pakeeza 0 Report post Posted March 19, 2006 AssalamualaikumPlz advuiseLogfile of HijackThis v1.99.1Scan saved at 12:01:23 PM, on 3/19/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\mssearchnet.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\WinFixer\wfxcwr.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\mousepad3.exeC:\Program Files\WinAntiSpyware 2006\was6.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\WINDOWS\system32\LVComS.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\Qm9zdGFudWRpbiBCb3JoYW0\command.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Network Monitor\netmon.exeC:\Documents and Settings\Bostanudin\My Documents\Hijack this\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRO2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)O3 - Toolbar: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [WinFixer helper] C:\Program Files\WinFixer\wfxcwr.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [WinService32] svchostO4 - HKLM\..\Run: [keyboard] C:\\keyboard3.exeO4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exeO4 - HKLM\..\Run: [newname] C:\\newname3.exeO4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startupO4 - HKLM\..\Run: [WinAntiSpyware 2006] C:\Program Files\WinAntiSpyware 2006\was6.exe /minO4 - HKLM\..\Run: [WinLiveUpdate] C:\Program Files\Common Files\Microsoft Shared\DAO\system32_\svchost.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [sP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm069YYMYO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dllO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A71397F2-C747-40B1-8414-386716E1DDAC}: NameServer = 202.188.0.132 202.188.1.5O17 - HKLM\System\CCS\Services\Tcpip\..\{BC441D7A-C9BC-4209-8F4C-AA06A9A7F440}: NameServer = 202.188.0.133,202.188.1.5O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\wnadss.dllO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Qm9zdGFudWRpbiBCb3JoYW0\command.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeTQ Quote Share this post Link to post Share on other sites
joetbg_x 0 Report post Posted March 19, 2006 http://www.ewido.net/en/onlinescan/ Quote Share this post Link to post Share on other sites
matrix01 0 Report post Posted March 23, 2006 ko boleh check mana bahagian yg nak kena fix kat bawah ni:http://www.hijackthis.dehttp://hjt.networktechs.com/ Quote Share this post Link to post Share on other sites
NSX 0 Report post Posted March 30, 2006 sekali imbas aku nampak 2 benda yang tak patut ada dalam PC.C:\Program Files\WinFixer\wfxcwr.exeC:\Program Files\WinAntiSpyware 2006\was6.exe Quote Share this post Link to post Share on other sites
AnNamir 61 Report post Posted March 31, 2006 (edited) Andai kata log kat atas tu dari pc aku; kat bawah ni entry yg aku akan buang:TAPI, kalau ko nak buang cam aku tulis nih, DO AT YOUR OWN RISK!Kalau BERANI... silakan fix all these entry!R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)O3 - Toolbar: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [WinFixer helper] C:\Program Files\WinFixer\wfxcwr.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [keyboard] C:\\keyboard3.exeO4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exeO4 - HKLM\..\Run: [newname] C:\\newname3.exeO4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startupO4 - HKLM\..\Run: [WinAntiSpyware 2006] C:\Program Files\WinAntiSpyware 2006\was6.exe /minO4 - HKLM\..\Run: [WinLiveUpdate] C:\Program Files\Common Files\Microsoft Shared\DAO\system32_\svchost.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [sP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm069YYMYO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dllO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Qm9zdGFudWRpbiBCb3JoYW0\command.exeDan aku akan uninstall NORTON ANTI VIRUS, masukkan AVG FREE, tgk ajelah brapa banyak service yg norton guna kat pc kita, tu blom tgk task manager lagi brapa bnyak norton punya services running, kena pc ko guna ram 256 ke, haa, merangkaklah jawabnya pc ko... Er, ni pandangan personal aku sahaja! Lain padang lain belalang! Edited March 31, 2006 by annamir Quote Share this post Link to post Share on other sites
HexPhoenix 1 Report post Posted April 2, 2006 ello tolg tgkkan aku nyer...Logfile of HijackThis v1.99.1Scan saved at 6:29:33 PM, on 4/2/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\j2re1.4.2_02\bin\jusched.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\TGTSoft\StyleXP\StyleXP.exeC:\Program Files\Analog Devices\ADSL USB MODEM\dslmon.exeC:\Program Files\foobar2000\foobar2000.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\DAP\DAP.EXEC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\NAIMON~1\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dllO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -HideO4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: DSLMON.lnk = ?O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/.../wuweb_site.cab?1138459579905O17 - HKLM\System\CCS\Services\Tcpip\..\{9C0888B8-246F-4E45-ABB8-BE69182A2E97}: NameServer = 202.188.0.133,202.188.1.5O17 - HKLM\System\CCS\Services\Tcpip\..\{C2009F8D-2E33-41CF-A091-4B6235BC1C10}: NameServer = 202.188.0.133 202.188.1.5O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe Quote Share this post Link to post Share on other sites
pokmat siko 0 Report post Posted April 2, 2006 Boleh ker letak log file hijack this sini?Kalu boleh aku nak letak jugak la..Aku bukannya tau apa yang perlu di tick nga apa yang perlu tinggal.Ker ada cara kita nak tahu yang mana kebiasaannya kita kena tick nga kita tak payah tick?? Quote Share this post Link to post Share on other sites
Hackezkk 4 Report post Posted April 2, 2006 Logfile of HijackThis v1.99.1Scan saved at 6:29:33 PM, on 4/2/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\j2re1.4.2_02\bin\jusched.exeC:\Program Files\TGTSoft\StyleXP\StyleXP.exeC:\Program Files\foobar2000\foobar2000.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\DAP\DAP.EXEC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\NAIMON~1\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exeprocess yg tak pentingp/s: apesal C:\WINDOWS\Explorer.EXE ko urup besor??abis laaa ko kner spyware brontok bontot hahahawindows update ko disable la wuiitak pentingdfahle gune lanunnyer hehhe Quote Share this post Link to post Share on other sites
HexPhoenix 1 Report post Posted April 2, 2006 nak disable camne, aku x reti. Quote Share this post Link to post Share on other sites
Navigator® 6 Report post Posted April 3, 2006 nak disable camne, aku x reti.lolxko.. buang jer service Windows update kat.. msconfig Quote Share this post Link to post Share on other sites
kuri 0 Report post Posted April 3, 2006 Yo guys...check kat sini pon boleh. Upload korang punya *.log file kat address bawah ni. nanti dia akan bagi suggestion mana satu nak buang, based on surveys yang dah dibuat dari serata dunia [kalo tak silap la...]http://www.hijackthis.de/Aku kalo scan pc member², aku refer kat link atas tu..setakat ni OK! Quote Share this post Link to post Share on other sites
pakeeza 0 Report post Posted April 19, 2006 Assalamualaikum,Senario Masalah:Aku dapati javaw.exe pakai banyak resourses sampai 35M memori. Aku tak tahu apa aplikasi yg pakai java ni. Sekarang nie Laptop aku pakai sampai 415Mb memori.Aku dah delete (CTRL + ALT + DELETE) javaw.exe dan Memori resources memang dah berkurang tapi masih tinggi iaitu 378Mb.Aku dah scan spybot dan dah fix segala benda yg spybot detect.Jadi silalah usha usha Hijackthis log di bawah ini Wassalamualaikum__________________________________________________________________Logfile of HijackThis v1.99.1Scan saved at 4:28:06 PM, on 4/19/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exeC:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exeC:\WINDOWS\System32\QCONSVC.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exeC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exeC:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exeC:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exeC:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exeC:\WINDOWS\system32\tp4serv.exeC:\WINDOWS\system32\TpScrLk.exeC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exeC:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exeC:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\hpnra.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\THINKV~1\AMSG\Amsg.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXEC:\Program Files\HP\HP UT\bin\hppusg.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXEC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Documents and Settings\PENCEGAHAN\Desktop\DATA FROM LENOVO\SOFTWARE\New Folder\HijackThis.exeO1 - Hosts: 127.0.0.22 mcafee.netO1 - Hosts: 127.0.0.22 www.mcafee.netO1 - Hosts: 127.0.0.22 mcafee.orgO1 - Hosts: 127.0.0.22 www.mcafee.orgO1 - Hosts: 127.0.0.22 mcafeesecurity.comO1 - Hosts: 127.0.0.22 www.mcafeesecurity.comO1 - Hosts: 127.0.0.22 mcafeesecurity.netO1 - Hosts: 127.0.0.22 www.mcafeesecurity.netO1 - Hosts: 127.0.0.22 mcafeesecurity.orgO1 - Hosts: 127.0.0.22 www.mcafeesecurity.orgO1 - Hosts: 127.0.0.22 mcafeeb2b.comO1 - Hosts: 127.0.0.22 www.mcafeeb2b.comO1 - Hosts: 127.0.0.22 mcafeeb2b.netO1 - Hosts: 127.0.0.22 www.mcafeeb2b.netO1 - Hosts: 127.0.0.22 mcafeeb2b.orgO1 - Hosts: 127.0.0.22 www.mcafeeb2b.orgO1 - Hosts: 127.0.0.22 nai.netO1 - Hosts: 127.0.0.22 www.nai.netO1 - Hosts: 127.0.0.22 nai.orgO1 - Hosts: 127.0.0.22 www.nai.orgO1 - Hosts: 127.0.0.22 www.vil.nai.comO1 - Hosts: 127.0.0.22 vil.nai.netO1 - Hosts: 127.0.0.22 www.vil.nai.netO1 - Hosts: 127.0.0.22 vil.nai.orgO1 - Hosts: 127.0.0.22 www.vil.nai.orgO1 - Hosts: 127.0.0.22 grisoft.comO1 - Hosts: 127.0.0.22 grisoft.netO1 - Hosts: 127.0.0.22 www.grisoft.netO1 - Hosts: 127.0.0.22 grisoft.orgO1 - Hosts: 127.0.0.22 www.grisoft.orgO1 - Hosts: 127.0.0.22 www.kaspersky-labs.comO1 - Hosts: 127.0.0.22 kaspersky-labs.netO1 - Hosts: 127.0.0.22 www.kaspersky-labs.netO1 - Hosts: 127.0.0.22 kaspersky-labs.orgO1 - Hosts: 127.0.0.22 www.kaspersky-labs.orgO1 - Hosts: 127.0.0.22 kaspersky.netO1 - Hosts: 127.0.0.22 www.kaspersky.netO1 - Hosts: 127.0.0.22 kaspersky.orgO1 - Hosts: 127.0.0.22 www.kaspersky.orgO1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.comO1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.netO1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.netO1 - Hosts: 127.0.0.22 downloads1.kaspersky-labs.orgO1 - Hosts: 127.0.0.22 www.downloads1.kaspersky-labs.orgO1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.comO1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.netO1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.netO1 - Hosts: 127.0.0.22 downloads2.kaspersky-labs.orgO1 - Hosts: 127.0.0.22 www.downloads2.kaspersky-labs.orgO1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.comO1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.netO1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.netO1 - Hosts: 127.0.0.22 downloads3.kaspersky-labs.orgO1 - Hosts: 127.0.0.22 www.downloads3.kaspersky-labs.orgO1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.comO1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.netO1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.netO1 - Hosts: 127.0.0.22 downloads4.kaspersky-labs.orgO1 - Hosts: 127.0.0.22 www.downloads4.kaspersky-labs.orgO1 - Hosts: 127.0.0.22 www.download.mcafee.comO1 - Hosts: 127.0.0.22 download.mcafee.netO1 - Hosts: 127.0.0.22 www.download.mcafee.netO1 - Hosts: 127.0.0.22 download.mcafee.orgO1 - Hosts: 127.0.0.22 www.download.mcafee.orgO1 - Hosts: 127.0.0.22 norton.comO1 - Hosts: 127.0.0.22 www.norton.comO1 - Hosts: 127.0.0.22 norton.netO1 - Hosts: 127.0.0.22 www.norton.netO1 - Hosts: 127.0.0.22 norton.orgO1 - Hosts: 127.0.0.22 www.norton.orgO1 - Hosts: 127.0.0.22 symantec.netO1 - Hosts: 127.0.0.22 www.symantec.netO1 - Hosts: 127.0.0.22 symantec.orgO1 - Hosts: 127.0.0.22 www.symantec.orgO1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.netO1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.netO1 - Hosts: 127.0.0.22 liveupdate.symantecliveupdate.orgO1 - Hosts: 127.0.0.22 www.liveupdate.symantecliveupdate.orgO1 - Hosts: 127.0.0.22 liveupdate.symantec.netO1 - Hosts: 127.0.0.22 www.liveupdate.symantec.netO1 - Hosts: 127.0.0.22 liveupdate.symantec.orgO1 - Hosts: 127.0.0.22 www.liveupdate.symantec.orgO1 - Hosts: 127.0.0.22 update.symantec.netO1 - Hosts: 127.0.0.22 www.update.symantec.netO1 - Hosts: 127.0.0.22 update.symantec.orgO1 - Hosts: 127.0.0.22 www.update.symantec.orgO1 - Hosts: 127.0.0.22 securityresponse.symantec.netO1 - Hosts: 127.0.0.22 www.securityresponse.symantec.netO1 - Hosts: 127.0.0.22 securityresponse.symantec.orgO1 - Hosts: 127.0.0.22 www.securityresponse.symantec.orgO1 - Hosts: 127.0.0.22 sarc.comO1 - Hosts: 127.0.0.22 www.sarc.comO1 - Hosts: 127.0.0.22 sarc.netO1 - Hosts: 127.0.0.22 www.sarc.netO1 - Hosts: 127.0.0.22 sarc.orgO1 - Hosts: 127.0.0.22 www.sarc.orgO1 - Hosts: 127.0.0.22 vaksin.comO1 - Hosts: 127.0.0.22 www.vaksin.comO1 - Hosts: 127.0.0.22 vaksin.netO1 - Hosts: 127.0.0.22 www.vaksin.netO1 - Hosts: 127.0.0.22 vaksin.orgO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitorO4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exeO4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exeO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helperO4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exeO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULERO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /trayO4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [iSUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exeO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silentO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLogO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [amsg] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exeO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXEO4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{456D9B01-2D61-4179-AAFC-AC52A3CA8001}: NameServer = 192.168.2.1,202.188.1.5O17 - HKLM\System\CCS\Services\Tcpip\..\{DC2CB442-2110-4C52-B6CC-D94F510751C4}: NameServer = 202.188.1.5,192.168.2.1O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dllO20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dllO20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dllO20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dllO23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXEO23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeO23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXEO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeO23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exeO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exeO23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exeO23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exeO23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe Quote Share this post Link to post Share on other sites
pakeeza 0 Report post Posted April 19, 2006 Its me again,Aku dah tanya dekat sini. http://www.hijackthis.de/Aku curios sgt pasal 127.0.0.22. So aku cuba search google pasal 127.0.0.22 ;Cuba teka apa yg aku dapat? He he brontok la .. !!!!!!http://www.symantec.com/avcenter/venc/[email protected]Mungkin ini saki baki BRONTOK. Sebab dulu Laptop nie pernah kena Brontok. Tapi dah clean pakai AVG.So ada sapa2 dekat sini boleh xplain kenapa mangkuk INDON nie masukkan URL2 ke dalam BRONTOK Virus tu...?Thanks Quote Share this post Link to post Share on other sites
pakeeza 0 Report post Posted April 19, 2006 Aku dah guna advice dalam web hijackthis/deTapi resources aku masih tinggi (370Mb).Member aku kata pasal firefox pakai memori tinggi.. tapi aku sekarang nie pakai IE pon masih tinggi lagi..Kenapa yer...Ini latest logLogfile of HijackThis v1.99.1Scan saved at 5:42:29 PM, on 4/19/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exeC:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exeC:\WINDOWS\System32\QCONSVC.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exeC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exeC:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exeC:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exeC:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exeC:\WINDOWS\system32\tp4serv.exeC:\WINDOWS\system32\TpScrLk.exeC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exeC:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exeC:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\hpnra.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\THINKV~1\AMSG\Amsg.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXEC:\Program Files\HP\HP UT\bin\hppusg.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXEC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\PENCEGAHAN\Desktop\DATA FROM LENOVO\SOFTWARE\New Folder\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitorO4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exeO4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exeO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helperO4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exeO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULERO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /trayO4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [iSUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exeO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silentO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLogO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [amsg] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exeO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXEO4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{456D9B01-2D61-4179-AAFC-AC52A3CA8001}: NameServer = 192.168.2.1,202.188.1.5O17 - HKLM\System\CCS\Services\Tcpip\..\{DC2CB442-2110-4C52-B6CC-D94F510751C4}: NameServer = 202.188.1.5,192.168.2.1O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dllO20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dllO20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dllO20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dllO23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXEO23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeO23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXEO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeO23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exeO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exeO23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exeO23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exeO23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exeWassalamualaikum Quote Share this post Link to post Share on other sites
AnNamir 61 Report post Posted April 24, 2006 •Banyak gila proses yg running kat pc ko... kalu tgk pada post ko yg mule tu, perkh... first time aku tgk log hijackthis berjela² cam ko punya...•Cube ko tgk, dlm bnyk2 servis yg running tu, kan ke banyak kemain symantec punya servis... hape la symantec ni, makan ram aje keje dia! [alternatifnya, pakailah AVG free ke... antivir ke... Serious aku cakap ni...mesti ko akn terasa ringan sikit kalau x pakai norton!]•Pastu yg ada tanda (file missing) kat ujung tu, selamat utk dibuang...yg lain² tu aku tak sempat la nak baca... Quote Share this post Link to post Share on other sites
dukun 0 Report post Posted April 24, 2006 try paste hijackthis ko kat dalam thread windows...maybe ader sape2 yg bole tulung... Quote Share this post Link to post Share on other sites