Bardzo proszę o sprawdzenie mojego loga


(system) #1

Logfile of HijackThis v1.99.1

Scan saved at 11:37:53, on 2005-03-10

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE

C:\Program Files\Winamp\winamp.exe

C:\Documents and Settings\Kuba\Program files\Gadu-Gadu\gg.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE

C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\eDonkey2000 Lite\edonkey2000.exe

C:\Documents and Settings\Kuba\Program files\HIJACK\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O4 - HKLM..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"

O4 - HKLM..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [winamp] C:\Program Files\Winamp\winamp.exe

O4 - HKLM..\Run: [loaddll] loaddll.exe

O4 - HKLM..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000 Lite\edonkey2000.exe" -t

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Documents and Settings\Kuba\Program files\Gadu-Gadu\gg.exe" /tray

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O10 - Broken Internet access because of LSP provider 'syswvnt.dll' missing

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 9152644008

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip..{F56D4CB5-B7C8-44BA-9F5F-173A2724E035}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Antispam Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe

O23 - Service: Panda Imanager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


(Maniooo666) #2

Witam,

wyłącz przywracanie systemu, a w trybie awaryjnym usuń:

Pogrubione wywal ręcznie.

Jeżeli instalowałeś program Winvestigator, to to Cię nie niepokoi:

A może rodzice? :wink: Nie wiem, w każdym razie można usunąć tym:

http://www.searchengines.pl/phpbb203/in ... entry95961

Ale czy to polecane? Jeszcze poczekaj.

I później log do sprawdzenia.


(system) #3

spoko to ja instalowalem ;] 8)


(Maniooo666) #4

Witam,

OK, ale reszta bez zmian. Kasuj (bez tego wpisu od Winvestigatora) i daj loga.

Swoją drogą, nie ładnie szpiegować. :wink:


(Areleg82) #5

Logfile of HijackThis v1.98.2

Scan saved at 12:36:52, on 2005-03-10

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\instalki\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F3 - REG:win.ini: run=

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 0402390136

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

P.S. co może oznaczać fakt ,że nie moge otworzyć internetowej strony http://www.symantec.com -a moi znajomi nie maja ztym problemu.Oczywiscie nie jest to wina mojego łącza-bo internet chodzi normalnie.


(Musg) #6

moga miec przeciazone serwery czesto tak jest

jak log masz czysty to teraz kolej na zainstalowanie sp2


(Maniooo666) #7

Witam,

Jest to możliwy powód, ale areleg napisał,

że Jego znajomi problemów nie mają.

Może więc ma przekierowanie w pliku HOSTS,

ale HijackThis by to raczej pokazał. Tymniemniej poczytaj:

http://www.searchengines.pl/phpbb203/in ... opic=11529

Poza tym to chyba jest niepotrzebne i można usunąć :

F3 - REG:win.ini: run= 

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

Do tego skan tymi progsami:

Ad-Aware: http://www.dobreprogramy.pl/index.php?dz=2&t=55&id=107

Spybot: http://www.dobreprogramy.pl/index.php?dz=2&t=55&id=188

Usuń wszystko, co znajdą i się nie zastanawiaj. :slight_smile:


(Musg) #8

dziekuje za uznanie Panie czepialski :smiley: :smiley: