Jump to content

cili

Members
  • Content Count

    251
  • Joined

  • Last visited

Posts posted by cili


  1. Virus tu mungkin dah takde sebab antivirus dah buang... cuma ada satu fail nama 'autorun.inf' yang tertinggal.. fail ni digunakan untuk menjalankan sesuatu arahan secara automatik. Contohnya macam kes ko ni, fail nama 'copy.exe' akan running secara automatik selepas ko double klik kat drive letter pendrive letter ko..

    Fail 'autorun.inf' ni dalam bentuk tersembunyi (hidden). Fail ni bukan worm atau virus sebab takde code 'jahat' dalam tu... ia hanya membantu virus tu untuk running secara automatik je...

    yg portable antivirus tuh aku scan pendrive aku, dia asik sangkut tak gerak2 kat satu file tuh. sebab apa ye

    ?


  2. untuk mengelak kejadian sama berulang, buat satu folder nama copy.exe /ravmone.exe dalam pendrive tu..

    so benda ni bukan virus, worm la yer

    kalau ada folder kosong yg tak leh delete nak wat camna ye?


  3. c-fu guna otak la sikit.

    haritu ko suruh aku paste semula hijackthis punya logfile padahal aku dah bagitau kata comp aku tak boleh masuk windows langsung. monitor gelap terus. bukan aku tak bagi apa org mintak, masalahnya tak boleh.

    c-fu: u have a serious attitude problem. kalau ko kawin ko susah nak bahagia, anak2 ko akan benci ko. so u better grow up and act like an adult eventhough gambar ko macam budak hingusan

    Setengah manusia ni baru ada diploma/degree dah rasa diri besar sangat. kalau ada phd apa agaknya akan jadi. NAk hidup di dunia ni kejap je buat apa nak bongkak diri ?


  4. problem: aku dah bagitau dulu. monitor gelap hitam lepas tekan power utk start computer.

    aku dah guna hijackthis.de dan memang clear.

    c-fu aku mamat bukan minah. bukan semua org ada online 24/7 macam u.

    gotta be a bit empathic and understanding. we are livin in a modern and advanced society. being rude is never warranted here bro.

    aku takda net kat rumah so lambat skit reply. aritu aku nak masuk putra down.


  5. Logfile of HijackThis v1.99.1

    Scan saved at 06:02:19 ã, on 19/11/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\WINDOWS\VM_STI.EXE

    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

    C:\Program Files\palmOne\Hotsync.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    C:\Documents and Settings\XP Pro User\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

    O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?

    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


  6. itu yg sebelum fix la.

    aku bukan minah.

    still sama

    sekarang nak start pun tak leh. tekan power button dia stay hitam jer.

    lepas sehari dua baru boleh masuk windows. itu pun 20 saat je sebelum monitor jadi biru habis.


  7. Logfile of HijackThis v1.99.1

    Scan saved at 05:41:50 ã, on 02/10/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Cyberlink\Shared files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\WINDOWS\VM_STI.EXE

    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

    D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

    C:\Program Files\palmOne\Hotsync.exe

    C:\Program Files\Real\RealPlayer\RealPlay.exe

    C:\Documents and Settings\XP Pro User\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - f:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

    O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED6CB68D-569A-485D-8A72-79DFEA8074E1}: NameServer = 202.188.0.133,202.188.1.5

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


  8. win xp.

    virus ? worm ? aku rasa tak.

    Satu lagi monitor asik kelip-kelip kdg2. gelap, cerah, gelap, cerah.

    kdg2 masa start color dia jadi biru habis.

    kdg2 nak start lama gile screen hitam baru leh masuk.

    power supply ke? apa nak buat ?

×
×
  • Create New...