Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijackthis log


  • Please log in to reply
1 reply to this topic

#1 Kylehb

Kylehb

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 01 July 2009 - 10:59 AM

Here it is:

Comparison of your HijackThis log file items to others
The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database.
Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page.

Index % of PCs with item Code Data
5 0.0% O17 NameServer = 66.75.160.63,66.75.160.64
41 0.0% O8 E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
47 0.0% P01 C:\WINDOWS\Explorer.EXE
48 0.0% P01 C:\WINDOWS\system32\svchost.exe
49 0.0% P01 C:\WINDOWS\system32\lsass.exe
50 0.0% P01 C:\WINDOWS\system32\winlogon.exe
51 0.0% P01 C:\WINDOWS\system32\services.exe
52 0.0% P01 C:\WINDOWS\System32\smss.exe
53 0.0% P01 C:\WINDOWS\system32\spoolsv.exe
54 0.0% P01 C:\WINDOWS\system32\ctfmon.exe
55 0.0% P01 C:\WINDOWS\system32\Ati2evxx.exe
56 0.0% P01 C:\Program Files\Windows Defender\MSASCui.exe
57 0.0% P01 C:\Program Files\Windows Defender\MsMpEng.exe
58 0.0% P01 C:\WINDOWS\System32\dllhost.exe
59 0.0% P01 C:\WINDOWS\System32\snmp.exe
60 0.0% P01 C:\PROGRA~1\mcafee.com\agent\mcagent.exe
61 0.0% P01 C:\WINDOWS\System32\tcpsvcs.exe
62 0.0% P01 C:\Program Files\Analog Devices\Core\smax4pnp.exe
63 0.0% P01 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
64 0.0% P01 C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
65 0.0% P01 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
66 0.0% P01 C:\Program Files\McAfee\MPF\MPFSrv.exe
67 0.0% P01 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
68 0.0% P01 C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
69 0.0% P01 C:\WINDOWS\system32\IoctlSvc.exe
70 0.0% P01 C:\WINDOWS\system32\rsmsink.exe
71 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
72 0.0% P01 C:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
73 0.0% P01 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
74 0.0% P01 C:\Program Files\Java\jre6\bin\jqs.exe
75 0.0% P01 C:\Program Files\Java\jre6\bin\jusched.exe
76 0.0% P01 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
77 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
78 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
79 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
80 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Explanation of the codes
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components
Privacy Policy | About Trend Micro | Contact Us

Thank you,

Kylehb

BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:05 AM

Posted 05 July 2009 - 03:36 PM

hi,

If you still need help, read this topic about getting and posting a DDS log, Item # 6

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Post the DDS logs in your reply back here.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users