Aurora popups and vx2 files [RESOLVED]
Started by
lc.chris
, Jul 29 2005 11:57 AM
#16
Posted 30 July 2005 - 10:21 AM
#17
Posted 30 July 2005 - 10:29 AM
i repeated the last step and a messege appeared which said "PendingFileRenameOperations Regestry Data has been removed by External Process" after i klicked yes when having been aksed for the reboot ....
#18
Posted 30 July 2005 - 10:31 AM
Click OK at that prompt, reboot and post a fresh HJT log.
#19
Posted 30 July 2005 - 10:33 AM
this is the log after the error ...
Logfile of HijackThis v1.99.1
Scan saved at 18:31:26, on 30.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Programme\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
E:\Programme\ICQ\Icq.exe
C:\Dokumente und Einstellungen\chris\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.de/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Programme\corel12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=081105 serial=dr12wex-1504397-kty lang=DE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)
O23 - Service: ewido security suite control - ewido networks - E:\Programme\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
after rebooting the ehe.exe will be there again i guess ... i just fixed it with hjt like you told me to .... but the pc dind`t reboot after i wanted to delete it with the killbox ...
Logfile of HijackThis v1.99.1
Scan saved at 18:31:26, on 30.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Programme\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
E:\Programme\ICQ\Icq.exe
C:\Dokumente und Einstellungen\chris\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.de/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Programme\corel12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=081105 serial=dr12wex-1504397-kty lang=DE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)
O23 - Service: ewido security suite control - ewido networks - E:\Programme\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
after rebooting the ehe.exe will be there again i guess ... i just fixed it with hjt like you told me to .... but the pc dind`t reboot after i wanted to delete it with the killbox ...
Edited by lc.chris, 30 July 2005 - 10:34 AM.
#20
Posted 30 July 2005 - 10:35 AM
Reboot and post a new log.
#21
Posted 30 July 2005 - 10:39 AM
fresh log :
Logfile of HijackThis v1.99.1
Scan saved at 18:37:07, on 30.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\devldr32.exe
E:\Programme\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Dokumente und Einstellungen\chris\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.de/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Programme\corel12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=081105 serial=dr12wex-1504397-kty lang=DE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)
O23 - Service: ewido security suite control - ewido networks - E:\Programme\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
seems like it worked even with the error appearing ...
Logfile of HijackThis v1.99.1
Scan saved at 18:37:07, on 30.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\devldr32.exe
E:\Programme\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Dokumente und Einstellungen\chris\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.de/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Programme\corel12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=081105 serial=dr12wex-1504397-kty lang=DE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)
O23 - Service: ewido security suite control - ewido networks - E:\Programme\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
seems like it worked even with the error appearing ...
#22
Posted 30 July 2005 - 10:42 AM
Yes, well done - you got it that time. Looks OK now - how is it running?
#23
Posted 30 July 2005 - 10:55 AM
it`s running much better .... faster when surfing with IE and no more annoying pop ups even after reboot ^^
but ad-aware se still shows me about 30 vx2 files and infected regestry keys ... i gonna delete them and do e reboot maybe they won`t re-appear
but ad-aware se still shows me about 30 vx2 files and infected regestry keys ... i gonna delete them and do e reboot maybe they won`t re-appear
#24
Posted 30 July 2005 - 11:05 AM
YEAH ,.... reoved them and they dind`t come back .....
[bleep] 100 x THX !!!!!! You guys from geekstogo forum are really great !
[bleep] 100 x THX !!!!!! You guys from geekstogo forum are really great !
#25
Posted 30 July 2005 - 11:27 AM
You're welcome - glad to help
To help keep you clean follow the recommendations in Tony's article here:
So how did I get infected in the first place?
As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
To help keep you clean follow the recommendations in Tony's article here:
So how did I get infected in the first place?
As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users