Jump to content
Sign in to follow this  
Followers 0
cili

Packed.adware

By cili, in Windows

Recommended Posts

cili    0

cili
Posted

camna nak atasinya ?

apsal dah delete banyak kali pun dok ada jugak.

semuanya lepas aku d/load pdf converter dari phaze

tq

Share this post

Link to post
Share on other sites

C-Fu    0

C-Fu
Posted

camner nak atasi?

jangan gune phaze.

kalo ko kata ko still nak gune phaze gak then ako malas nak tolong, pasal prob ni akan ulang balik.

pegi download hijackthis.

http://216.180.233.162/~merijn/files/HijackThis.exe

create new folder bernama hijackthis dan download ke folder tuh, kat desktop ke.

software ni bergune untuk pakar pc check virus ke, spyware ke dalam pc ko. cara dia?

lepas download, ko run program tu. pastu scan dan save log. pastu bukak log gune notepad kalo log tu tak di-auto-bukak lepas ko save. copy dan paste SEMUA isi kandungan log tu ke sini.

Share this post

Link to post
Share on other sites

cili    0

cili
Posted

fanatik tul cfu kat hijackthis

rasa dah clear kut akhirnya

Logfile of HijackThis v1.99.1

Scan saved at 05:17:39 PM, on 10/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

C:\Program Files\palmOne\Hotsync.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\XP Pro User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe

O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe

O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Share this post

Link to post
Share on other sites

C-Fu    0

C-Fu
Posted

bukan fanatik

cuma masih ade jugak manusia yang bile ade problem, walaupon dah lame kat sini, masih buat2 dono dengan hijackthis log. perlu diulang sejuta kali KAT DEPAN MUKA DIE baru nak pos. kalo diulang kat depan muke orang lain, buat dono lak.

asal ade 2 AV? buang satu. pastu buat step dibawah. lepas HABIS buat baru ko pos log hijackthis baru.

download spybot. http://www.safer-networking.org/en/mirrors/index.html

download, UPDATE.

lepas dah update semua, bukak balik spybot. pegi menu mode>advanced mode. kat menu kiri, pegi tools. checkkan semua, so semua setting boleh kite set.

then kat menu kiri, pegi spybot>immunize. klik immunize, dan klik enable permanent blocking of bad addresses... dan block all pages silently.

pastu gi Tools>Hosts file. add spybot hosts file.

pastu scan. fix, pastu restart. pastu scan balik, takut2 ade problem balik.

Share this post

Link to post
Share on other sites

cili    0

cili
Posted

b

pastu gi Tools>Hosts file. add spybot hosts file.

pastu scan. fix, pastu restart. pastu scan balik, takut2 ade problem balik.

kalau takleh add spybot hosts file apa maknanya ?

the system cannot find the path specified.

mm...

tq

2. c-fu camna nak d/load program tanpa kena virus/adware ?

Share this post

Link to post
Share on other sites

riduwan83    3

riduwan83
Posted

kalau takleh add spybot hosts file apa maknanya ?

the system cannot find the path specified.

mm...

tq

2. c-fu camna nak d/load program tanpa kena virus/adware ?

ahhhaahah....sbln kau nrun prog tu cuba scan dulu...antivirus apa ko pakai?

Share this post

Link to post
Share on other sites

C-Fu    0

C-Fu
Posted (edited)

kalo takleh add hosts file tu

ko pegi ke sini

c:\windows\system32\drivers\etc

pastu ade tak file bernama HOSTS kat situ? kalo ade, delete. kalo takde, ko bukak notepad, pastu ko save file yang kosong isi die kat lokasi c:\windows\system32\drivers\etc dengan bernama HOSTS, tapi make sure ko pilih ALL FILES kat FILE TYPE. kirenye tanak jadi HOSTS.txt tapi nak HOSTS sahaja.

pastu add hosts.

and pos balik log hijackthis terbaru.

Edited by C-Fu

Share this post

Link to post
Share on other sites

cili    0

cili
Posted

tak leh gak c-fu

Logfile of HijackThis v1.99.1

Scan saved at 11:05:33 PM, on 19/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\palmOne\Hotsync.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\XP Pro User\Desktop\utorrent-1.5.1-beta-build-460.exe

C:\Documents and Settings\XP Pro User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\j6448322.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [A7233r] "C:\WINDOWS\j6448322.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [f3081XP ] "C:\WINDOWS\system32\s8061\zh591897284y.exe"

O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe

O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe

O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Share this post

Link to post
Share on other sites

C-Fu    0

C-Fu
Posted

O4 - HKLM\..\Run: [A7233r] "C:\WINDOWS\j6448322.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [f3081XP ] "C:\WINDOWS\system32\s8061\zh591897284y.exe"

fix pastu restart.

pastu RESTART KE SAFE MODE. dan cube buat balik hosts file tuh. dan cube add spybot hosts dalam safe mode.

Share this post

Link to post
Share on other sites

speakerz    0

speakerz
Posted

pa benda nie????tak fahamm la soryla coz tak tau apa benda pun cuma dowload ja...sila tunjuk ajar yer...

Logfile of HijackThis v1.99.1

Scan saved at 20:21:46, on 19/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

C:\PROGRA~1\MICROS~4\wcescomm.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE

C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

C:\WINDOWS\system32\CAP4RSK.EXE

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\OpenOffice.org 1.9.104\program\soffice.exe

C:\Program Files\OpenOffice.org 1.9.104\program\soffice.BIN

C:\Program Files\Apache Group\Apache2\bin\Apache.exe

C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE

C:\Program Files\Apache Group\Apache2\bin\Apache.exe

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

c:\apache\APACHE.EXE

C:\WINDOWS\system32\svchost.exe

c:\apache\APACHE.EXE

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE

C:\WINDOWS\TEMP\HC7643.EXE

C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\lrsbit\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lrsbit/operation/local_db.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = - Hello

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"

O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - Startup: OpenOffice.org 1.9.104.lnk = C:\Program Files\OpenOffice.org 1.9.104\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Canon LBP3200 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153169614546

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)

O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe (file missing)

O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing)

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)

O23 - Service: ServeDat - Unknown owner - C:\WINDOWS\system32\SERVEDAT.exe" -s -l C:\WINDOWS\system32\servedat.log (file missing)

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

Share this post

Link to post
Share on other sites

C-Fu    0

C-Fu
Posted

jangan kacau thread orang ngan hijackthis ko.

tak susah nak bukak DAN EXPLAIN prob ko kat thread baru tau tak?

Share this post

Link to post
Share on other sites

cili    0

cili
Posted (edited)

Logfile of HijackThis v1.99.1

Scan saved at 06:56:26 AM, on 22/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\XP Pro User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe

O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe

O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

dah settle yg tuh.

rupanya kena trojan downloader + brontok lak

ni result av scan lak

AntiVir PersonalEdition Classic

Report file date: Saturday, 22 July 2006 06:50

Scanning for 459303 virus strains and unwanted programs.

Licensed to: AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: XP Pro User

Computer name: PERSONAL-004424

Version informations:

AVSCAN.EXE : 7.0.0.42 557096 7/20/2006 06:25:06

AVSCAN.DLL : 7.0.0.42 53288 7/20/2006 06:25:06

LUKE.DLL : 7.0.0.42 118824 7/20/2006 06:25:07

LUKERES.DLL : 7.0.0.42 25640 7/20/2006 06:25:07

ANTIVIR0.VDF : 6.35.0.1 7371264 7/20/2006 06:25:06

ANTIVIR1.VDF : 6.35.0.168 730112 7/20/2006 06:25:06

ANTIVIR2.VDF : 6.35.0.214 147968 7/20/2006 06:25:06

ANTIVIR3.VDF : 6.35.0.228 47616 7/20/2006 06:25:06

AVEWIN32.DLL : 7.1.0.21 1552896 7/20/2006 06:25:06

AVPREF.DLL : 7.0.0.1 49192 7/20/2006 06:25:06

AVREP.DLL : 6.35.0.222 725032 7/20/2006 06:25:06

AVRPBASE.DLL : 7.0.0.0 2162728 7/20/2006 06:25:06

AVPACK32.DLL : 7.1.0.1 335912 7/20/2006 06:25:06

AVREG.DLL : 6.31.0.90 27688 7/20/2006 06:25:06

NETNT.DLL : 6.32.0.0 6696 7/20/2006 06:25:07

NETNW.DLL : 6.32.0.0 9768 7/20/2006 06:25:07

RCIMAGE.DLL : 7.0.0.71 1642536 7/20/2006 06:25:08

RCTEXT.DLL : 7.0.0.75 77864 7/20/2006 06:25:08

Configuration settings for the scan:

Jobname: '%s'.................: ShlExt

Configuration file............: C:\DOCUME~1\XPPROU~1\LOCALS~1\Temp\368da8d7.avp

Boot sectors..................: C

Scan memory...................: 1

Process scan..................: 0

Scan all files................: 2

Scan archives.................: 1

Recursion depth...............: 20

Smart extensions..............: 1

Macro heuristic...............: 1

File heuristic................: -1

Primary action................: 1

Secondary action..............: 0

Start of the scan: Saturday, 22 July 2006 06:50

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Starting the file scan:

C:\WINDOWS\SY20118\ib9573.exe

[WARNING] The file could not be opened!

C:\WINDOWS\system32\c_44832k.com

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\n8127\smss.exe

[WARNING] The file could not be opened!

C:\WINDOWS\system32\n8127\winlogon.exe

[WARNING] The file could not be opened!

C:\WINDOWS\system32\s8061\csrss.exe

[WARNING] The file could not be opened!

C:\WINDOWS\system32\s8061\lsass.exe

[WARNING] The file could not be opened!

C:\WINDOWS\system32\s8061\m9474.exe

[WARNING] The file could not be opened!

C:\WINDOWS\system32\s8061\services.exe

[WARNING] The file could not be opened!

C:\WINDOWS\system32\s8061\smss.exe

[WARNING] The file could not be opened!

C:\WINDOWS\system32\s8061\winlogon.exe

[WARNING] The file could not be opened!

C:\WINDOWS\Temp\ZLT01b65.TMP

[WARNING] The file could not be opened!

C:\WINDOWS\Temp\ZLT01b68.TMP

[WARNING] The file could not be opened!

C:\WINDOWS\XP19920\qm9474.exe

[WARNING] The file could not be opened!

End of the scan: Saturday, 22 July 2006 07:02

Used time: 11:46 min

The scan has been done completely.

690 Scanning directories

44774 Files were scanned

0 viruses and/or unwanted programs was found

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

332 Archives were scanned

23 Warnings

0 Notes

camna nak atasi ?

tq

Edited by cili

Share this post

Link to post
Share on other sites

Yondaime    0

Yondaime
Posted

C:\WINDOWS\SY20118\ib9573.exe <--- Brontok

[WARNING] The file could not be opened!

C:\WINDOWS\system32\c_44832k.com

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM

C:\WINDOWS\system32\config\SAM.LOG

C:\WINDOWS\system32\config\SECURITY

C:\WINDOWS\system32\config\SECURITY.LOG

C:\WINDOWS\system32\config\software

C:\WINDOWS\system32\config\software.LOG

C:\WINDOWS\system32\config\system

C:\WINDOWS\system32\config\system.LOG

C:\WINDOWS\system32\n8127\smss.exe <--- Brontok

C:\WINDOWS\system32\n8127\winlogon.exe <--- Brontok

C:\WINDOWS\system32\s8061\csrss.exe <--- Brontok

C:\WINDOWS\system32\s8061\lsass.exe <--- Brontok

C:\WINDOWS\system32\s8061\m9474.exe <--- Brontok

C:\WINDOWS\system32\s8061\services.exe <--- Brontok

C:\WINDOWS\system32\s8061\smss.exe <--- Brontok

C:\WINDOWS\system32\s8061\winlogon.exe <--- Brontok

C:\WINDOWS\Temp\ZLT01b65.TMP <--- Trojan

C:\WINDOWS\Temp\ZLT01b68.TMP <--- Trojan

C:\WINDOWS\XP19920\qm9474.exe <--- Brontok

Kes pecah gudang :rolleyes:

Zlob, Trojan Downloder, Brontok maybeee

Wess kalo rajin zip file diatas dan upload file tuh kat mane2 site contoh http://www.savefile.com untuk mudahkan penghantaran sampel virus kat ORG Anti Virus

To turn off Windows XP System Restore:

Disabling or enabling Windows XP System Restore

[02/06/2006] Email-Worm.Win32.Brontok.n

Version 12.0.0.10 Kaspersky Lab

Removal Tool

atau

Removal Tool dr Web

Trojan DownloaderRemoval Tool

Guna satu Anti Virus Recommend atau buang kedua2 Anti Virus tuu dan Install Kaspersky Anti Download Virus buat sementara waktu

1.Turn off System restore

2.Reboot to the "Safe mode" How to start the computer in Safe Mode

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal

Tool to reset shell\open\command registry keys

3.Show hidden files

4.Scans:

run Removal Tool

run Anti Virus Full scan

5.Cleaning TEMP folders

Download CCleaner run CCleaner (Run cleaner)

Click Issues (Scan For Issues) FIX

Share this post

Link to post
Share on other sites

cili    0

cili
Posted

ni yg latest

AntiVir PersonalEdition Classic

Report file date: Saturday, 22 July 2006 17:44

Scanning for 461813 virus strains and unwanted programs.

Licensed to: AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: XP Pro User

Computer name: PERSONAL-004424

Version informations:

AVSCAN.EXE : 7.0.0.42 557096 7/22/2006 09:21:47

AVSCAN.DLL : 7.0.0.42 53288 7/22/2006 09:21:47

LUKE.DLL : 7.0.0.42 118824 7/22/2006 09:21:48

LUKERES.DLL : 7.0.0.42 25640 7/22/2006 09:21:48

ANTIVIR0.VDF : 6.35.0.1 7371264 7/22/2006 09:21:46

ANTIVIR1.VDF : 6.35.0.168 730112 7/22/2006 09:21:46

ANTIVIR2.VDF : 6.35.0.240 226304 7/22/2006 09:21:46

ANTIVIR3.VDF : 6.35.0.242 7168 7/22/2006 09:21:46

AVEWIN32.DLL : 7.1.0.24 1556992 7/22/2006 09:21:46

AVPREF.DLL : 7.0.0.1 49192 7/22/2006 09:21:46

AVREP.DLL : 6.35.0.222 725032 7/22/2006 09:21:47

AVRPBASE.DLL : 7.0.0.0 2162728 7/22/2006 09:21:47

AVPACK32.DLL : 7.1.0.1 335912 7/22/2006 09:21:46

AVREG.DLL : 6.31.0.90 27688 7/22/2006 09:21:47

NETNT.DLL : 6.32.0.0 6696 7/22/2006 09:21:48

NETNW.DLL : 6.32.0.0 9768 7/22/2006 09:21:48

RCIMAGE.DLL : 7.0.0.71 1642536 7/22/2006 09:21:49

RCTEXT.DLL : 7.0.0.75 77864 7/22/2006 09:21:49

Configuration settings for the scan:

Jobname: '%s'.................: Local Hard Disks

Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp

Boot sectors..................: C,D,E,F

Scan memory...................: 1

Process scan..................: 1

Scan all files................: 2

Scan archives.................: 1

Recursion depth...............: 20

Smart extensions..............: 1

Macro heuristic...............: 1

File heuristic................: -1

Primary action................: 1

Secondary action..............: 0

Start of the scan: Saturday, 22 July 2006 17:44

The scan over running processes will be started

39 Processes was scanned

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'E:\'

[NOTE] No virus was found!

Boot sector 'F:\'

[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( 32 files ).

Starting the file scan:

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\LocalService\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\LocalService\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\XP Pro User\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\XP Pro User\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\XP Pro User\Application Data\Mozilla\Firefox\Profiles\wzhz4j7h.default\parent.lock

[WARNING] The file could not be opened!

C:\Documents and Settings\XP Pro User\Desktop\antivir_workstation_win7u_en_h.exe

[WARNING] The file could not be opened!

C:\Documents and Settings\XP Pro User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\XP Pro User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\CatRoot2\edb.log

[WARNING] The file could not be opened!

C:\WINDOWS\system32\CatRoot2\tmp.edb

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\fidbox.dat

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\fidbox.idx

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\fidbox2.dat

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\fidbox2.idx

[WARNING] The file could not be opened!

C:\WINDOWS\Temp\cch~10167f398c96.htp

[WARNING] The file could not be opened!

C:\WINDOWS\Temp\cch~10167fd9c1be.htp

[WARNING] The file could not be opened!

C:\WINDOWS\Temp\cch~1019f0e296c6.htp

[WARNING] The file could not be opened!

C:\WINDOWS\Temp\cch~1019f19bb22a.htp

[WARNING] The file could not be opened!

C:\WINDOWS\Temp\cch~1019f1a072da.htp

[WARNING] The file could not be opened!

C:\WINDOWS\Temp\cch~1019f25b9dae.htp

[WARNING] The file could not be opened!

C:\WINDOWS\Temp\cch~1019f2e29f4e.htp

[WARNING] The file could not be opened!

C:\WINDOWS\Temp\cch~1019f30d019e.htp

[WARNING] The file could not be opened!

C:\WINDOWS\Temp\cch~102d6b6b8bec.htp

[WARNING] The file could not be opened!

C:\WINDOWS\Temp\cch~102d6c087598.htp

[WARNING] The file could not be opened!

C:\WINDOWS\Temp\ZLT05644.TMP

[WARNING] The file could not be opened!

C:\WINDOWS\Temp\ZLT06c5e.TMP

[WARNING] The file could not be opened!

End of the scan: Saturday, 22 July 2006 18:36

Used time: 52:20 min

The scan has been done completely.

3287 Scanning directories

149609 Files were scanned

0 viruses and/or unwanted programs was found

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

831 Archives were scanned

44 Warnings

5 Notes

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...