» »

Trojan big problem:(

mini-moris ::

Pozdravljeni!:))

Bom zacel cisto na zacetku kaj se je zgodilo v mojem kompu vceraj ...... torej okoli 20.30 dobim na messengerju obvestilo da je cimer update-al skupno mapo... torej pogledam notri, vse kot je bilo, ga vprasam, ce je kaj dodal pa pravi, da ni nic... ok pac delam nekaj minut naprej, nakar dozivim blue screen "RQL_NOT_LESS_OR_EQUAL"...
ok se zgodi, sem si sprava mislil, potem pa pri novem zagonu napise, da je geslo napacno v drugo ga sprejme...

ok delam naprej nekja ur, nakar hocem ugasnit racunalnik ter ob ugasanju nov blue screen z identicno napako kot prej "RQL_NOT_LESS_OR_EQUAL", nakar se normalno komp spet zazene, ga skusam ponovno ugasnit spet preklet moder ekran z napako "RQL_NOT_LESS_OR_EQUAL". Dobro dam pregledat racunalnik z ad aware-om z anitivirusom (avast pro4.7) pregledam se z firewall-om (Outpost Pro, kateri ima v sebi spyware protection) nic ni naslo nobene napake nicesar. Nastimam, da pregleda ob naslednjem zagonu boot-search za viruse in trojance , nakar mi napise, da je mapa katero imam v skupni uporabi s cimrom "corupted" ime mape je, prevec cifer nekaj takega "43624187jk344123l342kj234134.........."

torej zacnem danes zjutraj malo raziskovat in ugotovim , da je vec kot ocitno nek Trojanc pri zagonu.
Imam namescene Tune Up Utilities, s katerim sem spremenil welcome screen, ampak mi ne pusti deinstalirat ta welcome screen, zato sem vrgel ven, kar celi program, vendar se ni nic spremenilo (logicno gledano bi moral biti prvoten welcome screen od microsofta pa tudi tema winsow bi morala biti po defalut-u), vendar na zalost je vse tako kot da nisem nic spremenil, ceprav sem tudi v registru zbrisal vse kar je imelo povezavo z Tune Up-om

Imam nasledji sistem OS:Win XP Pro Hp Turion64 (x2-dvo jedrni) ostalo ni tok pomembno kaj se imam, saj ne pri tem problemu

razlogi zakaj sumim da je nek novi trojanec:

1. ob zagonu pri vpisu kode, karkoli vtipkam mi napise napacno geslo v drugo sprejme

2. ne pusti mi izbrisati dolocenih datotek, katere imajo povezavo z welcome screenom ceprav sem vse ugasnil preko commanderja

3. dozivljam blue screen katerih napaka nanasa, da se skusa nekaj povezat na memory

4. pregledano z Trojan shieldom (ta program najde ravno to datoteko vendar nima resitve)

5. pregledano z Hacker Eliminator (tudi najde enako napako venadr je ne morem prekiniti oz ugasniti ali pa nekako odpraviti)

6. med programi ob zagonu winsow imam datoteko , ] Could not terminate process C:\WINDOWS\system32\mshta.exe], katero pa ne morem skenslat da se ugasne ker se ob prekinitvi takoj na novo zazene

7. tudi to imam med programi za zagon in je ne morem skenslat "desktop.ini, User Shell Startup Folder, %ALLUSERSPROFILE%\Start Menu\Programs\Startup\desktop.ini, %ALLUSERSPROFILE%\Start Menu\Programs\Startup\desktop.ini

8. v zagonu je podobna mapa, katera pa je sestavni del winsow, ker sem preveril tudi na starni microsofta,microsofta desktop.ini, Shell Startup Folder, C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini, C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini


Ok tako bom rekel, pregledal sem kar nekaj forumov, pisal na avast, pregledal vse update z microsofta, zagnal v safe modu in skusal odstranit (mi ne pusti niti blizu priti) tko, da na kratko receno se mi bo zmesal ce ne resim tega problema....

Sicer pa hvala vsem kateri boste si vzeli cas ter to prebrali in mi skusali pomagat, kako odstraniti ta problem.... bom sedel ob kompu v pricakovanju cimhitrejsega odgovora lp vsem
Ubuntu, best there is.....

Gwanaroth ::

Poizkusi še s Spybot - Search & Destroy.

O mshta.exe imaš pa tukaj obširno napisano.
Lights often keep secret hypnosis..

amigo_no1 ::

Preveri&popravi disk z orodjem za diske (chkdsk)

in objavi tvoj hijackthis log fajl

mini-moris ::

hello naredil ka je bilo receno zacuda je chkdsk nasel ogromno napak, zato sem ga moral trikrat zagnta da je prisel do konca oz vse napake odpravi... nato pa sem ga zagnal se ob zagonu in sedaj sem samo enkrat vnesel geslo in je delalo prilagam se hijackthis log pred chkdsk

Logfile of HijackThis v1.99.1
Scan saved at 14:01:49, on 14.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Documents and Settings\mini moris\Desktop\HijackThis.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Hacker Eliminator] C:\PROGRA~1\HACKER~1\HACKER~1.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne...
O17 - HKLM\System\CCS\Services\Tcpip\..\{492FFB22-F728-4783-857A-2B976ED0A179}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA7009D1-933E-4E86-BAE2-CA4E38633B5C}: NameServer = 192.168.0.1
O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE


in po tem ko sem ga zagnal veckrat (hijackthisOne)

Logfile of HijackThis v1.99.1
Scan saved at 14:01:49, on 14.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Documents and Settings\mini moris\Desktop\HijackThis.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Hacker Eliminator] C:\PROGRA~1\HACKER~1\HACKER~1.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne...
O17 - HKLM\System\CCS\Services\Tcpip\..\{492FFB22-F728-4783-857A-2B976ED0A179}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA7009D1-933E-4E86-BAE2-CA4E38633B5C}: NameServer = 192.168.0.1
O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
Ubuntu, best there is.....

mini-moris ::

Torej ravno kar ponovno zagnal racunalnik in napak je bila obnovljena torej sem spet na starem ;(( upam da se bo kaj iz logov videlo kaj je napak hvala ze sedaj ne glede na rezultat
Ubuntu, best there is.....

amigo_no1 ::

Tale 2 sta sumljiva:

Hacker Eliminator
O4 - HKLM\..\Run: [Hacker Eliminator] C:\PROGRA~1\HACKER~1\HACKER~1.EXE

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

Kaj je chkdsk počel ?
Firewall imaš vklopljen ?

mini-moris ::

hacker eliminator je program namenjen prepreciti razne podprograme, da se zazenejo in tudi z njim sem odkril napako vendar je nisem mogel odstranit.... chkdsk je pa popravil nekaj indexov to je to PCANGEl pa iskreno ne vem kateri program je....firewall pa je priklopljen in update-an se kak predlog bi bil vesel hvala
Ubuntu, best there is.....

Duhec ::

Svoj HijackThis log file lahko analiziraš TUKAJ !
V 'varnem zagonu z mrežno podporo' preskeniraj komp s kakšnim online scenerjem ala BitDefender. (izbereš 'I agree' , počakaš, da se naloži scener, klikneš na 'Click here to scan' in greš v naravo za kakšni dve uri, ker je proces počasen, a temeljit.

mini-moris ::

Duhec zakon si tocno to mi napise katera datoteka je cudna oz corupted seveda mi spodaj naveden datoteke ne pusti izbrisat bom poskusal kot si rekel v safe mode-u

O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll

sem sedaj tudi testiral s programom RegRun BootLogXP in mi pravi da je file corupted tako da bom sedaj skusal popravit. Napisem kak je bil rezultat hvala se enkrat
Ubuntu, best there is.....

Zgodovina sprememb…

_Sajmon_ ::

Za scan diska lahko uporabiš tudi BART PE (Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD). Gre za poseben winxp bootable cd, ki mu dodas anti-golazen programe. Edino CD bi moral na kakem drugem racunalniku pripravit...

Safe nacin je tudi varianta, sam ne vem, kje se lahko kak trojanc skrije...

Duhec ::

Če sumiš ta fajl mu v varnem zagonu enostavno preimenuj končnico iz DLL v npr. samo DL pa se ob zagonu ne bo aktiviral. Upam, da se ne generira sam.
Drugače še pošlji ta fajl v analizo skupini antivirusnih programov na TA NASLOV.
Klikneš na Browse, si izbereš ta IfxWlxEN.dll , ki se nahaja v C:\WINDOWS\SYSTEM32\ mapi, klikneš na SUBMIT in počakaš, da se analiza 14.ih antivirusnikov izvrši. Včasih kak antivirusnik javi okužbo ampak, če je edini, gre navadno za false pozitiv zadevo.

mini-moris ::

Pozdravljeni!

Vsem skupaj hvala za pomoc na zalost nisem uspel resiti problema:8) in kaj kmalu so mi v zadnjih nekaj urah zaporedoma zaceli progrmai se sami zaganjat in nekateri so se preprosto nehali se odzivat ;(( (recimo wi-fi je nehal delat ceprav je vse bilo nastimano tako z ip-ji kot tudi s kodami ), poleg tega se mi je vmes sesul se nekajkrat z enako napako kot sem jo omenil v zgornjih postih tako, da sem sedaj nalozil oz zagnal backup na tovarniske nastavitve....:) vem da me veliko dela caka, da bo spet vse kot prej vendar kaj cmo takle mamo:D ....

p.s.: nekaj moram se dodat in to je da sem odkril znotraj tega da je neki trojanec Partizan.xxxx ne vem tocne koncnie bil prisoten znotraj datoteke winlogon in ko sem ga skusal odstranit so se tisti trenutek zaporedoma zaceli programi kar sesuvat, poleg tega sem tudi datoteko IfxWlxEN.dll spremenil kot je bilo receno od duhca vendar ni pomagalo na zalost:O ..... iskreno upam, da nismo naletel na kak novi trojanec oz virus....... veliko lepih trenutkov ob kompih brez nezazelenih programckov:D

Hvala vsem lp

minimoris
Ubuntu, best there is.....

Zgodovina sprememb…

amigo_no1 ::

Imaš mogoče HP notebook ?
IfxWlxEN.dll ni virus

http://www.castlecops.com/o20et-i.html

mini-moris ::

hello again torej, da zakljucim temo, da ne ostane kar vse odprto in brez resitve.....

torej vceraj zvecer, sem po tretjem backupu oz recovery-ju, spet testtiral, kaj se dogaja..... ker sem v roku dveh ur po nalozitvi default gonilinkov in vsega poleg ugotovil, da moja draga 64 bitna zverinca, ne podpira skoraj noben gonilnik, kateri so namenjeni tem masinam( da ne pozabim orelepe BLUE SCREEN-E, kar pet jih je blo v stirih urah)... poleg tega, da sem imel navidezno eno particijo, kar prevec in je bila vidna samo znotraj My computer mape, povsod drugje je kazalo, da dela vse lepo in prav....

torej grem danes spet na servis in smo se zadebatiral.... so rekel kaj vse bodo naredil oz bi blo treba naredit( testirat disk, testtirat rame, testirat plato, preverit viruse trojance, potem so rekli da bo treba kao boot popravit vendar, ne bo slo sem sam ze vse postimal), no v glavnem vse to sem jim razlozil, kaj sem in kako naredil, ter s cim testiral in so preprosto rekli nic vec kot ocitno se vidi da sta plata in disk zanic..... blue screene so bili vsi povezani s povezavo, ker gonilniki niso bili kompatibilni.... tak da je bil vceraj problem z logon screeno nic drugega kot pa ne pravi gonilniki....

Da se povem, da sem vse gonilnike downlodal z uradne spletne strani HP in ni nic delal tak, da vsem se enkra hvala za pomoc uzivajte

lp

minimoris
Ubuntu, best there is.....


Vredno ogleda ...

TemaSporočilaOglediZadnje sporočilo
TemaSporočilaOglediZadnje sporočilo
»

problem z odpiranjem strani v IE

Oddelek: Omrežja in internet
25761 (576) bbf
»

problem z računalnikom!!

Oddelek: Pomoč in nasveti
111034 (833) mjk
»

Trojanski konj

Oddelek: Pomoč in nasveti
212590 (2201) KaiCris
»

Težave Firefox-om

Oddelek: Pomoč in nasveti
71095 (968) mikes
»

zajedalski spyware

Oddelek: Operacijski sistemi
211246 (913) hunter01

Več podobnih tem