Pridržavajte se na tu temu u Windows OS-a

**Axegrinder** · #1 14 veljača 2008, 09:50

Prema Carbon, ja svibanj imati virus.

Logfile of Trend Micro HijackThis v2.0.2
Skenirajte spremljena u 16:49:26, on 14/02/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Linksys Wireless-G USB Wireless Network Monitor \ WLService.exe
C: \ Program Files \ Linksys Wireless-G USB Wireless Network Monitor \ WUSB54GSv2.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ tsnp2std.exe
C: \ WINDOWS \ vsnp2std.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
C: \ Program Files \ MessengerDiscovery \ MessengerDiscovery Live.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ MSN Messenger \ usnsvc.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WLLoginProxy.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyServer = webcache.virginmedia.com: 3128
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 2.1.1119.1736 \ s wg.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [tsnp2std] C: \ WINDOWS \ tsnp2std.exe
O4 - HKLM \ .. \ Run: [snp2std] C: \ WINDOWS \ vsnp2std.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / StartUp
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Paltalk - (4EAFEF58-EEFA-4116-983D-03B49BCBFFFE) - C: \ Program Files \ Paltalk Messenger \ Paltalk.exe
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (0E5F0222-96B9-11D3-8997-00104BD12D94) (PCPitstop Utility) -- http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: (A90A5822-F108-45AD-8482-9BC8B12DD539) (presudno cpcScan) -- http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (DF780F87-FF2B-4DF8-92D0-73DB16A1543A) (PopCapLoader Object) -- http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (minolovac Zastave klase) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (5DE0FB69-1D9B-48DC-83CC-D71DA02E6BAB): NameServer = 208.67.222.222,208.67.220.220
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C: \ Program Files \ Linksys Wireless-G USB Wireless Network Monitor \ WLService.exe
--
End of file - 7776 bytes

**evilfantasy** · #2 14 veljača 2008, 10:02

Windows greške vezane uz winlogon.exe?

winlogon.exe je proces koji pripada menadžer za prijavu na Windows. Ona obrađuje prijava i odjava postupaka na vašem sustavu. Ovaj program je važan za stabilan i siguran vođenje vaše računalo i ne bi trebao biti svršen.

Ja ne vidim ništa u zapisnik, ali te bi trebao trčanje SUPERAntiSpyware za provjeriti.

**Axegrinder** · #3 14 veljača 2008, 10:38

Pa SAS nije ništa otkriti glavne samo puno praćenje kolačića.

**evilfantasy** · #4 14 veljača 2008, 10:41

Znaš da uvijek mogu kopati dublje.

winlogon.exe je explioted od malware pa mi kao svibanj dobro izgledati.

Molimo, preuzmite Combofix by sUBs jedan od linkova ispod.
(Isprobajte sve tri ako je potrebno)

Važno! Combofix.exe MORA biti spremljene i otrča iz Desktop.

Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc) prije početka Combofix.
Važno! Privremeno onemogućiti tvoj AntiVirus, Skripta za blokiranje i bilo koji protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan.
- Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih.
- Ako tvoj nije na popisu, a vi ne znate kako ga isključiti, molimo pitati.
Upozorenje: Combofix disconnects vašem računalu s Interneta. Se veza automatski obnovljena prije Combofix izvrši njegove vožnji.
Dvaput kliknite combofix.exe i slijedite upute.
- Iz tipkovnice odaberite 1 i pritisnite Enter
Kada završite, on će proizvesti prijava za vas.
Pošta da se prijavite u vaš sljedeći odgovor.

Upozorenje: Ne mouseclick combofix's prozor dok je pokrenut. To svibanj uzrokovati da se štala

Ako Combofix prometuje na poteškoće i prestaje preuranjeno, veza može biti ručno restored by ponovo pokrenuti računalo.
Važno: Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski prije reconnecting na Internet.

----------

Sljedeća post
Combofix log

**Axegrinder** · #5 14 veljača 2008, 14:21

Ups.

Ja sam nešto krivo

Bear with me

**evilfantasy** · #6 14 veljača 2008, 14:35

Ste instalirali Combofix krivu. To mora biti spremljena na desktop.
Molimo učinili.
Otiđite na Početak> Trčanje> kopirajte i zalijepite Combofix / u u okviru i kliknite OK.
Preuzimanje Combofix ravno do Desktop uvesti ozdravljenje utešiti.

Ona je sada predlažemo da instalirate Windows Recovery Console. Konzole za oporavak u sustavu Windows će vam omogućiti da čizma gore u posebnom načinu rada za oporavak koji omogućuje nam da Vam pomoći u slučaju da vaše računalo ima problema nakon pokussala uklanjanje zlonamjernih programa.

Idi na Microsoftovu web stranici ovdje -> http://support.microsoft.com/kb/310994

Odaberite preuzimanje koje je prikladno za svoj operacijski sustav

Preuzmite datoteku i spremite ga kao da je izvorno ime pored ComboFix.exe.

Sada zatvorite sve otvorene prozore i programe.
Drag setup paketa na ComboFix.exe i pustite ga.
Slijedite upute da biste započeli ComboFix a kada zatraži, slažem se s End-User License Agreement instalirati Microsoft Recovery Console.
Kada se završi, dnevnik zove CF_RC.txt će se otvoriti.
Molimo post sadržaja da se prijavite u vaš sljedeći odgovor.

Zahvaljujući Bleeping Računalo za vodič.

Isto tako, ne mislim da je malware.

**Axegrinder** · #7 14 veljača 2008, 15:06

To je?

WindowsXP-KB310994-SP2-Home-Bootdisk-enu.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S
[operating systems]
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Home Edition" / noexecute = OptIn / fastdetect
C: \ CMDCONS \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons

**evilfantasy** · #8 14 veljača 2008, 15:10

Thats to. Te zatim imati instaliran konzolu za oporavak.