log z hijackThis

01.07.05, 10:03
Logfile of HijackThis v1.99.1
Scan saved at 09:55:51, on 2005-07-01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\PLANET WL-8313\WLANMON.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Documents and Settings\Administrator.ROGER-DIGSUYYK2.003
\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - Global Startup: WL-8313 Configuration Utility.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: SearchAssistant=
O14 - IERESET.INF: CustomizeSearch=
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
www.netvenda.com/default.cab?uid=32&id=36806&ex&1s&ppd=3
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191}
(VacPro.internazionale_ver11) -
advnt01.com/dialer/internazionale_ver11.CAB
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Microsoft Windows Update (Microsoft Update) - Unknown owner -
C:\WINDOWS\System32\scvvhost.exe" -netsvcs (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    • neder Re: log z hijackThis 01.07.05, 11:05
      przede wszystkim - usuń jeden z antywirów - chodzą Ci dwa, powinien być jeden.

      usuwasz z dysku
      > ErrorGuard (poprzez dodaj/usuń programy)
      > scvvhost.exe -> z C:\WINDOWS\System32\-> tylko uwaga! nie pomyl go z
      systemowym svchost.exe



      w HJ do usunięcia
      > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
      > Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
      > O4 - HKLM\..\Run: [Microsoft Windows Update] scvvhost.exe
      > O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
      > O4 - HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe
      > O4 - HKCU\..\Run: [Microsoft Windows Update] scvvhost.exe
      > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      > C:\WINDOWS\web\related.htm
      > O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      > 00aa003c157a} - C:\WINDOWS\web\related.htm
      > O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
      > file)
      > O14 - IERESET.INF: SearchAssistant=
      > O14 - IERESET.INF: CustomizeSearch=
      > O14 - IERESET.INF: SEARCH_PAGE_URL=
      > O14 - IERESET.INF: START_PAGE_URL=
      > O23 - Service: Microsoft Windows Update (Microsoft Update) - Unknown owner -
      > C:\WINDOWS\System32\scvvhost.exe" -netsvcs (file missing)


      reset i wklej nowy log


      pzdr
      • Gość: Kolobos Re: log z hijackThis IP: *.warszawa.sdi.tpnet.pl 01.07.05, 11:36
        Odinstaluj tez antyviry i zainstaluj tylko:
        www.avast.com/eng/avast_4_home.html
        • x-z Re: log z hijackThis 01.07.05, 11:55
          dobrze rozumiem, że mam odinstalowac AntiVir i AntiSpyware? dlaczego tak?
          • Gość: Kolobos Re: log z hijackThis IP: *.warszawa.sdi.tpnet.pl 01.07.05, 12:09
            Nie dobrze, przeciez napisalem antyvirus, a nie antyspyware!
            Nie moga byc zainstalowane dwa lub wiecej antyvirusy i tyle.
            I nie zakladaj nastepnych watkow tylko pisz/wklejaj wszystko w jednym!
Pełna wersja