premier69 Posted February 20, 2005 Share Posted February 20, 2005 please help me identify and remove some.crap if any.There is something on my computer that keeps regenerating some win.gaebot virus or worm and I would like to identify if its anything that boots up with windozLogfile of HijackThis v1.99.0Scan saved at 14:28:31, on 2005-02-20Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\csrss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\system32\svchost.exeC:\Program\Delade filer\Symantec Shared\ccSetMgr.exeC:\Program\Delade filer\Symantec Shared\ccEvtMgr.exeC:\WINNT\system32\LEXBCES.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\LEXPPS.EXEC:\WINNT\system32\CTsvcCDA.EXEC:\Program\Symantec AntiVirus\DefWatch.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\hidserv.exeC:\Program\No-IP\DUC20.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\Smartscaps.exeC:\WINNT\system32\stisvc.exeC:\Program\Symantec AntiVirus\Rtvscan.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\MsPMSPSv.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\System32\SCardSvr.exeC:\WINNT\Explorer.EXEC:\Program\SysMetrix\SysMetrix.exeC:\Program\Lexmark\PHOTOC~1\LXBLKsk.exeC:\Program\NetLimiter\NetLimiter.exeC:\Program\D-Tools\daemon.exeC:\Program\Delade filer\Symantec Shared\ccApp.exeC:\Program\SYMANT~2\VPTray.exeC:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exeC:\Program\Sony Ericsson\Mobile\audevicemgr.exeC:\Program\Winamp\Winamp.exec:\Program\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXEC:\Program\G6 FTP Server\G6FTPSrv.exeC:\Program\tclock\TClock.exeC:\Program\No-IP\DUC20.exeC:\Program\SnapTo\SnapTo.exeC:\Program\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXEC:\WINNT\system32\svchost.exeC:\Program\MICROS~2\OFFICE11\OUTLOOK.EXEC:\Program\Sony Ericsson\Mobile\SyncIndicator.exeC:\Program\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program\Miranda IM\miranda32.exeC:\Program\Xitami\xiwin32.exeC:\Program\Azureus\Azureus.exeC:\Program\Java\j2re1.4.2_03\bin\javaw.exeC:\Program\SONYER~1\Mobile\CONNEC~1\CapMan.exeC:\Program\SONYER~1\Mobile\CONNEC~1\ElogErr.exeC:\Program\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXEC:\Program\SONYER~1\Mobile\CONNEC~1\SCRFS.exeC:\Program\SONYER~1\Mobile\AUFILE~1.EXEC:\Program\SONYER~1\Mobile\CONNEC~1\Ecfmserv.exeC:\Program\Mozilla Firefox\firefox.exeC:\Program\RealVNC\VNC4\WinVNC4.exeC:\Program\RevConnect\DCPlusPlus.exeC:\Program\Logitech\iTouch\iTouch.exeC:\Program\totalcmd\TOTALCMD.EXEF:\Prem recovery\Win OS Related\Win2k\ie6setup.exeC:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\IXP000.TMP\ie6wzd.exeC:\WINNT\SYSTEM32\DNTUS26.EXEC:\WINNT\system32\cmd.exeC:\WINNT\nc.exeC:\WINNT\system32\cmd.exeC:\WINNT\system32\windllshost.exeC:\WINNT\system32\msdsec.exeC:\WINNT\system32\msdsec.exeC:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\Rar$EX00.000\HijackThis.exeR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LänkarO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dllO3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocxO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [xitami] C:\Program\Xitami\xiwin32.exeO4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [sysMetrix] C:\Program\SysMetrix\SysMetrix.exeO4 - HKLM\..\Run: [LXBLKsk] C:\Program\Lexmark\PHOTOC~1\LXBLKsk.exeO4 - HKLM\..\Run: [MemoryCardManager] C:\Program\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startupO4 - HKLM\..\Run: [NetLimiter] C:\Program\NetLimiter\NetLimiter.exe /sO4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~2\VPTray.exeO4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINNT\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\IXP000.TMP\"O4 - HKLM\..\RunOnce: [brandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROSO4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserverO4 - Startup: ALLA.lnk = D:\Mp3\ALLA.m3uO4 - Startup: Genväg till G6FTPSrv.lnk = C:\Program\G6 FTP Server\G6FTPSrv.exeO4 - Startup: Genväg till miranda32.lnk = C:\Program\Miranda IM\miranda32.exeO4 - Startup: Genväg till TClock.lnk = C:\Program\tclock\TClock.exeO4 - Startup: No-IP DUC.lnk = C:\Program\No-IP\DUC20.exeO4 - Startup: SnapTo.lnk = C:\Program\SnapTo\SnapTo.exeO4 - Startup: Utforskaren.lnk = C:\WINNT\explorer.exeO4 - Global Startup: Certificate Mover.lnk = C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLLO17 - HKLM\System\CCS\Services\Tcpip\..\{BB6561FC-0ECD-487D-9EFD-DB1674A4CB04}: NameServer = 81.216.65.11,81.216.65.12O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown - C:\WINNT\system32\ati2sgag.exeO23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXEO23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exeO23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: DameWare NT Utilities 2.6 - DameWare Development - C:\WINNT\SYSTEM32\DNTUS26.EXEO23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXEO23 - Service: Distributed NT LM Security Manager - Unknown - C:\WINNT\system32\msdsec.exeO23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program\No-IP\DUC20.exeO23 - Service: SAVRoam - symantec - C:\Program\Symantec AntiVirus\SavRoam.exeO23 - Service: SmartTrust Smart Card Server - SmartTrust - C:\WINNT\system32\Smartscaps.exeO23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exeO23 - Service: Winset DNS Server - Unknown - C:\WINNT\system32\windllshost.exeO23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Program\RealVNC\VNC4\WinVNC4.exe Link to comment Share on other sites More sharing options...
firefoxthebomb Posted February 21, 2005 Share Posted February 21, 2005 have you tried updating your anti virus definitions and running a full system scan. Also download and intstall Microsoft Antispyware Tool Beta and run it, it help clean my computers very well. Link to comment Share on other sites More sharing options...
jaclaz Posted February 21, 2005 Share Posted February 21, 2005 To have an analysis of a Hijackthis log, go here:http://www.hijackthis.de/index.php?langselect=englishCall me hypercautious, if you like, but I do not find a good idea to publicly post what processes are running on my machine.jaclaz Link to comment Share on other sites More sharing options...
Tarun Posted February 21, 2005 Share Posted February 21, 2005 Try and download this. It's an awesome freeware pc maintenance package.Refer to this page for the settings and instructions.PM me with questions that you might encounter, your Hijack This log or post here. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now