 |  |  |  |  |  |  |  |
Logfile from hijackthis
Thread Solved |
some days ago i have been hijacked by some trojan...
my ie got a new toolbar (i could remove).
but sometimes i am redirected to some links like abcsearch.com
please help.
thanks,
sauronflorik
here my logfile:
ogfile of HijackThis v1.99.1
Scan saved at 18:55:42, on 28.11.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\TRAYICON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\CREATIVE\SHAREDLL\CTNOTIFY.EXE
D:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
D:\PROGRAMME\WINTV\IR.EXE
D:\PROGRAMME\SIEMENS\GIGASET WLAN ADAPTER 54\WLANMONITOR2003.EXE
C:\PROGRAMME\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAMME\TROJANCHECK\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System\TrayIcon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: AutoStart IR.lnk = D:\Programme\WinTV\ir.exe
O4 - Startup: NkvMon.exe.lnk = D:\Programme\Nikon\NkView6\NkvMon.exe
O4 - Startup: Gigaset WLAN Adapter Monitor.lnk = D:\Programme\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
my ie got a new toolbar (i could remove).
but sometimes i am redirected to some links like abcsearch.com
please help.
thanks,
sauronflorik
here my logfile:
ogfile of HijackThis v1.99.1
Scan saved at 18:55:42, on 28.11.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\TRAYICON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\CREATIVE\SHAREDLL\CTNOTIFY.EXE
D:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
D:\PROGRAMME\WINTV\IR.EXE
D:\PROGRAMME\SIEMENS\GIGASET WLAN ADAPTER 54\WLANMONITOR2003.EXE
C:\PROGRAMME\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAMME\TROJANCHECK\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System\TrayIcon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: AutoStart IR.lnk = D:\Programme\WinTV\ir.exe
O4 - Startup: NkvMon.exe.lnk = D:\Programme\Nikon\NkView6\NkvMon.exe
O4 - Startup: Gigaset WLAN Adapter Monitor.lnk = D:\Programme\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
•
•
Join Date: Sep 2004
Posts: 211
Reputation: 
Solved Threads: 3
Posting Whiz in Training
You appear to be infected with the "Alexa" malware. This is indicated by the entry: C:\WINDOWS\web\related.htm
Running SpyBot - Search and Destroy will rid you of this annoyance. Besides that, there doesn't seem to be any other problem(s) as far as your HijackThis! log is concerned
Running SpyBot - Search and Destroy will rid you of this annoyance. Besides that, there doesn't seem to be any other problem(s) as far as your HijackThis! log is concerned
"This is one race of people for whom psychoanalysis is of no use whatsoever." - Sigmund Freud on the Irish
"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein
"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein
hey paddy,
thanks for helping.
i forgot to mention that i have already used spybot, ad-aware, antivir and bitdefender but it didnĀ“t work out...
ok, i deleted the C:\WINDOWS\web\related.htm-file but i have still problems.
what else can i do?
thanks for helping.
i forgot to mention that i have already used spybot, ad-aware, antivir and bitdefender but it didnĀ“t work out...
ok, i deleted the C:\WINDOWS\web\related.htm-file but i have still problems.
what else can i do?
•
•
•
•
Originally Posted by Paddy
You appear to be infected with the "Alexa" malware. This is indicated by the entry: C:\WINDOWS\web\related.htm
Running SpyBot - Search and Destroy will rid you of this annoyance. Besides that, there doesn't seem to be any other problem(s) as far as your HijackThis! log is concerned
•
•
Join Date: Sep 2004
Posts: 211
Reputation:
Solved Threads: 3
Posting Whiz in Training
Hmm, well I can't see anything else in the log that would indicate what the problem is, and the fact that you've already run those anti-spyware programs has left me even more stumped lol.
The only other possibility I can think of is that you've installed a program which comes bundled with "legitimate" spyware/adware/malware. Some companies let you use their software for free, providing that you agree to install their spyware. This would also explain why your anti-spyware programs didn't fix the problem - those programs don't remove the bundled, "legitimate" spyware because they know that removing it will corrupt the program that the spyware came bundled with.
If you can come back with a list of programs that are currently installed it might help to shed some light on the subject. Off the top of my head, the following programs come bundled with spyware:
DivX Codec - I've seen the Gator spyware included in this package in the past.
Messenger Plus! - An add-on for MSN Messenger. It comes with an optional sponsor program (i.e. spyware) that you can opt out of during the installation.
Some P2P/filesharing programs like eDonkey, Usenet, etc. have sponsor programs bundled with them, too.
If you can get us a list of programs to check out, or if you want to google each one yourself and see what is said about them, it would eliminate the possibility if nothing else
The only other possibility I can think of is that you've installed a program which comes bundled with "legitimate" spyware/adware/malware. Some companies let you use their software for free, providing that you agree to install their spyware. This would also explain why your anti-spyware programs didn't fix the problem - those programs don't remove the bundled, "legitimate" spyware because they know that removing it will corrupt the program that the spyware came bundled with.
If you can come back with a list of programs that are currently installed it might help to shed some light on the subject. Off the top of my head, the following programs come bundled with spyware:
DivX Codec - I've seen the Gator spyware included in this package in the past.
Messenger Plus! - An add-on for MSN Messenger. It comes with an optional sponsor program (i.e. spyware) that you can opt out of during the installation.
Some P2P/filesharing programs like eDonkey, Usenet, etc. have sponsor programs bundled with them, too.
If you can get us a list of programs to check out, or if you want to google each one yourself and see what is said about them, it would eliminate the possibility if nothing else
"This is one race of people for whom psychoanalysis is of no use whatsoever." - Sigmund Freud on the Irish
"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein
"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein
I'd suggest installing the free SpywareBlaster utility; it blocks known "bad" addresses/domains, including abcsearch. A short tutorial on installing and updating SpywareBlaster can be found here.
Also- you should try running AdAware and SpyBot in Safe Mode if you haven't already; they might be able to find/fix more "nasties" that way:
- Before booting into Safe Mode, open SpyBot and AdAware and use each program's online update feature to make sure that you have the absolutely most current spyware definition databases installed. Do not run scans yet, just close each program when it finishes installing its updates.
- Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).
- Run both utilities (the order doesn't matter) and have each program fix everything it finds.
- Reboot normally.
Also- you should try running AdAware and SpyBot in Safe Mode if you haven't already; they might be able to find/fix more "nasties" that way:
- Before booting into Safe Mode, open SpyBot and AdAware and use each program's online update feature to make sure that you have the absolutely most current spyware definition databases installed. Do not run scans yet, just close each program when it finishes installing its updates.
- Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).
- Run both utilities (the order doesn't matter) and have each program fix everything it finds.
- Reboot normally.
Last edited by DMR; Nov 30th, 2005 at 7:21 pm.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
ok, i run sbsd and ad-aware in windows safe modus.
it found some nastie spyware (alexa...).
i hope i kicked it!
i also downloaded spyblaster and have now 3 anti-spy progs.
@paddy: you were right with alexa...
@DMR:thanks for help
hope my system is clean now.
i will see in some days...
it found some nastie spyware (alexa...).
i hope i kicked it!
i also downloaded spyblaster and have now 3 anti-spy progs.
@paddy: you were right with alexa...
@DMR:thanks for help
hope my system is clean now.
i will see in some days...
•
•
•
•
Originally Posted by DMR
I'd suggest installing the free SpywareBlaster utility; it blocks known "bad" addresses/domains, including abcsearch. A short tutorial on installing and updating SpywareBlaster can be found here.
Also- you should try running AdAware and SpyBot in Safe Mode if you haven't already; they might be able to find/fix more "nasties" that way:
- Before booting into Safe Mode, open SpywareBlaster and AdAware and use each program's online update feature to make sure that you have the absolutely most current spyware definition databases installed. Do not run scans yet, just close each program when it finishes installing its updates.
- Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).
- Run both utilities (the order doesn't matter) and have each program fix everything it finds.
- Reboot normally.
•
•
Join Date: Sep 2004
Posts: 211
Reputation:
Solved Threads: 3
Posting Whiz in Training
Glad to be of assistance!
DMR: It never even occurred to me to run anti-spyware scans in SafeMode! Learn something new every day
Cheers mate! hehe
DMR: It never even occurred to me to run anti-spyware scans in SafeMode! Learn something new every day
Cheers mate! hehe "This is one race of people for whom psychoanalysis is of no use whatsoever." - Sigmund Freud on the Irish
"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein
"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein
You're welcome, sauronflorik; glad we could help 
Paddy,
You might know the reasoning behind Safe Mode scans already, but I'll post the basic info just for reference:
When Windows is running in its normal start-up mode, spyware and virus removal programs can have difficulty removing some malicious infections due to the fact that components of the infections have already loaded themselves at Windows start-up, and are active at the time the removal programs try to delete them. While the removal programs can terminate many of the active nasties, others present more of a problem.
One reason for this is that many infections install multiple files which act as guardians for one another; monitoring each other's "health". When one of the files gets shut down by a removal utility, another guardian file senses this, and restarts (and in some cases actually recreates) the file that was killed. Additionally, infections can use hidden .dll files which are activated at boot-up by obscure registry entries, and these dlls can be quite difficult to detect and deactivate.
In Safe Mode however, Windows loads only a bare minimum of services, drivers, and processes; it ignores most normal startup items, and it does not process the entire registry. This means that many of the "autostart" techniques used by infections are also ignored, making the infections essentially dormant in Safe Mode. The fact that the infections are inactive makes it much easier for removal programs to thoroughly remove them from your system.
Paddy,
You might know the reasoning behind Safe Mode scans already, but I'll post the basic info just for reference:
When Windows is running in its normal start-up mode, spyware and virus removal programs can have difficulty removing some malicious infections due to the fact that components of the infections have already loaded themselves at Windows start-up, and are active at the time the removal programs try to delete them. While the removal programs can terminate many of the active nasties, others present more of a problem.
One reason for this is that many infections install multiple files which act as guardians for one another; monitoring each other's "health". When one of the files gets shut down by a removal utility, another guardian file senses this, and restarts (and in some cases actually recreates) the file that was killed. Additionally, infections can use hidden .dll files which are activated at boot-up by obscure registry entries, and these dlls can be quite difficult to detect and deactivate.
In Safe Mode however, Windows loads only a bare minimum of services, drivers, and processes; it ignores most normal startup items, and it does not process the entire registry. This means that many of the "autostart" techniques used by infections are also ignored, making the infections essentially dormant in Safe Mode. The fact that the infections are inactive makes it much easier for removal programs to thoroughly remove them from your system.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
ok, i still have a prob :evil: .
sometimes i got redirected from google searching.
the first adress is: 'http://85.255.113.26/' then it apears another page...
what else to do?
sometimes i got redirected from google searching.
the first adress is: 'http://85.255.113.26/' then it apears another page...
what else to do?
 |
Similar Threads
- Buffer Overrun Detected!!!!.............. (Web Browsers)
- Spyware troubles (Viruses, Spyware and other Nasties)
- Trojan Problem - Hijackthis log posted (Viruses, Spyware and other Nasties)
- Please Analyze My HijackThis Logfile, I'm having "bridge.dll" problems at least. (Viruses, Spyware and other Nasties)
- MSIEH - Ran Hijackthis - what do i do with the logfile? (Windows NT / 2000 / XP)
- slow internet graphics (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Adware!!!!!
- Next Thread: HighJack this Log..please advise
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg bar blackhat botnet botnets censorship commercial commercials conficker connect crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirecting reliability report research risk samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted usa virus viruses vista war warning windows worm yahoo zeroday
