Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Another problem with loadingwebsite.com


  • This topic is locked This topic is locked

#1
ae.

ae.

    New Member

  • Member
  • Pip
  • 4 posts
Hello,

hope you can help me to stop this crap from loadingwebsite.com

Here my log:

Logfile of HijackThis v1.98.2
Scan saved at 16:46:42, on 23.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
F:\Programme\HP\HP Software Update\HPWuSchd.exe
F:\Programme\HP\Digital Imaging\Promotions\HPpromo.exe
F:\Programme\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\BHOZapper\BHOZapper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnathchk.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
F:\Programme\Steam\Steam.exe
C:\Programme\Gamer.IRC\mirc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\FlatrateRoli\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {56FC3656-60D5-0141-E3A6-0D6EF8DA3F80} - (no file)
O2 - BHO: (no name) - {96054A40-6230-B95B-289D-81B920E01F17} - (no file)
O2 - BHO: (no name) - {D7C1B202-59C7-9540-A6B0-D65198E50E3B} - (no file)
O3 - Toolbar: BHOZapper Toolbar - {0A029144-6E5A-4F7E-A3B8-0B7F3F729049} - C:\Programme\BHOZapper\BHOZapper Toolbar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "F:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPpromo psc 2400 series] "F:\Programme\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 2400 series" -r
O4 - HKLM\..\Run: [Opware12] "F:\Programme\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TrojanScanner] f:\Programme\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [BHOZapper] C:\Programme\BHOZapper\BHOZapper.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .PDF: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE719AC2-B053-41BF-8870-851FA08BB736}: NameServer = 145.253.2.196 195.50.140.250
  • 0

Advertisements


#2
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
youa re using an oudated version of Hijack this, could you please download the newer version and post a new log.

you can get Hijack This at:
http://www.merijn.or.../hijackthis.zip
  • 0

#3
ae.

ae.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thx, here we go:


Logfile of HijackThis v1.99.1
Scan saved at 14:18:38, on 24.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
F:\Programme\HP\HP Software Update\HPWuSchd.exe
F:\Programme\HP\Digital Imaging\Promotions\HPpromo.exe
F:\Programme\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnathchk.exe
C:\Dokumente und Einstellungen\FlatrateRoli\Desktop\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {56FC3656-60D5-0141-E3A6-0D6EF8DA3F80} - (no file)
O2 - BHO: (no name) - {96054A40-6230-B95B-289D-81B920E01F17} - (no file)
O2 - BHO: (no name) - {D7C1B202-59C7-9540-A6B0-D65198E50E3B} - (no file)
O3 - Toolbar: BHOZapper Toolbar - {0A029144-6E5A-4F7E-A3B8-0B7F3F729049} - C:\Programme\BHOZapper\BHOZapper Toolbar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "F:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPpromo psc 2400 series] "F:\Programme\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 2400 series" -r
O4 - HKLM\..\Run: [Opware12] "F:\Programme\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TrojanScanner] f:\Programme\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [BHOZapper] C:\Programme\BHOZapper\BHOZapper.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .PDF: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE719AC2-B053-41BF-8870-851FA08BB736}: NameServer = 145.253.2.196 195.50.140.250
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\f2l02c3mgf.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: evglyjnxqtqi (slzarfzg5) - Unknown owner - C:\WINDOWS\System32\rciavpnz5.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
To clean some of it out already, please download Spybot: Search and Destroy from http://www.safer-net...?page=download . Check for Updates first, download ALL Updates and Do a Scan. When finished, make sure ALL RED items have been ticked, and click the "Fix Selected Problems" Button.

I'd Also Recommend you Download AdAware, Another good Antispyware Program From http://www.lavasoftu...port/download/ . Install The Program and Run it. Make Sure You Click the "Check for Updates" Button before starting a scan. Do a scan on AdAware and Remove Everything it suggests.

You have a Large Amount of Trojans and Viruses on Your Computer.

Download a Free Trial of Trojan Hunter at http://www.misec.net...rojanHunter.exe first. Next, take a free Online Virus scan at http://www.housecall.trendmicro.com or http://www3.ca.com/v...virusscan.aspx. After this, Reboot and Post a fresh HijackThis log.
  • 0

#5
ae.

ae.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Done.

Following problem after reboot:
TrojanHunter found "Adware.VX2.100"
If i clean it, my taskbar is gone...


Anyway, new log:

Logfile of HijackThis v1.99.1
Scan saved at 17:23:50, on 24.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
F:\Programme\HP\HP Software Update\HPWuSchd.exe
F:\Programme\HP\Digital Imaging\Promotions\HPpromo.exe
F:\Programme\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnathchk.exe
C:\Dokumente und Einstellungen\FlatrateRoli\Desktop\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O2 - BHO: (no name) - {56FC3656-60D5-0141-E3A6-0D6EF8DA3F80} - (no file)
O2 - BHO: (no name) - {96054A40-6230-B95B-289D-81B920E01F17} - (no file)
O2 - BHO: (no name) - {D7C1B202-59C7-9540-A6B0-D65198E50E3B} - (no file)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "F:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPpromo psc 2400 series] "F:\Programme\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 2400 series" -r
O4 - HKLM\..\Run: [Opware12] "F:\Programme\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [BHOZapper] C:\Programme\BHOZapper\BHOZapper.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programme\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .PDF: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\irlsl5371.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: evglyjnxqtqi (slzarfzg5) - Unknown owner - C:\WINDOWS\System32\rciavpnz5.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
  • 0

#6
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
Download Lavasoft's VX2 Cleaner plug-in here
http://www.lavasoftu...x2cleaner.shtml

How to use Lavasoft's VX2 Cleaner plug-in

- Close Ad-Aware 6 and Ad-Watch (if running)
- Download the free VX2 Cleaner at http://updates.ls-se...lvx2cleaner.exe
- Install the VX2 Cleaner
- Start Ad-Aware 6
- Go to "Plug-ins"
- Select the VX2 Cleaner plug-in and click "Run Plugin"
- If your computer isn't infected, click "Close".


If your computer is infected

- Select "Clean system"
- Reboot your computer
- Scan your computer with Ad-Aware
- Remove any VX2 objects detected
- Reboot your computer again
- Run a second scan to make sure the files have been removed from your computer

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :tazz:
  • 0

#7
ae.

ae.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Done.

New log:


Logfile of HijackThis v1.99.1
Scan saved at 15:04:21, on 25.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnathchk.exe
F:\Programme\HP\HP Software Update\HPWuSchd.exe
F:\Programme\HP\Digital Imaging\Promotions\HPpromo.exe
F:\Programme\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
F:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\FlatrateRoli\Desktop\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {56FC3656-60D5-0141-E3A6-0D6EF8DA3F80} - (no file)
O2 - BHO: (no name) - {96054A40-6230-B95B-289D-81B920E01F17} - (no file)
O2 - BHO: (no name) - {D7C1B202-59C7-9540-A6B0-D65198E50E3B} - (no file)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "F:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPpromo psc 2400 series] "F:\Programme\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 2400 series" -r
O4 - HKLM\..\Run: [Opware12] "F:\Programme\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [BHOZapper] C:\Programme\BHOZapper\BHOZapper.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programme\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .PDF: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE719AC2-B053-41BF-8870-851FA08BB736}: NameServer = 145.253.2.196 195.50.140.250
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\r06u0aj9edo.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: evglyjnxqtqi (slzarfzg5) - Unknown owner - C:\WINDOWS\System32\rciavpnz5.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe


Still the same:

Following problem after reboot:
TrojanHunter found "Adware.VX2.100"
If i clean it, my taskbar is gone...

+ loadingwebsite.com still hacks me :tazz:
  • 0

#8
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

[edit] As there has been no response from the original poster, this topic is now closed. If you have any other problems, please post a new topic.

Edited by bananafanafo, 15 April 2005 - 01:33 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP