Witam! Od paru dni mam problemy z wirusem (winmgrd.exe) Robilem to co tutaj http://forum.dobreprogramy.pl/viewtopic … ht=winmgrd
i nie widac poprawy, a wirusa juz niby nie ma. Komputer dalej sie muli, mam zielony ekran a takze wysokie pingi w grach. Nie wiem co mam robic… nic nie pomoglo tu sa moje logi z combofix i hjt:
Combofix:
ComboFix 07-06-13.3 - C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
“Admin” - 2007-06-17 16:10:45 NTFS [sAFE MODE]
((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))
2007-06-17 15:33 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-17 15:33
2007-06-17 15:33
2007-06-17 15:33
2007-06-17 15:33
2007-06-17 15:33
2007-06-17 15:33
2007-06-17 15:33
2007-06-17 11:20
2007-06-17 11:14 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 11:03 40,960 -r-hs---- C:\WINDOWS\system\msdll.exe
2007-06-17 02:16
2007-06-17 00:13 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-06-17 00:13 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-17 00:13 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-17 00:13 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-17 00:13 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-17 00:13 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-17 00:13 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-17 00:13
2007-06-17 00:10
2007-06-17 00:10
2007-06-16 23:53 56,448 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-16 23:52 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-16 23:52 24,960 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-16 21:40
2007-06-16 21:03
2007-06-16 20:21
2007-06-16 20:08
2007-06-16 20:06
2007-06-16 20:05
2007-06-16 20:04
2007-06-16 20:03 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-06-16 20:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-06-16 20:02 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-06-16 20:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-06-16 20:02 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-06-16 20:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-06-16 20:00
2007-06-16 20:00
2007-06-16 19:59
2007-06-16 19:59
2007-06-16 19:58 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-16 19:58 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll
2007-06-16 19:58 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-06-16 19:58 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2007-06-16 19:58 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2007-06-16 19:58 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-06-16 19:58 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2007-06-16 19:58 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2007-06-16 19:58 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2007-06-16 19:58 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll
2007-06-16 19:58 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll
2007-06-16 19:58 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2007-06-16 19:58 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2007-06-16 19:58 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-06-16 19:58 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-06-16 19:58 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2007-06-16 19:58 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-06-16 19:58 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-06-16 19:58 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2007-06-16 19:58 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2007-06-16 19:58 1,317,152 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2007-06-16 19:58 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-06-16 19:58 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-06-16 19:58
2007-06-16 19:57 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
2007-06-16 19:57 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
2007-06-16 19:57 69,504 --a------ C:\WINDOWS\hpoins05.dat
2007-06-16 19:57 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
2007-06-16 19:57 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2007-06-16 19:57 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2007-06-16 19:57 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2007-06-16 19:57 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll
2007-06-16 19:57 19,696 --------- C:\WINDOWS\hpomdl05.dat
2007-06-16 19:57 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll
2007-06-16 19:57 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll
2007-06-16 19:57 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
2007-06-16 19:56
2007-06-16 19:55
2007-06-16 19:55
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
2007-06-16 19:47
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-17 09:08:27 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-17 09:08:27 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-06-16 15:59:51 -------- d-----w C:\Program Files\Usługi online
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“AdslTaskBar”=“stmctrl.dll” [2006-06-02 11:01 C:\WINDOWS\system32\stmctrl.dll]
“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 14:49]
“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 16:55]
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-03 21:05]
“Cmaudio”=“cmicnfg.cpl” []
“LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2005-06-08 15:24]
“LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2005-06-08 15:14]
“HP Software Update”=“c:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2004-09-13 15:49]
“avast!”=“C:\PROGRA~1\Avast4\ashDisp.exe” [2007-04-30 17:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29]
“Steam”=“C:\Program Files\Steam\Steam.exe” [2007-06-16 18:46]
“LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [2005-06-08 14:44]
“staeck122”=“C:\WINDOWS\system32\mfceee.exe” []
[HKEY_USERS.default\software\microsoft\windows\currentversion\runonce]
“^SetupICWDesktop”=
[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“staeck122”=C:\WINDOWS\System32\2.exe
“Windows Service Update”=C:\WINDOWS\System32\mswsgs.exe
((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))
2007-06-16 20:21
2007-06-16 17:57
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-17 09:08:27 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-17 09:08:27 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-06-16 15:59:51 -------- d-----w C:\Program Files\Usługi online
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“AdslTaskBar”=“stmctrl.dll” [2006-06-02 11:01 C:\WINDOWS\system32\stmctrl.dll]
“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 14:49]
“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 16:55]
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-03 21:05]
“Cmaudio”=“cmicnfg.cpl” []
“LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2005-06-08 15:24]
“LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2005-06-08 15:14]
“HP Software Update”=“c:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2004-09-13 15:49]
“avast!”=“C:\PROGRA~1\Avast4\ashDisp.exe” [2007-04-30 17:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29]
“Steam”=“C:\Program Files\Steam\Steam.exe” [2007-06-16 18:46]
“LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [2005-06-08 14:44]
“staeck122”=“C:\WINDOWS\system32\mfceee.exe” []
[HKEY_USERS.default\software\microsoft\windows\currentversion\runonce]
“^SetupICWDesktop”=
[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“staeck122”=C:\WINDOWS\System32\2.exe
“Windows Service Update”=C:\WINDOWS\System32\mswsgs.exe
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 16:12:13
Windows 5.1.2600 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
**************************************************************************
Completion time: 2007-06-17 16:12:30
C:\ComboFix-quarantined-files.txt … 2007-06-17 16:12
— E O F —
HJT:
Logfile of HijackThis v1.99.1
Scan saved at 16:11, on 2007-06-17
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM…\Run: [HP Software Update] “c:\Program Files\HP\HP Software Update\HPWuSchd2.exe”
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU…\Run: [staeck122] C:\WINDOWS\system32\mfceee.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINDOWS\system\csrrs.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\WINDOWS\System32\FTRTSVC.exe (file missing)
O23 - Service: msdll - Unknown owner - C:\WINDOWS\system\msdll.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\System32\HPZipm12.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
Znajduja sie jakies pliki do usuniecia w tych logach?? Prosze o pomoc. Pozdrawiam
Złączono Posta : 17.06.2007 (Nie) 17:51
… i gdy skanuje kompa anty-spywarem ( Spybot - Search&Destroy ). Program wyszukuje mi m.in. takie nazwy: Microsoft.WindowsSecurityCenter.AntyVirusDisableNotify, Microsoft.WindowsSecurityCenter.AntyVirusDisableOverride, Microsoft.WindowsSecurityCenter.AntyVirusDisableFirewallDisabled itp… Po usunieciu tych plikow nadal powracaja…
Złączono Posta : 17.06.2007 (Nie) 19:14
sry za nie przestrzeganie regulaminu