branding

Navigation



You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
blessa
regular


Reg'd: Sun
Posts: 26
Re: Please check this log.
      Wed Sep 07 2005 02:11 PM
Reply to this post Reply   Reply to this post Quote  

The Kelvir worm was removed successfully

** I uninstalled messenger plus for a long time ago. I have just 1 user account on this computer.

This is the result of HJT:

Logfile of HijackThis v1.99.1
Scan saved at 15:04:00, on 07.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Fellesfiler\New Boundary\PrismXL\PRISMXL.SYS
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programfiler\Digital Media Reader\shwiconem.exe
C:\Programfiler\filer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\Config2500.exe
C:\Programfiler\Wireless LAN Utility\SiWake.exe
C:\Programfiler\Internet Explorer\iexplore.exe
c:\progra~2\intern~1\iexplore.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.esnwrkjicdqrmxrccsoxneqwu.inf...A9Bez5PcPdc.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {592275AD-16A8-CB70-2397-87B7A0205E60} - C:\DOCUME~1\ANDREA~1\PROGRA~1\DaleLog\once grim.exe
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Programfiler\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\filer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Gnetmous] C:\Programfiler\KYE\Genius Wireless Optical Mouse\gnetmous.exe
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~2\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~2\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BITS DUPE PING BOWS] C:\Documents and Settings\All Users\Programdata\cdrom software bits dupe\oncechic.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Jump Mix] C:\DOCUME~1\ANDREA~1\PROGRA~1\OBJLIC~1\Window mfcd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Config2500.lnk = C:\WINDOWS\system32\Config2500.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SiWake.lnk = C:\Programfiler\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkCnv.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Programfiler\Fellesfiler\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~2\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

This is the result of Jottis Malware Scan:

File: Config2500.exe
Status: OK
MD5 7f07f863ed9e881fc7fb1ddae9aa907a
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* Please check this log. blessa Mon Sep 05 2005 02:34 PM
. * * Re: Please check this log. blessa   Thu Sep 08 2005 08:01 PM
. * * Re: Please check this log. John_McKennaModerator   Thu Sep 08 2005 10:32 PM
. * * Re: Please check this log. blessa   Sat Sep 10 2005 11:31 AM
. * * Re: Please check this log. John_McKennaModerator   Sat Sep 10 2005 12:37 PM
. * * Re: Please check this log. blessa   Sun Sep 11 2005 02:56 PM
. * * Re: Please check this log. John_McKennaModerator   Sun Sep 11 2005 03:57 PM
. * * Re: Please check this log. blessa   Sun Sep 11 2005 08:23 PM
. * * Re: Please check this log. John_McKennaModerator   Sun Sep 11 2005 09:49 PM
. * * Re: Please check this log. blessa   Tue Sep 13 2005 12:59 PM
. * * Re: Please check this log. John_McKennaModerator   Tue Sep 13 2005 02:32 PM
. * * Re: Please check this log. blessa   Tue Sep 13 2005 03:53 PM
. * * Re: Please check this log. John_McKennaModerator   Tue Sep 13 2005 05:39 PM
. * * Re: Please check this log. blessa   Wed Sep 14 2005 03:46 PM
. * * Re: Please check this log. John_McKennaModerator   Wed Sep 14 2005 06:24 PM
. * * Re: Please check this log. blessa   Fri Sep 16 2005 04:17 PM
. * * Re: Please check this log. blessa   Fri Sep 16 2005 05:31 PM
. * * Re: Please check this log. John_McKennaModerator   Sat Sep 17 2005 11:10 AM
. * * Re: Please check this log. blessa   Sat Sep 17 2005 03:43 PM
. * * Re: Please check this log. John_McKennaModerator   Sat Sep 17 2005 08:14 PM
. * * Re: Please check this log. blessa   Mon Sep 19 2005 03:02 PM
. * * Re: Please check this log. John_McKennaModerator   Mon Sep 19 2005 05:46 PM
. * * Re: Please check this log. blessa   Tue Sep 20 2005 01:52 PM
. * * Re: Please check this log. John_McKennaModerator   Tue Sep 20 2005 08:25 PM
. * * Re: Please check this log. blessa   Tue Sep 27 2005 04:56 PM
. * * Re: Please check this log. John_McKennaModerator   Tue Sep 27 2005 07:15 PM
. * * Re: Please check this log. John_McKennaModerator   Mon Sep 05 2005 10:53 PM
. * * Re: Please check this log. blessa   Wed Sep 07 2005 02:11 PM
. * * Re: Please check this log. blessa   Wed Sep 07 2005 02:14 PM
. * * Re: Please check this log. John_McKennaModerator   Wed Sep 07 2005 06:56 PM

Extra information
1 registered and 39 anonymous users are browsing this forum.

Moderator:  putasolutions, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, greysts, TheFatControlleR, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 214

Contact Us | Privacy statement Main website

Webuser.co.uk

Web User Alerts

Web User Network

Site Policies

Magazine Subscription

Contacts


Search

© Copyright IPC Media Limited 2009, All rights reserved