Jump to content

Important for HJT logs.

zzxxccvv

By zzxxccvv
in Tech and Computers

 Share

Recommended Posts

adthegreat-

adthegreat-

Posted
Posted

The only problem with this is that they are not always 100% accurate and sometimes say things like "if you don't know what it is delete it", and most users here don't know what it all means.

 

 

 

 

 

 

 

I do use their website, mainly to stay on the good side of the Tech forum Gods, but i just deal with things that are pretty much definately bad, and use google (which can be equally inaccurate) to look up other processes or get a second opinion.

manipofsarahs1gg5.png
Link to comment
Share on other sites
coltm4carbine

coltm4carbine

Posted
Posted

A quick example from my VM:

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 1:56:50 PM, on 12/24/2006

 

 

 

Platform: Windows XP SP1 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\Program Files\WinAntiSpyware 2006 Free\was6[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasdc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasers[Caution: ExecutableFile]

 

 

 

C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\rundll32[Caution: ExecutableFile]

 

 

 

C:\windows\system32\rlvknlg[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\MSIEXEC[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\taskmgr[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\msiexec[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\MsiExec[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\MsiExec[Caution: ExecutableFile]

 

 

 

C:\Program Files\VMware\VMware Tools\VMwareService[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\VMware\VMware Tools\VMwareTray[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\MsiExec[Caution: ExecutableFile]

 

 

 

C:\Program Files\VMware\VMware Tools\VMwareUser[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Malware testing\Desktop\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

 

 

 

O4 - HKLM\..\Run: [WinAntiSpyware 2006 Free] "C:\Program Files\WinAntiSpyware 2006 Free\was6[Caution: ExecutableFile]" /min

 

 

 

O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasdc[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasers[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [uwas6cw] "C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw[Caution: ExecutableFile]" -c

 

 

 

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

 

 

 

O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg[Caution: ExecutableFile] -boot

 

 

 

O4 - HKLM\..\Run: [explorer] C:\WINDOWS\System32\explorer[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser[Caution: ExecutableFile]

 

 

 

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

 

 

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

 

 

O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService[Caution: ExecutableFile]

 

 

 

 

 

 

 

from hijackthis.de the following were unknown (I've only listed a few):

 

 

 

 

 

 

 

C:\Program Files\WinAntiSpyware 2006 Free\was6[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasdc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasers[Caution: ExecutableFile]

 

 

 

C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw[Caution: ExecutableFile]

 

 

 

C:\windows\system32\rlvknlg[Caution: ExecutableFile]

 

 

 

 

 

 

 

Other notes:

 

 

 

 

 

 

 

O4 - HKLM\..\Run: [explorer] C:\WINDOWS\System32\explorer[Caution: ExecutableFile]

 

 

 

"Must be fixed!Variant of the RapidBlaster parasite (in an "explorer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid Windows Explorer which has the same executable name"

 

 

 

 

 

 

 

Nope...BFK "Perfect keylogger"

 

 

 

 

 

 

 

So you see, it can be quite inaccurate....

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept