Go Back   Webmaster Forums UK SEO SEM Webmaster Community Forum - UKWW > Business Discussions > Computer and Software Forum
HijackThis Guide HijackThis Guide
Register FAQ Members List Downloads Calendar Today's Posts Webmaster Resources Webmaster Blogs
 
 

Computer and Software Forum computer software forums, operating systems including Linux, Windows, FreeBSD, MAC, Linux, Unix, office applications, MS Office, Open Office, Word Perfect etc.
Sub Forums :: Microsoft and Windows Related

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 03-28-2008, 08:08 AM
Senior Member
415 posts this year. worth their weight in gold!
Trusted Member - And full of good stuff!
  
Join Date: Mar 2008
Location: Bucharest, Romania
Posts: 266
Thanks: 0
Thanked 1 Time in 1 Post
Nominated 0 Times in 0 Posts
TOTW/F/M Award(s): 0
Default HijackThis Guide

HijackThis is a powerfull sofware that can detect various malware on your computer.It scans special parts in the registry and on your harddisk and compare them with the default settings. If there is some abnormality detected on your computer HijackThis will save them into a logfile.

Here are some basic instructions for using it:

Download HijackThis from here: HijackThis Download - Softpedia
Install it but don’t run it yet.
Go to My Computer -> Tools -> Folder options -> View and tick: “ Show hidden files and folders”, than untick : “Hide protected operating file systems”. Click OK.
Run HijackThis.exe.
A window will appear, there you must tick: “Don’t show this frame again when I startup HijackThis.”
Click on “Do a system scan and save a logfile
Copy your log from Notepad and post it in this thread.
Do not fix anything with HijackThis, most of the entries listed there are legitimate!
Do not post your HijackThis log without giving some informations about the simptoms that made you consider you have an infected computer. After posting your logfile we’ll try to find out if there are any problems with your computer, and if we can’t find anything some online scans for you’re safety should be enough.
Digg this Post!Add Post to del.icio.usStumble this Post!Wong this Post!
Reply With Quote
  #2 (permalink)  
Old 03-28-2008, 08:17 AM
Senior Member
415 posts this year. worth their weight in gold!
Trusted Member - And full of good stuff!
  
Join Date: Mar 2008
Location: Bucharest, Romania
Posts: 266
Thanks: 0
Thanked 1 Time in 1 Post
Nominated 0 Times in 0 Posts
TOTW/F/M Award(s): 0
Default
Below I’ll show you how a virus looks in a HijackThis log. The bolded line had to be fixed and after that a scan with bitdefender online solved the problem. Rundl132.exe is the worm W32.Looked.AH.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:33, on 23.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\PCI Audio Applications\Mixer.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Documents and Settings\Andu\Desktop\Net.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\dnetc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
D:\mess\YahooMessenger.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\MSIEXEC.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pics.bleu.ro/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pics.bleu.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_ WhenUSave_Installer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [load] C:\WINDOWS\uninstall\rundl132.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SmartBuster] C:\Documents and Settings\Andu\Desktop\SmartBuster\SmartBuster.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\mess\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Funny Desktop Icons] "C:\Documents and Settings\Andu\Desktop\Funny_Desktop_ICons\Funny Desktop ICons\FDI.exe"
O4 - HKCU\..\Run: [HyperIM] C:\Program Files\HyperIM\HyperIM.exe -min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Net.lnk = C:\Documents and Settings\Andu\Desktop\Net.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\mess\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\mess\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{84128DE3-8E8D-4508-BCA3-E32849204E08}: NameServer = 86.106.196.252,194.126.179.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B04BCB-6989-450A-9E30-B66315CB8791}: NameServer = 86.106.196.252,194.126.179.100
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


Digg this Post!Add Post to del.icio.usStumble this Post!Wong this Post!
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Webmaster Resources
UK WW SEO Tools
Find UK Hosts
 
The Forum Rules
Forum Rules - MUST READ
 
Site Of the Month
BizzFace
Nominate site of the month
 
Tag Cloud
43. wholesale adsense ready affiliate scam amazon apple iphone 16gb apple iphone 16gb 3g articles australia web hosting cash casino cheap clothes communications content custard media database dgital camerals directory domain name english teacher fantasy football fantasy football league football league free handbags home income instant jewelry link bid link directory links money money making online music news nokia n96 16gb online online shop poker professor replica sam allcock seo social networking sony vaio laptop sunglasses technology themes tutor verbalized wallet wallets wanted web web hosting webhosting website widget ready wordpress xmas offer

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


All times are GMT. The time now is 09:19 AM.

UK Webmaster World Forums - Internet marketing, web development, domain names, SEO contest and discussuons.
Subscribe to our feeds   Subscribe to our feeds
UK Webmaster forums offer discussions on webmaster related issues including web hosting, domain names, search engine marketing and white hat SEO tactics for Google, Yahoo, MSN and other search engines and directories - Contact Us - Archive - Top - Advertise on UK SEO Forums - Sitemap

Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.1.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152