PDA

View Full Version : HijackThis-result. Help plz



TheSecondSun
11-11-2008, 01:21 AM
Which ones to delete? thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:24, on 2008-11-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Documents and Settings\All Users\Application Data\dgjklcts\rcncfipk.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O3 - Toolbar: peltodgx - {BAB8F6DC-41B1-440F-A066-AAC224906880} - C:\WINDOWS\peltodgx.dll (file missing)
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [\YUR1A.exe] C:\Windows\system32\YUR1A.exe
O4 - HKLM\..\Run: [\YUR1B.exe] C:\Windows\system32\YUR1B.exe
O4 - HKLM\..\Run: [\YUR1D.exe] C:\Windows\system32\YUR1D.exe
O4 - HKLM\..\Run: [\YUR1E.exe] C:\Windows\system32\YUR1E.exe
O4 - HKLM\..\Run: [\YUR27.exe] C:\Windows\system32\YUR27.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [\YUR27.exe] C:\Windows\system32\YUR27.exe
O4 - HKLM\..\Policies\Explorer\Run: [F9TaciZkDU] C:\Documents and Settings\All Users\Application Data\dgjklcts\rcncfipk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: jenckf.dll
O21 - SSODL: strdsc - {0BF78E20-F952-DA10-A777-0234D2541496} - C:\Program Files\qyhqunb\strdsc.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

--
End of file - 3943 bytes

Renmoo
11-11-2008, 02:55 AM
Hello SecondSun. It is 2.54am in New Zealand at the moment, so you won't be expecting any helpful reply for the next four / five hours. If you wish to have a general idea of your computer condition, you can take a peek here: http://www.hijackthis.de/

Cheers :)

apsattv
11-11-2008, 05:45 AM
Remove all these,

Then download
http://www.malwarebytes.org/mbam.php

and do a FULL scan

P.S Upgrade you IE6 to version 7




C:\Documents and Settings\All Users\Application Data\dgjklcts\rcncfipk.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O3 - Toolbar: peltodgx - {BAB8F6DC-41B1-440F-A066-AAC224906880} - C:\WINDOWS\peltodgx.dll (file missing)
O4 - HKLM\..\Run: [\YUR1A.exe] C:\Windows\system32\YUR1A.exe
O4 - HKLM\..\Run: [\YUR1B.exe] C:\Windows\system32\YUR1B.exe
O4 - HKLM\..\Run: [\YUR1D.exe] C:\Windows\system32\YUR1D.exe
O4 - HKLM\..\Run: [\YUR1E.exe] C:\Windows\system32\YUR1E.exe
O4 - HKLM\..\Run: [\YUR27.exe] C:\Windows\system32\YUR27.exe
O4 - HKCU\..\Run: [\YUR27.exe] C:\Windows\system32\YUR27.exe
O4 - HKLM\..\Policies\Explorer\Run: [F9TaciZkDU] C:\Documents andSettings\All Users\Application Data\dgjklcts\rcncfipk.exe
O20 - AppInit_DLLs: jenckf.dll
O21 - SSODL: strdsc - {0BF78E20-F952-DA10-A777-0234D2541496} - C:\Program Files\qyhqunb\strdsc.dll

Speedy Gonzales
11-11-2008, 07:25 AM
These can be ticked as well

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Since you've installed trojan remover, update it if its not 6.7.4 (it was updated the other day) Then click on scan, then select all options under utilities