cili 0 Report post Posted January 29, 2006 Variant of the RapidBlaster parasite (in a "kazaa" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name .apa maksud ni ? aku kena delete kazaa ke? Quote Share this post Link to post Share on other sites
cili 0 Report post Posted January 29, 2006 dan juga:MSIE: Internet Explorer v6.00 (6.00.2600.0000) - Possibly out of dateC:\WINNT\System32\P2P Networking\P2P Networking.exe - NastyO2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll - NastyO3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll - NastyO3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing) - Nasty<ÄØ€´AèìÅØÜÄÅà´ÜÄÔдÐÁ ´àÌàÀ´ÍÐÕØå ô€¡]•ˆ@É@%¹ÍÑ…±±•È¤€´€´9…ÍÑäñ‰È¼O17 - HKLM\System\CCS\Services\Tcpip\..\{C604C0B6-2644-4C07-A0D5-8199EDD2442D}: NameServer = 202.188.0.133 202.188.1.5 - Possibly nastyO18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOLLWÙ˜ÛÛ™H˜ÝOœ‹Ï Quote Share this post Link to post Share on other sites
polyfuze_4336 0 Report post Posted January 29, 2006 ni maknanye ko kena virus rapidblaster..update ko nyer antvirus pastu try disinfect..die just cakap ko tak yah nak try uninstall kazaa tue..tapi cari rapidblaster nyer removal tools nak remove virus tue..bole download rapidblaster removal tools kat cni klik Quote Share this post Link to post Share on other sites
cili 0 Report post Posted January 29, 2006 thanks atas nasihat but aku still tak clear camna nak remove virus tuh guna spywareblaster ? Quote Share this post Link to post Share on other sites
joetbg_x 0 Report post Posted January 29, 2006 spywareblaster tu mencegah je. guna Ad-Aware atau Spybot Search & Destroy. Quote Share this post Link to post Share on other sites
BraDeRz 0 Report post Posted January 29, 2006 mane satu nie? aku x nampak rapidblaster kat link tu kecuali spywareblaster..a ah spywareblaster utk blok bad address... Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted January 29, 2006 ako tak layan hijackthis log yang tak lengkap. sila pos full hijackthis log. Quote Share this post Link to post Share on other sites
cili 0 Report post Posted January 29, 2006 ako tak layan hijackthis log yang tak lengkap. sila pos full hijackthis log.←tu ringkasannya.yg lengkap pada posting b4 this Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted January 29, 2006 you mean this?"Variant of the RapidBlaster parasite (in a "kazaa" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name .apa maksud ni ? aku kena delete kazaa ke?"really la, susah gile ke untuk just post full hijackthis log bile orang mintak? ko jugak kan yang nak orang tolong? Quote Share this post Link to post Share on other sites
cili 0 Report post Posted January 30, 2006 Logfile of HijackThis v1.99.1Scan saved at 11:22:00 AM, on 1/29/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\LEXBCES.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\LEXPPS.EXEC:\WINNT\Explorer.EXEC:\WINNT\system32\dla\tfswctrl.exeC:\Program Files\QuickTime\qttask.exeC:\WINNT\VM_STI.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINNT\System32\P2P Networking\P2P Networking.exeC:\Program Files\SurfAccuracy\SAcc.exeD:\Winamp\winampa.exeC:\Program Files\MediaGateway\MediaGateway.exeC:\Program Files\Kazaa\kazaa.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Sonique\sqstart.exeC:\Program Files\Messenger\msmsgs.exeC:\WINNT\System32\ctfmon.exeC:\Program Files\TBONBin\tbon.exeC:\Program Files\Yahoo!\Messenger\ypager.exeC:\Program Files\Common Files\DataViz\DvzIncMsgr.exeC:\Program Files\Common Files\Sonic Shared\cinetray.exeC:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exeC:\Program Files\palmOne\HOTSYNC.EXEC:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINNT\System32\CTsvcCDA.EXEC:\WINNT\System32\gearsec.exeC:\WINNT\System32\nvsvc32.exeC:\WINNT\System32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINNT\System32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\IMRAN1\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR3 - Default URLSearchHook is missingO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dllO3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [bigDogPath] C:\WINNT\VM_STI.EXE VIMICRO USB PC CameraO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTARTO4 - HKLM\..\Run: [bEQCEfdoD] C:\WINNT\qwkhrnm.exeO4 - HKLM\..\Run: [surfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exeO4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exeO4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAYO4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKCU\..\Run: [soniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostickO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exeO4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /rO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXEO4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exeO4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\cinetray.exeO4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KLO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{C604C0B6-2644-4C07-A0D5-8199EDD2442D}: NameServer = 202.188.0.133 202.188.1.5O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXEO23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINNT\System32\gearsec.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXEO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe Quote Share this post Link to post Share on other sites
joetbg_x 0 Report post Posted January 30, 2006 install firewall spt ZoneAlarm Free dgn antispyware spt Microsoft AntiSpyware. kan senang keje? Quote Share this post Link to post Share on other sites
Impreza_2004 0 Report post Posted January 31, 2006 cuba try ZoneAlarm Security Suite v6.0 (PC MAG Editor's Choice)..Antivirus + Antispyware + Firewall = selamat mencuba Quote Share this post Link to post Share on other sites
cili 0 Report post Posted February 18, 2006 cuba try ZoneAlarm Security Suite v6.0 (PC MAG Editor's Choice)..Antivirus + Antispyware + Firewall = selamat mencuba ←نشمشعkalau dia block p2p networking ok ke tuh? Quote Share this post Link to post Share on other sites
ahmades 2 Report post Posted February 18, 2006 نشمشعkalau dia block p2p networking ok ke tuh?←Delete ja p2p networking.exe kat hijackthis. Kalau tak ko nanti jadi cam aku yang hari-hari dapat email sampah dan network kena trace dengan sapa ntah. TU SPYWARE TU. Uninstall Kaaza semua sekali dengan tool-tool yang dia bagi kemedian pakai Kaaza Lite Resurrection yang bleh Bleh didownload kat sini. Quote Share this post Link to post Share on other sites
cili 0 Report post Posted February 18, 2006 Delete ja p2p networking.exe kat hijackthis. Kalau tak ko nanti jadi cam aku yang hari-hari dapat email sampah dan network kena trace dengan sapa ntah. TU SPYWARE TU. Uninstall Kaaza semua sekali dengan tool-tool yang dia bagi kemedian pakai Kaaza Lite Resurrection yang bleh Bleh didownload kat sini.←aku rasa ni nasihat yg sgt cun. Quote Share this post Link to post Share on other sites
Impreza_2004 0 Report post Posted February 18, 2006 ?????kalau dia block p2p networking ok ke tuh?←setakat ni dia tak la block sangat la..lagipun aku pakai limewire p2p..cuma block sekiranya de serangan melalui port ... Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted February 18, 2006 (edited) O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dllFiles\Yahoo!\Common\yiesrvc.dllO3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dllO3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTARTO4 - HKLM\..\Run: [bEQCEfdoD] C:\WINNT\qwkhrnm.exeO4 - HKLM\..\Run: [surfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exeO4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAYO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background -> boh checkmark kat line ni kalo ko tak gune WINDOWS messenger.O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exeO4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /rO8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KLO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll←TUTUP SEMUA WINDOW DAN JUGAK INTERNET EXPLORER SEBELUM FIX SEMUA YANG DI ATAS.pastu sila buat ni.pegi start>runtaip cmdpastu taip tiap2 line di bawah. lepas satu line, tekan enter. tengok ade tak error mesej.regsvr32 /u C:\PROGRA~1\RXTOOL~1\sfcont.dllregsvr32 /u "C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll"regsvr32 /u "C:\Program Files\RXToolBar\RXToolBar.dll"regsvr32 /u "C:\PROGRA~1\RXTOOL~1\sfcont.dll"pastu bila dah, RESTART.pastu sila delete file dan folder2 ni.C:\Program Files\RXToolBarC:\Program Files\Zango ProgramsC:\WINNT\System32\P2P NetworkingC:\WINNT\qwkhrnm.exeC:\Program Files\SurfAccuracy\C:\Program Files\MediaGateway\C:\Program Files\Kazaa\kalo die kate ade ape2 prob mase nak delete tu, pilih yes je.STEP 2.download spybot. http://www.safer-networking.org/en/mirrors/index.htmldownload, UPDATE.lepas dah update semua, bukak balik spybot. pegi menu mode>advanced mode. kat menu kiri, pegi tools. checkkan semua, so semua setting boleh kite set.then kat menu kiri, pegi spybot>immunize. klik immunize, dan klik enable permanent blocking of bad addresses... dan block all pages silently.pastu gi Tools>Hosts file. add spybot hosts file.pastu scan. fix, pastu restart. pastu scan balik, takut2 ade problem balik. kalau problem tu asyik kluar balik, sila pos log hijackthis.kalau tak paham step2 kat atas, boleh tengok flash tutorial untuk step2 dia gak.STEP 3.kalo nak software buang file2 yang takde gune kat pc, macam temporary file, gune ccleaner.http://www.ccleaner.com/ccdownload.aspdownload, install, dan bukak ccleaner. run cleaner. restart pc.FREELAST STEP.sila pos balik log hijackthis terbaru. Edited February 18, 2006 by C-Fu Quote Share this post Link to post Share on other sites
dukun 0 Report post Posted February 19, 2006 kan senang kalu bg log yang penuh punya... Quote Share this post Link to post Share on other sites
cili 0 Report post Posted February 19, 2006 (edited) ni dia yg terbaruLogfile of HijackThis v1.99.1Scan saved at 7:05:20 PM, on 2/19/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\LEXBCES.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\LEXPPS.EXEC:\WINNT\Explorer.EXEC:\WINNT\system32\dla\tfswctrl.exeC:\Program Files\QuickTime\qttask.exeC:\WINNT\VM_STI.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Sonique\sqstart.exeC:\Program Files\Messenger\msmsgs.exeC:\WINNT\System32\ctfmon.exeC:\Program Files\Yahoo!\Messenger\ypager.exeC:\Program Files\Common Files\DataViz\DvzIncMsgr.exeC:\Program Files\Common Files\Sonic Shared\cinetray.exeC:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\WINNT\System32\CTsvcCDA.EXEC:\Program Files\palmOne\HOTSYNC.EXEC:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exeC:\WINNT\System32\gearsec.exeC:\WINNT\System32\nvsvc32.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\ZONELABS\vsmon.exeC:\Documents and Settings\IMRAN1\Desktop\HijackThis.exeC:\WINNT\System32\imapi.exeC:\Program Files\iPod\bin\iPodService.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [bigDogPath] C:\WINNT\VM_STI.EXE VIMICRO USB PC CameraO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exeO4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKCU\..\Run: [soniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostickO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXEO4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exeO4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\cinetray.exeO4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXEO23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINNT\System32\gearsec.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXEO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe Edited February 19, 2006 by cili Quote Share this post Link to post Share on other sites
cili 0 Report post Posted February 26, 2006 any comments? Quote Share this post Link to post Share on other sites
dukun 0 Report post Posted February 26, 2006 any comments?pakej anda yang terbaik... (iklan apek) Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted February 26, 2006 ok skarang buat step2 ni lak.first download spybot. http://www.safer-networking.org/en/mirrors/index.htmldownload, UPDATE.lepas dah update semua, bukak balik spybot. pegi menu mode>advanced mode. kat menu kiri, pegi tools. checkkan semua, so semua setting boleh kite set.then kat menu kiri, pegi spybot>immunize. klik immunize, dan klik enable permanent blocking of bad addresses... dan block all pages silently.pastu gi Tools>Hosts file. add spybot hosts file.pastu scan. fix, pastu restart. pastu scan balik, takut2 ade problem balik. kalau problem tu asyik kluar balik, sila pos log hijackthis.kalau tak paham step2 kat atas, boleh tengok flash tutorial untuk step2 dia gak.=================================kalo nak software buang file2 yang takde gune kat pc, macam temporary file, gune ccleaner.http://www.ccleaner.com/ccdownload.aspdownload, install, dan bukak ccleaner. analyze, pastu run cleaner. restart pc.FREE Quote Share this post Link to post Share on other sites