Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this log file


  • This topic is locked This topic is locked
1 reply to this topic

#1 firefoxpopup

firefoxpopup

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 09 January 2009 - 02:23 PM

scanning my system with hijack this gives following list or log......


Index % of PCs with item Code Data
1 0.0% F2 Shell=Explorer.exe gphone.exe
2 0.0% O20 mtlusr.dll
3 0.0% O23 Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
4 0.0% O23 ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
5 0.0% O23 LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
6 0.0% O23 ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
7 0.0% O23 Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
8 0.0% O23 Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
9 0.0% O23 Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
10 0.0% O4 [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
11 0.0% O4 [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
12 0.0% O4 [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
13 0.0% O4 [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
14 0.0% O4 [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
15 0.0% O4 [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
16 0.0% O4 [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
17 0.0% O4 [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
18 0.0% O4 [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
19 0.0% O8 E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
20 0.0% O8 Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
21 0.0% O8 Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
22 0.0% O9 Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
23 0.0% O9 Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
24 0.0% O9 (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
25 0.0% O9 Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
26 0.0% O9 Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
27 0.0% O9 (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
28 0.0% O9 Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
29 0.0% P01 C:\WINDOWS\Explorer.EXE
30 0.0% P01 C:\WINDOWS\system32\svchost.exe
31 0.0% P01 C:\WINDOWS\system32\lsass.exe
32 0.0% P01 C:\WINDOWS\system32\winlogon.exe
33 0.0% P01 C:\WINDOWS\system32\services.exe
34 0.0% P01 C:\WINDOWS\System32\smss.exe
35 0.0% P01 C:\WINDOWS\system32\spoolsv.exe
36 0.0% P01 C:\WINDOWS\system32\ctfmon.exe
37 0.0% P01 C:\WINDOWS\system32\rundll32.exe
38 0.0% P01 C:\WINDOWS\system32\Ati2evxx.exe
39 0.0% P01 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
40 0.0% P01 C:\Program Files\Mozilla Firefox\firefox.exe
41 0.0% P01 C:\WINDOWS\system32\wscntfy.exe
42 0.0% P01 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
43 0.0% P01 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
44 0.0% P01 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
45 0.0% P01 C:\PROGRA~1\MICROS~4\rapimgr.exe
46 0.0% P01 C:\Program Files\Internet Download Manager\IDMan.exe
47 0.0% P01 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
48 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
49 0.0% P01 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
50 0.0% P01 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
51 0.0% P01 C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
52 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rnd009.googlepages.com/google.html
53 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rnd009.googlepages.com/google.html
54 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rnd009.googlepages.com/google.html

Explanation of the codes

R - Registry, StartPage/SearchPage changes

* R0 - Changed registry value
* R1 - Created registry value
* R2 - Created registry key
* R3 - Created extra registry value where only one should be

F - IniFiles, autoloading entries

* F0 - Changed inifile value
* F1 - Created inifile value
* F2 - Changed inifile value, mapped to Registry
* F3 - Created inifile value, mapped to Registry

N - Netscape/Mozilla StartPage/SearchPage changes

* N1 - Change in prefs.js of Netscape 4.x
* N2 - Change in prefs.js of Netscape 6
* N3 - Change in prefs.js of Netscape 7
* N4 - Change in prefs.js of Mozilla

O - Other, several sections which represent:

* O1 - Hijack of auto.search.msn.com with Hosts file
* O2 - Enumeration of existing MSIE BHO's
* O3 - Enumeration of existing MSIE toolbars
* O4 - Enumeration of suspicious autoloading Registry entries
* O5 - Blocking of loading Internet Options in Control Panel
* O6 - Disabling of 'Internet Options' Main tab with Policies
* O7 - Disabling of Regedit with Policies
* O8 - Extra MSIE context menu items
* O9 - Extra 'Tools' menuitems and buttons
* O10 - Breaking of Internet access by New.Net or WebHancer
* O11 - Extra options in MSIE 'Advanced' settings tab
* O12 - MSIE plugins for file extensions or MIME types
* O13 - Hijack of default URL prefixes
* O14 - Changing of IERESET.INF
* O15 - Trusted Zone Autoadd
* O16 - Download Program Files item
* O17 - Domain hijack
* O18 - Enumeration of existing protocols and filters
* O19 - User stylesheet hijack
* O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
* O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
* O22 - SharedTaskScheduler autorun Registry key
* O23 - Enumeration of NT Services
* O24 - Enumeration of ActiveX Desktop Components

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:48 PM

Posted 09 January 2009 - 04:20 PM

This is not a full HJT log.

Please follow our instructions here and re post.

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users