prośba o sprawdzenie loga i pomoc...

16.03.07, 01:26
Wygląda na to, że w systemie siedzi parę konkretnych smieci i nie mogę sobie
poradzić z ich usumięciem.. Jestem wdzięczny za każdą pomoc... Poniżej log z
hijacka


Logfile of HijackThis v1.99.1
Scan saved at 01:24:30, on 2007-03-16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\adirss.exe
C:\WINDOWS\System32\lnwin.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\adirka.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbui.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BozenaP\USTAWI~1\Temp\Rar$EX00.542\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop
Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\System32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\System32\lnwin.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [adirka] C:\WINDOWS\System32\adirka.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) -
67.15.101.3/g_bin/pl/solitaire_2_0_0_24.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) -
www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.76
85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AB2DB31-6C5D-40CF-B81D-
2B31DF09AE1F}: NameServer = 62.94.144.232,151.13.150.22
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.76
85.255.112.81
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.76
85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.76
85.255.112.81
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Windows Management Service - Unknown owner -
C:\WINDOWS\System32\dmnrl.exe


    • Gość: Kolobos Re: prośba o sprawdzenie loga i pomoc... IP: *.escom.net.pl 16.03.07, 01:52
      Zamknij porty przy pomocy wwdc.exe, aktualizacje automatyczne wylacz bo i tak nic sie nie sciagnie skoro masz piracki windows. Zmien przegladarke na Opere i nie uzywaj wiecej IE. Przeskanuj system przy pomocy ewido.

      W menadzerze zadan zakoncz:
      C:\WINDOWS\System32\adirss.exe
      C:\WINDOWS\System32\lnwin.exe
      C:\WINDOWS\System32\adirka.exe

      W hjt usun:
      O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\System32\adirss.exe <- plik usun z dysku.
      O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\System32\lnwin.exe <- plik usun z dysku.
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [adirka] C:\WINDOWS\System32\adirka.exe <- plik usun z dysku.
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.76
      85.255.112.81
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.76
      85.255.112.81
      O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.76
      85.255.112.81
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.76
      85.255.112.81
      O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)

      Usluga do kasacji:
      O23 - Service: Windows Management Service - Unknown owner -
      C:\WINDOWS\System32\dmnrl.exe <- po kasacji uslugi, usun ten plik z dysku.

      Start->Uruchom->sc stop "Windows Management Service"
      oraz: sc delete "Windows Management Service"

      Uzyj: downloads.subratam.org/Fixwareout.exe
      Po wszystkim wklej nowy log z hijackthis.
Pełna wersja