Winlogon.exe acting wierd...!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by BlackR6, Dec 21, 2005.

  1. BlackR6

    BlackR6 Private E-2

    Hi, im new here!
    My pc seems to be infected by - i dont know why! :confused:

    2 process run at HIGH - Winlongon.exe and csrss.exe (I can't close this process)

    I can't go in c:\System Volume Information (French Windows Version) (It say that i have no right... even if im log under the Admin account)

    I've praticly no rights under windows (the virus or spyware is the Admin and i can't do nothing about that)

    I've found a lot's of "new" folder in c:\windows - c:\windows\system32

    Exemple: C:\WINDOWS\WinSxS
    x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39
    x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a
    x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a
    x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13
    x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7

    C:\WINDOWS\srchasst
    C:\WINDOWS\SoftwareDistribution
    C:\WINDOWS\LastGood
    C:\WINDOWS\CSC
    C:\WINDOWS\PeerNet
    C:\WINDOWS\Provisioning\Schemas (full of .XDR files)
    C:\WINDOWS\RegisteredPackages (with 20 folder like {077ACEC7-979C-40AB-9835-435BA1511E0D})
    C:\WINDOWS\Registration (3 files : R000000000003.clb - R000000000006.clb - R000000000007.clb and 1 {02D4B3F1-FD88-11D1-960D-00805FC79235}.{7AB38D7A-EA21-40CD-BFDB-98A2E7ED384F}.crmlog
    C:\WINDOWS\srchasst\mui\040C (full of .XML files)

    etc...

    i've formated AND deleted my partitions after a re-install of windows, the virus/spyware is always on my HD!

    In Kaspersky Anti-Hacker a lot's of ports is open ....

    All creation date are exactly the same for all files on my HD (2005-12-20)

    Here my Hijackthis Log:

    EDITED By: Shadow_Puter_Dude

    Reson Inline HijackThis log removed. Read Me first not run, HijackThis installed incorrectly.

    Anybody can tell my what bullshit is on my HD?!:confused: :confused: :mad:

    Thanks in advance!!!

    Help me please!

    Cya
    p.s: sorry guys, i'm a french Canadien and im drunk..... ;) But im sure you'll understand!
     
    Last edited by a moderator: Dec 22, 2005
  2. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Welcome to MajorGeeks.com!

    Please follow forum guidelines and perform cleaning steps in the sticky thread before posting HijackThis logs.

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

    Downloading, Installing, and Running HijackThis
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds