» »

Kako odstraniti Winload.exe...

Kako odstraniti Winload.exe...

vratar ::

XoftSpySE mi je zaznal Winload.exe, katerega pa ne morem nikakor odstraniti. Napiše mi resetiraj računalnik in ko ga resetiram ga ponovno noče odstraniti. Probal sem tudi z Unlockerjem pa tudi ne gre. Pozna mogoče kdo rešitev?

jan01 ::

Probaj izklopnit system restore

Drugače pa: ko te program razočara, posnameš kaj drugega(antispyware programov je za razliko od antivirusnih lahko več na računalniku-priporočljivo)
od plačljivih:avg anti-spyware, webroot spy sweeper, spyware doctor
free:
-avg anti-spyware(po pteeku triala še vedno dela manual scan)
-windows defender
-spyware terminator
- spyware doctor starter edition(dobiš zdaven google pack)
-comodo boclean

Kateri antivirus pa imaš sedaj?
Rabiš še en dober firewall. Od free comodo firewall

Pa pohiti, ker naj bi bil to keylogger(po odstranitvi zamenjaj vsa gesla!

vratar ::

Probaj izklopnit system restore... kako to naredim?

Imam kasperskega in cel kup anti-spyware.

drgač pa hvala za odgovor...:D

kixs ::

Z ERD Commanderjem bi bilo najlazje.

vratar ::

Kje dobim ERD Commander...?

jan01 ::

Desni klik na moj računalnik->lastnosti in tam izberi pravi zavihek...

Daj naredi še scan s hijackthis in ga skopiraj sem.

Zgodovina sprememb…

  • spremenilo: jan01 ()

vratar ::

Jan se ne znajdem sem pravi teleban kar se tiče rač...

kixs ::

ERD Commander je placljiva zadeva... dobis pa ga lahko tudi, ce se znajdes ;)

aprimo ::

Tudi jaz imam isti problem z WINLOAD.EXE.

Pošiljam log od HijackThis...


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:25:22, on 7.8.2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Windows\vVX3000.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\VoipStunt.com\VoipStunt\voipstunt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\programi\Utorrent\utorrent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Klemen\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\voipstunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLV...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6735 bytes

#000000 ::

Če se file noče pobrisat uporabi MoveOnBoot maš free 30 dnevno različico. LP

aprimo ::

Probal z moveonboot, pa ne pusti. Napiše da je dostop zavrnjen.

#000000 ::

Pol probi z ERD comander, tam gre 100%

jan01 ::

Probaj z unlockerjem, po možnosti v safe modu.

aprimo ::

Ne gre tud z unlockerjem.

A je ta file sploh potrebno zbrisat? Če skeniram z spydoctor-jem mi nič ne najde...

Izi ::

Z winload.exe, je treba biti precej pazljiv. Če je file winload.exe v mapi system32, potem je to "OS Loader" in najbolj pomemben sistemski file v windowsih.
Ta file na začetku naloži celoten sistem, če ga ni se Windows ne morejo naložiti. Te datoteke jasno ne moreš zbrisati, ker je rezultat enak kakor, da bi pobrisal celotne Windows in jasno bo sistem na vse pretege branil ta file in onemogočal njegovo brisanje.

winload.exe lajhko brišeš samo če je v kakšni drugi mapi kot Windows\system32. Če je kje drugje gre res verjetno za kakšen virus, tistega v system32 pa se nikakor ne dotikaj.

vratar ::

Tako je, kakor je rekel IZI ne brišite v System32-winload32.exe... Jaz sem pobrisal z Trojan remowerjem in potem sem imel živo sranje. Ni se mi hotel naložiti sistem(VISTA). Rešitev: potrebno je vstaviti CD z VISTO in tam dati opcijo POPRAVI.


Vredno ogleda ...

TemaSporočilaOglediZadnje sporočilo
TemaSporočilaOglediZadnje sporočilo
»

analiza hijack this

Oddelek: Pomoč in nasveti
171941 (1721) klaudija
»

Pomoč! Urgentno - sistem okužen, sesuva se na 10 - 20 min BSOD

Oddelek: Pomoč in nasveti
82272 (1994) ___
»

PC se ob startu ne odziva 10 min ?Disk melje?Virus?

Oddelek: Pomoč in nasveti
202450 (2056) Racunalnik
»

Kopiranje iber počasno

Oddelek: Pomoč in nasveti
162219 (1901) brdi
»

Trojan big problem:(

Oddelek: Strojna oprema
133813 (3606) mini-moris

Več podobnih tem