Sabar 0 Report post Posted January 11, 2006 Askm kawan-Kawan. Saya nak tanya pasal pengendalian windows 2000 server kat makmal sekolah tu. Maksud saya apakah yang perlu saya lakukan berkenaan dengan penjagaan windows, sekuritinya macam mana pulak, Kalau saya buat laman web tu dan letak kat server tu, saya kena on 24 jam ke server tu. Lagi masalahnya pelajar-pelajar ni asyik ubahsuai windows banyak jugak yang rosak....pening kepala jugak kalau rosak melibatkan dengan servernya sekali.Sekian. Share this post Link to post Share on other sites
Amer 0 Report post Posted January 11, 2006 cadangan saya: Kena pasang (utama): 1. Firewall 2. antivirus 3. antispywareTtg pelajar yg suka tukar setting tu, mungkin anda boleh enablekan guest account dan bair pelajar guna akaun tu..Baru la diorang tak boleh sesuka hati nak tukar setting.Harap membantu. Share this post Link to post Share on other sites
isfann 0 Report post Posted January 11, 2006 biar jer lor bebudak tuh nak tukar seting ke apa ke.. tu namanya belajar jugak... kita dulu belajar camtuh jugak.. lagipun bukan rosak pun komputer tuh bila bebudak tukar seting ke apa ke... just part of learning process.... Share this post Link to post Share on other sites
BraDeRz 0 Report post Posted January 11, 2006 kalu pasal ubah setting leh pakai system restore or norton go back kan? Share this post Link to post Share on other sites
Amer 0 Report post Posted January 11, 2006 hehe..Mencegah baik dr me repair..Block terus la kalau student nak tukar setting.. Share this post Link to post Share on other sites
C-Fu 0 Report post Posted January 11, 2006 biar jer lor bebudak tuh nak tukar seting ke apa ke.. tu namanya belajar jugak... kita dulu belajar camtuh jugak.. lagipun bukan rosak pun komputer tuh bila bebudak tukar seting ke apa ke... just part of learning process....←system admin bangang camni yang buatkan banyak windows pc kene virus la spyware la.student datang ke lab untuk BELAJAR komputer. bukan belajar rosakkan komputer. nak rosakkan pc, gune pc rumah la. ko pegi cc yang elok pon jangan harap senang2 nak boleh install tu install ni. unless penjage pc tu name die isfann la. Share this post Link to post Share on other sites
ahmades 2 Report post Posted January 11, 2006 Saya cadangkan memasang :-1::Norton AntiVirus Cooperate Edition = Untuk memantau virus yang berada didalam rangkaian2::ZoneAlarm Pro Firewall3::Diskeeper 10 Professional4::Sistem Mechanic Pro 6.0 (Tanpa AntiVirus dan Firewall)Harap membantu. Share this post Link to post Share on other sites
xdenama 0 Report post Posted January 12, 2006 aku pun kat sekolah gak, kau jangan le bagi budak-budak tu akses ke server sesuka hati, kau tinggal kat area mana, kalau kat hujung-hujung tu, rasanya kau lebih terror dari dia orang,pasal nak ubah-ubah gambar kat desktop tu biasa le, so kau kenala pasang norton go back untuk mengatasi masalah tu...apa yang kau perlu risau lagi, apa website yang dilawati oleh bebudak tu, pasang le firewall sikit...blok le mana yang boleh. p/s. minta le 2003 server, cantik skit interfacenya.. Share this post Link to post Share on other sites
polyfuze_4336 0 Report post Posted January 12, 2006 mmm kalau ko dah pakai win200 tue..ko enforce la domain nye policy..jadikan setiap user kena pakai mandatory nyer user profile..yg ko dah define..so setiap kali komp yg dah diubah2 tu restart...all the settings will revert back to normal... Share this post Link to post Share on other sites
Sabar 0 Report post Posted January 13, 2006 Terima kasih kepada semua kawan2 yang beri good idea tu. Saya berminat nak buat seperti mana yang diperkatakan oleh saudara Polyfuze 0411. saudara polyfuze, boleh tak tunjukkan cara nak buat balik ke setting asal bila restart semula komputer tu. Emel saya ialah [email protected] atau [email protected]. Tq Share this post Link to post Share on other sites
polyfuze_4336 0 Report post Posted January 14, 2006 Microsoft KBbole refer sini..pastu kalau tak paham..post question kat forum nie..hope that helps ...gud luck ngan bebdk tue Share this post Link to post Share on other sites
C-Fu 0 Report post Posted January 14, 2006 buat step2 ni kat SEMUA PC.1. buang SEMUA shortcut2 internet explorer yang ade kat desktop DAN start menu. pastu tukar dengan browser lain macam firefox http://www.getfirefox.comfirst download spybot. http://www.safer-networking.org/en/mirrors/index.htmldownload, UPDATE.lepas dah update semua, bukak balik spybot. pegi menu mode>advanced mode. kat menu kiri, pegi tools. checkkan semua, so semua setting boleh kite set.then kat menu kiri, pegi spybot>immunize. klik immunize, dan klik enable permanent blocking of bad addresses... dan block all pages silently.pastu gi Tools>Hosts file. add spybot hosts file.pastu scan. fix, pastu restart. pastu scan balik, takut2 ade problem balik. kalau problem tu asyik kluar balik, sila pos log hijackthis.kalau tak paham step2 kat atas, boleh tengok flash tutorial untuk step2 dia gak.===================================pegi download CWSHREDDER.http://www.trendmicro.com/ftp/products/onl.../cwshredder.exeDownload, start, Scan, pastu fix.FREE=================================kalo nak software buang file2 yang takde gune kat pc, macam temporary file, gune ccleaner.http://www.ccleaner.com/ccdownload.aspdownload, install, dan bukak ccleaner. analyze, pastu run cleaner. restart pc.FREE=================================pegi download hijackthis. http://216.180.233.162/~merijn/files/HijackThis.execreate new folder bernama hijackthis dan download ke folder tuh, kat desktop ke.software ni bergune untuk pakar pc check virus ke, spyware ke dalam pc ko. cara dia?lepas download, ko run program tu. pastu scan dan save log. pastu bukak log gune notepad kalo log tu tak di-auto-bukak lepas ko save. copy dan paste SEMUA isi kandungan log tu ke sini.==============then kene set antivirus supaya dia update HARI HARI. ako gune antivirus AVG, yang ni free. takyah bayar nye.http://free.grisoft.com/doc/Get+AVG+FREE/lng/us/tpl/v5FREE==================tutup SEMUA window, dan IE. bukak SATU SAHAJA Internet Explorer. Pastu pegi Tools>Windows Update. Kalau tak pernah buat windows update, nanti die akan suruh install something dari Microsoft. pilih Yes, dan mungkin kene restart pastu. Kalau kene restart, just ulang. Nanti akan keluar 2 option - pilih Custom Install. Pastu jangan pilih Service Pack 2, pilih Review Other Updates. Pastu pilih je semua kalau nak senang, dan install. Kalau ada ape2 kotak keluar pilih yes. Restart. Pastu ulang balik kalo nak install Service Pack 2.=====================kalo nak firewall, ako suggest kerio. oran lain suggest zonealarm, tapi kerio gune sikit je RAM. ako personally tak gune pasal modem ako ade firewall. tapi kalo nak gak, download la. http://www.kerio.com/kpf_download.htmlAko suggest untuk guna versi lama, versi 2.15. yang versi baru2 nye dah bloat sangat- banyak sangat features yang tak penting. 2.15 kecik, tak makan RAM sangat, dan cukup powerful.http://www.kerio.com/dwn/kpf2-en-win.exeFREE Share this post Link to post Share on other sites
polyfuze_4336 0 Report post Posted January 14, 2006 takpun nak senang ko create satu user baru dlm win2000 tue..pastu bile ko dah abih setting sume ko pi copy user profile yg ko baru create tu pastu ko paste kat user profile for all user contohnyer dlm folder nie :\Documents and Settings\All Users Share this post Link to post Share on other sites
scorps 1 Report post Posted January 15, 2006 Logfile of HijackThis v1.99.1Scan saved at 10:00:33 AM, on 1/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\r_server.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\LimeWire\LimeWire.exeC:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEE:\scorps\software\scorps\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nokia.com/O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exeO4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exeO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137021528591O17 - HKLM\System\CCS\Services\Tcpip\..\{0C912BC6-3DC2-4C93-A14E-26DB4F36BAC7}: NameServer = 202.188.0.133,202.188.0.132O17 - HKLM\System\CCS\Services\Tcpip\..\{495A9E42-525B-4D26-9E54-F8D471FA4A14}: NameServer = 202.188.0.133,202.188.0.132O17 - HKLM\System\CCS\Services\Tcpip\..\{5A0BD195-EDDD-4627-BE17-F5526447BB9D}: NameServer = 202.188.0.133,202.188.0.132O17 - HKLM\System\CCS\Services\Tcpip\..\{84012B67-CBC9-4064-9AB8-A44A73F0BDF6}: NameServer = 202.188.0.133,202.188.0.132O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe======================================c-fu dan sesape sajer,korang boleh tolong check yg aku punya tak??ok kan???? Share this post Link to post Share on other sites
polyfuze_4336 0 Report post Posted January 15, 2006 Bad - Remove almost always OK Most of the time - don't need to touch Probably not needed - Safe to remove Generally harmless - third party applications Bad if you don't know what it is Unknown Item - Investigate further --------------------------------------------------------------------------------You can reference this log by going to: http://hjt.iamnotageek.com/parse.php?log=160486--------------------------------------------------------------------------------Logfile of HijackThis v1.99.1Up To Date Version of HijackThisYou are using the latest version of HijackThis. Check www.merijn.org frequently for updates.Scan saved at 10:00:33 AM, on 1/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeSmss.exeWhat is it?Session Manager SubSystem - smss.exeWhat does it do?smss.exe - This is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes and setting system variables. After it has launched these processes, it waits for either Winlogon or Csrss to end. If this happens "normally," the system shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang).Additional Reading:Smss.exe does not resolve forward references in environmentYou will not be able to end this through task manager!More info--------------------------------------------------------------------------------Virus Precaution:The smss.exe which is from Microsoft is located at c:windowsSystem32smss.exe . We've been able to find several viruses that run as smss to trick you.Adware.Advision - Symantec CorporationAdware.DreamAd - Symantec CorporationBackdoor.IRC.Aladinz.O - Symantec CorporationBackdoor.IRC.Flood.F - Symantec CorporationW32.Dalbug.Worm - Symantec CorporationW32.Resdoc - Symantec CorporationC:\WINDOWS\system32\winlogon.exeWinlogon.exeWhat is it?Windows Logon Process - Winlogon.exeWhat does it do?Direct Quote from here:This is the process responsible for managing user logon and logoff. Moreover, Winlogon is active only when the user presses CTRL+ALT+DEL, at which point it shows the security dialog box.Search MS for more info: LinkVirus Precaution:The original Winlogon.exe from Microsoft gets placed in the C:WINDOWSSystem32 directory. if you find it anywhere else then you should be suspicious for sure.You'll want to keep an eye on this google search for any known viruses. We've been able to find only 1 report of a virus so far.Troj/Madr-B @ SophosNetsky.D @ Trend MicroC:\WINDOWS\system32\services.exeservices.exeservices.exe is a part of Windows that manages the processes. Anytime a service starts or stops it is through services.exe. During system startup and shutdown is when this process sees most of its action. You should never end this process unless it is running outside of your windows system folder.C:\WINDOWS\system32\lsass.exelsass.exeWhat is it? Local Security Authentication Server - lsass.exeWhat does it do?lsass.exe - It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.You will not be able to end this through task manager!From MS--------------------------------------------------------------------------------The lsass.exe which is from Microsoft is located at c:windowsSystem32lsass.exe . there's a few viruses that have been found to run as lsass.exe to hide from you.C:\WINDOWS\system32\svchost.exeSvchost.exeWhat is it?Service Host Process - svchost.exeWhat does it do?Here's a direct quote from MS about this: (source) Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.Svchost.exe groups are identified in the following registry key: HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchostEach value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value: HKEY_LOCAL_MACHINESystemCurrentControlSetServicesServiceIf you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it. 1.) Start --> Run --> cmd 2.) Tasklist /svc >C:ianaginfo.txt Here's an example of what I got when I issued this command if you'd like to take a look at an example. A Description of Svchost.exe in Windows XP: http://support.microsoft.com/?kbid=314056More InfoMore InfoVirus Precaution:The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.You'll want to keep an eye on this google search for any known viruses. C:\WINDOWS\System32\svchost.exeSvchost.exeWhat is it?Service Host Process - svchost.exeWhat does it do?Here's a direct quote from MS about this: (source) Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.Svchost.exe groups are identified in the following registry key: HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchostEach value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value: HKEY_LOCAL_MACHINESystemCurrentControlSetServicesServiceIf you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it. 1.) Start --> Run --> cmd 2.) Tasklist /svc >C:ianaginfo.txt Here's an example of what I got when I issued this command if you'd like to take a look at an example. A Description of Svchost.exe in Windows XP: http://support.microsoft.com/?kbid=314056More InfoMore InfoVirus Precaution:The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.You'll want to keep an eye on this google search for any known viruses. C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeStyleXPService.exeStyleXPService.exe StyleXP is a pretty cool application to customize windows. More information can be found here.Quote:Style XP supports native Microsoft visual styles instead of a non-Microsoft skinning engine. As a result, skinning in Style XP will not slow down your computer as other skinning software can.C:\WINDOWS\system32\spoolsv.exeSpoolsv.exeWhat is it?SPOOLer SerVice - spoolsv.exeWhat does it do?spoolsv.exe - The spooler service is responsible for managing spooled print/fax jobsYou will be able to end this through task manager!More info--------------------------------------------------------------------------------Virus Precaution:The spoolsv.exe which is from Microsoft is located at c:windowsSystem32spoolsv.exe . We've been able to find several viruses that run as spoolsv to trick you.Backdoor.Ciadoor.B - Symantec CorporationHacktool.Privshell - Symantec CorporationVBS.Masscal.Worm (vbs) - Symantec CorporationGraybird-A @ SophosC:\WINDOWS\system32\r_server.exeR_SERVER.EXER_SERVER.EXE - This is a portion of a remote administrator this allows a user to work on more than one computer, this has features such as file transfer, NT security and Telnet.C:\WINDOWS\system32\wuauclt.exewuauclt.exeWhat is it?Windows Update Automatic Client - wuauclt.exe What does it do?wuauclt.exe - This is used by the automatic update tool in Windows ME to check the Windows Update site every so often to see if any updates need to be installed. More InfoMore InfoVirus Precaution:The original wuauclt.exe from Microsoft gets placed in the Located at C:WINDOWSSystem32wuauclt.exe . If you find it anywhere else then you should be suspicious for sure.You'll want to keep an eye on this google search for any known viruses..Backdoor.Clt @ Symantec Corporation Troj/Cult-B @ Sophos C:\WINDOWS\Explorer.EXEexplorer.exeWhat is it?Windows Explorer - explorer.exeWhat does it do?explorer.exe - Below is a direct quote from Microsoft found on THIS page: This is the user shell, which we see as the familiar taskbar, desktop, and so on. This process isn't as vital to the running of Windows as you might expect, and can be stopped (and restarted) from Task Manager, usually with no negative side effects on the system. I have found that stopping this process is needed sometimes to stop some other processes. More InfoMore InfoVirus Precaution:The original file from Microsoft gets placed at C:WINDOWSSystem32explorer.exe . if you find it anywhere else then you should be suspicious for sure.You'll want to keep an eye on this google search for any known viruses. There's only one unique virus found through this search. All of the results are the various names of this single virus.Deloder-A @ Sophos MyDoom.B @ Symantec C:\WINDOWS\system32\wscntfy.exewscntfy.exeWhat is It?Windows Security Center Notification - wscntfy.exeWhat does it do?wscntfy.exe - This is a part of windows XP's SP2. This is a little notification that will be in your taskbar and continue to nag you about various security settings like your firewall, automatic updates and virus protection.If you'd like to get rid of this process you'll want to go into your control panel and then go into the security center. Once in there look along the left bar where you'll see quite a bit of text. At the bottom of this list you'll see where it says change the way security center alerts me. Click on this. Uncheck all three of these settings. Virus Precaution:The original wscntfy.exe from Microsoft gets placed at C:WINDOWSSystem32wscntfy.exe . If you find it anywhere else then you should be suspicious for sure. You'll want to keep an eye on this google search for any known viruses. At this time I have not found ANY viruses that run themselves using this filename. All of the results currently affect this file in some way, but do not actually run as this filename.C:\Program Files\LimeWire\LimeWire.exeLimeWire.exeLimeWire.exe - This is a process with LimeWire peer to peer file sharing client.C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEwinword.exeWhat is it?Microsoft Word - winword.exeWhat does it do?Microsoft Word is the most common professional level document reading and writing application on the market. Due to this you will find plenty of viruses floating around that will try to represent themselves as this file.Virus Precautions:You'll want to keep an eye on this google search for any known viruses. The normal location of this file is C:Program FilesMicrosoft OfficeVERSIONwinword.exeAlso .E:\scorps\software\scorps\hijackthis\HijackThis.exeHijackThis.exeThis is our favorite application for fighting against malware and other trashy application that bog systems down. Our guide to using this software can be found here. We have also taken the time to write a system to process the log files created from this application here. R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nokia.com/Internet Start PageThis is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllUnnamed BHOLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllUnnamed BHOLO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllUnnamed BHOLO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllUnknown ItemSorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dllUnnamed BHOLO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllUnknown ItemSorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exep2pnetworking"Added by the W32/Rbot-AFLO4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exeO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmInternet Right Click MenuMost of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godlinessO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000Internet Right Click MenuMost of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godlinessO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmInternet Right Click MenuMost of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godlinessO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmInternet Right Click MenuMost of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godlinessO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmInternet Right Click MenuMost of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godlinessO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllInternet Tools MenuMost of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godlinessO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLInternet Tools MenuMost of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godlinessO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeInternet Tools MenuMost of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godlinessO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeInternet Tools MenuMost of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godlinessO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllUnnamed BHOLO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...21528591Unnamed BHOLO17 - HKLM\System\CCS\Services\Tcpip\..\{0C912BC6-3DC2-4C93-A14E-26DB4F36BAC7}: NameServer = 202.188.0.133,202.188.0.132Internet SettingsThese may not be bad if your internet connection is set manuallyO17 - HKLM\System\CCS\Services\Tcpip\..\{495A9E42-525B-4D26-9E54-F8D471FA4A14}: NameServer = 202.188.0.133,202.188.0.132Internet SettingsThese may not be bad if your internet connection is set manuallyO17 - HKLM\System\CCS\Services\Tcpip\..\{5A0BD195-EDDD-4627-BE17-F5526447BB9D}: NameServer = 202.188.0.133,202.188.0.132Internet SettingsThese may not be bad if your internet connection is set manuallyO17 - HKLM\System\CCS\Services\Tcpip\..\{84012B67-CBC9-4064-9AB8-A44A73F0BDF6}: NameServer = 202.188.0.133,202.188.0.132Internet SettingsThese may not be bad if your internet connection is set manuallyO23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)File MissingWhen a file is missing, you should always have HijackThis fix the item.O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe Share this post Link to post Share on other sites
polyfuze_4336 0 Report post Posted January 15, 2006 bole check sendiri kat sini http://hjt.networktechs.com/ Share this post Link to post Share on other sites
muffinxe 0 Report post Posted January 16, 2006 domain controller Share this post Link to post Share on other sites
addlayers 0 Report post Posted January 16, 2006 aku tak beberapa setuju kalau terlalu banyak block pelajar nak set tu laa nih laa... bebenda tu pelajaran... jadi kalau dorang banyak explorer lagi banyak pengetahuan dorang... cuma jangan bagi dorang set password jee... warning sikit... tukar semua password admin tu... sebab ramai pelajar yg dah tahu.setting komputer lari setiap hari pelajar guna dah jadi kebiasaan pada setiap sekolah... sama macam sekolah aku... aku handle 2 makmal dengan komputer cecah 56 unit dalam satu sekolah.... macam2 setting dorang buat. tapi aku saba jee... bebudak kan takkan nak marah jee .. biar lah diorang belajar.cuma cadangan aku buat backup ghost jee... bila komputer tu dah teruk sangat sampai tak leh load... gunakan backup ghost tu. tapi setakat setting tu lari2 sikit biarkan jee laa... kita tachup je sesikit.kalau ko buat installlation baru kat PC sekolah tu... buat laa claim... ader gak hasilnyer dari titik peluh ko buat tu. aku mengajar jugak, repair pun aku jugak, aku tak larang pelajar aku setting macam2... bagi aku biar dia belajar, jangan terlalu control sangat sebab ia akan menyebabkan ibubapa datang complain. so... tegur jee bila nampak pelajar tu setting PC tu depan mata.Terima kasihGURU BERKUALITI PEMANKIN KEGEMILANGAN Share this post Link to post Share on other sites
nonama 0 Report post Posted January 16, 2006 aku tak beberapa setuju kalau terlalu banyak block pelajar nak set tu laa nih laa... bebenda tu pelajaran...←aku setuju, bukan semua student tu ada komp kat rumah, so kat sekolah le dia orang nak buat tu nak buat ni, cuma sedikit pengawasan dari guru, kira dah ok le.tapi, website yang dikunjungi oleh pelajar-pelajar, kita mesti awasi. Kadang-kadang cikgu syok mengajar kat depan, kat belakang dia dia buat kerja lain. Pastu bila cikgu lalu, cepat-cepat dia switch ke windows lain. Benda-benda cam ni cikgu mesti kena peka, sebab itu adalah sebahagian daripada matlamat pendidikan.rasanye baru tahun ni schoolnet filter laman-laman yang merosakkan ni, alhamdulillah. Kalau sebelum tu... tak yah cerita le. Share this post Link to post Share on other sites
Yem 0 Report post Posted January 16, 2006 Sesusah sgt letak linux live cd jer, takyah install apape windows pun dlm tu.pun buleh pakai buat keje gak. Share this post Link to post Share on other sites
C-Fu 0 Report post Posted January 17, 2006 500,000 pc setiap hari menjadi pc zombie - pc2 yang kena infect oleh virus dan spyware.sape kate kalo halang tu tak belajar? kalo ko halang bebudak dari kacau folder windows, bukan ke ko memberitahu budak tu bahawa folder windows tu bukan untuk dikacau?ini kerja sysadmin yang betul, kalo die berniat nak mengajar. apa salahnye mengajar kenapa die lock ni lock itu sambil explain, instead of biarkan student2 yang tak tahu apa2 untuk pegi site [biskut tawar] guna internet explorer dan terus kena infect spyware secara sedar atau tak sedar?adakah 54 pc tu betul2 clean, tak kene spyware? ako bet semua mesti dah kena. adakah dengan lepaskan tanggungjawab ko sebagai sysadmin dan biarkan bebudak buat sesuka hati itu namanya mengajar? jangan nak carik alasan nak biar budak belajar untuk lepaskan kerja ko. ko leh buat setting supaya bebudak tak jadi administrator, but power user ke. ko leh buat setting supaya bebudak takleh masuk folder program files, folder windows, so virus pon takleh masuk folder tu. unless of course ko adalah orang2 yang suka biar pc rosak, so ko leh pegi "fix" dan restore ghost image so orang nampak ko buat keje la. Share this post Link to post Share on other sites
kutak 0 Report post Posted January 18, 2006 puh mana ko dapat info sampai 500.000 ribu pc ..kena infect by virus, spam and malware...C-FU kalo setakat baca artikel its not the right conclusion ...aperahh...baca artikel kat internet ..dia tulis 500.000 pc jadik zombie...ehehe ..well ..aku tak setuju cara ko, dan aku tak assume yang ko pon terus jadik pandai, guna computer without touching any folder...bebudak tu pon memang ke sekolah nak belajar, so computer yang di letakkan di makmal sekolah tu memang dah di dadicated untuk mereka belajar...so let them study what ever is it, kita yang buat computer bukan computer yang buat kite, cuba cara yang polyfuze_0411 berikan mungkin berkesan, atau guna satu software ...tapi aku tak hingat dah ape kenama nya dah lama sangat tinggal, hemp software nie ..sangat berkesan, macam mana software nei berfungsi, ko buat satu image os, pada setiap pc, so apa yang akan jadik setiap kali bebudak tu ubah setting pada pc ...bila pc tu restart balik ....dia akan get back to normal, ubah la macam mana pon ..bila restart balik dia akan balik pada asal, nanti la aku inggat kan balik ape nama software tu ,,,pada yang jaga makmal tu ...jaga la makmal ko bebaik, hehehe ..and jangan bagi bebudak easyly masuk server ...create domain controller, Share this post Link to post Share on other sites
nonama 0 Report post Posted January 18, 2006 kalau ko buat installlation baru kat PC sekolah tu... buat laa claim... ader gak hasilnyer dari titik peluh ko buat tu. ←he, he,...kau bukak syarikat repair merepair ke? Jangan sampai BPR datang woiii... kan kau ada waktu pengurusan makmal, buat le, kalau tak nak buat, hantar je kat kedai, jangan main claim-claim, bahaya tu. Share this post Link to post Share on other sites
polyfuze_4336 0 Report post Posted January 18, 2006 nama software yg bole revert pc to original condition is go back...but if im not mistaken..go back was bought by norton...so skrg nie nama die norton goback..dulu aku pun pakai gakkk... and by the way..aku setuju ngan ckp c-fu tue...admin mesti la pandai jaga die nyer makmal..n explain kat bebdk nape certain folder kena lock...certain tak yah...kena la pepandai..balance between mengajar n bagi bdbk tu peluang belajar tanpe merosakkan komp kat lab Share this post Link to post Share on other sites
Prince of Andalus 0 Report post Posted January 18, 2006 pasal nak ubah-ubah gambar kat desktop tu biasa le, so kau kenala pasang norton go back untuk mengatasi masalah tu...←guna registry pun boleh...saya dulu masa kat sekolah, network admin siap buat akaun setiap pelajar...ader domain, guna win2000 server kot..pastu pelajar dpt 5 mb hdd storage...pelar takleh la install@setting mcm2...sbb ader policy...pegi universiti, network admin tak buat pun domain... yg ader pun local administrator.. tupun sesetengah je ader.... nak kata byk keje, satu lab ader satu technician...*sabros, kalau nak sng, beli buku win2003 server... kalau byk duit, amik je MCSE.. Share this post Link to post Share on other sites