Dear Friend
I downloaded a HijackThis, a program examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers.
This is result of the scaning. Which of the files I have to delite
Hujackthis-Log of scaning-14.02.200
Logfile of HijackThis v1.97.
Scan saved at 22:23:01, on 14.2.2004 г
Platform: Windows XP SP1 (WinNT 5.01.2600
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106
Running processes
C:\WINDOWS\System32\smss.ex
C:\WINDOWS\system32\winlogon.ex
C:\WINDOWS\system32\services.ex
C:\WINDOWS\system32\lsass.ex
C:\WINDOWS\system32\svchost.ex
C:\WINDOWS\System32\svchost.ex
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.ex
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.ex
C:\WINDOWS\system32\spoolsv.ex
C:\WINDOWS\System32\Ati2evxx.ex
C:\WINDOWS\System32\drivers\CDAC11BA.EX
C:\Program Files\Norton AntiVirus\navapsvc.ex
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EX
C:\WINDOWS\System32\CAP3RSK.EX
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\wanmpsvc.ex
C:\Program Files\Norton AntiVirus\SAVScan.ex
C:\WINDOWS\Explorer.EX
C:\WINDOWS\System32\atiptaxx.ex
C:\Program Files\Common Files\Symantec Shared\ccApp.ex
C:\Program Files\QuickTime\qttask.ex
C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.ex
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.ex
C:\WINDOWS\System32\ctfmon.ex
C:\Program Files\Messenger\msmsgs.ex
C:\Program Files\System Soap Pro\soap.ex
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EX
C:\WINDOWS\Datecs\Flex2K.ex
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EX
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.ex
C:\Program Files\Aluria Software\ASE\ASE Scheduler.ex
C:\Documents and Settings\Георги Митов\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.ex
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.co
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.co
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.co
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
http://windowsupdate.microsoft.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dl
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dl
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.oc
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dl
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.ex
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.ex
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EX
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.ex
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\System32\spool\drivers\w32x86\3\CAP3ONN.EX
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottim
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.ex
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.ex
O4 - HKLM\..\Run: [Aluria's Spyware Eliminator] C:\Program Files\Aluria Software\ASE\ASE.ex
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.ex
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroun
O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe mi
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.ex
O4 - Global Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EX
O4 - Global Startup: Canon LASER SHOT LBP-1120 Є¬єAµшµЎ.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EX
O4 - Global Startup: FlexType 2K.lnk =
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=
http://www.yahoo.com
O14 - IERESET.INF: MS_START_PAGE_URL=
http://www.yahoo.com
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1075376603769
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38015.1517708333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0C7519F-F4D5-4AE4-A508-1CCAF2941ED9}: NameServer = 217.75.142.1,217.75.128.9
I look forward to hearing from you.
Best Regards,
Georgi Mittov.