Jump to content

cTreamer

Member
  • Posts

    27
  • Joined

  • Last visited

  • Donations

    0.00 USD 
  • Country

    Germany

Everything posted by cTreamer

  1. As I sad I've Installed SP1 32-bit but none further Updates,Hotfixes and so on.Yes I've had Immediatly downloaded the LATEST VERSION and it doesn't start as click on it. Now I have another Problems Se7en_UA 6.5.7 after clicking on it some 7 seconds later it shows me first Dialog Box: I rename Appswitch.new file as required to Appswitch.dat file and click on it once more.So now it droped to me an second Dialog Box: Now it shows me some Error Why???????????????? Same issue also with Se7en_UA 6.5.8 version. There is no newer version right !! What is now the Problem I don't understand.
  2. As I sad I've Installed SP1 32-bit but none further Updates,Hotfixes and so on.Yes I've had Immediatly downloaded the LATEST VERSION and it doesn't start as click on it. Now I have another Problems Se7en_UA 6.5.7 after clicking on it some 7 seconds later it shows me first Dialog Box: I rename Appswitch.new file as required to Appswitch.dat file and click on it once more.So now it droped to me an second Dialog Box:
  3. As I sad I've Installed SP1 32-bit but none further Updates,Hotfixes and so on.Yes I've had Immediatly downloaded the LATEST VERSION and it doesn't start as click on it.
  4. Yes I Know,I did so at First I've Installed to C:\ and it didn't start. Than Deinstalled and Installed into my H:\Slipstream Windows AiO Folder and again mouse click on it 1-2 Seconds wait and it doesen't start again.Right Mouse Click and Run As Administrator was First what I've tried that I thought maybe could work. So it also doesen't work.Now I've installed Win 7 SP1 32-Bit but none further Post-Updates.How can I Fix this Problem???? Thank You Forwards cTreamer
  5. Hi I've Downloaded Today Se7en_UA 6.5.5 to My Slipstream Work Folder and than extracted it with 7Zip 9.20RC and than startup the Setup.I've installed it to C:\Se7en_UA and to my H:\Slipstream Folder without spaces.So now just normal with mouse I click on it and it doesen't Start. So WHY? My System: ASrock 890FX Deluxe5 AM3+ Motherboard AMD Phenom II 955 3.2Ghz BE C3 Stepping Boxed G.SKILL Ripjaws X DDR3 Ram 1866Mgz 11-10-10-28 2x4Gb MSI Raden R6970 Lightning Windows 7 Enterprise 32 Bit RTM Retail German(I am from Germany) None Service Packs None Updates Installed I have also Probelm Installing Win 7 32 Bit SP1 for Now some component during Installation is not completly downloaded Windows6.1KBXXXXXXXXX? What is this I don't understand. Thank You Forwards cTreamer
  6. Yes at me similar Problems. I've installed my Own Windows XP again and gonna scan again all 3 Partitions. So that for I hope this time I gonna get from Symantec Norton 360 v2.5 only False-Positives not such like Infected Win32.Virut.U or N or whatever. When is Symantec doing its Job well so I think gonna finally have success after 3 Months since October 2008. I wanna be just a quite sure you know and not to early say Ha Ha HA-He He He and this Bastard was still hidden in some EXE or DLL laughing to me that I haven't DEFEATED-DESTROYED him you know. I think I am very near to get out it of my System-Computer so till that nice Moment little bit of Passion is needed. I gonna Post again as earlier I can, if I had 100% Success or just Not you know. I have detected on the www.malwarebytes.org-Forum during my Searchings Actions in Google&Co some Person who has also same Problem and nobody had right answer for him, I've gave him a link to my Thread at msfn.org and sad that we have Resolution for him. So that's Great when somebody can help another one so you helped me and I am helping now the others as much I can. Greetings cTreamer
  7. Now it is working some another Norton, but it not matter I've updated the New Virus Definitions over 60MByte so I think that W32.VIRUT.CF dat is also on Board. So Now I am Scanning&Deleting&Quarantining and so on untill I have cleaned up all Infected Setup's and Msi's and simillar files. So at a first success gonna Post immediatly that winlogon.exe is no more connecting and downloading, till that very long hard way for me to go. Good Luck to All !!! Greetings cTreamer
  8. jellyhead: I have got Problems to install Symantec Endpoint Protection v11.0, each time I get a following Message in some small frame: Do you know why???
  9. So Itaka29 you are Welcome. As much user with same Problem, the better can be Resolution of some Problem. That for I think it's good that I've opened this discussion and should be spreaden to the other Forums. We have to make a Pressure on Security Software Firms that they should open theirs "Eyes" because time has changed and Cyber Criminals also with theirs Methods. People have no Time to wait over 3-Months and breaking theirs heads as just like me you know AntiVirus Firms should React faster and working with Goverement Specalists together(FBI,CIA,NSA). Over three Months ago I have detected this Problem you know, AntiVirus Firms are first now discovering and giving a Names to this threat. Are they are "Sleeping or What" lazy Manufactures. I am Scanning my Computer now Day-Night untill I have founded that small bastard. So Good Luck and thanks for your infos !!! Greetings cTreamer
  10. Kell: Yes of caurse is LEGALL. I've bough it on : www.sienersoft.de. This is very big Software Reseller here in Germany. I can this Reseller from some Computer Magazine. So that for I have paid 260 Euros 2003 with Original Microsoft Hologram on it and mine own Licence. So when I want to SlipStream something I make copy from Original CD XP Pro on the Harddisc and include all that files that I wanna Updates,AddonsPacks,Tunings,Tweaks ,SP3 so on. I know such Problems I am very carefully when I download something exactly because of it I con not understand what have I downloaded wrong with this BOT-NET Sever binary inside of it. I think it's enough for your Question to make short Kell !!! jellyhead: First I thought I can resolve this Problem only with IP blocking. So I've done it the IP:58.65.234.90 in mine Hardware Firewall Router is blocked to all 65535 Ports Local and Remote. After that I thought oh thanks God I've resolved this Problem. Ha Ha Ha after some days of no more connecting winlogon.exe to all Crap, this BOT-NET Server binary has recognised that I have blocked IP 58.65.234.90 . That for it has changed the IP for infecting and my winlogon.exe is connecting now to IP:61.235.117.80 also in Hong Kong. I just wanna say that I am wondering that such small binary is so Intelligent to recognise all this you know. This is an example that behind of all such binaries are sitting Professional Cyber Criminals and IT Specialists-Hackers with very lot of skills over 150%. jellyhead: I gonna try now with that what you sad Symantec Endpoint Protection. Scan all my Partitions and hope that this Anti Virus find this injected binary. I have another Question on which Partition did find Symantec Endpoint Protection this hidden file on C: (BootSector) or your normal Partitions(Software,Music,Video). And was it injected into some EXE,DLL,SETUP,MSI,COM,SYS,INI,INF,DAT,REG files what has shown you your AntiVirus where was hidden that Main Infector of winlogon.exe. Thanks for your infos!!! Jobe111 have you somehow Resolve your Problem(Our Problem)??? Glaukus what you mean with that McAfee EXTRA.DAT files, the virus Database of Mcaffe or what. How are your Experience now after some days of Testing EXTRA.DAT definitions??? I have launched Stinger ,but it is making to many Heuristic for files that are even not infected. So which version has McAfee Provided to you??? I have Avert Stinger v10.0.0.482 and yours is newer one or not. As you can see now we are a 4 Persons who have this difficult Problem. So that one whoes first succesfully DEFEATS and DESTROYS this Problem ,should also make some Screenshots so that other can also follow the right way you know. Thanks a lot for Helping ! Greetings cTreamer
  11. Yeah but in this Case things are more Difficult. There is not only a RootKit you know, a BOT-NET Server which is himself injected into other files and the RootKit for it is only hiding its Residence in DDR-Ram so that user can't see how is it manipulating winlogon.exe. I gonna check up some Setup and Msi Installations that I've downloaded maybe there is it hidden. I have all Legal Software you know, how is it Possible that very known Software Freeware-Shareware getting downloaded that before has been already Manipulated and putten on the Server. Are these Hackers Intruding into Web Servers from all around a world and injecting BOT-NET Binaries into the Setup Installations??? Are these Web Provider-Owner,Computer Magazines,Freeware Sites,Open Source BLIND or what!!! Does they controll theirs FTP-WEB Servers to see if there some Programms-Software been Manipulated. Now aday you can not trusting even a Legall sites you know. It's a Big Catastrophe and Shame for all Security Labors-Centers how few knowledge they have got and can not Analyze even some small file to find out where from is it comming you know. I hope that Glaukus has some Resolution about this and his McAfee is going to make a very good Tool against this binaries. I am wishing Good Luck for all 3 us!!! cTreamer
  12. How do you mean Glaukus??? Is that something like small Anti Bot-NET Tool or what. I mean you must say to your McAfee Specialists that they should make this Anti-Tool in way that it's not only deleting the "Second Step,Third Step" as I mentioned above. That should also find and delete the Mother of this Night Mare "Step Number One" BOT-NET Server binary that's in some .Setup or .Msi probably hidden. jobe111: How did you mean that with PDF Reader Foxit Free Edition???. Was it already Manipulated as like Trojan Dropper or so. I don't know if this McAfee small Utility gonna help us 3. Waiting now for Results from Glaukus and than we gonna look further. cTreamer
  13. Exactly this have I done already on my other Computer-Notebook, with same own SlipStreamed XP Pro SP3+AiO. I'd got same Symptoms on my Notebook in other Room untill I decided to bring Notebook near to me some Computer Technic Services you know. I don't know what he has done and how, he has Installed another XP Home from other CD and make a scan with G-Data AntiVirus 2008. Over 5000 infections he has find what normally was I think that G-Data AntiVirus has also Deleted but Unattended that BOT-NET Server binary in these 5000 files you know.So Notebook has now a Peace winlogon.exe is not connecting any more and all this stuff in Task Manager. So but when I for example would now again Install XP from my own CD I am not sure if the Notebook gonna have same Problems or not you know. I mean if G-Data Soft did really find and deleted that Bastard BOT-NET Server binary whatever Windows versions Now would I install there should be no Problems any more. So probably is that BOT-NET Server also Hacking some Windows System files before ISO Image is maden and Burnned on CD. Greetings cTreamer
  14. jobe111: Yes of caurse I hate this things like Insects and Parasits. So the Biggest Problem is what we all 3 have(cTreamer,Glaukus,Jobe111) is to find in all our normal Partitions (Excluded C:) where is that somebody or somehing hidden. Because that somebody or something is exactly that one connecting to IRC-Channel on Port:80 and downloads the "Final Executor" this small file called 0032.exe or 0032.exePING. So that for first we must DEFEAT that hidden file or files, so after that when "the Mother dies the Children are dying Automatically". I mean Guilty is not directly 0032.exe file that is infecting all Windows System Services one after one inclusivly winlogon.exe, Guilty is that one which is downloading at first from Hog Kong IP Aresses all this Dangerous TROJANS,WORMS,VIRUSES,SPYWARE,MALWARE&Co and it's Normally after that when you have got some 0032.exe -TROJANS&Co in your Computer that they are Manipulating-Infecting Windows OS. Look at this screenshot that aprove that this file belongs to Most Agressive Binaries and is Recognised only by its MD5-Hash Algorytm even Name haven't got this file because Experts don't know which VIRUS,TROJANS&Co are inside of this file. Here are I think we have to do in this Case with Most Dangerous BOTNET-ZOMBIES infections, our Computers are commanding other Peoples-Hackers.This 58.65.234.90 IP in Hong Kong is Residence Palace of Hackers from here out they are sending Commands into this hidden file-files in our Partitions. So from the other IP 61.235.117.80 other ISP are getting finally files donwloaded as like 0032.exe or 0032.exePING. And this 0032.exe file or something like this is finaly downloading all that Crap TROJANS,VIRUSES,ROOTKITS,WORMS,SPYWARE&Co. So we have here I think 3 Main Steps before there Appears some VIRUS,TROJAN&Co in any Task Manager. But Most Dangerous of all 3 Steps is "Step Number One" this unknow-hidden Bot-Net Program so called "BOT-NET Server" and this is what is Responsible for all Night Mares. Short sad we must delete that hidden file that gives Hackers from all Around a World Access to our Computers turning these into ZOMBIE-Computers. I don't know with which Anti-Software should yet try to find that BOT-NET Server small Programm???? So this gonna take very long time untill we 3 guys had find out such Misterious Top Secret called BOT-NET Server binary. Greetings cTreamer Good Luck to all that have this Problem!!! CoffeeFiend: You are wrong!!! First here we have not to do with normal RootKits and this can defeat even some small freeware AntiRootkit. Second Formatting is not Overwriting of whole Partition cause that there is very Big Chance something get a survived on Partition. Third the Partition C: has nothing to do in this case and Formatting it brings nothing. Because that Dangerous file is not a standart RootKit recognised from all AntiVirus&Co Companys, it is a BOT-NET Server binary which is controlled and commanded from BOT-NET Clients located at Hackers Residence Palace OK(IRC Servers&Co). So that for there is nothing on Windows C: Partition and shouldn't-couldn't be deleted because the C: is clean in this Case.
  15. No I've only Prevx EDGE Free Edition tried. It's finding nothing you know. So I've downloaded Prevx CSI Free Edition and it is scanning now. No Prevx CSI has found nothing on my Windows C:\ . Still no Results I think it gonna take some Weeks before I find out where it is hidden on my System. I need some strong Tool that scans also mine other 3 Partitions and not just only C:\ you know. With this Prevx CSI Free Edition can be only scanned C:\ and not other Partitions. Where is in your Computer-Partition hidden this file have you already find out ???, because I think it is not on C: somewhere else in other Partition in Files like Rar,Zip,Setups,Msi,CAB,EXE,DLL,SYS,INI,INF or so. At searching in Google I've found one very usefull site: http://mtc.sri.com/ they are Treating of all kind such difficult to find stuff. What is Interesting that I have found exactly same Report as yours you know. Here is one Screenshot from http://mtc.sri.com/ :
  16. You look my Hosts File Entry: Copyright © 1993-1999 Microsoft Corp. # # Dies ist eine HOSTS-Beispieldatei, die von Microsoft TCP/IP # für Windows 2000 verwendet wird. # # Diese Datei enthält die Zuordnungen der IP-Adressen zu Hostnamen. # Jeder Eintrag muss in einer eigenen Zeile stehen. Die IP- # Adresse sollte in der ersten Spalte gefolgt vom zugehörigen # Hostnamen stehen. # Die IP-Adresse und der Hostname müssen durch mindestens ein # Leerzeichen getrennt sein. # # Zusätzliche Kommentare (so wie in dieser Datei) können in # einzelnen Zeilen oder hinter dem Computernamen eingefügt werden, # aber müssen mit dem Zeichen '#' eingegeben werden. # # Zum Beispiel: # # 102.54.94.97 rhino.acme.com # Quellserver # 38.25.63.10 x.acme.com # x-Clienthost 127.0.0.1 localhost Do you mean this file Located in C:\Windows\System32\Drivers\etc\hosts ??? I don't see (127.0.0.1 ZieF.pl) entry. So I must now found only that 0032.exe or 0032.exePING?. I've got 3 File Partitions F,G,H. I am going to try first with Windows Search what do you think can Windows Search find this 0032.exe file or should I try what else. One thing that I don't understand is what has this Consulting Service Small Company in Poland to do with this. Cause Domain is: Host: ircd.zief.pl Port: 80 and owner of this ircd.zief.pl is: DOMAIN: zief.pl registrant's handle: sibr62259 (INDIVIDUAL) nameservers: dns1.zief.pl. [58.65.232.33] dns2.zief.pl. [58.65.232.34] created: 2005.07.25 15:58:55 last modified: 2008.09.25 10:49:06 no option REGISTRAR: Consulting Service "Exactly This Company" ul. Domaniewska 35A lok.1B 02-672 Warszawa Polska/Poland +48.22 8538888 domeny@ConsultingService.pl WHOIS displays data with a delay not exceeding 15 minutes in relation to the .pl Registry system Registrant data available at http://dns.pl/cgi-bin/en_whois.pl _____ NeoTrace Copyright ©1997-2001 NeoWorx Inc It's really Crazy thing that Redirects to Chinese IP Ranges but Domain-Host is in Poland very Difficult to understand this Cascading-IP Masquerading Mechanisms to hide theirs Traces and Sources. Greetings cTreamer
  17. Oh finally somebody that believes to me cause most people are thinking I am crazy or so. Thats for is Great what you wrote now I understand how is it working.We both must just find out where is this Script+virus.exe that is Reverse Engineering Original winlogon.exe.So I am waiting for your Results from AV Company. Further gonna stay in Good contact with you. Greetings cTreamer Wish you Good Luck To !!!
  18. I have already done like this. First with Special Software LSoft Bootdisc v3.0 overwriten the C:\ Partition(DoD Method,Peter Gutman,Zeros) and more than once. After that controlled with Hex Editor is there nothing has survived, when saw only Zeros on C:\ complete free spaces again.So than I install Windows XP maden with nLite. I done this over 1000 times from November 2008 untill now it is not helping. I know only one thing, since I am trying to SlipStream SP3 into XP I've got this problems. I don't know what should I do more. Should I write some Email directly to Microsoft here in Germany, what do you think could Microsoft help me??? Greetings cTreamer
  19. So first I am Armenian Citizen(Nationality) and not German OK. Both English and German are not my own mother Languages.So your language your roules anyway, cause there must be some solution for this Problem. Ok let's do all right way, so to understand what I am talking about this nerving winlogon.exe here is one Screenshot from AnVir Task Manager Pro. Below all Processes is another Section where can you see and investigate all that Details of some Program, inclusive TCP&UDP Connections+all details of it. Of sorrow I Can not represent you the winlogon.exe in action how is it downloading all that Crap, because I've it already blocked with Anti Rootkit Tool GMER v1.1 so it is no more connecting in TCP&UDP Register. Here is it: http://i39.tinypic.com/10o3bpk.jpg http://i42.tinypic.com/a4psa0.jpg http://i42.tinypic.com/10hktwm.jpg In Task Manager blue marked line(hope you can see) with cursor is my winlogon.exe Service OK ! Greetings cTreamer System: nLite Win XP Pro+SP3+ALL Addons-Updates from Sereby-Dynaletik Router:D-Link DSL 2741B W-Lan 300 Mbits Hardware Firewall If you need some more Screenshots just say OK. Thank you ! cTreamer
  20. I wanted just to say that I've tried everything and with each Sotware that I have. They are nothing finding on all my Partitions F,G,H, but there is something that is manipulating my winlogon.exe. My Second PC-Notebook is also with Windows XP and there is also winlogon.exe in Memory doing only its job and nothing else.The idea with that W-Lan(War-Driving) was just from somebody from Police Central here in my City, but I've forgot it fast because it's not my case. I've took WinHex v15.1SR8 and looked up inside of all my Partitions.I saw files that are normally hiden from eyes. Master Boot Record,Master File Table,Log Files,Deleted Hiden Files and all this Forensic stuff you know.There was everything clean, none hiden Virus,Trojans,Rootkit,Worms&Co that could be hide here. So these are all things that could be Excluded as reason for mine winlogon.exe manipulation Problem.Actually there are more than 36.000 infected Networks and PC's in China all because a Conficker Worm. My winlogon.exe is exactly connection to this Region in the near of China. So maybe it's a not Conficker but other Parasite that scans whole day-night IP Adresses from users and when found some Windows Security Leakage try to connect its Sub-Services(DCom,RPCLocator) which are finally downloading the rest of Crap. I just don't understand why is this not happening with my Notebook which has also XP. So if somebody knows an Hotfix,Update,Patch against this is welcome. I know only about Conficker Patch and I've installed it allready. Maybe I am missing some Hotfixes on my System I don't know. Every help is welcome!!! Thanks for Admins&Mods for their Passion!!! Greetings cTreamer-Germany
  21. So you look at next: I've got one 500Gb Harddisc splited into 2x250Gb Partitions F and G.The F is allround Files Partition and the G is Multimedia one (Videos,Music,Mp3,Internet Radio Streams,CD Copies,Peer2Peer) only. So there is another Harddisc Maxtor S-ATA 120Gb Partition H. The H is extension for F that mean wen Place not enough the files are stored on H. Normally I wannt to install Windows on Separated Harddisc on its own Partition but I've had some Harddisc crush and waiting for new one Seagate IDE 320Gb Harddisc that gonna be used only for all kind of Operating Systems Installation Windows,Linux,Unix and Mac OS. Momently I am Installing Windows on some small 5Gb Partition from that 500Gb WD Harddisc you know. All together I have 3 normally Partitions F:\,G:\,H:\, and + C:\ Windows own Partition. Now its a clear for you to understand where is what hidden or could be hidden. I've scanned with more than 45 Known and Unknown AntiViril,Spyware,Addware,Malware,Trojans,AntiRootkits and they finding nothing on all 3 Partitions F,G,H you know. Also with all kind of Internet Security Suites Kasperasky,Avira,F-Secure,G-Data,Eset Nod32 and more. All possible AntiSpyware Suites from smallest until robust one like Sunbelts CounterSpy v2,3 which has most Definitions over 500.000. Second Computer I've not got but perhaps I had it don't think that it could something change you know. Maybe has somebody broken my Router W-Lan SSID Password which is over 32 Letters long 99% uncrackable WPA2-PSK AES 256Bit this was an idea from one Police Department Officer with whom I spoke too about this Problem you know. What could be else wenn my W-Lan is Safe and not broken,on my Harddiscs and Partitions I am finding nothing,Boot Sectors are clean MBR,MFT&Co. The last version is that somhow is somebody or something(Zombies,Domains,Infected Networks PC's) is scanning my PC after findings leakage in DCom,RPC Services is sending commands into winlogon.exe which should connect IP Adresses in Hong Kong you know. But every time before the connection has been established with some IP's in Hong Kong there is nothing have been downloaded before, cause I think that first must be downloaded some small files which finally are infecting-manipulating theirself winlogon.exe which is doing that what this all Cyber-Mafija is wanting. I've done some Trace Route with Professional Tools&Soft maybe it is interesting for: Host: ircd.zief.pl - behind this Host are 2 IP's 58.65.234.90 and 61.235.117.80 winlogon.exe is connecting to one of them and downloading all that Crap! Port: 80 Name: ircd.zief.pl IP-Addrese: 58.65.232.34 Location: Hong Kong SAR (22.283N, 114.150E) Netzwerk: APNIC-58 See Registrant Pane for registrant contact information. NeoTrace Trace Version 3.25 Results Target: ircd.zief.pl Date: 05.02.2009 (Thursday), 13:50:25 Nodes: 18 Node Data Node Net Reg IP Address Location Node Name 18 1 1 58.65.232.34 Hong Kong SAR ircd.zief.pl Packet Data Node High Low Avg Tot Lost 18 387 387 387 1 0 Network Data Network id#: 1 OrgName: Asia Pacific Network Information Centre OrgID: APNIC Address: PO Box 2131 City: Milton StateProv: QLD PostalCode: 4064 Country: AU ReferralServer: whois://whois.apnic.net NetRange: 58.0.0.0 - 58.255.255.255 CIDR: 58.0.0.0/8 NetName: APNIC-58 NetHandle: NET-58-0-0-0-1 Parent: NetType: Allocated to APNIC NameServer: NS1.APNIC.NET NameServer: NS3.APNIC.NET NameServer: NS4.APNIC.NET NameServer: TINNIE.ARIN.NET NameServer: NS.LACNIC.NET NameServer: NS-SEC.RIPE.NET Comment: This IP address range is not registered in the ARIN database. Comment: For details, refer to the APNIC Whois Database via Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry Comment: for the Asia Pacific region. APNIC does not operate networks Comment: using this IP address range and is not able to investigate Comment: spam or abuse reports relating to these addresses. For more Comment: help, refer to http://www.apnic.net/info/faq/abuse RegDate: 2004-05-04 Updated: 2005-05-20 OrgTechHandle: AWC12-ARIN OrgTechName: APNIC Whois Contact OrgTechPhone: +61 7 3858 3188 OrgTechEmail: search-apnic-not-arin@apnic.net ARIN WHOIS database, last updated 2009-01-26 19:10 Registrant Data Registrant id#: 1 This is the RIPE Whois query server 3. The objects are in RPSL format. Rights restricted by copyright. See http://www.ripe.net/db/copyright.html The object shown below is NOT in the RIPE database. It has been obtained by querying a remote server: (whois.dns.pl) at port 43. To see the object stored in the RIPE database use the -R flag in your query REFERRAL START DOMAIN: zief.pl registrant's handle: sibr62259 (INDIVIDUAL) nameservers: dns1.zief.pl. [58.65.232.33] dns2.zief.pl. [58.65.232.34] created: 2005.07.25 15:58:55 last modified: 2008.09.25 10:49:06 no option REGISTRAR: Consulting Service ul. Domaniewska 35A lok.1B 02-672 Warszawa Polska/Poland +48.22 8538888 domeny@ConsultingService.pl WHOIS displays data with a delay not exceeding 15 minutes in relation to the .pl Registry system Registrant data available at http://dns.pl/cgi-bin/en_whois.pl _____ NeoTrace Copyright ©1997-2001 NeoWorx Inc So at first winlogon.exe is connecting with some server with Domain ircd.zief.pl of this Internet Consulting Firma in Poland which is probably infected,than getting redirrected to IP's in Hong Kong. Are Hackers behind all this Mysterie or just a Infected Networks and their Computers in China. Greetings cTreamer
  22. No I am clever , I am always deleting "System Volume Information" than "Recycler Bin" on all mine HardDiscs&Partitions and Windows "Backup Function" is deactivated for all Partitions because I have my own Favourite one. Exactly because of it I have NightMares you know, I don't understand where could yet hide such Trojan-Virus when I am doing everything Perfect on my System. My Acces Point is an expansive one, with Professional HardwareFirewall Functions-Options that you can only dream. Inclusive IDS,IPS,SPI normally it should block all unwanted Incomming Connections. I've tested it with very Hardened Online Tests you know, they are all saying you are Perefect Hiden no chance to connect to your computer"Note-Excellent".Also I've put it under Stress tests like DoS,DDoS and more, it is not crushing down,restarting nothing very stable Router that I ever owned. DLink-DSL 2741B W-Lan 300Mbit Router. There must be some reason why is this happening you know, I must find out it. Greetings cTreamer
  23. No their both have reported falls Positive. But Sunbelts VIPRE v3.3 has found 12 Malware's from which 8 were Heuristic mistakes and 4 real Trojans. I've deleted all that 4 files and rest 8 leaved in Peace because their all are Normal Files and not Trojans&Spyware. You know what I think maybe is all that about CONFICKER-Worm because the Symptoms are very same spreading around over the Port-445 RPC. I don't know maybe somebody is from outside conntacting my winlogon.exe and than infecting it. Normally in all UpdatePacks intergrated into CD should be also that one Patch from October-2008 against CONFICKER-Worm. I'm hearing for this first now you know 2-3 Months later and I've yesterday downloaded this Security Fix and installed.What do you think about CONFICKER-Worm and its 3 arts (a,b,c)??? Greets cTreamer
  24. So hier is it: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:28:23, on 26.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20935) Boot mode: Normal Windows folder: C:WINDOWS System folder: C:WINDOWSSYSTEM32 Hosts file: C:WINDOWSSystem32driversetchosts Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32nvsvc32.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32RUNDLL32.EXE C:WINDOWSsystem32kxmixer.exe F:All TreiberNetgearW-Lan USB Stick WG 111 v3WG 111 v3WG111v3.exe F:Browser&CoMozilla Firefox 3.0.5Mozilla Firefoxfirefox.exe F:Anti Adware,Maleware,SpyWare,Aureate,Radiate&CoTrend Micro-HijackThis 2.0.2HiJackHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://research.sunbeltsoftware.com/RMP/th...nkid=SBVIPRE_EN O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgrammeJavajre6binssv.dll (filesize 320920 bytes, MD5 35E6FB6E6003BD54A5D69C9C1C762192) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgrammeJavajre6binjp2ssv.dll (filesize 34816 bytes, MD5 5D57FD3DF32DC69CEC3D1D54B4C43162) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgrammeJavajre6libdeployjqsiejqs_plugin.dll (filesize 73728 bytes, MD5 F68EDAFE003F2B3523C0742CD3B8D673) O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup (filesize 142848 bytes, MD5 1F5F14678F42E84413BA03BF55E25D99) O4 - HKLM..Run: [nwiz] nwiz.exe /install (filesize 1642496 bytes, MD5 BB54DEC1905B69FD4E5B75D881570715) O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit (filesize 142848 bytes, MD5 1F5F14678F42E84413BA03BF55E25D99) O4 - HKLM..Run: [kX Mixer] C:WINDOWSsystem32kxmixer.exe --startup (filesize 541696 bytes, MD5 8DBDBCB810557BC7879BBC8AB9B78095) O4 - HKCU..RunOnce: [Privacy Suite] "F:Daten Erase,Vernichten,Fesplatten Seuberung&CoCyberScrub Privacy Suite Professional Edition 5.0.0.126Cyber Privacy SuiteCyberScrub Privacy SuiteCSPSeraser.exe" "/R:C:Dokumente und EinstellungenAdministratorAnwendungsdatenCyberScrubPrivacy Suite" (filesize 872080 bytes, MD5 4B853B35B60CEB12CB21071E40B34516) O4 - HKUSS-1-5-20..RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST') O4 - HKUSS-1-5-20..RunOnce: [iE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'NETZWERKDIENST') O4 - HKUSS-1-5-20..RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETZWERKDIENST') O4 - HKUSS-1-5-18..RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS.DEFAULT..RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = F:All TreiberNetgearW-Lan USB Stick WG 111 v3WG 111 v3WG111v3.exe (filesize 1540096 bytes, MD5 F7E1DA8AE2FB2C286CCD8ACB523C3864) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe (filesize 634368 bytes, MD5 94154ACA90B388970978966A30E0E0AA) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe (filesize 634368 bytes, MD5 94154ACA90B388970978966A30E0E0AA) O15 - ESC Trusted Zone: http://*.update.microsoft.com O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgrammeJavajre6binjqs.exeC:ProgrammeJavajre6binjqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exeC:WINDOWSsystem32nvsvc32.exe -- End of file - 6224 bytes ===== Post Nº 2 ===== You know by the way there is also one thing that I forgot to write. When I install some Anti Virus Suite like Alwil-Avast,Avira&Co at the next System-Start they are all Replaced,Coruppted,Damaged by "something". Kaspersky is that only one which has self protecting Mechanism against Malware, and I can use it without errors. I have something in my System that is very hard to beat and destroy. God Help me Please. cTreamer
  25. I've already saw your advice and scanned with Ewido,Anti Malware,SUPERAntiSpyware. It took more than 4-Hour and all 3 Programs are finding nothing. So what's next step ?
×
×
  • Create New...