Hope you can help with my problem.
My Registry Edit has been disabled was well as my task manager.
My Folder option in control panel also disappear.
I was trying to fix it by using gpedit.msc but I cant.
I believe that this Flashy.exe is the one reason why i have this problem in my pc.
Tnx a lot in advance!
Logfile of HijackThis v1.99.1
Scan saved at 8:25:36 AM, on 4/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1GrisoftAVG7avgamsvr.exe
C:PROGRA~1GrisoftAVG7avgupsvc.exe
C:PROGRA~1GrisoftAVG7avgemc.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32CTsvcCDA.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32VTtrayp.exe
C:WINDOWSsystem32VTTimer.exe
C:PROGRA~1GrisoftAVG7avgcc.exe
C:Program FilesZangobin10.3.65.0OEAddOn.exe
C:Program FilesZangobin10.3.65.0ZangoSA.exe
C:WINDOWSsystem32Flashy.exe
C:WINDOWSsystem32driverssvchost.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.com/0SEENUS/SAOS11
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://search.orbitdownloader.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,password_viewer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: (no name) - {89BAF38F-4097-4577-A368-CB56DD136717} - (no file)
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:Program FilesZangobin10.3.65.0HostIE.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:Program FilesZangobin10.3.65.0HostIE.dll
O4 - HKLM..Run: [VTTrayp] VTtrayp.exe
O4 - HKLM..Run: [VTTimer] VTTimer.exe
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP
O4 - HKLM..Run: [ZangoOE] C:Program FilesZangobin10.3.65.0OEAddOn.exe
O4 - HKLM..Run: [ZangoSA] "C:Program FilesZangobin10.3.65.0ZangoSA.exe"
O4 - HKLM..Run: [Flashy Bot] C:WINDOWSsystem32Flashy.exe
O4 - HKCU..Run: [SVCHOST.EXE] C:WINDOWSsystem32driverssvchost.exe
O4 - Startup: systemID.pif = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra Tools menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra Tools menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: SpeechExpert - {9963BBF2-4056-4899-87FA-ECAA6724C46F} - C:WINDOWSsystem32shdocvw.dll (HKCU)
O9 - Extra Tools menuitem: &SpeechExpert - {9963BBF2-4056-4899-87FA-ECAA6724C46F} - C:WINDOWSsystem32shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:program filesbonjourmdnsnsp.dll
O12 - Plugin for .pdf: C:Program FilesInternet ExplorerPLUGINSnppdf32.dll
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 - HKLMSystemCCSServicesTcpip..{8CBFDA0D-2E29-4314-A8FB-22DD6A2BE28C}: NameServer = 85.255.114.93,85.255.112.235
O17 - HKLMSystemCCSServicesTcpip..{AF7D214D-18FD-4743-9EDB-846ED0C40EFE}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLMSystemCCSServicesTcpip..{BB594E8E-4BAC-43DB-8ED4-00FFB7CD25B0}: NameServer = 85.255.114.93,85.255.112.235
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.114.93 85.255.112.235
O17 - HKLMSystemCS1ServicesTcpip..{8CBFDA0D-2E29-4314-A8FB-22DD6A2BE28C}: NameServer = 85.255.114.93,85.255.112.235
O17 - HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.114.93 85.255.112.235
O17 - HKLMSystemCS2ServicesTcpip..{8CBFDA0D-2E29-4314-A8FB-22DD6A2BE28C}: NameServer = 85.255.114.93,85.255.112.235
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.114.93 85.255.112.235
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe
Read More...
No comments:
Post a Comment