Comments on: 5 Ways to Automatically Analyze HijackThis! Log File http://www.raymond.cc/blog/5-ways-to-automatically-analyze-hijackthis-log-file/?utm_source=rss&utm_medium=rss&utm_campaign=5-ways-to-automatically-analyze-hijackthis-log-file Daily updated news of useful advanced computer tips and tricks Fri, 25 May 2012 07:21:47 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Vladusikhttp://www.raymond.cc/blog/5-ways-to-automatically-analyze-hijackthis-log-file/#comment-497255 Vladusik Sun, 21 Nov 2010 14:33:22 +0000 http://www.raymond.cc/blog/archives/2008/02/25/5-ways-to-automatically-analyze-hijackthis-log-file/#comment-497255 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:32:09, on 21.11.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: NormalRunning processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Trident Software\Pragma6\pkernel.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\uTorrent\uTorrent.exe D:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Trident Software\Pragma6\pservice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe C:\Program Files\Mozilla Firefox\plugin-container.exe D:\Program Files\Download Master\Download Master\dmaster.exe C:\WINDOWS\system32\msiexec.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yandex.ru/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - D:\PROGRA~1\DOWNLO~2\DOWNLO~1\dmiehlp.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - D:\Program Files\Download Master\Download Master\dmbar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Pragma6] C:\Program Files\Trident Software\Pragma6\pkernel.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" O4 - HKCU\..\Run: [Hotmail] C:\WINDOWS\system32\rundll32.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: HDDlife.lnk = D:\Program Files\BinarySense\HDDlife\HDDlifePro.exe O8 - Extra context menu item: Translate with Lingvo - res://D:\Program Files\Lingvo.exe/3000 O8 - Extra context menu item: Высокоскоростная печать Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Добавление в список для печати Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - D:\Program Files\Download Master\Download Master\dmieall.htm O8 - Extra context menu item: Закачать при помощи Download Master - D:\Program Files\Download Master\Download Master\dmie.htm O8 - Extra context menu item: Передать на удаленную закачку DM - D:\Program Files\Download Master\Download Master\remdown.htm O8 - Extra context menu item: Печать Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Предварительный просмотр Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O9 - Extra button: Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: &Виртуальная клавиатура - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - D:\Program Files\Download Master\Download Master\dmaster.exe O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - D:\Program Files\Download Master\Download Master\dmaster.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Проверка ссы&лок - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E0346D98-39F7-410D-B76E-73A08B334F55}: NameServer = 192.168.1.1,195.5.21.188 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing) O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~3\mzvkbd3.dll O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - D:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe O23 - Service: Pragma6Serv - Trident Software, Ltd. - C:\Program Files\Trident Software\Pragma6\pservice.exe O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe-- End of file - 10383 bytes Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:09, on 21.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Trident Software\Pragma6\pkernel.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trident Software\Pragma6\pservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\Download Master\Download Master\dmaster.exe
C:\WINDOWS\system32\msiexec.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yandex.ru/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 – BHO: IEVkbdBHO Class – {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 – BHO: EWPBrowseObject Class – {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} – C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 – BHO: IE 4.x-6.x BHO for Download Master – {9961627E-4059-41B4-8E0E-A7D6B3854ADF} – D:\PROGRA~1\DOWNLO~2\DOWNLO~1\dmiehlp.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: FilterBHO Class – {E33CF602-D945-461A-83F0-819F76A199F8} – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: DM Bar – {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} – D:\Program Files\Download Master\Download Master\dmbar.dll
O3 – Toolbar: Easy-WebPrint – {327C2873-E90D-4c37-AA9D-10AC9BABA46C} – C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 – HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 – HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [Pragma6] C:\Program Files\Trident Software\Pragma6\pkernel.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 – HKLM\..\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe”
O4 – HKCU\..\Run: [Hotmail] C:\WINDOWS\system32\rundll32.exe
O4 – HKCU\..\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 – Startup: HDDlife.lnk = D:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O8 – Extra context menu item: Translate with Lingvo – res://D:\Program Files\Lingvo.exe/3000
O8 – Extra context menu item: Высокоскоростная печать Easy-WebPrint – res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 – Extra context menu item: Добавление в список для печати Easy-WebPrint – res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 – Extra context menu item: Закачать ВСЕ при помощи Download Master – D:\Program Files\Download Master\Download Master\dmieall.htm
O8 – Extra context menu item: Закачать при помощи Download Master – D:\Program Files\Download Master\Download Master\dmie.htm
O8 – Extra context menu item: Передать на удаленную закачку DM – D:\Program Files\Download Master\Download Master\remdown.htm
O8 – Extra context menu item: Печать Easy-WebPrint – res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 – Extra context menu item: Предварительный просмотр Easy-WebPrint – res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 – Extra button: Отправить в OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: &Отправить в OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra button: &Виртуальная клавиатура – {4248FE82-7FCB-46AC-B270-339F08212110} – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 – Extra button: Download Master – {8DAE90AD-4583-4977-9DD4-4360F7A45C74} – D:\Program Files\Download Master\Download Master\dmaster.exe
O9 – Extra ‘Tools’ menuitem: &Download Master – {8DAE90AD-4583-4977-9DD4-4360F7A45C74} – D:\Program Files\Download Master\Download Master\dmaster.exe
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: Проверка ссы&лок – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{E0346D98-39F7-410D-B76E-73A08B334F55}: NameServer = 192.168.1.1,195.5.21.188
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 – Protocol: hddlife – {BD758015-47D9-477A-8873-4B688A2BC0E2} – “C:\Program Files\Common Files\BinarySense\hlAPP.dll” (file missing)
O20 – AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~3\mzvkbd3.dll
O23 – Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) – ABBYY (BIT Software) – D:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 – Service: Acronis Scheduler2 Service (AcrSch2Svc) – Acronis – C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: Kaspersky Anti-Virus Service (AVP) – Kaspersky Lab ZAO – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 – Service: Журнал событий (Eventlog) – Корпорация Майкрософт – C:\WINDOWS\system32\services.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: HDDlife HDD Access service – BinarySense, Inc. – C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 – Service: Служба COM записи компакт-дисков IMAPI (ImapiService) – Корпорация Майкрософт – C:\WINDOWS\system32\imapi.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: NetMeeting Remote Desktop Sharing (mnmsrvc) – Корпорация Майкрософт – C:\WINDOWS\system32\mnmsrvc.exe
O23 – Service: Plug and Play (PlugPlay) – Корпорация Майкрософт – C:\WINDOWS\system32\services.exe
O23 – Service: Pragma6Serv – Trident Software, Ltd. – C:\Program Files\Trident Software\Pragma6\pservice.exe
O23 – Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) – Корпорация Майкрософт – C:\WINDOWS\system32\sessmgr.exe
O23 – Service: Смарт-карты (SCardSvr) – Корпорация Майкрософт – C:\WINDOWS\System32\SCardSvr.exe
O23 – Service: Журналы и оповещения производительности (SysmonLog) – Корпорация Майкрософт – C:\WINDOWS\system32\smlogsvc.exe
O23 – Service: Теневое копирование тома (VSS) – Корпорация Майкрософт – C:\WINDOWS\System32\vssvc.exe
O23 – Service: Адаптер производительности WMI (WmiApSrv) – Корпорация Майкрософт – C:\WINDOWS\system32\wbem\wmiapsrv.exe


End of file – 10383 bytes

]]> By: JRhttp://www.raymond.cc/blog/5-ways-to-automatically-analyze-hijackthis-log-file/#comment-386391 JR Wed, 30 Apr 2008 21:35:36 +0000 http://www.raymond.cc/blog/archives/2008/02/25/5-ways-to-automatically-analyze-hijackthis-log-file/#comment-386391 El HijackThis log file analysis en dos entradas me indica \"Fuzzy Algorithmcheck (x.xx / x.xx) Nasty\" , las x representan unos valores que pone.Es correcto darle fix a estas entradas? El HijackThis log file analysis en dos entradas me indica \”Fuzzy Algorithmcheck (x.xx / x.xx) Nasty\” , las x representan unos valores que pone.

Es correcto darle fix a estas entradas?

]]> By: duruttihttp://www.raymond.cc/blog/5-ways-to-automatically-analyze-hijackthis-log-file/#comment-384165 durutti Sun, 06 Apr 2008 00:22:04 +0000 http://www.raymond.cc/blog/archives/2008/02/25/5-ways-to-automatically-analyze-hijackthis-log-file/#comment-384165 very helpful! very helpful!

]]> By: balahttp://www.raymond.cc/blog/5-ways-to-automatically-analyze-hijackthis-log-file/#comment-381898 bala Sun, 02 Mar 2008 06:11:43 +0000 http://www.raymond.cc/blog/archives/2008/02/25/5-ways-to-automatically-analyze-hijackthis-log-file/#comment-381898 Dear Raymond Sir,I used the 3 of the analysers you stated above. One said that there is no error. one said i should remove ctfmon. and another one said that ctfmon is good. What should i do?From: A puzzled person... Dear Raymond Sir,

I used the 3 of the analysers you stated above. One said that there is no error. one said i should remove ctfmon. and another one said that ctfmon is good. What should i do?

From: A puzzled person…

]]> By: Cute Lemon Jokeshttp://www.raymond.cc/blog/5-ways-to-automatically-analyze-hijackthis-log-file/#comment-381738 Cute Lemon Jokes Thu, 28 Feb 2008 09:48:38 +0000 http://www.raymond.cc/blog/archives/2008/02/25/5-ways-to-automatically-analyze-hijackthis-log-file/#comment-381738 my task manager always show the "conime.exe" , use antivirus also cannot delete it. What is that ? a virus? my task manager always show the “conime.exe” , use antivirus also cannot delete it. What is that ? a virus?

]]> By: thegoathttp://www.raymond.cc/blog/5-ways-to-automatically-analyze-hijackthis-log-file/#comment-381729 thegoat Thu, 28 Feb 2008 08:38:14 +0000 http://www.raymond.cc/blog/archives/2008/02/25/5-ways-to-automatically-analyze-hijackthis-log-file/#comment-381729 What about HiJackFree. How good is it compared to HJT? What about HiJackFree. How good is it compared to HJT?

]]> By: krzywomordushttp://www.raymond.cc/blog/5-ways-to-automatically-analyze-hijackthis-log-file/#comment-381578 krzywomordus Mon, 25 Feb 2008 16:03:56 +0000 http://www.raymond.cc/blog/archives/2008/02/25/5-ways-to-automatically-analyze-hijackthis-log-file/#comment-381578 HJT is not enough. It wont never show u for example bagle infection - so i use combofix to fix this ;> HJT is not enough. It wont never show u for example bagle infection – so i use combofix to fix this ;>

]]>