Log


(M a x) #1
Logfile of HijackThis v1.99.1

Scan saved at 18:39:47, on 09-10-2005

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\TEMP\LWE96D.EXE

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

F:\PrYmEk\Phone\Skype.exe

C:\Program Files\Gadu-Gadu\gg.exe

F:\PrYmEk\programy\DC++\DCPlusPlus.exe

F:\PrYmEk\pobierane\HijackThis Skaner\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R3 - Default URLSearchHook is missing

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [Skype] "F:\PrYmEk\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 213.159.117.202

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.140.2.91:4343/officescan/console/ClientInstall/WinNTChk.cab

O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.140.2.91:4343/officescan/console/ClientInstall/setupini.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.140.2.91:4343/officescan/console/ClientInstall/setup.cab

O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_16.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_22.cab

O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.140.2.91:4343/officescan/console/ClientInstall/RemoveCtrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115365885271

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_30.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_23.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{77C6B001-4843-4FB4-86E6-CB8D9891CE89}: NameServer = 194.150.96.2,194.150.98.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{EAF255A0-11DD-48A1-9F9D-C8DFDFBF24C9}: NameServer = 194.150.96.2,194.150.98.2

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe (file missing)

O23 - Service: Skanowanie w czasie rzeczywistym OfficeScanNT (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: Zapora osobista OfficeScanNT (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: Odbiornik OfficeScanNT (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

O23 - Service: Workgroup Security Tools - Unknown owner - C:\WINDOWS\System32\pair32.exe (file missing)

Prosze o sprawdzenie

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5


(Qbek50) #2

wyłącz przywracanie systemu. W trybie awaryjnym usuwasz:

wpisy 015 usuwasz

Kill Trusted:

http://www.searchengines.pl/phpbb203/in ... ost&id=459

Start -> Uruchom -> services.msc -> zatrzymaj i wyłącz proces Loading Outpost Connections nastepnie odpalasz HijackThis Misc Tools -> Delete NT service -> wpisz KDE -> Ok i zresetuj

komputer.

Start -> Uruchom -> services.msc -> zatrzymaj i wyłącz proces Workgroup Security Tools

C:\WINDOWS\TEMP\ LWE96D.EXE

wiesz co to jest ten plik pogrubiony ??


(Prymcio) #3

pousuwalem..

a co to jest tenn C:\WINDOWS\TEMP\LWE96D.EXE ??


(Gutek) #4

Jeszcze usuń

Najpierw: 023 - Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz Loading Outpost Connections i Workgroup Security Tools potem w trybie awaryjnym usuń pliki oraz usuń wszystko z C:\WINDOWS\TEMP