Bardzo proszę o sprawdzenie mojego loga

Logfile of HijackThis v1.99.1

Scan saved at 11:37:53, on 2005-03-10

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE

C:\Program Files\Winamp\winamp.exe

C:\Documents and Settings\Kuba\Program files\Gadu-Gadu\gg.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE

C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\eDonkey2000 Lite\edonkey2000.exe

C:\Documents and Settings\Kuba\Program files\HIJACK\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O4 - HKLM…\Run: [sCANINICIO] “C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe”

O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE” /s

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [winamp] C:\Program Files\Winamp\winamp.exe

O4 - HKLM…\Run: [loaddll] loaddll.exe

O4 - HKLM…\Run: [eDonkey2000] “C:\Program Files\eDonkey2000 Lite\edonkey2000.exe” -t

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Documents and Settings\Kuba\Program files\Gadu-Gadu\gg.exe” /tray

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O10 - Broken Internet access because of LSP provider ‘syswvnt.dll’ missing

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 9152644008

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip…{F56D4CB5-B7C8-44BA-9F5F-173A2724E035}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Antispam Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe

O23 - Service: Panda Imanager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Witam,

wyłącz przywracanie systemu, a w trybie awaryjnym usuń:

Pogrubione wywal ręcznie.

Jeżeli instalowałeś program Winvestigator, to to Cię nie niepokoi:

A może rodzice? :wink: Nie wiem, w każdym razie można usunąć tym:

http://www.searchengines.pl/phpbb203/in … entry95961

Ale czy to polecane? Jeszcze poczekaj.

I później log do sprawdzenia.

spoko to ja instalowalem ;] 8)

Witam,

OK, ale reszta bez zmian. Kasuj (bez tego wpisu od Winvestigatora) i daj loga.

Swoją drogą, nie ładnie szpiegować. :wink:

Logfile of HijackThis v1.98.2

Scan saved at 12:36:52, on 2005-03-10

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\instalki\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F3 - REG:win.ini: run=

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 0402390136

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

P.S. co może oznaczać fakt ,że nie moge otworzyć internetowej strony http://www.symantec.com -a moi znajomi nie maja ztym problemu.Oczywiscie nie jest to wina mojego łącza-bo internet chodzi normalnie.

moga miec przeciazone serwery czesto tak jest

jak log masz czysty to teraz kolej na zainstalowanie sp2

Witam,

Jest to możliwy powód, ale areleg napisał,

że Jego znajomi problemów nie mają.

Może więc ma przekierowanie w pliku HOSTS,

ale HijackThis by to raczej pokazał. Tymniemniej poczytaj:

http://www.searchengines.pl/phpbb203/in … opic=11529

Poza tym to chyba jest niepotrzebne i można usunąć :

F3 - REG:win.ini: run= 

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

Do tego skan tymi progsami:

Ad-Aware: http://www.dobreprogramy.pl/index.php?dz=2&t=55&id=107

Spybot: http://www.dobreprogramy.pl/index.php?dz=2&t=55&id=188

Usuń wszystko, co znajdą i się nie zastanawiaj. :slight_smile:

dziekuje za uznanie Panie czepialski :smiley: :smiley: