [2006-06-02 11:01 C:\WINDOWS\system32\stmctrl.dll]

"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49]

"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05]

"Cmaudio"="cmicnfg.cpl" []

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]

"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]

"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]

"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 19:29]

"Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-16 18:46]

"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]

"staeck122"="C:\WINDOWS\system32\mfceee.exe" []

[HKEY_USERS.default\software\microsoft\windows\currentversion\runonce]

"^SetupICWDesktop"=

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

"staeck122"=C:\WINDOWS\System32\2.exe

"Windows Service Update"=C:\WINDOWS\System32\mswsgs.exe

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-17 16:12:13

Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-17 16:12:30

C:\ComboFix-quarantined-files.txt ... 2007-06-17 16:12

--- E O F ---

HJT:

Logfile of HijackThis v1.99.1

Scan saved at 16:11, on 2007-06-17

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\cmd.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe -silent

O4 - HKCU..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU..\Run: [staeck122] C:\WINDOWS\system32\mfceee.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINDOWS\system\csrrs.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\WINDOWS\System32\FTRTSVC.exe (file missing)

O23 - Service: msdll - Unknown owner - C:\WINDOWS\system\msdll.exe

O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\System32\HPZipm12.exe (file missing)

O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

Znajduja sie jakies pliki do usuniecia w tych logach?? Prosze o pomoc. Pozdrawiam

Złączono Posta : 17.06.2007 (Nie) 17:51

... i gdy skanuje kompa anty-spywarem ( Spybot - Search&Destroy ). Program wyszukuje mi m.in. takie nazwy: Microsoft.WindowsSecurityCenter.AntyVirusDisableNotify, Microsoft.WindowsSecurityCenter.AntyVirusDisableOverride, Microsoft.WindowsSecurityCenter.AntyVirusDisableFirewallDisabled itp.. Po usunieciu tych plikow nadal powracaja...

Złączono Posta : 17.06.2007 (Nie) 19:14

sry za nie przestrzeganie regulaminu :slight_smile:


(qrczak13) #2

Pobierz Windows Worms Doors Cleaner, ustaw znaczki na zielono, Netbios może być na żółto.

Po użyciu narzędzia wymagany jest restart.

Ściągnij The Avenger,

wypakuj > uruchom > Input script manually > klikasz w lupkę > w nowo otwartym oknie wklejasz:

Po wklejeniu > Done > klik na zielone światło > ok i będzie restart. Po restarcie wchodzisz gdzie masz The Avenger i wklejasz raport C:\avenger.txt

Nowy log z combo daj po tym.


(Fenomen K0x) #3

Nowy log/ Chyba pomoglo… Dzieki :wink:

ComboFix 07-06-13.3 - C:\Documents and

Settings\Admin\Pulpit\ComboFix.exe

“Admin” - 2007-06-17 23:28:18 NTFS [sAFE MODE]

((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))

2007-06-17 23:26 60,416 --a------ C:\WINDOWS\system32\drivers\dxsnwbhq.sys

2007-06-17 23:26 413 --a------ C:\avexport.bat

2007-06-17 23:26 336 --a------ C:\reboot.bat

2007-06-17 23:26 19,814 --a------ C:\reboot.exe

2007-06-17 23:26 126,976 --a------ C:\zip.exe

2007-06-17 23:26 1,080 --a------ C:\mjthkfed.bat

2007-06-17 15:33 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 11:20

2007-06-17 11:14 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-17 02:16

2007-06-17 00:13 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-06-17 00:13 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-06-17 00:13 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-06-17 00:13 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-06-17 00:13 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-06-17 00:13 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-06-17 00:13 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-17 00:13

2007-06-17 00:10

2007-06-17 00:10

2007-06-16 23:53 56,448 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2007-06-16 23:52 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-06-16 23:52 24,960 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-06-16 21:40

2007-06-16 21:03

2007-06-16 20:21

2007-06-16 20:08

2007-06-16 20:06

2007-06-16 20:05

2007-06-16 20:04

2007-06-16 20:03 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2007-06-16 20:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2007-06-16 20:02 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

2007-06-16 20:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2007-06-16 20:02 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2007-06-16 20:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2007-06-16 20:00

2007-06-16 20:00

2007-06-16 19:59

2007-06-16 19:59

2007-06-16 19:58 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2007-06-16 19:58 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll

2007-06-16 19:58 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL

2007-06-16 19:58 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL

2007-06-16 19:58 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL

2007-06-16 19:58 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL

2007-06-16 19:58 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe

2007-06-16 19:58 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL

2007-06-16 19:58 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL

2007-06-16 19:58 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll

2007-06-16 19:58 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll

2007-06-16 19:58 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL

2007-06-16 19:58 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL

2007-06-16 19:58 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll

2007-06-16 19:58 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys

2007-06-16 19:58 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll

2007-06-16 19:58 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll

2007-06-16 19:58 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll

2007-06-16 19:58 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys

2007-06-16 19:58 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll

2007-06-16 19:58 1,317,152 --a------ C:\WINDOWS\system32\drivers\lvcm.sys

2007-06-16 19:58 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-06-16 19:58 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll

2007-06-16 19:58

2007-06-16 19:57 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll

2007-06-16 19:57 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll

2007-06-16 19:57 69,504 --a------ C:\WINDOWS\hpoins05.dat

2007-06-16 19:57 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll

2007-06-16 19:57 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL

2007-06-16 19:57 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll

2007-06-16 19:57 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll

2007-06-16 19:57 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll

2007-06-16 19:57 19,696 --------- C:\WINDOWS\hpomdl05.dat

2007-06-16 19:57 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll

2007-06-16 19:57 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll

2007-06-16 19:57 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL

2007-06-16 19:56

2007-06-16 19:55

2007-06-16 19:55

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-17 09:08:27 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-06-17 09:08:27 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-16 15:59:51 -------- d-----w C:\Program Files\Usługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“AdslTaskBar”=“stmctrl.dll” [2006-06-02 11:01 C:\WINDOWS\system32\stmctrl.dll]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 14:49]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 16:55]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-03 21:05]

“Cmaudio”=“cmicnfg.cpl” []

“LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2005-06-08 15:24]

“LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2005-06-08 15:14]

“HP Software Update”=“c:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2004-09-13 15:49]

“avast!”=“C:\PROGRA~1\Avast4\ashDisp.exe” [2007-04-30 17:42]

“rojfikck”=“C:\mjthkfed.bat” [2007-06-17 23:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29]

“Steam”=“C:\Program Files\Steam\Steam.exe” [2007-06-16 18:46]

“LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [2005-06-08 14:44]

“staeck122”=“C:\WINDOWS\system32\mfceee.exe” []

[HKEY_USERS.default\software\microsoft\windows\currentversion\runonce]

“^SetupICWDesktop”=

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-17 23:29:02

Windows 5.1.2600 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ravcxyhb]

“ImagePath”=“System32\drivers\dxsnwbhq.sys”

Completion time: 2007-06-17 23:29:21

C:\ComboFix-quarantined-files.txt … 2007-06-17 23:29

— E O F —


(qrczak13) #4

Uruchom The Avenger > Input script manually > klikasz w lupkę > w nowo otwartym oknie wklejasz:

Po wklejeniu > Done > klik na zielone światło > ok i będzie restart.

Nowy log z combo po tym.


(Fenomen K0x) #5

Nowy log:

ComboFix 07-06-13.3 - C:\Documents and Settings\Admin\Pulpit\ComboFix.exe

“Admin” - 2007-06-18 0:12:12 NTFS [sAFE MODE]

((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))

2007-06-18 00:11 60,416 --a------ C:\WINDOWS\system32\drivers\rqwbxglu.sys

2007-06-18 00:11 197 --a------ C:\avexport.bat

2007-06-18 00:11 126,976 --a------ C:\zip.exe

2007-06-18 00:11 1,080 --a------ C:\kvicnwmq.bat

2007-06-17 15:33 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 11:20

2007-06-17 11:14 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-17 02:16

2007-06-17 00:13 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-06-17 00:13 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-06-17 00:13 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-06-17 00:13 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-06-17 00:13 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-06-17 00:13 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-06-17 00:13 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-17 00:13

2007-06-17 00:10

2007-06-17 00:10

2007-06-16 23:53 56,448 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2007-06-16 23:52 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-06-16 23:52 24,960 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-06-16 21:40

2007-06-16 21:03

2007-06-16 20:21

2007-06-16 20:08

2007-06-16 20:06

2007-06-16 20:05

2007-06-16 20:04

2007-06-16 20:03 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2007-06-16 20:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2007-06-16 20:02 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

2007-06-16 20:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2007-06-16 20:02 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2007-06-16 20:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2007-06-16 20:00

2007-06-16 20:00

2007-06-16 19:59

2007-06-16 19:59

2007-06-16 19:58 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2007-06-16 19:58 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll

2007-06-16 19:58 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL

2007-06-16 19:58 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL

2007-06-16 19:58 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL

2007-06-16 19:58 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL

2007-06-16 19:58 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe

2007-06-16 19:58 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL

2007-06-16 19:58 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL

2007-06-16 19:58 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll

2007-06-16 19:58 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll

2007-06-16 19:58 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL

2007-06-16 19:58 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL

2007-06-16 19:58 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll

2007-06-16 19:58 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys

2007-06-16 19:58 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll

2007-06-16 19:58 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll

2007-06-16 19:58 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll

2007-06-16 19:58 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys

2007-06-16 19:58 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll

2007-06-16 19:58 1,317,152 --a------ C:\WINDOWS\system32\drivers\lvcm.sys

2007-06-16 19:58 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-06-16 19:58 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll

2007-06-16 19:58

2007-06-16 19:57 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll

2007-06-16 19:57 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll

2007-06-16 19:57 69,504 --a------ C:\WINDOWS\hpoins05.dat

2007-06-16 19:57 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll

2007-06-16 19:57 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL

2007-06-16 19:57 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll

2007-06-16 19:57 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll

2007-06-16 19:57 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll

2007-06-16 19:57 19,696 --------- C:\WINDOWS\hpomdl05.dat

2007-06-16 19:57 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll

2007-06-16 19:57 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll

2007-06-16 19:57 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL

2007-06-16 19:56

2007-06-16 19:55

2007-06-16 19:55

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-17 09:08:27 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-06-17 09:08:27 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-16 15:59:51 -------- d-----w C:\Program Files\Usługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“AdslTaskBar”=“stmctrl.dll” [2006-06-02 11:01 C:\WINDOWS\system32\stmctrl.dll]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 14:49]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 16:55]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-03 21:05]

“Cmaudio”=“cmicnfg.cpl” []

“LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2005-06-08 15:24]

“LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2005-06-08 15:14]

“HP Software Update”=“c:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2004-09-13 15:49]

“avast!”=“C:\PROGRA~1\Avast4\ashDisp.exe” [2007-04-30 17:42]

“gwlabcxx”=“C:\kvicnwmq.bat” [2007-06-18 00:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29]

“Steam”=“C:\Program Files\Steam\Steam.exe” [2007-06-16 18:46]

“LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [2005-06-08 14:44]

“staeck122”=“C:\WINDOWS\system32\mfceee.exe” []

[HKEY_USERS.default\software\microsoft\windows\currentversion\runonce]

“^SetupICWDesktop”=

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-18 00:12:54

Windows 5.1.2600 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\gumnbkoh]

“ImagePath”=“System32\drivers\rqwbxglu.sys”

Completion time: 2007-06-18 0:13:10

C:\ComboFix-quarantined-files.txt … 2007-06-18 00:13

— E O F —


(qrczak13) #6

W trybie awaryjnym użyj VundoFix, FixVundo, VirtmundoBeGone

Po tym nowy log z combofix.


(Fenomen K0x) #7

neew loog:

ComboFix 07-06-13.3 - C:\Documents and Settings\Admin\Pulpit\ComboFix.exe

“Admin” - 2007-06-18 9:21:40 NTFS [sAFE MODE]

((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))

2007-06-18 09:12

2007-06-18 08:59

2007-06-18 08:58

2007-06-18 08:50 4 --a------ C:\WINDOWS\system32\AMD Athlon _V1_V1.bin

2007-06-18 08:50

2007-06-18 08:49

2007-06-18 07:51

2007-06-18 07:51

2007-06-17 15:33 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 11:20

2007-06-17 11:14 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-17 02:16

2007-06-17 00:13 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-06-17 00:13 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-06-17 00:13 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-06-17 00:13 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-06-17 00:13 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-06-17 00:13 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-06-17 00:13 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-17 00:13

2007-06-17 00:10

2007-06-17 00:10

2007-06-16 23:53 56,448 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2007-06-16 23:52 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-06-16 23:52 24,960 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-06-16 21:40

2007-06-16 21:03

2007-06-16 20:21

2007-06-16 20:08

2007-06-16 20:06

2007-06-16 20:05

2007-06-16 20:04

2007-06-16 20:03 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2007-06-16 20:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2007-06-16 20:02 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

2007-06-16 20:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2007-06-16 20:02 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2007-06-16 20:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2007-06-16 20:00

2007-06-16 20:00

2007-06-16 19:59

2007-06-16 19:59

2007-06-16 19:58 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2007-06-16 19:58 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll

2007-06-16 19:58 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL

2007-06-16 19:58 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL

2007-06-16 19:58 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL

2007-06-16 19:58 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL

2007-06-16 19:58 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe

2007-06-16 19:58 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL

2007-06-16 19:58 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL

2007-06-16 19:58 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll

2007-06-16 19:58 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll

2007-06-16 19:58 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL

2007-06-16 19:58 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL

2007-06-16 19:58 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll

2007-06-16 19:58 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys

2007-06-16 19:58 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll

2007-06-16 19:58 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll

2007-06-16 19:58 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll

2007-06-16 19:58 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys

2007-06-16 19:58 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll

2007-06-16 19:58 1,317,152 --a------ C:\WINDOWS\system32\drivers\lvcm.sys

2007-06-16 19:58 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-06-16 19:58 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll

2007-06-16 19:58

2007-06-16 19:57 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll

2007-06-16 19:57 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll

2007-06-16 19:57 69,504 --a------ C:\WINDOWS\hpoins05.dat

2007-06-16 19:57 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll

2007-06-16 19:57 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL

2007-06-16 19:57 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll

2007-06-16 19:57 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll

2007-06-16 19:57 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll

2007-06-16 19:57 19,696 --------- C:\WINDOWS\hpomdl05.dat

2007-06-16 19:57 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll

2007-06-16 19:57 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll

2007-06-16 19:57 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL

2007-06-16 19:56

2007-06-16 19:55

2007-06-16 19:55

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-17 09:08:27 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-06-17 09:08:27 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-16 15:59:51 -------- d-----w C:\Program Files\Usługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{F97DA966-F09D-4cab-BF29-75A0026986EA}=C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll [2006-11-12 09:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“AdslTaskBar”=“stmctrl.dll” [2006-06-02 11:01 C:\WINDOWS\system32\stmctrl.dll]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 14:49]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 16:55]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-03 21:05]

“Cmaudio”=“cmicnfg.cpl” []

“LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2005-06-08 15:24]

“LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2005-06-08 15:14]

“HP Software Update”=“c:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2004-09-13 15:49]

“avast!”=“C:\PROGRA~1\Avast4\ashDisp.exe” [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29]

“Steam”=“C:\Program Files\Steam\Steam.exe” [2007-06-16 18:46]

“LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [2005-06-08 14:44]

“staeck122”=“C:\WINDOWS\system32\mfceee.exe” []

[HKEY_USERS.default\software\microsoft\windows\currentversion\runonce]

“^SetupICWDesktop”=

Contents of the ‘Scheduled Tasks’ folder

2007-06-18 07:16:01 C:\WINDOWS\tasks\VundoFix.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-18 09:22:23

Windows 5.1.2600 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-06-18 9:22:39

C:\ComboFix-quarantined-files.txt … 2007-06-18 09:22

— E O F —


(Gutek) #8

Dokończyć skanerami online - Skanery do wyboru

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509