Witam! Od paru dni mam problemy z wirusem (winmgrd.exe) Robilem to co tutaj http://forum.dobreprogramy.pl/viewtopic … ht=winmgrd

i nie odczuwam poprawy, a wirusa juz niby nie ma. Komputer dalej sie muli, mam zielony ekran a takze wysokie pingi w grach(bardzo sie net muli). Nie wiem co mam robic… nic nie pomoglo tu sa moje logi z combofix i hjt:

Combofix:

ComboFix 07-06-13.3 - C:\Documents and Settings\Admin\Pulpit\ComboFix.exe

“Admin” - 2007-06-17 16:10:45 NTFS [sAFE MODE]

((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))

2007-06-17 15:33 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 15:33

2007-06-17 11:20

2007-06-17 11:14 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-17 11:03 40,960 -r-hs---- C:\WINDOWS\system\msdll.exe

2007-06-17 02:16

2007-06-17 00:13 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-06-17 00:13 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-06-17 00:13 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-06-17 00:13 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-06-17 00:13 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-06-17 00:13 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-06-17 00:13 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-17 00:13

2007-06-17 00:10

2007-06-17 00:10

2007-06-16 23:53 56,448 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2007-06-16 23:52 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-06-16 23:52 24,960 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-06-16 21:40

2007-06-16 21:03

2007-06-16 20:21

2007-06-16 20:08

2007-06-16 20:06

2007-06-16 20:05

2007-06-16 20:04

2007-06-16 20:03 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2007-06-16 20:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2007-06-16 20:02 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

2007-06-16 20:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2007-06-16 20:02 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2007-06-16 20:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2007-06-16 20:00

2007-06-16 20:00

2007-06-16 19:59

2007-06-16 19:59

2007-06-16 19:58 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2007-06-16 19:58 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll

2007-06-16 19:58 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL

2007-06-16 19:58 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL

2007-06-16 19:58 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL

2007-06-16 19:58 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL

2007-06-16 19:58 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe

2007-06-16 19:58 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL

2007-06-16 19:58 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL

2007-06-16 19:58 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll

2007-06-16 19:58 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll

2007-06-16 19:58 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL

2007-06-16 19:58 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL

2007-06-16 19:58 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll

2007-06-16 19:58 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys

2007-06-16 19:58 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll

2007-06-16 19:58 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll

2007-06-16 19:58 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll

2007-06-16 19:58 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys

2007-06-16 19:58 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll

2007-06-16 19:58 1,317,152 --a------ C:\WINDOWS\system32\drivers\lvcm.sys

2007-06-16 19:58 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-06-16 19:58 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll

2007-06-16 19:58

2007-06-16 19:57 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll

2007-06-16 19:57 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll

2007-06-16 19:57 69,504 --a------ C:\WINDOWS\hpoins05.dat

2007-06-16 19:57 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll

2007-06-16 19:57 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL

2007-06-16 19:57 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll

2007-06-16 19:57 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll

2007-06-16 19:57 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll

2007-06-16 19:57 19,696 --------- C:\WINDOWS\hpomdl05.dat

2007-06-16 19:57 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll

2007-06-16 19:57 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll

2007-06-16 19:57 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL

2007-06-16 19:56

2007-06-16 19:55

2007-06-16 19:55

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

2007-06-16 19:47

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-17 09:08:27 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-06-17 09:08:27 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-16 15:59:51 -------- d-----w C:\Program Files\Usługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“AdslTaskBar”=“stmctrl.dll” [2006-06-02 11:01 C:\WINDOWS\system32\stmctrl.dll]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 14:49]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 16:55]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-03 21:05]

“Cmaudio”=“cmicnfg.cpl” []

“LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2005-06-08 15:24]

“LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2005-06-08 15:14]

“HP Software Update”=“c:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2004-09-13 15:49]

“avast!”=“C:\PROGRA~1\Avast4\ashDisp.exe” [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29]

“Steam”=“C:\Program Files\Steam\Steam.exe” [2007-06-16 18:46]

“LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [2005-06-08 14:44]

“staeck122”=“C:\WINDOWS\system32\mfceee.exe” []

[HKEY_USERS.default\software\microsoft\windows\currentversion\runonce]

“^SetupICWDesktop”=

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

“staeck122”=C:\WINDOWS\System32\2.exe

“Windows Service Update”=C:\WINDOWS\System32\mswsgs.exe

((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))

2007-06-16 20:21

2007-06-16 17:57

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-17 09:08:27 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-06-17 09:08:27 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-16 15:59:51 -------- d-----w C:\Program Files\Usługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“AdslTaskBar”=“stmctrl.dll” [2006-06-02 11:01 C:\WINDOWS\system32\stmctrl.dll]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 14:49]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 16:55]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-03 21:05]

“Cmaudio”=“cmicnfg.cpl” []

“LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2005-06-08 15:24]

“LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2005-06-08 15:14]

“HP Software Update”=“c:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2004-09-13 15:49]

“avast!”=“C:\PROGRA~1\Avast4\ashDisp.exe” [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29]

“Steam”=“C:\Program Files\Steam\Steam.exe” [2007-06-16 18:46]

“LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [2005-06-08 14:44]

“staeck122”=“C:\WINDOWS\system32\mfceee.exe” []

[HKEY_USERS.default\software\microsoft\windows\currentversion\runonce]

“^SetupICWDesktop”=

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

“staeck122”=C:\WINDOWS\System32\2.exe

“Windows Service Update”=C:\WINDOWS\System32\mswsgs.exe

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-17 16:12:13

Windows 5.1.2600 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

**************************************************************************

Completion time: 2007-06-17 16:12:30

C:\ComboFix-quarantined-files.txt … 2007-06-17 16:12

— E O F —

HJT:

Logfile of HijackThis v1.99.1

Scan saved at 16:11, on 2007-06-17

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\cmd.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM…\Run: [HP Software Update] “c:\Program Files\HP\HP Software Update\HPWuSchd2.exe”

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU…\Run: [steam] C:\Program Files\Steam\Steam.exe -silent

O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot

O4 - HKCU…\Run: [staeck122] C:\WINDOWS\system32\mfceee.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINDOWS\system\csrrs.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\WINDOWS\System32\FTRTSVC.exe (file missing)

O23 - Service: msdll - Unknown owner - C:\WINDOWS\system\msdll.exe

O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\System32\HPZipm12.exe (file missing)

O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

Jest tu jeszcze cos do poprawy w tych logach? Prosze o pomoc. Pozdrawiam

fenomen popraw posta i obejmij go znacznikami zgodnie z tematami o prawidłowym ich wklejaniu. Inaczej temat wyleci.

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz Windows Time Service i msdll[/b, a pliki ręcznie

Czyszczenie rejestru]RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Skan AVG Anti-Spyware 7.5 po update

Po wszystkim nowy log z Combo