Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 02-05-2006, 07:35 AM   #1
Daemon Poster
 
wozelbeak's Avatar
 
Join Date: Sep 2004
Posts: 1,324
Default Can Anyone Interprit A Hjt Log?

If anyone is able to see anything malicious in a HJT log will you let me know and i will post the log on here.
i can see things which i think are suspicious, but im not sure.
woz
__________________

__________________
PENTIUM 4 3.06 GHZ WITH HT TECHNOLOGY
wozelbeak is offline   Reply With Quote
Old 02-05-2006, 07:50 AM   #2
Golden Master
 
mammikoura's Avatar
 
Join Date: Jul 2005
Posts: 7,459
Send a message via MSN to mammikoura
Default Re: Can Anyone Interprit A Hjt Log?

http://www.hijackthis.de/index.php#anl
__________________

__________________
0_o
mammikoura is offline   Reply With Quote
Old 02-05-2006, 07:50 AM   #3
BSOD
 
HRHunteRHR's Avatar
 
Join Date: Nov 2005
Posts: 1,730
Default Re: Can Anyone Interprit A Hjt Log?

post it

When you say HJT you mean "Hijack This" right?
HRHunteRHR is offline   Reply With Quote
Old 02-05-2006, 09:21 AM   #4
Golden Master
 
joxley1990's Avatar
 
Join Date: Oct 2005
Posts: 7,846
Send a message via AIM to joxley1990 Send a message via MSN to joxley1990
Default Re: Can Anyone Interprit A Hjt Log?

I think he does..hopefully..

post it here or use

www.hijackthis.de
joxley1990 is offline   Reply With Quote
Old 02-05-2006, 11:39 AM   #5
Daemon Poster
 
wozelbeak's Avatar
 
Join Date: Sep 2004
Posts: 1,324
Default Re: Can Anyone Interprit A Hjt Log?

Logfile of HijackThis v1.99.1
Scan saved at 10:53:37, on 05/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Java\j2re1.4.2\javaws\javaws.exe
C:\Program Files\Java\j2re1.4.2\javaws\javaws.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\BILLAN~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O15 - Trusted Zone: http://www.bet365.com
O15 - Trusted Zone: http://www.bet365poker.com
O15 - Trusted Zone: *.p0rt2.com
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: {43331111-1111-1111-1111-611111195622} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\system32\vbsys2.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thanks guys
woz
__________________
PENTIUM 4 3.06 GHZ WITH HT TECHNOLOGY
wozelbeak is offline   Reply With Quote
Old 02-05-2006, 11:44 AM   #6
Golden Master
 
joxley1990's Avatar
 
Join Date: Oct 2005
Posts: 7,846
Send a message via AIM to joxley1990 Send a message via MSN to joxley1990
Default Re: Can Anyone Interprit A Hjt Log?

http://hijackthis.de/logfiles/b4b617...03aaca7cb.html

Few nasties...
joxley1990 is offline   Reply With Quote
Old 02-05-2006, 12:17 PM   #7
Daemon Poster
 
wozelbeak's Avatar
 
Join Date: Sep 2004
Posts: 1,324
Default Re: Can Anyone Interprit A Hjt Log?

nastys deleated.
hope it does the trick

p.s you want to try talking to a 60 year old novice down the phone and explain how to do a hjt log, paste it into your link site and interpret the results!
in need alchohol lol.
woz
__________________

__________________
PENTIUM 4 3.06 GHZ WITH HT TECHNOLOGY
wozelbeak is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 01:20 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0