This is my Lo by Hijack

Closed
Chink - Feb 24, 2010 at 10:25 PM
 Blocked Profile - Feb 25, 2010 at 01:45 AM
Hello,
this is my Log , Plz help me

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:19 AM, on 2/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\TELKOMSEL\TELKOMSELFlash BandLuxe\BRService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webshots.com/r/internal/start/client/RAND
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 132.196.172.174 msnfix.changelog.fr
O1 - Hosts: 132.196.172.174 www.incodesolutions.com
O1 - Hosts: 132.196.172.174 virusinfo.prevx.com
O1 - Hosts: 132.196.172.174 download.bleepingcomputer.com
O1 - Hosts: 132.196.172.174 www.dazhizhu.cn
O1 - Hosts: 132.196.172.174 foro.noticias3d.com
O1 - Hosts: 132.196.172.174 www.spybotupdates.com
O1 - Hosts: 132.196.172.174 club.myce.com
O1 - Hosts: 132.196.172.174 www.k7computing.com
O1 - Hosts: 132.196.172.174 softwaresecuritysolutions.com
O1 - Hosts: 132.196.172.174 www.nabble.com
O1 - Hosts: 132.196.172.174 lurker.clamav.net
O1 - Hosts: 132.196.172.174 lexikon.ikarus.at
O1 - Hosts: 132.196.172.174 research.sunbelt-software.com
O1 - Hosts: 132.196.172.174 www.virusdoctor.jp
O1 - Hosts: 132.196.172.174 www.elitepvpers.de
O1 - Hosts: 132.196.172.174 downloads.sophos.com
O1 - Hosts: 132.196.172.174 share.skype.com
O1 - Hosts: 132.196.172.174 myantispyware.com
O1 - Hosts: 132.196.172.174 www.computerhilfen.de
O1 - Hosts: 132.196.172.174 www.superuser.co.kr
O1 - Hosts: 132.196.172.174 ntfaq.co.kr
O1 - Hosts: 132.196.172.174 v.dreamwiz.com
O1 - Hosts: 132.196.172.174 cit.kookmin.ac.kr
O1 - Hosts: 132.196.172.174 forums.whatthetech.com
O1 - Hosts: 132.196.172.174 forum.hijackthis.de
O1 - Hosts: 132.196.172.174 avg.vo.llnwd.net
O1 - Hosts: 132.196.172.174 ftp.drweb.com
O1 - Hosts: 132.196.172.174 www.zonealarm.com
O1 - Hosts: 132.196.172.174 smadaver.com
O1 - Hosts: 132.196.172.174 support.emsisoft.com
O1 - Hosts: 132.196.172.174 www.huaifai.go.th
O1 - Hosts: 132.196.172.174 www.mostz.com
O1 - Hosts: 132.196.172.174 www.krupunmai.com
O1 - Hosts: 132.196.172.174 www.cddchiangmai.net
O1 - Hosts: 132.196.172.174 forum.malekal.com
O1 - Hosts: 132.196.172.174 tech.pantip.com
O1 - Hosts: 132.196.172.174 sapcupgrades.com
O1 - Hosts: 132.196.172.174 www.elguruinformatico.com
O1 - Hosts: 132.196.172.174 forums.avg.com
O1 - Hosts: 132.196.172.174 zastita.com
O1 - Hosts: 132.196.172.174 support.kaspersky.com
O1 - Hosts: 132.196.172.174 www.247fixes.com
O1 - Hosts: 132.196.172.174 forum.sysinternals.com
O1 - Hosts: 132.196.172.174 forum.telecharger.01net.com
O1 - Hosts: 132.196.172.174 sophos.com
O1 - Hosts: 132.196.172.174 foros.softonic.com
O1 - Hosts: 132.196.172.174 avast-home.uptodown.com
O1 - Hosts: 132.196.172.174 dr-web-cureit.softonic.com
O1 - Hosts: 132.196.172.174 heavenward.ru
O1 - Hosts: 132.196.172.174 forum.smadav.net
O1 - Hosts: 132.196.172.174 www.forum.kaspersky.com
O1 - Hosts: 132.196.172.174 www.f-secure.com
O1 - Hosts: 132.196.172.174 www.chkrootkit.org
O1 - Hosts: 132.196.172.174 diamondcs.com.au
O1 - Hosts: 132.196.172.174 www.rootkit.nl
O1 - Hosts: 132.196.172.174 www.sysinternals.com
O1 - Hosts: 132.196.172.174 z-oleg.com
O1 - Hosts: 132.196.172.174 espanol.dir.groups.yahoo.com
O1 - Hosts: 132.196.172.174 ftp01net.telechargement.fr
O1 - Hosts: 132.196.172.174 modelayu.com
O1 - Hosts: 132.196.172.174 vaksin.com
O1 - Hosts: 132.196.172.174 bbs.kaspersky.com.cn
O1 - Hosts: 132.196.172.174 www.castlecrops.com
O1 - Hosts: 132.196.172.174 www.misec.net
O1 - Hosts: 132.196.172.174 safecomputing.umn.edu
O1 - Hosts: 132.196.172.174 www.antirootkit.com
O1 - Hosts: 132.196.172.174 www.greatis.com
O1 - Hosts: 132.196.172.174 ar.answers.yahoo.com
O1 - Hosts: 132.196.172.174 www.elhacker.org
O1 - Hosts: 132.196.172.174 research.pandasecurity.com
O1 - Hosts: 132.196.172.174 www.tpu.ro
O1 - Hosts: 132.196.172.174 www.pinoyden.com
O1 - Hosts: 132.196.172.174 forum.avira.de
O1 - Hosts: 132.196.172.174 www.rootkit.com
O1 - Hosts: 132.196.172.174 www.pctools.com
O1 - Hosts: 132.196.172.174 www.pcsupportadvisor.com
O1 - Hosts: 132.196.172.174 www.resplendence.com
O1 - Hosts: 132.196.172.174 www.personal.psu.edu
O1 - Hosts: 132.196.172.174 foro.ethek.com
O1 - Hosts: 132.196.172.174 foro.elhacker.net
O1 - Hosts: 132.196.172.174 download.zonealarm.com
O1 - Hosts: 132.196.172.174 spywarehammer.com
O1 - Hosts: 132.196.172.174 www.codelain.com
O1 - Hosts: 132.196.172.174 www.thaicert.org
O1 - Hosts: 132.196.172.174 vil.nail.com
O1 - Hosts: 132.196.172.174 search.mcafee.com
O1 - Hosts: 132.196.172.174 wwww.mcafee.com
O1 - Hosts: 132.196.172.174 download.nai.com
O1 - Hosts: 132.196.172.174 wwww.experts-exchange.com
O1 - Hosts: 132.196.172.174 www.bakunos.com
O1 - Hosts: 132.196.172.174 www.darkclockers.com
O1 - Hosts: 132.196.172.174 www2.gmer.net
O1 - Hosts: 132.196.172.174 ariefew.com
O1 - Hosts: 132.196.172.174 www.emsisoft.com
O1 - Hosts: 132.196.172.174 forum.romeonet.ro
O1 - Hosts: 132.196.172.174 www.Merijn.org
O1 - Hosts: 132.196.172.174 www.spywareinfo.com
O1 - Hosts: 132.196.172.174 www.spybot.info
O1 - Hosts: 132.196.172.174 www.viruslist.com
O1 - Hosts: 132.196.172.174 www.hijackthis.de
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\TELKOMSEL\TELKOMSELFlash BandLuxe\BRService.exe
O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Related:

1 response

Blocked Profile
Feb 25, 2010 at 01:45 AM
Hi there,

You need help for what exactly,please mention it giving more information.

Thanks
0