radin_herwan 0 Report post Posted February 6, 2006 aku kena virus.......berdenyut kepala......mabuk laut pun ada.....sapa nk info leh tgk kat sini http://securityresponse.symantec.com/[email protected]nak buang pakai removal tool Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted February 7, 2006 kalo sesiapa yang kena, sila cuba untuk fix dengan tools nih.ftp://ftp.f-secure.com/anti-virus/tools/f-force.zip atauhttp://www.f-secure.com/tools/f-force.zipsila unzip ke dalam SATU FOLDER.pastu download ni gakhttp://download.f-secure.com/latest/latest.zip ATAUftp://ftp.f-secure.com/anti-virus/updates/latest/latest.zipdan unzip isi2 die ke dalam FOLDER YANG SAMA TADIK.pastu run file die untuk check dan fix. Quote Share this post Link to post Share on other sites
antharexx 0 Report post Posted February 8, 2006 C-Fu mcm mana dengan pc aku ni..Logfile of HijackThis v1.99.1Scan saved at 22:59:46, on 08/02/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32\slserv.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\ZTE\ADSLDIAL\adslDial.exeC:\Program Files\LimeWire\LimeWire.exeC:\Program Files\Winamp\Winamp.exeC:\Program Files\Spyware Doctor\swdoctor.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Messenger\msmsgs.exeD:\garuk\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.softomate.com/defultsearch/R3 - URLSearchHook: IstartHere Toolbar - {D940F380-49C7-4A05-9E33-53930AF5768F} - C:\Program Files\IstartHere Toolbar\setup.dllO2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: XBTB06823 Class - {8D91EEF6-070C-4a47-B186-86F882463A53} - C:\PROGRA~1\ISTART~1\setup.dllO2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: IstartHere Toolbar - {D940F380-49C7-4A05-9E33-53930AF5768F} - C:\Program Files\IstartHere Toolbar\setup.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /QO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{54DC01AF-651C-4D27-8FC5-D8136BC94706}: NameServer = 202.188.0.133 202.188.1.5O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted February 9, 2006 (edited) TUTUP SEMUA WINDOWS DAN JUGAK INTERNET EXPLORER DULU!!!!!!pastu baru fix yang di bawah:R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.softomate.com/defultsearch/R3 - URLSearchHook: IstartHere Toolbar - {D940F380-49C7-4A05-9E33-53930AF5768F} - C:\Program Files\IstartHere Toolbar\setup.dllO2 - BHO: XBTB06823 Class - {8D91EEF6-070C-4a47-B186-86F882463A53} - C:\PROGRA~1\ISTART~1\setup.dllO3 - Toolbar: IstartHere Toolbar - {D940F380-49C7-4A05-9E33-53930AF5768F} - C:\Program Files\IstartHere Toolbar\setup.dllO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe←RESTART.pastu pegi start>runtaipregsvr32 /u "C:\PROGRA~1\ISTART~1\setup.dll"pastu delete folder niC:\Program Files\IstartHere Toolbar\but ko tak kene la virus ni. Edited February 9, 2006 by C-Fu Quote Share this post Link to post Share on other sites
emyrul 0 Report post Posted February 9, 2006 pc saye ni skang mcm dah kene virus je....tibe2 hang...bleh tlg chek tak...Logfile of HijackThis v1.99.1Scan saved at 16:45:20, on 09/02/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\pos\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 200.1.1.242R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = PROXYGTE:80O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.htmlO8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.htmlO8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.htmlO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Quote Share this post Link to post Share on other sites
antharexx 0 Report post Posted February 9, 2006 terima kasih C-Fu ... dah buat seperti yg ko suruh.. tak tau dari mana datang benda tu.. Quote Share this post Link to post Share on other sites
kuzer_khushairie 0 Report post Posted July 17, 2007 Tolong check kan....pastu kalu ada masalah ajar ek apa nak buatLogfile of HijackThis v1.99.1Scan saved at 11:34:33 AM, on 17/07/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\Explorer.EXEC:\Program Files\HITACHI\NETMDMP\BIN\dmrcasrv.exeC:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exeC:\Program Files\HITACHI\NETMDMP\BIN\DMRCCTRN.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\WINNT\system32\ntvdm.exeC:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXEC:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINNT\msagent\AgentSvr.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Microsoft Office\Office\POWERPNT.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Microsoft Office\Office\WINWORD.EXEC:\Hijackthis\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [dskmgm] C:\Winnt\System32\dskmgm.batO4 - HKLM\..\Run: [Dewan Eja 3000 Config] C:\PROGRA~1\THENAM~1\DEWANE~1\deconfig.exeO4 - HKLM\..\Run: [Hitachi Remote Install Logon Manager] "C:\Program Files\HITACHI\NETMDMP\BIN\DMPLOGMG.EXE"O4 - HKLM\..\Run: [Remote Control Agent] "C:\Program Files\HITACHI\NETMDMP\Bin\dmrcagnt.exe" /logonO4 - HKLM\..\Run: [Hitachi Alert Task Process] "C:\Program Files\HITACHI\NETMDMP\BIN\ALERTTSK.EXE"O4 - HKLM\..\Run: [Hitachi Remote Install Client] "C:\Program Files\HITACHI\NETMDMP\BIN\DMPSETUP.EXE"O4 - HKLM\..\Run: [bron-Spizaetus] "C:\WINNT\ShellNew\sempalong.exe"O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /autoO4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exeO4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp color LaserJet 2550 PCL 6 (Copy 2)" -n 1 -l 1033 -sl 120000O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quietO4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\murni\Local Settings\Application Data\smss.exe"O4 - Global Startup: AXIS Print Utility.lnk = C:\Program Files\AXIS Utilities\AXPUW.EXEO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htmO12 - Plugin for .ods: C:\Program Files\Internet Explorer\PLUGINS\npbqs32.dllO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dllO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Client Install Service - Hitachi,Ltd. - C:\Program Files\HITACHI\NETMDMP\BIN\DMPSERV.EXEO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: Hitachi Alert Process Service - Hitachi, Ltd. - C:\Program Files\HITACHI\NETMDMP\BIN\ALERTSRV.EXEO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: OracleClientCache80 - Unknown owner - c:\orant\BIN\ONRSD80.EXEO23 - Service: OracleorahrmsClientCache - Unknown owner - c:\orahrms\BIN\ONRSD.EXE (file missing)O23 - Service: OracleORAHR_MURNIClientCache - Unknown owner - c:\orahr_murni\BIN\ONRSD.EXE (file missing)O23 - Service: OracleORA_HRKUClientCache - Unknown owner - c:\ora_hrku\BIN\ONRSD.EXEO23 - Service: OracleORA_HRMSClientCache - Unknown owner - c:\ora_hrms\BIN\ONRSD.EXEO23 - Service: OracleWebAssistant1 - Unknown owner - c:\orahr\BIN\OWASTSVR.EXE (file missing)O23 - Service: OracleWebAssistant2 - Unknown owner - c:\orahr_murni\BIN\OWASTSVR.EXE (file missing)O23 - Service: OracleWebAssistant3 - Oracle Corporation - c:\ora_hrku\BIN\OWASTSVR.EXEO23 - Service: OracleWebAssistant4 - Oracle Corporation - c:\ora_hrms\BIN\OWASTSVR.EXEO23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exeO23 - Service: Remote Control Agent - Unknown owner - C:\Program Files\HITACHI\NETMDMP\BIN\DMRCAGNT.EXE" /service (file missing)O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe Quote Share this post Link to post Share on other sites
snipersnake 0 Report post Posted July 22, 2007 encik sifu, minta tolong tgk2 kan log saya nih, rasanya ada virus..entahlha..Logfile of HijackThis v1.99.1Scan saved at 10:39:52 AM, on 7/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\Program Files\LClock\LClock.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\TrojanHunter 4.7\THGuard.exeC:\Documents and Settings\Jimmy Najib\My Documents\utorrent.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\DOCUME~1\JIMMYN~1\LOCALS~1\Temp\{FC681F90-E666-48C0-AF02-DC869B870C5E}\Blaero Start Orb.exeC:\Program Files\OpenOffice.org 2.2\program\soffice.exeC:\WINDOWS\system32\slserv.exeC:\Program Files\OpenOffice.org 2.2\program\soffice.BINC:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Winamp\winamp.exeC:\PROGRA~1\Grisoft\AVG7\avgw.exeC:\Documents and Settings\Jimmy Najib\Desktop\HijackThis.exeR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dllO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exeO4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exeO4 - HKLM\..\Run: [blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exeO4 - HKLM\..\Run: [styler] C:\Program Files\Styler\Styler.exeO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Jimmy Najib\My Documents\utorrent.exe"O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9100FFB0-D9F3-4604-AE4D-A5C0287F0E1B}: NameServer = 202.188.0.133,202.188.1.5O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted July 22, 2007 kuzer_khushairie penah kene brontok la.. Quote Share this post Link to post Share on other sites
SpanarKoman 0 Report post Posted July 25, 2007 Err..tolong check aku log plak..mana la tau kot2 ada virus tu aku je yg tak perasan. Kalo ada virus lain pun kasi tau la..pc aku memang virus suka lepak..Logfile of HijackThis v1.99.1Scan saved at 1:41:47 PM, on 7/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\cusrvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\CNAC4RPK.EXEC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\NWTRAY.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spyware Doctor\swdoctor.exeZ:\pnnvlsso.exeC:\Novell\Messenger\NMCL32.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\FlashGet\flashget.exeC:\Downloads\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">O1 - Hosts: <html>O1 - Hosts: <head>O1 - Hosts: <script LANGUAGE="JavaScript">O1 - Hosts: <!--O1 - Hosts: if (window != top)O1 - Hosts: top.location.href = location.href;O1 - Hosts: // -->O1 - Hosts: </script>O1 - Hosts: <title>Site Unavailable</title>O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">O1 - Hosts: <style type="text/css">O1 - Hosts: body{text-align:center;}O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}O1 - Hosts: .bodywrap{display:block;height:470px;}O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}O1 - Hosts: .adcnt td {text-align:left;}O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;}O1 - Hosts: .ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}O1 - Hosts: .ybadge img {margin-top:6px;}O1 - Hosts: .adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}O1 - Hosts: </style>O1 - Hosts: </head>O1 - Hosts: <body>O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->O1 - Hosts: <div id="maincnt">O1 - Hosts: <div class="geohead"><div id="geologo"><a href="http://geocities.yahoo.com"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.gif" width=259 border=0></a></div>O1 - Hosts: <div id="rightside"><div id="wlinks"><a href="http://geocities.yahoo.com">GeoCities Home</a> - <a href="http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com/help/us/geo/">Help</a></div>'>http://help.yahoo.com/help/us/geo/">Help</a></div>O1 - Hosts: </div></div>O1 - Hosts: <div class="bodywrap">O1 - Hosts: <div class="bodycnt">O1 - Hosts: <div class="title">Sorry, this GeoCities site is currently unavailable.</div>O1 - Hosts: <p>The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later. </p>O1 - Hosts: <p>Are you the site owner?O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit!O1 - Hosts: <a href="http://help.yahoo.com/help/us/geo/transfer/transfer-05.html" target="_blank">Find out how.</a> </p>O1 - Hosts: <p><a href="http://help.yahoo.com/help/us/geo/transfer/" target="_blank">Learn more about data transfer.</a></p>O1 - Hosts: </div>O1 - Hosts: <div class="adcnt">O1 - Hosts: <a target="_top" href="http://geocities.yahoo.com"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->O1 - Hosts: <div class="adtable">O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">Yahoo! Web Hosting<br>O1 - Hosts: $25 Setup Waived</a></div>O1 - Hosts: <div class="addescr" title="Reliable plans include domain & 24x7 support.">Reliable plans include domain & 24x7 support.</div>O1 - Hosts: <div class="adlink" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">webhosting.yahoo.com</a></div>O1 - Hosts: </div>O1 - Hosts: <div class="adtable">O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>O1 - Hosts: <div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>O1 - Hosts: <div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">domains.yahoo.com</a></div>O1 - Hosts: </div>O1 - Hosts: <div class="adtable">O1 - Hosts: <div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div>O1 - Hosts: <div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.</div>O1 - Hosts: <div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>O1 - Hosts: </div>O1 - Hosts: <div class="adtable">O1 - Hosts: <div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div>O1 - Hosts: <div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>O1 - Hosts: <div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">smallbusiness.yahoo.com</a></div>O1 - Hosts: </div>O1 - Hosts: <div class="ybadge">O1 - Hosts: Get your own web site at <br><a target="_top" href="http://geocities.yahoo.com">Yahoo! GeoCities</a>O1 - Hosts: <a href="http://smallbusiness.yahoo.com/webhosting/" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_hostedby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>O1 - Hosts: </div>O1 - Hosts: </div>O1 - Hosts: </div>O1 - Hosts: <div class=ftr>O1 - Hosts: <hr size=1 width=100%>O1 - Hosts: Copyright ©O1 - Hosts: 2005 Yahoo! Inc. All rights reserved<br>O1 - Hosts: <a href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a>O1 - Hosts: - <a href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a>O1 - Hosts: - <a href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a>O1 - Hosts: - <a href="http://docs.yahoo.com/info/terms/geoterms.html">Terms of Service</a>O1 - Hosts: - <a href="http://help.yahoo.com/help/us/geo/">Help</a>O1 - Hosts: </div>O1 - Hosts: </div>O1 - Hosts: </body>O1 - Hosts: </html>O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1184836315&f=us-w81" ALT=1 WIDTH=1 HEIGHT=1>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dllO2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dllO2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dllO2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dllO2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXEO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /QO8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dllO9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exeO9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)O11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://172.20.0.160/officescan/console/Cli...ll/WinNTChk.cabO16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http://172.20.0.160/officescan/console/Cli...ll/setupini.cabO16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://172.20.0.160/officescan/console/Cli...stall/setup.cabO16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocxO16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cabO16 - DPF: {A3ED3A2E-8846-4C3D-AEF4-875EFF9E675F} (VeaCtrlX Control) - http://172.20.0.160/controlmanager/cgi-bin...ctivex/VEAX.cabO16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocxO16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocxO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocxO18 - Protocol: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - C:\Novell\Messenger\nmcg32.dllO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe Quote Share this post Link to post Share on other sites
En. Sejuk 0 Report post Posted August 30, 2007 komputer kawan aku kena spyware malware tuh..mcm mana nak buang aaa benda tuh..dah mcm2 software member aku try dia taknak hilang gak la..so saper ad solution utk masalah ni? Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted August 30, 2007 komputer kawan aku kena spyware malware tuh..mcm mana nak buang aaa benda tuh..dah mcm2 software member aku try dia taknak hilang gak la..so saper ad solution utk masalah ni? Suruh kwn ko scan PC dier ngan hijackThis dan pastekan lognye sini.. Quote Share this post Link to post Share on other sites
flizgreen 0 Report post Posted August 30, 2007 laptop sy plak cmner????Logfile of HijackThis v1.99.1Scan saved at 11:08:42 PM, on 8/30/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\PROGRA~1\SPYWAR~1\sp_rsser.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\Program Files\Waktu Solat\waktusolat.exeC:\Program Files\HDD Thermometer\HDD Thermometer.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\CursorXP\CursorXP.exeC:\Program Files\Veoh Networks\Veoh\VeohClient.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\3r-1c\3r-1c.exeC:\Program Files\iEx\iEx.exeC:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exeC:\Program Files\WinRoll\winroll.exeC:\Program Files\YzDock\YzDock.exeC:\Program Files\YzShadow\YzShadow.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\JetAudio\JetAudio.exeC:\Documents and Settings\Zuryati Mohamad\Desktop\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.comR3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dllO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [spywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [MAGIXautostart] G:\MAGIX Movie Edit Pro 2004\install\program\setup.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [WaktuSolat] C:\Program Files\Waktu Solat\waktusolat.exeO4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exeO4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHideO4 - Startup: 3r-1c.lnk = C:\Program Files\3r-1c\3r-1c.exeO4 - Startup: iEx.lnk = C:\Program Files\iEx\iEx.exeO4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exeO4 - Startup: WinRoll.lnk = C:\Program Files\WinRoll\winroll.exeO4 - Startup: YzDock.lnk = C:\Program Files\YzDock\YzDock.exeO4 - Startup: YzShadow.lnk = C:\Program Files\YzShadow\YzShadow.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exeO23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing) Quote Share this post Link to post Share on other sites
flizgreen 0 Report post Posted August 31, 2007 xde orang nak tolong tengok-tengokkan log laptop saye ke??? Quote Share this post Link to post Share on other sites
wanza 8 Report post Posted August 31, 2007 laptop sy plak cmner????Logfile of HijackThis v1.99.1Scan saved at 11:08:42 PM, on 8/30/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\PROGRA~1\SPYWAR~1\sp_rsser.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\Program Files\Waktu Solat\waktusolat.exeC:\Program Files\HDD Thermometer\HDD Thermometer.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\CursorXP\CursorXP.exeC:\Program Files\Veoh Networks\Veoh\VeohClient.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\3r-1c\3r-1c.exeC:\Program Files\iEx\iEx.exeC:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exeC:\Program Files\WinRoll\winroll.exeC:\Program Files\YzDock\YzDock.exeC:\Program Files\YzShadow\YzShadow.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\JetAudio\JetAudio.exeC:\Documents and Settings\Zuryati Mohamad\Desktop\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.comR3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dllO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [spywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [MAGIXautostart] G:\MAGIX Movie Edit Pro 2004\install\program\setup.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [WaktuSolat] C:\Program Files\Waktu Solat\waktusolat.exeO4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exeO4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHideO4 - Startup: 3r-1c.lnk = C:\Program Files\3r-1c\3r-1c.exeO4 - Startup: iEx.lnk = C:\Program Files\iEx\iEx.exeO4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exeO4 - Startup: WinRoll.lnk = C:\Program Files\WinRoll\winroll.exeO4 - Startup: YzDock.lnk = C:\Program Files\YzDock\YzDock.exeO4 - Startup: YzShadow.lnk = C:\Program Files\YzShadow\YzShadow.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exeO23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)ko punya xde pape.....cme kne fix je yang aku bold tu... Quote Share this post Link to post Share on other sites
flizgreen 0 Report post Posted September 1, 2007 makasih.....tapi nak camner nak fix tur????maaflah....saya nih tatau sgt pasal it nih...hehehe Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted September 1, 2007 (edited) makasih.....tapi nak camner nak fix tur????maaflah....saya nih tatau sgt pasal it nih...heheheJust tandakan entri2 ni dlm hijackThis dan tekan butang Fix checked..R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab Edited September 1, 2007 by johnburn Quote Share this post Link to post Share on other sites
Chipher 0 Report post Posted September 1, 2007 to mr C-Fu..thank for your info!.. ...harap-harap la..pc aku tak kene! Quote Share this post Link to post Share on other sites
flizgreen 0 Report post Posted September 2, 2007 thankq en johnbrn...nak mintak tolong lae nih..ni plak laptop kawan saya brand NEC...lembab gler masa nak startup...tatau ape problem..ni hijacthis dier.. tolong tengokkan ek...Logfile of HijackThis v1.99.1Scan saved at 7:30:36 AM, on 9/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\CursorXP\CursorXP.exeC:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exeC:\Program Files\Pixoria\Konfabulator\Konfabulator.exeC:\Program Files\Pixoria\Konfabulator\Konfabulator.exeC:\Program Files\Pixoria\Konfabulator\Konfabulator.exeC:\Program Files\Pixoria\Konfabulator\Konfabulator.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exeC:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeC:\WINDOWS\system32\wuauclt.exeG:\New Software\hijackthis\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startupO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -sO4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - HKCU\..\Run: [uniblue RegistryBooster 2] G:\Uniblue\RegistryBooster 2\RegistryBooster.exe /SO4 - HKCU\..\Run: [uniblue SpeedUpMyPC] G:\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -sO4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Quote Share this post Link to post Share on other sites