cili 0 Report post Posted July 6, 2006 camna nak atasinya ?apsal dah delete banyak kali pun dok ada jugak.semuanya lepas aku d/load pdf converter dari phaze tq Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted July 7, 2006 camner nak atasi?jangan gune phaze.kalo ko kata ko still nak gune phaze gak then ako malas nak tolong, pasal prob ni akan ulang balik.pegi download hijackthis. http://216.180.233.162/~merijn/files/HijackThis.execreate new folder bernama hijackthis dan download ke folder tuh, kat desktop ke.software ni bergune untuk pakar pc check virus ke, spyware ke dalam pc ko. cara dia?lepas download, ko run program tu. pastu scan dan save log. pastu bukak log gune notepad kalo log tu tak di-auto-bukak lepas ko save. copy dan paste SEMUA isi kandungan log tu ke sini. Quote Share this post Link to post Share on other sites
cili 0 Report post Posted July 10, 2006 fanatik tul cfu kat hijackthisrasa dah clear kut akhirnyaLogfile of HijackThis v1.99.1Scan saved at 05:17:39 PM, on 10/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Cyberlink\Shared files\RichVideo.exeC:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeD:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Common Files\DataViz\DvzIncMsgr.exeC:\Program Files\palmOne\Hotsync.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Documents and Settings\XP Pro User\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exeO4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exeO4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exeO4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exeO4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEO8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted July 10, 2006 bukan fanatikcuma masih ade jugak manusia yang bile ade problem, walaupon dah lame kat sini, masih buat2 dono dengan hijackthis log. perlu diulang sejuta kali KAT DEPAN MUKA DIE baru nak pos. kalo diulang kat depan muke orang lain, buat dono lak.asal ade 2 AV? buang satu. pastu buat step dibawah. lepas HABIS buat baru ko pos log hijackthis baru.download spybot. http://www.safer-networking.org/en/mirrors/index.htmldownload, UPDATE.lepas dah update semua, bukak balik spybot. pegi menu mode>advanced mode. kat menu kiri, pegi tools. checkkan semua, so semua setting boleh kite set.then kat menu kiri, pegi spybot>immunize. klik immunize, dan klik enable permanent blocking of bad addresses... dan block all pages silently.pastu gi Tools>Hosts file. add spybot hosts file.pastu scan. fix, pastu restart. pastu scan balik, takut2 ade problem balik. Quote Share this post Link to post Share on other sites
cili 0 Report post Posted July 16, 2006 bpastu gi Tools>Hosts file. add spybot hosts file.pastu scan. fix, pastu restart. pastu scan balik, takut2 ade problem balik.kalau takleh add spybot hosts file apa maknanya ?the system cannot find the path specified.mm...tq2. c-fu camna nak d/load program tanpa kena virus/adware ? Quote Share this post Link to post Share on other sites
riduwan83 3 Report post Posted July 16, 2006 kalau takleh add spybot hosts file apa maknanya ?the system cannot find the path specified.mm...tq2. c-fu camna nak d/load program tanpa kena virus/adware ?ahhhaahah....sbln kau nrun prog tu cuba scan dulu...antivirus apa ko pakai? Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted July 18, 2006 (edited) kalo takleh add hosts file tuko pegi ke sinic:\windows\system32\drivers\etcpastu ade tak file bernama HOSTS kat situ? kalo ade, delete. kalo takde, ko bukak notepad, pastu ko save file yang kosong isi die kat lokasi c:\windows\system32\drivers\etc dengan bernama HOSTS, tapi make sure ko pilih ALL FILES kat FILE TYPE. kirenye tanak jadi HOSTS.txt tapi nak HOSTS sahaja.pastu add hosts.and pos balik log hijackthis terbaru. Edited July 18, 2006 by C-Fu Quote Share this post Link to post Share on other sites
cili 0 Report post Posted July 19, 2006 tak leh gak c-fuLogfile of HijackThis v1.99.1Scan saved at 11:05:33 PM, on 19/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Cyberlink\Shared files\RichVideo.exeC:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exeC:\WINDOWS\system32\wscntfy.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeD:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\palmOne\Hotsync.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Documents and Settings\XP Pro User\Desktop\utorrent-1.5.1-beta-build-460.exeC:\Documents and Settings\XP Pro User\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\j6448322.exeO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dllO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [A7233r] "C:\WINDOWS\j6448322.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [f3081XP ] "C:\WINDOWS\system32\s8061\zh591897284y.exe"O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exeO4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exeO4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exeO4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exeO4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEO8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exeO23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted July 20, 2006 O4 - HKLM\..\Run: [A7233r] "C:\WINDOWS\j6448322.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [f3081XP ] "C:\WINDOWS\system32\s8061\zh591897284y.exe"fix pastu restart.pastu RESTART KE SAFE MODE. dan cube buat balik hosts file tuh. dan cube add spybot hosts dalam safe mode. Quote Share this post Link to post Share on other sites
speakerz 0 Report post Posted July 20, 2006 pa benda nie????tak fahamm la soryla coz tak tau apa benda pun cuma dowload ja...sila tunjuk ajar yer...Logfile of HijackThis v1.99.1Scan saved at 20:21:46, on 19/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exeC:\PROGRA~1\MICROS~4\wcescomm.exeC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXEC:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exeC:\WINDOWS\system32\CAP4RSK.EXEC:\PROGRA~1\MICROS~4\rapimgr.exeC:\Program Files\OpenOffice.org 1.9.104\program\soffice.exeC:\Program Files\OpenOffice.org 1.9.104\program\soffice.BINC:\Program Files\Apache Group\Apache2\bin\Apache.exeC:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXEC:\Program Files\Apache Group\Apache2\bin\Apache.exeC:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exec:\apache\APACHE.EXEC:\WINDOWS\system32\svchost.exec:\apache\APACHE.EXEC:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exeC:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXEC:\WINDOWS\TEMP\HC7643.EXEC:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\lrsbit\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lrsbit/operation/local_db.phpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = - HelloR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dllF2 - REG:system.ini: Shell=explorer.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dllO3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindowO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorunO4 - Startup: OpenOffice.org 1.9.104.lnk = C:\Program Files\OpenOffice.org 1.9.104\program\quickstart.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Canon LBP3200 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXEO4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exeO8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTMLO8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153169614546O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe (file missing)O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing)O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exeO23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exeO23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)O23 - Service: ServeDat - Unknown owner - C:\WINDOWS\system32\SERVEDAT.exe" -s -l C:\WINDOWS\system32\servedat.log (file missing)O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted July 21, 2006 jangan kacau thread orang ngan hijackthis ko.tak susah nak bukak DAN EXPLAIN prob ko kat thread baru tau tak? Quote Share this post Link to post Share on other sites
cili 0 Report post Posted July 21, 2006 (edited) Logfile of HijackThis v1.99.1Scan saved at 06:56:26 AM, on 22/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Cyberlink\Shared files\RichVideo.exeC:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exeC:\WINDOWS\system32\wscntfy.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeD:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Common Files\DataViz\DvzIncMsgr.exeC:\Program Files\palmOne\Hotsync.exeC:\Program Files\AntiVir PersonalEdition Classic\avscan.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Documents and Settings\XP Pro User\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dllO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exeO4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exeO4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exeO4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exeO4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEO8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exeO23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exedah settle yg tuh.rupanya kena trojan downloader + brontok lakni result av scan lakAntiVir PersonalEdition ClassicReport file date: Saturday, 22 July 2006 06:50Scanning for 459303 virus strains and unwanted programs.Licensed to: AntiVir PersonalEdition ClassicSerial number: 0000149996-WURGE-0001Platform: Windows XPWindows version: (Service Pack 2) [5.1.2600]Username: XP Pro UserComputer name: PERSONAL-004424Version informations:AVSCAN.EXE : 7.0.0.42 557096 7/20/2006 06:25:06AVSCAN.DLL : 7.0.0.42 53288 7/20/2006 06:25:06LUKE.DLL : 7.0.0.42 118824 7/20/2006 06:25:07LUKERES.DLL : 7.0.0.42 25640 7/20/2006 06:25:07ANTIVIR0.VDF : 6.35.0.1 7371264 7/20/2006 06:25:06ANTIVIR1.VDF : 6.35.0.168 730112 7/20/2006 06:25:06ANTIVIR2.VDF : 6.35.0.214 147968 7/20/2006 06:25:06ANTIVIR3.VDF : 6.35.0.228 47616 7/20/2006 06:25:06AVEWIN32.DLL : 7.1.0.21 1552896 7/20/2006 06:25:06AVPREF.DLL : 7.0.0.1 49192 7/20/2006 06:25:06AVREP.DLL : 6.35.0.222 725032 7/20/2006 06:25:06AVRPBASE.DLL : 7.0.0.0 2162728 7/20/2006 06:25:06AVPACK32.DLL : 7.1.0.1 335912 7/20/2006 06:25:06AVREG.DLL : 6.31.0.90 27688 7/20/2006 06:25:06NETNT.DLL : 6.32.0.0 6696 7/20/2006 06:25:07NETNW.DLL : 6.32.0.0 9768 7/20/2006 06:25:07RCIMAGE.DLL : 7.0.0.71 1642536 7/20/2006 06:25:08RCTEXT.DLL : 7.0.0.75 77864 7/20/2006 06:25:08Configuration settings for the scan:Jobname: '%s'.................: ShlExtConfiguration file............: C:\DOCUME~1\XPPROU~1\LOCALS~1\Temp\368da8d7.avpBoot sectors..................: CScan memory...................: 1Process scan..................: 0Scan all files................: 2Scan archives.................: 1Recursion depth...............: 20Smart extensions..............: 1Macro heuristic...............: 1File heuristic................: -1Primary action................: 1Secondary action..............: 0Start of the scan: Saturday, 22 July 2006 06:50Start scanning boot sectors:Boot sector 'C:\' [NOTE] No virus was found!Starting the file scan:C:\WINDOWS\SY20118\ib9573.exe [WARNING] The file could not be opened!C:\WINDOWS\system32\c_44832k.com [WARNING] The file could not be opened!C:\WINDOWS\system32\config\default [WARNING] The file could not be opened!C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened!C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened!C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened!C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened!C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened!C:\WINDOWS\system32\config\software [WARNING] The file could not be opened!C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened!C:\WINDOWS\system32\config\system [WARNING] The file could not be opened!C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened!C:\WINDOWS\system32\n8127\smss.exe [WARNING] The file could not be opened!C:\WINDOWS\system32\n8127\winlogon.exe [WARNING] The file could not be opened!C:\WINDOWS\system32\s8061\csrss.exe [WARNING] The file could not be opened!C:\WINDOWS\system32\s8061\lsass.exe [WARNING] The file could not be opened!C:\WINDOWS\system32\s8061\m9474.exe [WARNING] The file could not be opened!C:\WINDOWS\system32\s8061\services.exe [WARNING] The file could not be opened!C:\WINDOWS\system32\s8061\smss.exe [WARNING] The file could not be opened!C:\WINDOWS\system32\s8061\winlogon.exe [WARNING] The file could not be opened!C:\WINDOWS\Temp\ZLT01b65.TMP [WARNING] The file could not be opened!C:\WINDOWS\Temp\ZLT01b68.TMP [WARNING] The file could not be opened!C:\WINDOWS\XP19920\qm9474.exe [WARNING] The file could not be opened!End of the scan: Saturday, 22 July 2006 07:02Used time: 11:46 minThe scan has been done completely. 690 Scanning directories 44774 Files were scanned 0 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 332 Archives were scanned 23 Warnings 0 Notescamna nak atasi ?tq Edited July 21, 2006 by cili Quote Share this post Link to post Share on other sites
Yondaime 0 Report post Posted July 22, 2006 C:\WINDOWS\SY20118\ib9573.exe <--- Brontok [WARNING] The file could not be opened!C:\WINDOWS\system32\c_44832k.com [WARNING] The file could not be opened!C:\WINDOWS\system32\config\default [WARNING] The file could not be opened!C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened!C:\WINDOWS\system32\config\SAMC:\WINDOWS\system32\config\SAM.LOGC:\WINDOWS\system32\config\SECURITYC:\WINDOWS\system32\config\SECURITY.LOGC:\WINDOWS\system32\config\softwareC:\WINDOWS\system32\config\software.LOGC:\WINDOWS\system32\config\systemC:\WINDOWS\system32\config\system.LOGC:\WINDOWS\system32\n8127\smss.exe <--- Brontok C:\WINDOWS\system32\n8127\winlogon.exe <--- Brontok C:\WINDOWS\system32\s8061\csrss.exe <--- BrontokC:\WINDOWS\system32\s8061\lsass.exe <--- Brontok C:\WINDOWS\system32\s8061\m9474.exe <--- BrontokC:\WINDOWS\system32\s8061\services.exe <--- BrontokC:\WINDOWS\system32\s8061\smss.exe <--- BrontokC:\WINDOWS\system32\s8061\winlogon.exe <--- BrontokC:\WINDOWS\Temp\ZLT01b65.TMP <--- TrojanC:\WINDOWS\Temp\ZLT01b68.TMP <--- TrojanC:\WINDOWS\XP19920\qm9474.exe <--- BrontokKes pecah gudang Zlob, Trojan Downloder, Brontok maybeeeWess kalo rajin zip file diatas dan upload file tuh kat mane2 site contoh http://www.savefile.com untuk mudahkan penghantaran sampel virus kat ORG Anti Virus To turn off Windows XP System Restore:Disabling or enabling Windows XP System Restore[02/06/2006] Email-Worm.Win32.Brontok.n Version 12.0.0.10 Kaspersky LabRemoval Tool atau Removal Tool dr WebTrojan DownloaderRemoval ToolGuna satu Anti Virus Recommend atau buang kedua2 Anti Virus tuu dan Install Kaspersky Anti Download Virus buat sementara waktu1.Turn off System restore2.Reboot to the "Safe mode" How to start the computer in Safe ModeNote: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removalTool to reset shell\open\command registry keys3.Show hidden files4.Scans:run Removal Toolrun Anti Virus Full scan 5.Cleaning TEMP foldersDownload CCleaner run CCleaner (Run cleaner)Click Issues (Scan For Issues) FIX Quote Share this post Link to post Share on other sites
cili 0 Report post Posted July 22, 2006 mm.. tqrasa dah clear kot. tapi camna nak confirm dah clear ? Quote Share this post Link to post Share on other sites
Yondaime 0 Report post Posted July 22, 2006 Kalau ko ade download Brontok Removal dlm folder KLWK ade SETASSOC Registration Entries [Registry] ko click file SETASSOC dan lepas tu download autoexec.bat dan click file autoexec.bat Quote Share this post Link to post Share on other sites
cili 0 Report post Posted July 22, 2006 ni yg latestAntiVir PersonalEdition ClassicReport file date: Saturday, 22 July 2006 17:44Scanning for 461813 virus strains and unwanted programs.Licensed to: AntiVir PersonalEdition ClassicSerial number: 0000149996-WURGE-0001Platform: Windows XPWindows version: (Service Pack 2) [5.1.2600]Username: XP Pro UserComputer name: PERSONAL-004424Version informations:AVSCAN.EXE : 7.0.0.42 557096 7/22/2006 09:21:47AVSCAN.DLL : 7.0.0.42 53288 7/22/2006 09:21:47LUKE.DLL : 7.0.0.42 118824 7/22/2006 09:21:48LUKERES.DLL : 7.0.0.42 25640 7/22/2006 09:21:48ANTIVIR0.VDF : 6.35.0.1 7371264 7/22/2006 09:21:46ANTIVIR1.VDF : 6.35.0.168 730112 7/22/2006 09:21:46ANTIVIR2.VDF : 6.35.0.240 226304 7/22/2006 09:21:46ANTIVIR3.VDF : 6.35.0.242 7168 7/22/2006 09:21:46AVEWIN32.DLL : 7.1.0.24 1556992 7/22/2006 09:21:46AVPREF.DLL : 7.0.0.1 49192 7/22/2006 09:21:46AVREP.DLL : 6.35.0.222 725032 7/22/2006 09:21:47AVRPBASE.DLL : 7.0.0.0 2162728 7/22/2006 09:21:47AVPACK32.DLL : 7.1.0.1 335912 7/22/2006 09:21:46AVREG.DLL : 6.31.0.90 27688 7/22/2006 09:21:47NETNT.DLL : 6.32.0.0 6696 7/22/2006 09:21:48NETNW.DLL : 6.32.0.0 9768 7/22/2006 09:21:48RCIMAGE.DLL : 7.0.0.71 1642536 7/22/2006 09:21:49RCTEXT.DLL : 7.0.0.75 77864 7/22/2006 09:21:49Configuration settings for the scan:Jobname: '%s'.................: Local Hard DisksConfiguration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avpBoot sectors..................: C,D,E,FScan memory...................: 1Process scan..................: 1Scan all files................: 2Scan archives.................: 1Recursion depth...............: 20Smart extensions..............: 1Macro heuristic...............: 1File heuristic................: -1Primary action................: 1Secondary action..............: 0Start of the scan: Saturday, 22 July 2006 17:44The scan over running processes will be started39 Processes was scannedStart scanning boot sectors:Boot sector 'C:\' [NOTE] No virus was found!Boot sector 'D:\' [NOTE] No virus was found!Boot sector 'E:\' [NOTE] No virus was found!Boot sector 'F:\' [NOTE] No virus was found!Starting to scan the registry.The registry was scanned ( 32 files ).Starting the file scan:C:\hiberfil.sys [WARNING] The file could not be opened!C:\pagefile.sys [WARNING] The file could not be opened!C:\Documents and Settings\LocalService\NTUSER.DAT [WARNING] The file could not be opened!C:\Documents and Settings\LocalService\ntuser.dat.LOG [WARNING] The file could not be opened!C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened!C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened!C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened!C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened!C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened!C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened!C:\Documents and Settings\XP Pro User\NTUSER.DAT [WARNING] The file could not be opened!C:\Documents and Settings\XP Pro User\ntuser.dat.LOG [WARNING] The file could not be opened!C:\Documents and Settings\XP Pro User\Application Data\Mozilla\Firefox\Profiles\wzhz4j7h.default\parent.lock [WARNING] The file could not be opened!C:\Documents and Settings\XP Pro User\Desktop\antivir_workstation_win7u_en_h.exe [WARNING] The file could not be opened!C:\Documents and Settings\XP Pro User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened!C:\Documents and Settings\XP Pro User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened!C:\WINDOWS\system32\CatRoot2\edb.log [WARNING] The file could not be opened!C:\WINDOWS\system32\CatRoot2\tmp.edb [WARNING] The file could not be opened!C:\WINDOWS\system32\config\default [WARNING] The file could not be opened!C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened!C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened!C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened!C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened!C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened!C:\WINDOWS\system32\config\software [WARNING] The file could not be opened!C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened!C:\WINDOWS\system32\config\system [WARNING] The file could not be opened!C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened!C:\WINDOWS\system32\drivers\fidbox.dat [WARNING] The file could not be opened!C:\WINDOWS\system32\drivers\fidbox.idx [WARNING] The file could not be opened!C:\WINDOWS\system32\drivers\fidbox2.dat [WARNING] The file could not be opened!C:\WINDOWS\system32\drivers\fidbox2.idx [WARNING] The file could not be opened!C:\WINDOWS\Temp\cch~10167f398c96.htp [WARNING] The file could not be opened!C:\WINDOWS\Temp\cch~10167fd9c1be.htp [WARNING] The file could not be opened!C:\WINDOWS\Temp\cch~1019f0e296c6.htp [WARNING] The file could not be opened!C:\WINDOWS\Temp\cch~1019f19bb22a.htp [WARNING] The file could not be opened!C:\WINDOWS\Temp\cch~1019f1a072da.htp [WARNING] The file could not be opened!C:\WINDOWS\Temp\cch~1019f25b9dae.htp [WARNING] The file could not be opened!C:\WINDOWS\Temp\cch~1019f2e29f4e.htp [WARNING] The file could not be opened!C:\WINDOWS\Temp\cch~1019f30d019e.htp [WARNING] The file could not be opened!C:\WINDOWS\Temp\cch~102d6b6b8bec.htp [WARNING] The file could not be opened!C:\WINDOWS\Temp\cch~102d6c087598.htp [WARNING] The file could not be opened!C:\WINDOWS\Temp\ZLT05644.TMP [WARNING] The file could not be opened!C:\WINDOWS\Temp\ZLT06c5e.TMP [WARNING] The file could not be opened!End of the scan: Saturday, 22 July 2006 18:36Used time: 52:20 minThe scan has been done completely. 3287 Scanning directories 149609 Files were scanned 0 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 831 Archives were scanned 44 Warnings 5 Notes Quote Share this post Link to post Share on other sites
Yondaime 0 Report post Posted July 22, 2006 LOG Clean Try Online Scan kalo nak keputusan yg memuaskan dan check takot ade bende lain Kaspersky Online Scanner dan download SmitFraudFix ikut arahan dlm web tu nak buang anasir luar..SmitFraudFix v* (WinXP, Win2K)Kalo nak tau ade tak infect lg brontok tuh ko click file SETASSOC td dier akan reboot pc sbb Registry Disable dan perlu fix Quote Share this post Link to post Share on other sites