|
| ||
| Logfile from hijackthis some days ago i have been hijacked by some trojan... my ie got a new toolbar (i could remove). but sometimes i am redirected to some links like abcsearch.com please help. thanks, sauronflorik here my logfile: ogfile of HijackThis v1.99.1 Scan saved at 18:55:42, on 28.11.2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\TRAYICON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAMME\CREATIVE\SHAREDLL\CTNOTIFY.EXE D:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE D:\PROGRAMME\WINTV\IR.EXE D:\PROGRAMME\SIEMENS\GIGASET WLAN ADAPTER 54\WLANMONITOR2003.EXE C:\PROGRAMME\CREATIVE\SHAREDLL\MEDIADET.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAMME\OUTLOOK EXPRESS\MSIMN.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE D:\PROGRAMME\TROJANCHECK\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System\TrayIcon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [AVGCtrl] D:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Startup: AutoStart IR.lnk = D:\Programme\WinTV\ir.exe O4 - Startup: NkvMon.exe.lnk = D:\Programme\Nikon\NkView6\NkvMon.exe O4 - Startup: Gigaset WLAN Adapter Monitor.lnk = D:\Programme\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll |
| ||
| Re: Logfile from hijackthis You appear to be infected with the "Alexa" malware. This is indicated by the entry: C:\WINDOWS\web\related.htm Running SpyBot - Search and Destroy will rid you of this annoyance. Besides that, there doesn't seem to be any other problem(s) as far as your HijackThis! log is concerned :D |
| ||
| Re: Logfile from hijackthis hey paddy, thanks for helping. i forgot to mention that i have already used spybot, ad-aware, antivir and bitdefender but it didnĀ“t work out... ok, i deleted the C:\WINDOWS\web\related.htm-file but i have still problems. what else can i do? Quote:
|
| ||
| Re: Logfile from hijackthis Hmm, well I can't see anything else in the log that would indicate what the problem is, and the fact that you've already run those anti-spyware programs has left me even more stumped lol. The only other possibility I can think of is that you've installed a program which comes bundled with "legitimate" spyware/adware/malware. Some companies let you use their software for free, providing that you agree to install their spyware. This would also explain why your anti-spyware programs didn't fix the problem - those programs don't remove the bundled, "legitimate" spyware because they know that removing it will corrupt the program that the spyware came bundled with. If you can come back with a list of programs that are currently installed it might help to shed some light on the subject. Off the top of my head, the following programs come bundled with spyware: DivX Codec - I've seen the Gator spyware included in this package in the past. Messenger Plus! - An add-on for MSN Messenger. It comes with an optional sponsor program (i.e. spyware) that you can opt out of during the installation. Some P2P/filesharing programs like eDonkey, Usenet, etc. have sponsor programs bundled with them, too. If you can get us a list of programs to check out, or if you want to google each one yourself and see what is said about them, it would eliminate the possibility if nothing else :D |
| ||
| Re: Logfile from hijackthis I'd suggest installing the free SpywareBlaster utility; it blocks known "bad" addresses/domains, including abcsearch. A short tutorial on installing and updating SpywareBlaster can be found here. Also- you should try running AdAware and SpyBot in Safe Mode if you haven't already; they might be able to find/fix more "nasties" that way: - Before booting into Safe Mode, open SpyBot and AdAware and use each program's online update feature to make sure that you have the absolutely most current spyware definition databases installed. Do not run scans yet, just close each program when it finishes installing its updates. - Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up). - Run both utilities (the order doesn't matter) and have each program fix everything it finds. - Reboot normally. |
| ||
| Re: Logfile from hijackthis ok, i run sbsd and ad-aware in windows safe modus. it found some nastie spyware (alexa...). i hope i kicked it! i also downloaded spyblaster and have now 3 anti-spy progs. @paddy: you were right with alexa... @DMR:thanks for help hope my system is clean now. i will see in some days... Quote:
|
| ||
| Re: Logfile from hijackthis Glad to be of assistance! DMR: It never even occurred to me to run anti-spyware scans in SafeMode! Learn something new every day ;) Cheers mate! hehe |
| ||
| Re: Logfile from hijackthis You're welcome, sauronflorik; glad we could help :) Paddy, You might know the reasoning behind Safe Mode scans already, but I'll post the basic info just for reference: When Windows is running in its normal start-up mode, spyware and virus removal programs can have difficulty removing some malicious infections due to the fact that components of the infections have already loaded themselves at Windows start-up, and are active at the time the removal programs try to delete them. While the removal programs can terminate many of the active nasties, others present more of a problem. One reason for this is that many infections install multiple files which act as guardians for one another; monitoring each other's "health". When one of the files gets shut down by a removal utility, another guardian file senses this, and restarts (and in some cases actually recreates) the file that was killed. Additionally, infections can use hidden .dll files which are activated at boot-up by obscure registry entries, and these dlls can be quite difficult to detect and deactivate. In Safe Mode however, Windows loads only a bare minimum of services, drivers, and processes; it ignores most normal startup items, and it does not process the entire registry. This means that many of the "autostart" techniques used by infections are also ignored, making the infections essentially dormant in Safe Mode. The fact that the infections are inactive makes it much easier for removal programs to thoroughly remove them from your system. |
| ||
| Re: Logfile from hijackthis ok, i still have a prob :evil: . sometimes i got redirected from google searching. the first adress is: 'http://85.255.113.26/' then it apears another page... what else to do? |
| ||
| Re: Logfile from hijackthis I have the same problem. Please let me know if you fix it? /j Quote:
|
| All times are GMT -4. The time now is 5:01 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC