Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LogFile


  • Please log in to reply
1 reply to this topic

#1 vipide

vipide

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Location:berlin
  • Local time:05:16 PM

Posted 05 March 2005 - 06:33 PM

Hello Boardies, my first Problem:

Can somebody analyse this Log? I can`t remove that Worm manually.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Telekom\Eumex 504PC SE\Capictrl.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\SLEE401.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\AOL 8.0\waol.exe
C:\Programme\AOL 8.0\shellmon.exe
C:\Programme\AOL 8.0\aolwbspd.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Outlook Express\msimn.exe
C:\Programme\CyberLink\PowerDVD\PowerDVD.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\kristin\LOKALE~1\Temp\Rar$EX00.234\HijackThis.exe


I hope, anybody can help me.

Thx

vipide

BC AdBot (Login to Remove)

 


#2 Lobos

Lobos

  • Members
  • 317 posts
  • OFFLINE
  •  
  • Location:California USA
  • Local time:09:16 AM

Posted 05 March 2005 - 07:50 PM

Hi vipide

Welcome to BC

First off

You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C:\ then click on File > New > Folder and call it HJK , or another name of your choice. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files.

next we need to see the whole log to diagnose the problem

Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. Open up the result.txt file created. Copy the whole result.txt log and post it back here. Do not fix anything in HijackThis since they may be harmless. Make sure to include the System information at the top of the log as well.

lobos
<span style='color:blue'>Ad-Aware SE</span> | Spybot S&D 1.4

For extra protection try spyware blaster

<span style='color:blue'>If you use IE I suggest using these two programs</span> MVPHosts & IE-SPYAD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users