Jump to content


HijackThis ColorCoder


  • This topic is locked This topic is locked
13 replies to this topic

#1 Guest_Niele_*

Guest_Niele_*
  • Guests

Posted 07 August 2006 - 08:17 AM

Posted Image

Hey guys.

I was just flying by on this forum and wanted to let you guys know i made a little tool for analizing the hijackthis logs.
Maby it helps you guys to eas-up the great job you do on checking peoples logs for spy/mall-ware.

The HijackThis ColorCoder i made some time ago converts Hijackthis Logs into colored logs.

An example of a log encoded with the Hijacthis ColorCoder can be found here


The ColorCoder has two modes:
1. Online: (to view the log in colors online)
2. Forum: (to Post the colorized log on forums)


To Enable the HijackThis Colored Logs on this forum please ask the Site Admin to add a custom UBB Tag on the forum.
The Custom UBB Should be something like this

For Help or other questions you can always contact me


Hope i can contribute a little this way in the war against spyware.


Greets, Niele :)


PS: Sorry for my crappy English :unsure:

#2 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,567 posts

Posted 07 August 2006 - 04:46 PM

Unregistered people posting links to their own software are considered to be suspiciously similar to SPAM... If this is legitimate, I suggest you register and say more about your intent... On reviewing your post and the example, I do not see how this is helpful in any way and I would probably avoid helping with any log that was coded in this way since it would be so much harder to read... Please explain or this post will be removed... Right now the main intent seems to be to advertise your site...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#3 niele

niele

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 07 August 2006 - 06:28 PM

Sorry for not Registering,

My intents are of good nature..


I sended a mail to merijn (the devolper of hijackthis) to inform him of the site i created, he was verry positive about it and advised me to post it on the forums linked of his site, so... here i am.


It's not and application i developped (no spyware, hell no), it's just a site witch brings colors to HijackThis Logs for in Forums.
I developed it some time ago to make the life of the people who check all the infected logs out there a little easyer.
I thought it would help you on your forum to check the posted logs.



For Example :

An un-encoded Log Looks something like this :



Logfile of HijackThis v1.99.1
Scan saved at 10:08:04 AM, on 8/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Jessica\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mchsi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo.../search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\wxgpj.exe
F2 - REG:system.ini: UserInit=userinit.exe,itnttxc.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [nyqexrvA] C:\WINDOWS\nyqexrvA.exe
O4 - HKLM\..\Run: [suh2a7c4] RUNDLL32.EXE w07520ae.dll,n 0022a7c20000000307520ae
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdfg_7.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [defender] C:\\dfndrfg_7.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
O4 - HKLM\..\Run: [w0051312.dll] RUNDLL32.EXE w0051312.dll,I2 0022a7c200051312
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [wziu] C:\PROGRA~1\COMMON~1\wziu\wzium.exe
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe




The same log Encoded looks something like this:



[hijack]Logfile of HijackThis v1.99.1
scan saved at 10:08:04 am, on 8/3/2006
platform: windows xp sp2 (winnt 5.01.2600)
msie: internet explorer v6.00 sp2 (6.00.2900.2180)
browser: Mozilla Firefox
mode: forum / type: paste
coder build: 3034a

Running Processes:
c:\windows\system32\smss.exe
c:\windows\system32\csrss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\windows defender\msmpeng.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\explorer.exe
c:\windows\system32\csrss.exe
c:\windows\system32\winlogon.exe
c:\windows\explorer.exe
c:\program files\internet explorer\iexplore.exe
c:\docume~1\jessica\locals~1\temp\temporary directory 1 for hijackthis[1].zip\hijackthis.exe

(r1) - hkcu\software\microsoft\internet explorer\main,default_search_url = http://searchbar.findthewebsiteyouneed.com
(r1) - hkcu\software\microsoft\internet explorer\main,search bar = http://searchbar.findthewebsiteyouneed.com
(r1) - hkcu\software\microsoft\internet explorer\main,search page = http://searchbar.findthewebsiteyouneed.com
(r0) - hkcu\software\microsoft\internet explorer\main,start page = http://www.findthewebsiteyouneed.com
(r1) - hklm\software\microsoft\internet explorer\main,default_page_url = http://www.mchsi.com
(r1) - hklm\software\microsoft\internet explorer\main,search page = about:blank
(r0) - hklm\software\microsoft\internet explorer\search,searchassistant = http://www.mrfindalot.com/search.asp?si=
(r0) - hklm\software\microsoft\internet explorer\search,customizesearch = http://www.mrfindalot.com/search.asp?si=
(r1) - hkcu\software\microsoft\internet explorer\main,window title = microsoft internet explorer provided by mediacom online
(r3) - urlsearchhook: (no name) - {02ee5b04-f144-47bb-83fb-a60bd91b74a9} - c:\program files\surfsidekick 3\sskbho.dll
(f2) - reg:system.ini: shell=explorer.exe, c:\windows\system32\wxgpj.exe
(f2) - reg:system.ini: userinit=userinit.exe,itnttxc.exe
(o2) - bho: acroiehlprobj class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
(o2) - bho: mcafee anti-phishing filter - {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
(o2) - bho: (no name) - {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\sdhelper.dll
(o2) - bho: pctools site guard - {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
(o2) - bho: driveletteraccess - {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
(o2) - bho: pctools browser monitor - {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~1\tools\iesdpb.dll
(o2) - bho: ozbyq class - {d623bc2f-a58d-4a75-a10d-cc244a702a35} - c:\windows\system32\xeymi.dll
(o3) - toolbar: mcafee virusscan - {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
(o4) - HKLM\..\Run: [mcupdateexe] c:\progra~1\mcafee.com\agent\mcupdate.exe
(o4) - HKLM\..\Run: [vsochecktask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
(o4) - HKLM\..\Run: [virusscan online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
(o4) - HKLM\..\Run: [soundmaxpnp] c:\program files\analog devices\core\smax4pnp.exe
(o4) - HKLM\..\Run: [oasclnt] c:\program files\mcafee.com\vso\oasclnt.exe
(o4) - HKLM\..\Run: [mskdetectorexe] c:\progra~1\mcafee\spamki~1\mskdetct.exe /startup
(o4) - HKLM\..\Run: [mskagentexe] c:\progra~1\mcafee\spamki~1\mskagent.exe
(o4) - HKLM\..\Run: [mpfexe] c:\progra~1\mcafee.com\person~1\mpftray.exe
(o4) - HKLM\..\Run: [mcagentexe] c:\progra~1\mcafee.com\agent\mcagent.exe
(o4) - HKLM\..\Run: [intelmem] c:\program files\intel\modem event monitor\intelmem.exe
(o4) - HKLM\..\Run: [hp software update] c:\program files\hp\hp software update\hpwuschd2.exe
(o4) - HKLM\..\Run: [dvdlauncher] "c:\program files\cyberlink\powerdvd\dvdlauncher.exe"
(o4) - HKLM\..\Run: [dmxlauncher] c:\program files\dell\media experience\dmxlauncher.exe
(o4) - HKLM\..\Run: [dla] c:\windows\system32\dla\tfswctrl.exe
(o4) - HKLM\..\Run: [igfxtray] c:\windows\system32\igfxtray.exe
(o4) - HKLM\..\Run: [igfxhkcmd] c:\windows\system32\hkcmd.exe
(o4) - HKLM\..\Run: [igfxpers] c:\windows\system32\igfxpers.exe
(o4) - HKLM\..\Run: [windows defender] "c:\program files\windows defender\msascui.exe" -hide
(o4) - HKLM\..\Run: [ituneshelper] "c:\program files\itunes\ituneshelper.exe"
(o4) - HKLM\..\Run: [quicktime task] "c:\program files\quicktime\qttask.exe" -atboottime
(o4) - HKLM\..\Run: [outlook] c:\program files\outlook\outlook.exe /auto
(o4) - HKLM\..\Run: [winlog] winlog.exe
(o4) - HKLM\..\Run: [nyqexrva] c:\windows\nyqexrva.exe
(o4) - HKLM\..\Run: [suh2a7c4] rundll32.exe w07520ae.dll,n 0022a7c20000000307520ae
(o4) - HKLM\..\Run: [mmtray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
(o4) - HKLM\..\Run: [realtray] c:\program files\real\realplayer\realplay.exe systemboothideplayer
(o4) - HKLM\..\Run: [mimboot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
(o4) - HKLM\..\Run: [keyboard] c:\\kybrdfg_7.exe
(o4) - HKLM\..\Run: [k6mmn5iou] "c:\windows\system32\wfxqhv.exe"
(o4) - HKLM\..\Run: [defender] c:\\dfndrfg_7.exe
(o4) - HKLM\..\Run: [corel photo downloader] c:\program files\corel\corel photo album 6\mediadetect.exe
(o4) - HKLM\..\Run: [ad8riu3s] c:\windows\system32\cvn0.exe
(o4) - HKLM\..\Run: [w0051312.dll] rundll32.exe w0051312.dll,i2 0022a7c200051312
(o4) - HKLM\..\Run: [surfsidekick 3] c:\program files\surfsidekick 3\ssk.exe
(o4) - hklm\..\runservices: [winlog] winlog.exe
(o4) - hklm\..\runonce: [spybotsnd] "c:\program files\spybot - search & destroy\spybotsd.exe" /autocheck
(o4) - HKCU\..\Run: [dellsupport] "c:\program files\dell support\dsagnt.exe" /startup
(o4) - HKCU\..\Run: [yahoo! pager] "c:\progra~1\yahoo!\messen~1\yahoom~1.exe" -quiet
(o4) - HKCU\..\Run: [wziu] c:\progra~1\common~1\wziu\wzium.exe
(o4) - HKCU\..\Run: [pshope] "c:\program files\pshope\pshope.exe"
(o4) - HKCU\..\Run: [surfsidekick 3] c:\program files\surfsidekick 3\ssk.exe
(o4) - Global Startup: america online 9.0 tray icon.lnk = c:\program files\america online 9.0\aoltray.exe
(o4) - Global Startup: hp digital imaging monitor.lnk = c:\program files\hp\digital imaging\bin\hpqtra08.exe
(o4) - Global Startup: microsoft office.lnk = c:\program files\microsoft office\office\osa9.exe
(o14) - iereset.inf
: start_page_url=http://www.mchsi.com
(o16) - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) - http://go.microsoft.com/fwlink/?linkid=39204
(o16) - dpf: {6e5a37bf-fd42-463a-877c-4eb7002e68ae} (trend micro activex scan agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcimpl.cab
(o16) - dpf: {9d190ae6-c81e-4039-8061-978ebad10073} (f-secure online scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
(o18) - filter: text/html - {b5f86455-bf18-4e12-965a-6642a0ac0549} - c:\windows\system32\xeymi.dll
(o20) - appinit_dlls: repairs303169590.dll
(o20) - winlogon notify: wgalogon - c:\windows\system32\wgalogon.dll
(o23) - Service: aol connectivity service (aol acs) - america online, inc. - c:\progra~1\common~1\aol\acs\aolacsd.exe
(o23) - Service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
(o23) - Service: ipodservice - apple computer, inc. - c:\program files\ipod\bin\ipodservice.exe
(o23) - Service: mcafee wsc integration (mcdetect.exe) - mcafee, inc - c:\program files\mcafee.com\agent\mcdetect.exe
(o23) - Service: mcafee.com mcshield (mcshield) - mcafee inc. - c:\progra~1\mcafee.com\vso\mcshield.exe
(o23) - Service: mcafee task scheduler (mctskshd.exe) - mcafee, inc - c:\progra~1\mcafee.com\agent\mctskshd.exe
(o23) - Service: mcafee securitycenter update manager (mcupdmgr.exe) - mcafee, inc - c:\progra~1\mcafee.com\agent\mcupdmgr.exe
(o23) - Service: mcafee personal firewall service (mpfservice) - mcafee corporation - c:\progra~1\mcafee.com\person~1\mpfservice.exe
(o23) - Service: mcafee spamkiller server (mskservice) - mcafee inc. - c:\progra~1\mcafee\spamki~1\msksrvr.exe
(o23) - Service: intel ncs netservice (netsvc) - intel® corporation - c:\program files\intel\prosetwired\ncs\sync\netsvc.exe
(o23) - Service: pml driver hpz12 - hp - c:\windows\system32\hpzipm12.exe
(o23) - Service: pc tools spyware doctor (sdhelper) - pc tools research pty ltd - c:\program files\spyware doctor\sdhelp.exe[/hijack]




Setting the font-size and the background-color on the Custom [hijack] UBB Tags something like this makes the log looks mutch better.
Services, HKLM\..\Run's, applications, etc.. are mutch easyer to find.

A nice way to oversee an infected log for spyware i thought so.

Grtz Niele

Edited by niele, 07 August 2006 - 07:09 PM.


#4 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,567 posts

Posted 07 August 2006 - 06:52 PM

I still fail to see how this is supposed to help... It makes it much harder for me to read the log and understand what is going on... We will see what other Helpers have to say... At this point, I hope this does not become popular...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#5 niele

niele

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 07 August 2006 - 07:06 PM

Sorry your not to exited about it.

When you grow use to it, you don't want anyting else anymore.. Trust me ^_^

#6 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,567 posts

Posted 07 August 2006 - 08:03 PM

Sorry your not to exited about it.

When you grow use to it, you don't want anyting else anymore.. Trust me ^_^

Sorry, this is the first I have heard of you and that means that I have no reason to trust you... As I said, we will see if other Helpers think it might be helpful...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#7 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 07 August 2006 - 09:04 PM

Niele,

I'm sorry, but this idea does not appeal to me in any way.

Distinguishing the different sections of the log with different colors will only make it harder for those who may be visually impaired in any way, shape, or form.

I also happen to know that with older age comes a much more impaired ability to see lighter color shades. I brought my father in to try and read some of the lines, and he thought some of the lines were not there... as they blended with the blackground.


Also, you have no proof that Merijn said ANYTHING about this, let alone anything positive.

If you would be so kind as to provide any evidence, your credibility might increase a bit.

~Screen317

Edited by screen317, 07 August 2006 - 09:08 PM.

Please consider donating to help support the continued prompt and excellent services of this site.


#8 niele

niele

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 07 August 2006 - 09:26 PM

Ok, ok, Here's the proof..
Yeah i know, could be faked.. :hmmm:

Sorry to say, but i think here's some big truts issues on this forum here.

I did not come here to spam my site here, i made this thing for You Guys, the people checking the logs for spyware.

Thought it would be helpfull for you, if it's not something you wanna use, no problems, no hard feelings. But the whole trust thing, Damnz... Spyware on my site, me lying about the contact with merijn. :blink: Come on man, where did your trust in people got lo.

I'm offering you a free service here.. -_-

A nice "thanks, but no" would be enough.

Edited by niele, 22 January 2007 - 06:50 PM.


#9 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,567 posts

Posted 07 August 2006 - 09:33 PM

If you worked on these types of forums, you would know where our trust has gone... We are constantly SPAMmed by people claiming to help us and they often start by posting links to their own sites in our forum without registering... They are often looking to simply improve their status with Google by increasing visits to their sites, but sometimes they have even more malicious aims, like installing rogue programs...

We are very trusting of people that approach us by getting to know us or people we know in the malware fighting community who introduce them... We are very welcoming of people who recognize that we are constantly under attack and respect that reality... Does that answer your question??
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#10 niele

niele

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 07 August 2006 - 09:49 PM

[offtoppic]
I also was an Administrator of such a forum for over 3 years. (dutch one, resently stopped)
Maby it's an idea to Disable Guest Posting, we rearly had that problem there.

But like i earlyer sead, if you don't wanna be using it, a nice "thanks, but no" would be enough.

Grtz Niele

Edited by niele, 22 January 2007 - 06:51 PM.


#11 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 08 August 2006 - 09:35 AM

I can see how this might be useful by distinguishing the different aspects of a log for persons whom are just beginning to learn to read hijackthis logs.

There is a potential problem with this as well. The colors and bolding may be interpreted by some as items that need to be fixed or items that are safe or as items that are more critical. For instance the use of two (or more) separate colors in a file and path name could lead to more importance being placed on the file name instead of the name of the file and the directory it is in (i.e. there is a big difference between c:\windows\system32\svchost.exe and c:\windows\system\svchost.exe).

Again I think this “utility” has merit as a learning tool.
Personally though, it makes the log very busy and possibly even harder to read. Additionally we have some staff members who are colorblind and still others with degenerating or poor vision. This could lead to logs “enhanced” with colors to be overlooked and skipped in favor of standard monochrome logs.

An alternative idea might be to change each section (04, 016, 023…) to a separate color of it’s own instead of having multiple colors in each line.

#12 Thunder

Thunder

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 677 posts

Posted 14 August 2006 - 04:29 AM

Hello niele,

I know your tool is used at a specific Dutch forum,
and the result looks nice, doesn't it. ^_^

However, to log readers it has, as Budfred, screen317 and Trilobite said, an adverse effect,
it makes the log harder to read since it doesn't emphasise in any way what's bad in a log and what isn't.
Can you imagine what effect it has on a helper who reads 20, 30 or more logs a day?
It just makes up for an additional strain on our eyes. :hmmm:

So, no thank you, but nice try though. :cool:
Whatever happens, make believe it was intended to ...
-------------------------------------------------------------------------
A donation to this site to help us help you, is most appreciated

#13 niele

niele

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 14 August 2006 - 08:20 AM

Tnx m8, apreciate it :)

I also had the thought to make Bad Entry's show Bold or something like that, but i thought it would be to hard to keep up with all the new stuff comming out every time :(

Enjoy your day, Greetz Niele

#14 ucop3

ucop3

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 31 October 2006 - 05:26 AM

[quote name='niele' date='Aug 14 2006, 10:20 PM' post='449469']
Tnx m8, apreciate it :)

nice hijack download here : [h**p://www.merijn.org/files/hijackthis.zip]
note: replace h**p with http

"Sharing is caring"




Member of UNITE
Support SpywareInfo Forum - click the button