Posts Tagged ‘hijackthis’

I have Micro AV virus what shall I do?

I have the Micro AV virus so I’ve got “VIRUS ALERT!” nest to my clock, my taskbar has been disabled as well as my Hard drive and Control Panel… I read that I should take a report with HijackThis and then post it for a personal opinion… so here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39: VIRUS ALERT!, on 26.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesInternet ExplorerIexplore.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesGIGABYTEEnergySaverGSvr.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesuTorrentuTorrent.exe
C:Documents and SettingsÞórhallaLocal SettingsTempRarSFX0MemTurbo.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesiTunesiTunes.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceHelper.exe
C:Program FilesCommon FilesAppleMobile Device Supportbindistnoted.exe
C:Program FilesDAEMON Toolsdaemon.exe
C:Program FilesTrend MicroHijackThisscanner.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 – BHO: (no name) – {8304C191-9071-4538-AA08-5F3A2422CEA7} – C:WINDOWSsystem32geBsqNgG.dll
O2 – BHO: (no name) – {D3CCFAF7-DF03-4E73-95EC-E5E139CC2BF2} – C:WINDOWSsystem32iifcaYpQ.dll
O4 – HKLM..Run: [UfSeAgnt.exe] “C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe”
O4 – HKLM..Run: [dc73b159] rundll32.exe “C:WINDOWSsystem32jthjeula.dll”,b
O4 – HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [uTorrent] “C:Program FilesuTorrentuTorrent.exe”
O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 – Startup: MemTurbo.lnk = ?
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O7 – HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O16 – DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) – http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 – DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) – http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220906972000
O17 – HKLMSystemCCSServicesTcpip..{9028C6F3-60EB-4332-827D-AD6A4FB2BDC2}: NameServer = 192.168.1.1,192.168.1.10
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 – Winlogon Notify: iifcaYpQ – C:WINDOWSSYSTEM32iifcaYpQ.dll
O21 – SSODL: onfwbsak – {41877C9F-CCBD-49CA-9482-B139387FBD44} – C:WINDOWS

PostCategoryIcon Posted in php | PostTagIcon Tags: , , , , , , , , , , , , , | PostCommentsIcon 5 Comments »

TigerDirect

For Sale
Recent Posts
Pages
Blogroll
Meta

Copyright © 2009 PHP Programming Tips. All Rights Reserved.

Powered by WordPress and URLchef.com WordPress Theme and Powered by Yahoo! Answers.