Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Adware.Winshow


  • Please log in to reply

#1
ernie

ernie

    New Member

  • Member
  • Pip
  • 1 posts
Hi folks!
I have problems with an adware. My IE start page is allways changed to some adware stuff.
My HijackThis log file is the following. Anyone some ideas how to get rid of this adware?

Thanx
Ernie



Logfile of HijackThis v1.97.7
Scan saved at 18:42:10, on 26.11.2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSAP32.EXE
C:\WINDOWS\D3VN32.EXE
C:\WINDOWS\SYSTEM\IPLX32.EXE
C:\WINDOWS\ADDUR.EXE
C:\WINDOWS\SDKLB32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\APIMP.EXE
C:\WINDOWS\JAVAWW.EXE
C:\WINDOWS\SYSTEM\SYSBC32.EXE
C:\WINDOWS\SYSTEM\SYSOE32.EXE
C:\WINDOWS\SYSTEM\SDKVR32.EXE
C:\WINDOWS\SYSTEM\ADDES.EXE
C:\WINDOWS\NTRE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAMME\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\IPVK32.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\TELEDAT\IWATCH.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\IPLX32.EXE
C:\WINDOWS\SYSTEM\IPLX32.EXE
C:\WINDOWS\MSGF.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\IPLX32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jeikd.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jeikd.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jeikd.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jeikd.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jeikd.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jeikd.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jeikd.dll/sp.html#29126
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {56A74345-A6EF-F199-91F6-3FF575DE3A3F} - C:\WINDOWS\SYSTEM\D3ML32.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [IPVK32.EXE] C:\WINDOWS\IPVK32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [IPLX32.EXE] C:\WINDOWS\SYSTEM\IPLX32.EXE
O4 - HKLM\..\RunServices: [JAVAWW.EXE] C:\WINDOWS\JAVAWW.EXE
O4 - HKLM\..\RunServices: [SDKLB32.EXE] C:\WINDOWS\SDKLB32.EXE
O4 - HKLM\..\RunServices: [D3VN32.EXE] C:\WINDOWS\D3VN32.EXE
O4 - HKLM\..\RunServices: [SYSOE32.EXE] C:\WINDOWS\SYSTEM\SYSOE32.EXE
O4 - HKLM\..\RunServices: [APIMP.EXE] C:\WINDOWS\APIMP.EXE
O4 - HKLM\..\RunServices: [ADDUR.EXE] C:\WINDOWS\ADDUR.EXE
O4 - HKLM\..\RunServices: [NTRE.EXE] C:\WINDOWS\NTRE.EXE
O4 - HKLM\..\RunServices: [ADDES.EXE] C:\WINDOWS\SYSTEM\ADDES.EXE
O4 - HKLM\..\RunServices: [SYSBC32.EXE] C:\WINDOWS\SYSTEM\SYSBC32.EXE
O4 - HKLM\..\RunServices: [SDKVR32.EXE] C:\WINDOWS\SYSTEM\SDKVR32.EXE
O4 - HKLM\..\RunServices: [SYSAP32.EXE] C:\WINDOWS\SYSAP32.EXE
O4 - HKLM\..\RunServices: [MSGF.EXE] C:\WINDOWS\MSGF.EXE
O4 - Startup: Erinnerungen für Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: ISDNWatch.lnk = C:\Programme\Teledat\IWatch.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://banking.seb....ugin/AXFOAM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...8a29296baabe1d6
O19 - User stylesheet: C:\WINDOWS\sample.txt
  • 0

Advertisements


#2
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Click Here download the latest version of

Hijack This (1.98.2). It's better able to catch the latest threats.

-=jonnyrotten=- <_<
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP