Logfile of HijackThis v1.99.1
Scan saved at 3:09:57 PM, on 9/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\msdbg32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\WinJava.exe
C:\WINNT\System32\??stem32\wucrtupd.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\oere\icrd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\SYSTEM\SVCHOST.exe
C:\WINNT\System32\wdfmgr.exe
C:\WINNT\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\Explorer.EXE
C:\ll.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.directsea...one.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = winblowz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {6BC645F9-3FE4-0A68-1178-E3496F90523F} - C:\WINNT\bteutaah.dll
F0 - system.ini: Shell=Explorer.exe C:\winnt\system32\msiexec16.exe
F1 - win.ini: run=C:\winnt\system32\msiexec16.exe
O2 - BHO: (no name) - {7D4FC578-631A-7CCC-9F03-BBB30EE18FBD} - C:\WINNT\bteutaah.dll
O3 - Toolbar: Search - {CDC41816-6076-2D49-138D-95BE001FB7CD} - C:\WINNT\bteutaah.dll
O4 - HKLM\..\Run: [Graphic Loader] ntvdm32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [blah service] servenr1.exe
O4 - HKLM\..\Run: [Direct settings] C:\WINNT\System32\sdchost.exe
O4 - HKLM\..\Run: [Microsoft Firewall] firewallsp2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MSN ang] system32.exe
O4 - HKLM\..\Run: [Windows Update Software] C:\WINNT\System32\system.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [hMOVG] C:\WINNT\otupd.exe
O4 - HKLM\..\Run: [fwrsbej] C:\WINNT\fwrsbej.exe
O4 - HKLM\..\Run: [ckkqbsen] C:\WINNT\System32\ckkqbsen.exe
O4 - HKLM\..\Run: [Windows Logon Manager] logon.exe
O4 - HKLM\..\Run: [kt5WjRr] c:\winnt\temp\kt5WjRr.exe
O4 - HKLM\..\Run: [5ewrZU] c:\winnt\system32\5ewrZU.exe
O4 - HKLM\..\Run: [rR] c:\winnt\temp\rR.exe
O4 - HKLM\..\Run: [w7xqBn1] c:\winnt\system32\w7xqBn1.exe
O4 - HKLM\..\Run: [llPl9h4] C:\winnt\temp\llPl9h4.exe
O4 - HKLM\..\Run: [7jgytbyEa] C:\winnt\system32\7jgytbyEa.exe
O4 - HKLM\..\Run: [d7R] C:\winnt\temp\d7R.exe
O4 - HKLM\..\Run: [QO7] C:\winnt\system32\QO7.exe
O4 - HKLM\..\Run: [muoplij] c:\winnt\system32\cnpcxt.exe
O4 - HKLM\..\Run: [DiskCheck] "C:\WINNT\msdarkend.exe"
O4 - HKLM\..\Run: [Microsoft Machine] WinJava.exe
O4 - HKLM\..\Run: [Media-XP-Service-Pack3] msnzx.exe
O4 - HKLM\..\Run: [Windows Debugger] msdbg32.exe
O4 - HKLM\..\Run: [elos] C:\WINNT\exe82.exe
O4 - HKLM\..\Run: [msmc] C:\WINNT\System32\msmc.exe
O4 - HKLM\..\Run: [System service62] C:\WINNT\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service65] C:\WINNT\etb\pokapoka65.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [Windows Compliant] gvsech.exe
O4 - HKLM\..\RunServices: [deejay] forboo.exe
O4 - HKLM\..\RunServices: [Windows secure] setver32.exe
O4 - HKLM\..\RunServices: [Microsoft 64 Bit Runtime Updater] wupdt64.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Quicktime Mediaplayer] winmplyer32.exe
O4 - HKLM\..\RunServices: [Graphic Loader] ntvdm32.exe
O4 - HKLM\..\RunServices: [WinZip Update] WinZip.exe
O4 - HKLM\..\RunServices: [blah service] servenr1.exe
O4 - HKLM\..\RunServices: [QuicktimeMngr] QuicktimeMngr.exe
O4 - HKLM\..\RunServices: [Windows Java Update] weatherBug32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunServices: [MSN Messanger] MSN.exe
O4 - HKLM\..\RunServices: [Microsoft Firewall] firewallsp2.exe
O4 - HKLM\..\RunServices: [Intersoft Msngr] IntersoftMsngr.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunServices: [MSN ang] system32.exe
O4 - HKLM\..\RunServices: [IEXPLORE] IEXPLORe.exe
O4 - HKLM\..\RunServices: [System driver] Messenger.exe
O4 - HKLM\..\RunServices: [Windows Logon Manager] logon.exe
O4 - HKLM\..\RunServices: [Microsoft Machine] WinJava.exe
O4 - HKLM\..\RunServices: [Media-XP-Service-Pack3] msnzx.exe
O4 - HKLM\..\RunServices: [Windows Debugger] msdbg32.exe
O4 - HKCU\..\Run: [Windows secure] setver32.exe
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [NDIS Adapter] ndis.exe
O4 - HKCU\..\Run: [MSN ang] system32.exe
O4 - HKCU\..\Run: [DriverLoad] c:\DriverLoad\dl.exe
O4 - HKCU\..\Run: [Microsoft Machine] WinJava.exe
O4 - HKCU\..\Run: [Windows-XP-Service-Pack] xpspz.exe
O4 - HKCU\..\Run: [Ohpi] C:\WINNT\System32\??stem32\wucrtupd.exe
O4 - HKCU\..\Run: [Media-XP-Service-Pack3] msnzx.exe
O4 - HKCU\..\Run: [Noat] C:\Program Files\oere\icrd.exe
O4 - HKCU\..\RunServices: [Microsoft Machine] WinJava.exe
O4 - HKCU\..\RunServices: [Windows-XP-Service-Pack] xpspz.exe
O4 - HKCU\..\RunServices: [Media-XP-Service-Pack3] msnzx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c361.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125991766338
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9EAC0186-5F5A-4362-B120-15C312CE012D} - http://www.awmdabest...cabl/500/tb.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O20 - AppInit_DLLs: pb5pzhj97cectex.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINNT\aim.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINNT\lsass.exe (file missing)
O23 - Service: Microsoft Windows - Unknown owner - C:\WINNT\system.exe
O23 - Service: FireDaemon Service: ntsysvers (ntsysvers) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE (file missing)
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\System32\HPHipm11.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINNT\System32\RioMSC.exe
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE (file missing)
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\WINNT\system32\uop\ServUDaemon.exe (file missing)
O23 - Service: FireDaemon Service: startupdll (startupdll) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE (file missing)
O23 - Service: MS Software Generic Host Process for Win32 Services (SVCHOST) - Unknown owner - C:\WINNT\SYSTEM\SVCHOST.exe
thanks in advance for anyone who will help me