you have an particularly large amount of hijacked domains. it's probably better to delete the file itself then to fix each item (and create a backup). if you see the same IP address in all the reported 01 items, consider deleting your Hosts file, which is located at c:\wndows\systemLogfile of HijackThis v1.99.1
Scan saved at 1:09:00 AM, on 10/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\PowerCinema\PCMService.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\winlogin.exe
C:\Program Files\BySoft FreeRAM\FreeRAM.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\new downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.file-webber.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O1 - Hosts: 195.158.172.121 amazon.at
O1 - Hosts: 195.158.172.121 www.amazon.at
O1 - Hosts: 195.158.172.121 www.all-inkl.de
O1 - Hosts: 195.158.172.121 all-inkl.de
O1 - Hosts: 195.158.172.121 www.united-domains.de
O1 - Hosts: 195.158.172.121 united-domains.de
O1 - Hosts: 195.158.172.121 www.sedo.de
O1 - Hosts: 195.158.172.121 sedo.de
O1 - Hosts: 195.158.172.121 www.sedo.com
O1 - Hosts: 195.158.172.121 sedo.com
O1 - Hosts: 195.158.172.121 www.domains.de
O1 - Hosts: 195.158.172.121 domains.de
O1 - Hosts: 195.158.172.121 sedo.fr
O1 - Hosts: 195.158.172.121 sedo.it
O1 - Hosts: 195.158.172.121 sedo.se
O1 - Hosts: 195.158.172.121 sedo.dk
O1 - Hosts: 195.158.172.121 www.sedo.fr
O1 - Hosts: 195.158.172.121 www.sedo.it
O1 - Hosts: 195.158.172.121 www.sedo.se
O1 - Hosts: 195.158.172.121 www.sedo.dk
O1 - Hosts: 195.158.172.121 e-hausaufgaben.de
O1 - Hosts: 195.158.172.121 hausaufgaben.de
O1 - Hosts: 195.158.172.121 www.e-hausaufgaben.de
O1 - Hosts: 195.158.172.121 www.hausaufgaben.de
O1 - Hosts: 195.158.172.121 young.de
O1 - Hosts: 195.158.172.121 schoolunity.de
O1 - Hosts: 195.158.172.121 schoolwork.de
O1 - Hosts: 195.158.172.121 hausarbeiten24.com
O1 - Hosts: 195.158.172.121 hausarbeiten.de
O1 - Hosts: 195.158.172.121 www.young.de
O1 - Hosts: 195.158.172.121 www.schoolunity.de
O1 - Hosts: 195.158.172.121 www.schoolwork.de
O1 - Hosts: 195.158.172.121 www.hausarbeiten24.com
O1 - Hosts: 195.158.172.121 www.hausarbeiten.de
O1 - Hosts: 195.158.172.121 www.probenclub.de
O1 - Hosts: 195.158.172.121 www.couponmountain.de
O1 - Hosts: 195.158.172.121 www.warenproben.ag
O1 - Hosts: 195.158.172.121 www.gratisproben24.net
O1 - Hosts: 195.158.172.121 probenclub.de
O1 - Hosts: 195.158.172.121 couponmountain.de
O1 - Hosts: 195.158.172.121 warenproben.ag
O1 - Hosts: 195.158.172.121 gratisproben24.net
O1 - Hosts: 195.158.172.121 probendino.de
O1 - Hosts: 195.158.172.121 www.probendino.de
O1 - Hosts: 195.158.172.121 www.proben.de
O1 - Hosts: 195.158.172.121 www.produktproben.de
O1 - Hosts: 195.158.172.121 proben.de
O1 - Hosts: 195.158.172.121 produktproben.de
O1 - Hosts: 195.158.172.121 de.supereva.com
O1 - Hosts: 195.158.172.121 www.de.supereva.com
O1 - Hosts: 195.158.172.121 www.knuddels.de
O1 - Hosts: 195.158.172.121 www.flirt-fever.de
O1 - Hosts: 195.158.172.121 www.neu.de
O1 - Hosts: 195.158.172.121 neu.de
O1 - Hosts: 195.158.172.121 chat.lycos.de
O1 - Hosts: 195.158.172.121 www.spinchat.de
O1 - Hosts: 195.158.172.121 www.chat.de
O1 - Hosts: 195.158.172.121 www.chatcity.de
O1 - Hosts: 195.158.172.121 www.webchat.de
O1 - Hosts: 195.158.172.121 chat.yahoo.de
O1 - Hosts: 195.158.172.121 www.friendscout24.de
O1 - Hosts: 195.158.172.121 www.ilove.de
O1 - Hosts: 195.158.172.121 www.traumpartnerchat.de
O1 - Hosts: 195.158.172.121 knuddels.de
O1 - Hosts: 195.158.172.121 flirt-fever.de
O1 - Hosts: 195.158.172.121 chat.lycos.de
O1 - Hosts: 195.158.172.121 spinchat.de
O1 - Hosts: 195.158.172.121 chat.de
O1 - Hosts: 195.158.172.121 chatcity.de
O1 - Hosts: 195.158.172.121 webchat.de
O1 - Hosts: 195.158.172.121 chat.yahoo.de
O1 - Hosts: 195.158.172.121 friendscout24.de
O1 - Hosts: 195.158.172.121 ilove.de
O1 - Hosts: 195.158.172.121 traumpartnerchat.de
O1 - Hosts: 195.158.172.121 www.planetwin.de
O1 - Hosts: 195.158.172.121 www.gewinnspiele.de
O1 - Hosts: 195.158.172.121 www.gewinnspiel.de
O1 - Hosts: 195.158.172.121 www.gewinnspiele.com
O1 - Hosts: 195.158.172.121 www.freewin.tv
O1 - Hosts: 195.158.172.121 www.gewinnclub.de
O1 - Hosts: 195.158.172.121 www.winwin.de
O1 - Hosts: 195.158.172.121 www.primawin.de
O1 - Hosts: 195.158.172.121 www.profiwin.de
O1 - Hosts: 195.158.172.121 planetwin.de
O1 - Hosts: 195.158.172.121 gewinnspiele.de
O1 - Hosts: 195.158.172.121 gewinnspiel.de
O1 - Hosts: 195.158.172.121 gewinnspiele.com
O1 - Hosts: 195.158.172.121 freewin.tv
O1 - Hosts: 195.158.172.121 gewinnclub.de
O1 - Hosts: 195.158.172.121 winwin.de
O1 - Hosts: 195.158.172.121 primawin.de
O1 - Hosts: 195.158.172.121 profiwin.de
O1 - Hosts: 195.158.172.121 www.lesen.de
O1 - Hosts: 195.158.172.121 www.bol.de
O1 - Hosts: 195.158.172.121 www.buecher.de
O1 - Hosts: 195.158.172.121 www.buch24.de
O1 - Hosts: 195.158.172.121 www.buchhandel.de
O1 - Hosts: 195.158.172.121 www.abebooks.de
O1 - Hosts: 195.158.172.121 www.buch.de
O1 - Hosts: 195.158.172.121 lesen.de
O1 - Hosts: 195.158.172.121 bol.de
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [D9dhw9wV] C:\WINDOWS\pjoee.exe
O4 - HKLM\..\Run: [D9dh$vùõš/‚²‘ÆßfÏNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\pjoee.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Winlogun] C:\WINDOWS\system32\winlogin.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\new downloads\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_2
O4 - HKCU\..\Run: [eMule Acceleration Patch] C:\Documents and Settings\All Users\Start Menu\Programs\eMule Acceleration Patch\eMule Acceleration Patch.lnk
O4 - HKCU\..\Run: [Emule Speed Up Pro] C:\Program Files\Emule Speed Up Pro\Emule Speed Up Pro.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Read Me.lnk = C:\Program Files\Opera\Readme.txt
O4 - Global Startup: Software License Agreement.lnk = C:\Program Files\Opera\License.txt
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.emusic.com
O15 - Trusted Zone: http://www.pianoladynancy.com
O15 - Trusted Zone: http://www.roughstock.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
32\drivers\etc\hosts
Edited by Geri1, 13 October 2005 - 11:23 PM.