Adware.Winshow

Hi folks!
I have problems with an adware. My IE start page is allways changed to some adware stuff.
My HijackThis log file is the following. Anyone some ideas how to get rid of this adware?

Thanx
Ernie

Logfile of HijackThis v1.97.7
Scan saved at 18:42:10, on 26.11.2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSAP32.EXE
C:\WINDOWS\D3VN32.EXE
C:\WINDOWS\SYSTEM\IPLX32.EXE
C:\WINDOWS\ADDUR.EXE
C:\WINDOWS\SDKLB32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\APIMP.EXE
C:\WINDOWS\JAVAWW.EXE
C:\WINDOWS\SYSTEM\SYSBC32.EXE
C:\WINDOWS\SYSTEM\SYSOE32.EXE
C:\WINDOWS\SYSTEM\SDKVR32.EXE
C:\WINDOWS\SYSTEM\ADDES.EXE
C:\WINDOWS\NTRE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAMME\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\IPVK32.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\TELEDAT\IWATCH.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\IPLX32.EXE
C:\WINDOWS\SYSTEM\IPLX32.EXE
C:\WINDOWS\MSGF.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\IPLX32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jeikd.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jeikd.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jeikd.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jeikd.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jeikd.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jeikd.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jeikd.dll/sp.html#29126
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {56A74345-A6EF-F199-91F6-3FF575DE3A3F} - C:\WINDOWS\SYSTEM\D3ML32.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [IPVK32.EXE] C:\WINDOWS\IPVK32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [IPLX32.EXE] C:\WINDOWS\SYSTEM\IPLX32.EXE
O4 - HKLM\..\RunServices: [JAVAWW.EXE] C:\WINDOWS\JAVAWW.EXE
O4 - HKLM\..\RunServices: [SDKLB32.EXE] C:\WINDOWS\SDKLB32.EXE
O4 - HKLM\..\RunServices: [D3VN32.EXE] C:\WINDOWS\D3VN32.EXE
O4 - HKLM\..\RunServices: [SYSOE32.EXE] C:\WINDOWS\SYSTEM\SYSOE32.EXE
O4 - HKLM\..\RunServices: [APIMP.EXE] C:\WINDOWS\APIMP.EXE
O4 - HKLM\..\RunServices: [ADDUR.EXE] C:\WINDOWS\ADDUR.EXE
O4 - HKLM\..\RunServices: [NTRE.EXE] C:\WINDOWS\NTRE.EXE
O4 - HKLM\..\RunServices: [ADDES.EXE] C:\WINDOWS\SYSTEM\ADDES.EXE
O4 - HKLM\..\RunServices: [SYSBC32.EXE] C:\WINDOWS\SYSTEM\SYSBC32.EXE
O4 - HKLM\..\RunServices: [SDKVR32.EXE] C:\WINDOWS\SYSTEM\SDKVR32.EXE
O4 - HKLM\..\RunServices: [SYSAP32.EXE] C:\WINDOWS\SYSAP32.EXE
O4 - HKLM\..\RunServices: [MSGF.EXE] C:\WINDOWS\MSGF.EXE
O4 - Startup: Erinnerungen für Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: ISDNWatch.lnk = C:\Programme\Teledat\IWatch.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://banking.seb....ugin/AXFOAM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...8a29296baabe1d6
O19 - User stylesheet: C:\WINDOWS\sample.txt

#1
ernie

Posted 26 November 2004 - 11:41 AM

Advertisements

#2
-=jonnyrotten=-

Posted 26 November 2004 - 12:38 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us