amtbcn
2005-11-05, 16:55
I use Spybot & hijackthis to check the course of my machine startup,It seems either of them lose something in report?
result of SSD:
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 TeaTimer_original.exe (1.4.0.2)
2005-10-24 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-11-04 Includes\Cookies.sbi
2005-11-04 Includes\Dialer.sbi
2005-11-04 Includes\Hijackers.sbi
2005-11-04 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-11-04 Includes\Malware.sbi
2005-11-04 Includes\PUPS.sbi
2005-11-04 Includes\Revision.sbi
2005-11-04 Includes\Security.sbi
2005-11-04 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-11-04 Includes\Trojans.sbi
Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: 263740ede788a60a6c0a47249fc410bf
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 8f1862afc3c79c0ea37621e87cc2fe6e
Located: HK_CU:Run, ctfmon.exe (DISABLED)
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 4cc6277445d2d388a4cd827086a5f5f0
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
---------------------------------------------------
result of HJT:
Logfile of HijackThis v1.99.1
Scan saved at 21:45:33, on 2005-11-5
......
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ~
O4 - Global Startup: NTUSER.DAT
O4 - Global Startup: NTUSER.DAT.LOG
.......
1>why there are different?
2>It's very strange result of HJT about NTUSER.*
normally or Trojan possibly?
3>I can't find something like SSD report in System.ini?
result of SSD:
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 TeaTimer_original.exe (1.4.0.2)
2005-10-24 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-11-04 Includes\Cookies.sbi
2005-11-04 Includes\Dialer.sbi
2005-11-04 Includes\Hijackers.sbi
2005-11-04 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-11-04 Includes\Malware.sbi
2005-11-04 Includes\PUPS.sbi
2005-11-04 Includes\Revision.sbi
2005-11-04 Includes\Security.sbi
2005-11-04 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-11-04 Includes\Trojans.sbi
Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: 263740ede788a60a6c0a47249fc410bf
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 8f1862afc3c79c0ea37621e87cc2fe6e
Located: HK_CU:Run, ctfmon.exe (DISABLED)
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 4cc6277445d2d388a4cd827086a5f5f0
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
---------------------------------------------------
result of HJT:
Logfile of HijackThis v1.99.1
Scan saved at 21:45:33, on 2005-11-5
......
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ~
O4 - Global Startup: NTUSER.DAT
O4 - Global Startup: NTUSER.DAT.LOG
.......
1>why there are different?
2>It's very strange result of HJT about NTUSER.*
normally or Trojan possibly?
3>I can't find something like SSD report in System.ini?