 |
 |
|
|
|
|
|||||||
| VipraSys Lab Have you been infected by a program found anywhere on the internet ? Did you find any program which you think is possibly infected but not sure, post it here and get a solution from our dedicated members. |
|
Welcome to the VipraSys forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features such as download links. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, Register Now by clicking here! |
 |
|
|
LinkBack | Thread Tools | Display Modes |
07-06-2008, 05:36 AM
|
#1 (permalink) |
|
TIRED
 
Join Date: Jul 2007
Location: in our house
Posts: 3,133
Thanks: 153
Thanked 2,838 Times in 1,081 Posts
Reputation: 52051
  |
hijack scan of AYAH... hehe
she is too lazy....
 baby check this one ty...  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:49:19 AM, on 07/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\AOL\1174609041\ee\AOLSoftware.exe C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\AOLSP Scheduler.exe C:\Program Files\mcafee.com\antivirus\oasclnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\documents and settings\administrator\local settings\application data\eowei.exe C:\Program Files\Common Files\AOL\1174609041\ee\SSCEvtHdlr.exe C:\Program Files\IC Media Corp\ICM532\Launchpad.exe C:\Program Files\Common Files\AOL\1174609041\ee\aolsoftware.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wscntfy.exe c:\program files\common files\aol\1174609041\ee\anotify.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only registered users can see links. ] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Only registered users can see links. ] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only registered users can see links. ] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Only registered users can see links. ] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only registered users can see links. ] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Only registered users can see links. ] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Only registered users can see links. ] R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1174609041\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1174609041\ee\SSCRun.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [eowei] c:\documents and settings\administrator\local settings\application data\eowei.exe eowei O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\nsinet.exe /res O4 - Global Startup: Launchpad.lnk = ? O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109096625328 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871 O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1174609041\ee\services\safetyCore\ver210 _5_4_1\aolavupd.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 8621 bytes |
|
    
|
| The Following User Says Thank You to Mz.libra For This Useful Post: | ___ayah___ (07-06-2008) |
|
07-06-2008, 02:01 PM
|
#2 (permalink) |
|
(-þŪÎŅĒ-)
Join Date: Jul 2007
Location: !!x!! In eVeRy GiRL$ HeArT !!x!!
Posts: 6,339
Thanks: 83
Thanked 1,378 Times in 937 Posts
Reputation: 52001
|
Re: hijack scan of AYAH... hehe
download this prog reboot yr pc press f8 and start yr pc in safe mode
its totally needed for u to scan in safe mode. after ur in safe mode use combofix 1st just follow the menu and let it finish after open sdfix it will create a new folder with the same name in drive C: just open that new folder with the same name sdfix and open the exe RUNTHIS and follow the menu after u hav make all ,post here a new hijackthis scan [Only registered users can see links. ] [Only registered users can see links. ] to goo to safe mode, reboot yr pc in the 1 image after reboot press f8 after if u dont see a menu in black with all option and u see a blue window just press enter and press again f8 now from the black menu choose safe mode without connection and press enter now use the prog. |
|
|
| The Following User Says Thank You to xn--p-r-i-n-c-e For This Useful Post: | ___ayah___ (07-06-2008) |
|
07-06-2008, 06:01 PM
|
#3 (permalink) |
|
~~Special-Ones~~
 
Join Date: Feb 2007
Location: In the middle of nothing... in the middle of everything ...
Posts: 12,366
Thanks: 404
Thanked 20,592 Times in 4,792 Posts
Reputation: 109103
|
Re: hijack scan of AYAH... hehe
seewt she must use the prog in safe mode and put here the notpades and the new hijackthis
size she is infect also |
|
|
|
| The Following User Says Thank You to ~~ViT~~ For This Useful Post: | ___ayah___ (07-06-2008) |
|
07-06-2008, 07:07 PM
|
#4 (permalink) |
|
Junior Member
Join Date: Jul 2008
Posts: 36
Thanks: 2
Thanked 23 Times in 13 Posts
Reputation: 1
|
Re: hijack scan of AYAH... hehe
I don't see any suspect server nor suspect proram is running in the log. Its perfect Clean . If experimences slowdown or crash from the PC just because she/ he was using too many programs and too many junks on his/her pc. Download some regs cleaner/fix and try to minimize as much as u can the programs which u need otherwise get rid of them.
|
|
|
|
| The Following User Says Thank You to _7778_ For This Useful Post: | ___ayah___ (07-06-2008) |
|
07-06-2008, 07:15 PM
|
#6 (permalink) |
|
~~Special-Ones~~
Join Date: Feb 2007
Location: In the middle of nothing... in the middle of everything ...
Posts: 12,366
Thanks: 404
Thanked 20,592 Times in 4,792 Posts
Reputation: 109103
|
Re: hijack scan of AYAH... hehe
nsinet.exe
eowei.exe Spyware-Secure_trial.exe A9SRCHAS.DLL O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\nsinet.exe /res O4 - HKCU\..\Run: [eowei] c:\documents and settings\administrator\local settings\application data\eowei.exe eowei O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe just a few let se after scan what have more i dont have idea how u say u see a clean log |
|
|
|
|
07-06-2008, 07:18 PM
|
#7 (permalink) | |
|
Junior Member
Join Date: Jul 2008
Posts: 36
Thanks: 2
Thanked 23 Times in 13 Posts
Reputation: 1
|
Re: hijack scan of AYAH... hehe
Quote:
 Last edited by _7778_ : 07-06-2008 at 07:21 PM. |
|
|
|
|
|
07-06-2008, 07:20 PM
|
#8 (permalink) |
|
+**-_huRt_-**+
Join Date: May 2008
Location: my dad's house
Posts: 247
Thanks: 121
Thanked 198 Times in 91 Posts
Reputation: 50
|
Re: hijack scan of AYAH... hehe
i also have this problem bro that when i open my computer.. this spyware add keeps on showing even if i ignored it already
 by the way it is not my computer my brothers computer i still have lots of question to ask but i think imma post coz its another deal  |
|
|
|
|
07-06-2008, 07:23 PM
|
#9 (permalink) |
|
~~Special-Ones~~
Join Date: Feb 2007
Location: In the middle of nothing... in the middle of everything ...
Posts: 12,366
Thanks: 404
Thanked 20,592 Times in 4,792 Posts
Reputation: 109103
|
Re: hijack scan of AYAH... hehe
sys use the prog stop be lazy or i will close this topic
i dont se any sense in the replays |
|
|
|
|
07-06-2008, 07:34 PM
|
#10 (permalink) |
|
Ū POLICE
Join Date: Apr 2008
Posts: 586
Thanks: 380
Thanked 667 Times in 250 Posts
Reputation: 15369
 |
Re: hijack scan of AYAH... hehe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) << HIJACKTHIS CAN FIXED THIS
Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) << THE SAME AS THIS ONE AND FOR THIS 3 USE THE 2 PROGRAM XN-PRINCE GAVE ON SAFE MODE O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\nsinet.exe /res  |
|
|
|
| The Following User Says Thank You to w---IND For This Useful Post: | ___ayah___ (07-06-2008) |
|
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| My Hijack scan log | black widow | VipraSys Lab | 32 | 07-02-2008 08:01 PM |
| check this hijack this scan of mine friend plz | ___4vin.k4n0___ | VipraSys Lab | 1 | 07-01-2008 09:47 PM |
| scan result from hijack this | BLIZZARD_777_ | VipraSys Lab | 16 | 02-05-2008 10:25 PM |
| scan result from hijack this | __CHILLI__ | VipraSys Lab | 2 | 01-21-2008 08:10 AM |
.. is it reallt necessary for me to do those things now
help me
ocuments and settingsadministratorlocal settingsapplication dataeowei.exe eowei
Linear Mode
