Options
xadsj-o.offeroptimizer on my computer
I have this damn xadsj-o.offeroptimizer on my computer. Please can somebody help me ? ..
Here my hj-Logfile:
Logfile of HijackThis v1.99.0
Scan saved at 12:49:42, on 04.01.05
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\esserver.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\SENS.EXE
C:\WINNT\UPSWSSVC.exe
D:\UPS\WorldShip\Wshipservicecom.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\loadwc.exe
C:\WINNT\system32\starter.exe
C:\WINNT\FAXMAKER\FMSTART.EXE
C:\WINNT\System32\atiptaxx.exe
D:\programme\ken\kentbcli.exe
C:\WINNT\System32\ddhelp.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
d:\programme\ken\KENCLI.EXE
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
C:\WINNT\Profiles\Constabel\Desktop\HijackThis.exe
C:\Programme\Microsoft Office\Office\WINWORD.EXE
C:\WINNT\System32\MsiExec.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.de.msn.com/access/allinone.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.2:3128/ken2000.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://10.0.0.2:3128/ken2000.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://10.0.0.4:3128/proxy2000.kenins
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.0.0.2:3128;https=10.0.0.2:3128;ftp=10.0.0.2:3128;socks=10.0.0.2:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: HostDllObj Class - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINNT\host.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\PROGRA~1\ADOBE-~1\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [FMStart] C:\WINNT\FAXMAKER\FMSTART.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [KEN Taskbar Client] "d:\programme\ken\kentbcli.exe"
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [susp] C:\WINNT\susp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PKZIP Attachments Status.lnk = C:\Programme\PKWARE\PKZIPM\8.00.0017\PKTray.exe
O14 - IERESET.INF: START_PAGE_URL=http://10.0.0.2:3128/ken2000.html
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CKDOM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CKDOM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CKDOM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 10.0.0.1
O23 - Service: Centura SQLBase - Unknown - d:\worldship\WorldShip\Dbnt25sv.exe (file missing)
O23 - Service: AVM KEN - AVM Berlin - d:\programme\ken\KENCLI.EXE
O23 - Service: UPSWSSVC - Unknown - C:\WINNT\UPSWSSVC.exe
O23 - Service: WShipServiceCom - Unknown - D:\UPS\WorldShip\Wshipservicecom.exe
Thanx
Ralf
Here my hj-Logfile:
Logfile of HijackThis v1.99.0
Scan saved at 12:49:42, on 04.01.05
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\esserver.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\SENS.EXE
C:\WINNT\UPSWSSVC.exe
D:\UPS\WorldShip\Wshipservicecom.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\loadwc.exe
C:\WINNT\system32\starter.exe
C:\WINNT\FAXMAKER\FMSTART.EXE
C:\WINNT\System32\atiptaxx.exe
D:\programme\ken\kentbcli.exe
C:\WINNT\System32\ddhelp.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
d:\programme\ken\KENCLI.EXE
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
C:\WINNT\Profiles\Constabel\Desktop\HijackThis.exe
C:\Programme\Microsoft Office\Office\WINWORD.EXE
C:\WINNT\System32\MsiExec.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.de.msn.com/access/allinone.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.2:3128/ken2000.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://10.0.0.2:3128/ken2000.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://10.0.0.4:3128/proxy2000.kenins
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.0.0.2:3128;https=10.0.0.2:3128;ftp=10.0.0.2:3128;socks=10.0.0.2:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: HostDllObj Class - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINNT\host.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\PROGRA~1\ADOBE-~1\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [FMStart] C:\WINNT\FAXMAKER\FMSTART.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [KEN Taskbar Client] "d:\programme\ken\kentbcli.exe"
O4 - HKLM\..\Run: [mdac_runonce] C:\WINNT\System32\runonce.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [susp] C:\WINNT\susp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PKZIP Attachments Status.lnk = C:\Programme\PKWARE\PKZIPM\8.00.0017\PKTray.exe
O14 - IERESET.INF: START_PAGE_URL=http://10.0.0.2:3128/ken2000.html
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CKDOM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CKDOM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CKDOM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 10.0.0.1
O23 - Service: Centura SQLBase - Unknown - d:\worldship\WorldShip\Dbnt25sv.exe (file missing)
O23 - Service: AVM KEN - AVM Berlin - d:\programme\ken\KENCLI.EXE
O23 - Service: UPSWSSVC - Unknown - C:\WINNT\UPSWSSVC.exe
O23 - Service: WShipServiceCom - Unknown - D:\UPS\WorldShip\Wshipservicecom.exe
Thanx
Ralf
0