z pdfami, blad winlogon.exe i reset kompa

**Posty:** 2691 · przez **Z@K** 15 Paź 2007, 17:25

Witam. Jak probuje wlaczyc PDF'a jakiegos, to wyskakuje blad winlogon.exe i resetuje mi sie komputer.

czy spotkał sie ktos z czyms takim?
prosze o pomoc. pozdrawiam

**Posty:** 3874 · przez **Wojtasgls** 15 Paź 2007, 17:45

Proponuje wrzucic logi do kontroli ewentualnie przeskanowac kompa antiwirem.

**Posty:** 2691 · przez **Z@K** 15 Paź 2007, 17:55

Logfile of HijackThis v1.99.1
Scan saved at 17:55:48, on 2007-10-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\RTHDCPL.EXE
G:\utorrent.exe
F:\Program Files\Last.fm\LastFMHelper.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\DOCUME~1\User\USTAWI~1\Temp\{FBF71E74-BF62-46EE-8F77-154C9076BE3F}\Clear Sidebar.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Tlen.pl\tlen.exe
F:\Program Files\Opera\Opera.exe
F:\WINDOWS\system32\ntvdm.exe
F:\Documents and Settings\User\Moje dokumenty\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/intl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] F:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=102207 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKCU\..\Run: [µTorrent] "G:\utorrent.exe"
O4 - Startup: Sidebar.lnk = F:\Documents and Settings\User\Moje dokumenty\Clear Sidebar.exe
O4 - Startup: Vista-HDMonitor-Windows.lnk = F:\Documents and Settings\User\Moje dokumenty\HD Monitor.exe
O4 - Global Startup: Last.fm Helper.lnk = F:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

log, ale nie wiem co to ma wspolnego z tym problemem.?

**Posty:** 18165 · przez **wojtas** 15 Paź 2007, 18:43

Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg

sciagnij: ATF_Cleaner

http://www.atribune.org/ccount/click.php?id=1
zaznacz
Windows Temp
Temporary internet files
i wcisnij EMPTY SELECTED

skasuj:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/intl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

daj loga z combofixa

**Posty:** 2691 · przez **Z@K** 15 Paź 2007, 19:01

ComboFix 07-10-12.4 - User 2007-10-15 18:59:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.732 [GMT 2:00]
Running from: F:\Documents and Settings\User\Moje dokumenty\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

2007-10-15 18:58 51,200 --a------ F:\WINDOWS\NirCmd.exe
2007-10-14 13:02 <DIR> d-------- F:\Program Files\Winamp
2007-10-13 12:15 <DIR> d-------- F:\Documents and Settings\User\Dane aplikacji\foobar2000
2007-10-07 13:43 <DIR> d-------- F:\Documents and Settings\User\Dane aplikacji\Corel
2007-10-07 13:41 <DIR> d-------- F:\Program Files\Corel
2007-10-07 13:41 <DIR> d-------- F:\Program Files\Common Files\Corel
2007-10-07 11:37 <DIR> d-------- F:\Documents and Settings\User\Dane aplikacji\Apple Computer
2007-10-02 19:00 <DIR> d-------- F:\Program Files\SopCast
2007-09-22 16:49 <DIR> d-------- F:\Program Files\SystemRequirementsLab
2007-09-22 16:49 <DIR> d-------- F:\Documents and Settings\User\SystemRequirementsLab
2007-09-20 16:55 356,352 --a------ F:\WINDOWS\system32\nvudisp.exe
2007-09-20 16:54 356,352 --a------ F:\WINDOWS\system32\NVUNINST.EXE
2007-09-20 15:17 54,784 --a------ F:\WINDOWS\system32\vfwwdm32.dll
2007-09-20 15:17 54,784 --a--c--- F:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-09-20 15:15 <DIR> d-------- F:\WINDOWS\system32\URTTemp
2007-09-20 15:14 <DIR> d-------- F:\Program Files\ATI Technologies
2007-09-20 15:14 307,200 -ra------ F:\WINDOWS\system32\atiiiexx.dll
2007-09-20 15:14 165,888 --a------ F:\WINDOWS\system32\drivers\atinevxx.sys
2007-09-20 15:14 95,617 -ra------ F:\WINDOWS\system32\atiicdxx.dat
2007-09-20 15:14 33,280 --a--c--- F:\WINDOWS\system32\dllcache\ativtmxx.dll
2007-09-20 15:14 33,280 --a------ F:\WINDOWS\system32\ativtmxx.dll
2007-09-20 15:14 15,360 --a------ F:\WINDOWS\system32\drivers\atinmdxx.sys
2007-09-20 15:14 15,360 --a--c--- F:\WINDOWS\system32\dllcache\atinmdxx.sys
2007-09-20 11:25 <DIR> d-------- F:\WINDOWS\nview
2007-09-19 16:41 <DIR> d-------- F:\NVIDIA
2007-09-18 22:33 <DIR> d-------- F:\Program Files\NVidia
2007-09-17 22:36 <DIR> d-------- F:\WINDOWS\NV34123416.TMP
2007-09-15 13:11 <DIR> d-------- F:\Documents and Settings\All Users\Dane aplikacji\Last.fm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 17:01 --------- d-----w F:\Documents and Settings\User\Dane aplikacji\uTorrent
2007-10-15 16:41 --------- d-----w F:\Program Files\Common Files\Adobe
2007-10-13 21:33 --------- d-----w F:\Documents and Settings\User\Dane aplikacji\Skype
2007-10-13 10:16 --------- d-----w F:\Program Files\foobar2000
2007-10-07 11:42 --------- d--h--w F:\Program Files\InstallShield Installation Information
2007-10-07 11:41 --------- d-----w F:\Program Files\Common Files\InstallShield
2007-10-07 09:37 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-09-29 12:39 11,973 ----a-w F:\WINDOWS\system32\drivers\secdrv.sys
2007-09-21 16:40 --------- d-----w F:\Program Files\Last.fm
2007-09-14 15:12 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2007-09-14 15:09 --------- d-----w F:\Program Files\Bonjour
2007-09-14 15:04 --------- d-----w F:\Program Files\Common Files\Macrovision Shared
2007-09-13 20:33 --------- d-----w F:\Program Files\Norton Security Scan
2007-08-31 17:31 --------- d-----w F:\Program Files\Skype
2007-08-31 17:31 --------- d-----w F:\Program Files\Common Files\Skype
2007-08-31 17:31 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-08-31 11:36 --------- d-----w F:\Program Files\BearShare
2007-08-27 21:43 --------- d-----w F:\Program Files\MWSnap
2007-08-24 19:17 --------- d-----w F:\Documents and Settings\User\Dane aplikacji\SideBar
2007-08-23 19:25 --------- d-----w F:\Documents and Settings\User\Dane aplikacji\Media Player Classic
2007-08-23 13:17 --------- d-----w F:\Program Files\DkZ Studio
2007-08-23 12:58 737,280 ----a-w F:\WINDOWS\iun6002.exe
2007-08-23 12:31 --------- d-----w F:\Program Files\KONAMI
2007-08-23 11:47 685,816 ----a-w F:\WINDOWS\system32\drivers\sptd.sys
2007-08-23 10:56 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\NVIDIA
2007-08-22 20:14 --------- d-----w F:\Program Files\Lavalys
2007-08-22 18:37 --------- d-----w F:\Program Files\Microsoft.NET
2007-08-22 18:35 --------- d-----w F:\Program Files\Microsoft Works
2007-08-22 17:02 --------- d-----w F:\Documents and Settings\User\Dane aplikacji\IrfanView
2007-08-22 16:56 --------- d-----w F:\Program Files\IrfanView
2007-08-22 16:34 --------- d-----w F:\Program Files\Tlen.pl
2007-08-22 16:33 --------- d-----w F:\Documents and Settings\User\Dane aplikacji\Tlen.pl
2007-08-22 16:32 --------- d-----w F:\Program Files\Opera
2007-08-22 12:57 --------- d-----w F:\Program Files\CyberLink
2007-08-22 12:57 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2007-08-22 12:56 --------- d-----w F:\Program Files\Common Files\Ahead
2007-08-22 12:56 --------- d-----w F:\Program Files\Ahead
2007-08-22 12:23 --------- d-----w F:\Program Files\VDOTool
2007-08-22 11:42 --------- d-----w F:\Program Files\Realtek
2007-08-22 11:26 315,392 ----a-w F:\WINDOWS\HideWin.exe
2007-08-22 10:53 --------- d-----w F:\Program Files\DIFX
2007-08-22 10:36 --------- d-----w F:\Documents and Settings\User\Dane aplikacji\InstallShield
2007-08-22 10:22 --------- d-----w F:\Program Files\microsoft frontpage
2007-08-22 10:22 --------- d-----w F:\Program Files\K-Lite Codec Pack
2007-08-22 10:22 --------- d-----w F:\Program Files\Java
2007-08-22 10:21 --------- d-----w F:\Program Files\Common Files\Java
2007-08-22 10:20 --------- d-----w F:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 12:08 F:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 F:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="F:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-06-29 06:24]
"CorelDRAW Graphics Suite 11b"="F:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"µTorrent"="G:\utorrent.exe" [2007-08-09 11:09]

F:\Documents and Settings\User\Menu Start\Programy\Autostart\
Sidebar.lnk - F:\Documents and Settings\User\Moje dokumenty\Clear Sidebar.exe [2007-10-06 22:52:49]

F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Last.fm Helper.lnk - F:\Program Files\Last.fm\LastFMHelper.exe [2007-08-24 21:49:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=F:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Last.fm Helper.lnk]
path=F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Last.fm Helper.lnk
backup=F:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
F:\Program Files\VDOTool\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
F:\Program Files\Glass2k\Glass2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
F:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
F:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
"G:\utorrent.exe"

S3 SetupNTGLM7X;SetupNTGLM7X;\??\H:\NTGLM7X.sys
S3 USBSTOR;Sterownik magazynu masowego USB;F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-08-28 19:24:04 F:\WINDOWS\Tasks\Norton Security Scan.job"
- F:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 19:01:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-15 19:02:04
.
--- E O F ---

**Posty:** 18165 · przez **wojtas** 15 Paź 2007, 19:06

czysto

Autor postu otrzymał pochwałę

**Posty:** 2691 · przez **Z@K** 15 Paź 2007, 19:20

thnx, jezeli problem powroci to sie odezwe. Narazie EOT

z pdfami, blad winlogon.exe i reset kompa

z PDFami, blad winlogon.exe i reset kompa

Kto jest na forum