frostmourne 1 Report post Posted June 13, 2007 assalamualaikum dan salam sejahtera..aku rasa ada sypware dalam pc aku ni.. bila aku bukak internet explorer, secara automatik internet explorer aku tu akan terbuka 2 tab.. satu tab yang terbuka dengan sendirinya tu keluar search engine ntah apa ntah..so, harap rakan2 dapat solvekan problem aku ni.. ni log hijackthis pc aku ni..Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 11:02:38 AM, on 6/13/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\HandyCafe\Client\_hndguard.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\HandyCafe\Client\hndclient.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\HANDYC~1\Client\hndfw.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exeC:\Documents and Settings\All Users\Documents\HiJackThis_v2.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [hndclient] C:\Program Files\HandyCafe\Client\_hndguard.exe -rungrdO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176213325000O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{58BB2F8F-6B0D-41D9-9D86-19DA97670E4A}: NameServer = 202.188.0.133,202.188.1.5O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE--End of file - 5201 bytes Quote Share this post Link to post Share on other sites
Adil 0 Report post Posted June 13, 2007 Hang try delete yg kaler merah tu:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [hndclient] C:\Program Files\HandyCafe\Client\_hndguard.exe -rungrdO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176213325000O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{58BB2F8F-6B0D-41D9-9D86-19DA97670E4A}: NameServer = 202.188.0.133,202.188.1.5O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXEkalo xleh gak. hang scan lagi hijackthis pastu paste lg kat sini... Quote Share this post Link to post Share on other sites
frostmourne 1 Report post Posted June 13, 2007 hurm.. thanks..tapi, aku ada sedikit keraguan tentang beberapa file yg ko suruh aku delete tu.. contohnya :O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllyg ni bukan ke spybot : search & destroy?O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class)yg ni bukan ke e-games (o2jam) punye file..?kalau aku delete yg tu takde effect ape2 ke pada software yg aku guna tuh?? Quote Share this post Link to post Share on other sites
TonikCapGajah2013 175 Report post Posted June 13, 2007 (edited) cuba install dan run Trojan Guarder.http://rapidshare.com/files/36860974/Troja...old_v7.zip.html Edited June 13, 2007 by PowerRootTongkatAli_GS Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted June 13, 2007 Hang try delete yg kaler merah tu:kalo xleh gak. hang scan lagi hijackthis pastu paste lg kat sini...Jangan delete gitu je..terutamenye kat bahagian 010 tu, LSP (Layered Service Provider). Silap2, ko takleh access tenetO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll >> Microsoft Client Services untuk Netware Quote Share this post Link to post Share on other sites
frostmourne 1 Report post Posted June 13, 2007 @PowerRootTongkatAli_GSaku dah guna software yg ko kasi tu dan software tu detect satu virus.. dah padam..tapi, masalah yang aku cakap kat atas tu masih ada.. bila bkak internet explorer still kluar dua tab, tab yang terkeluar sendiri tu keluar search engine FireSearch..*software yg ko kasi tu macam best jek.. berat tak pc kalau guna software tu..? sbb aku nak guna kat pc2 client kat cc aku ni.. maybe software tu membantu.. ada apa2 pandangan tak?@johnburn..habis tu mana satu yang aku nak padam..ni scan log hijackthis terbaru selepas guna software yang PowerRootTongkatAli_GS kasi kat atas niLogfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 2:27:19 PM, on 6/13/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\HandyCafe\Client\_hndguard.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\HandyCafe\Client\hndclient.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\HANDYC~1\Client\hndfw.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\Documents and Settings\All Users\Documents\HiJackThis_v2.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [hndclient] C:\Program Files\HandyCafe\Client\_hndguard.exe -rungrdO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176213325000O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{58BB2F8F-6B0D-41D9-9D86-19DA97670E4A}: NameServer = 202.188.0.133,202.188.1.5O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 5179 bytes Quote Share this post Link to post Share on other sites
Tuan Mazwan Misbah 0 Report post Posted June 13, 2007 O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176213325000O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{58BB2F8F-6B0D-41D9-9D86-19DA97670E4A}: NameServer = 202.188.0.133,202.188.1.5O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeJOHN...YG AKU HIGHLIGHT WARNA MERAH NI APE R. Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted June 14, 2007 frostmourneKo da uninstall ke Ad Aware ngan Spybot S&D? Dlm log pertame ade, log kedua da takde.Aku cadangkan baik ko install balik dua2 s/w tu, update dan wat full scan..Jika masih ade masalah:Sila download ComboFix nih, dan save kan ke desktop ko. Pastu ko jlnkan aplikasi nih dan ikut arahannye..Pastu, ko paste log combofix nih sini ngan log hijackThis baru..PENTING:1. Save dan jlnkn comboFix dr desktop.2. Jngn click sesuke hati kat windows comboFix nih time yer tengah jalan, nnt hang lak program nih.. ************************************************Kill_steRO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll010 >> LSP (Layered Service Provider)Untuk log ni, nwprovau.dll >> Microsoft Client Services untuk NetwareO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll022 >> [url\http://www.bleepingcomputer.com/tutorials/tutorial42.html#O22Diag]SharedTaskSchedulerUntuk log ni, browseui.dll >> Microsoft Shell Browser UI Library Quote Share this post Link to post Share on other sites
frostmourne 1 Report post Posted June 14, 2007 aku takde uninstall pun ad-aware dgn spybot tu.. camne bleh takde plak..??ape2 pon aku try guna combofix tu dulu..thanks.. nanti aku inform kat sini balik. Quote Share this post Link to post Share on other sites
frostmourne 1 Report post Posted June 14, 2007 (edited) ok.. aku dah guna ComboFix tu dan dier detect something dan buang mende tu..bile aku test bkak internet explorer tab yang kedua tu dah tak kluar.. maybe dah takde kot..anyway, thanks kepada semua kerana sudi membantu.. cuma satu soalan aku tak terjawab lagi ni, trojan guader tu sesuai tak kalau aku install kat semua pc client kat cc aku ni..? berat tak? ni plak log hijackthis terbaru setelah aku menggunakan ComboFix tuh:Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 7:19:48 PM, on 6/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\HandyCafe\Client\_hndguard.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\HandyCafe\Client\hndclient.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\HANDYC~1\Client\hndfw.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Spybot - Search & Destroy\SpybotSD.exeC:\Documents and Settings\All Users\Documents\HiJackThis_v2.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.leeman-automatisering.nl/startpaginaR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [hndclient] C:\Program Files\HandyCafe\Client\_hndguard.exe -rungrdO4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176213325000O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{58BB2F8F-6B0D-41D9-9D86-19DA97670E4A}: NameServer = 202.188.0.133,202.188.1.5O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 5122 bytes Edited June 14, 2007 by frostmourne Quote Share this post Link to post Share on other sites
Tuan Mazwan Misbah 0 Report post Posted June 14, 2007 frostmourneKo da uninstall ke Ad Aware ngan Spybot S&D? Dlm log pertame ade, log kedua da takde.Aku cadangkan baik ko install balik dua2 s/w tu, update dan wat full scan..Jika masih ade masalah:Sila download ComboFix nih, dan save kan ke desktop ko. Pastu ko jlnkan aplikasi nih dan ikut arahannye..Pastu, ko paste log combofix nih sini ngan log hijackThis baru..PENTING:1. Save dan jlnkn comboFix dr desktop.2. Jngn click sesuke hati kat windows comboFix nih time yer tengah jalan, nnt hang lak program nih.. ************************************************Kill_steR010 >> LSP (Layered Service Provider)Untuk log ni, nwprovau.dll >> Microsoft Client Services untuk Netware022 >> [url\http://www.bleepingcomputer.com/tutorials/tutorial42.html#O22Diag]SharedTaskSchedulerUntuk log ni, browseui.dll >> Microsoft Shell Browser UI Libraryha ok.fhm dah.tq Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted June 14, 2007 ok.. aku dah guna ComboFix tu dan dier detect something dan buang mende tu..bile aku test bkak internet explorer tab yang kedua tu dah tak kluar.. maybe dah takde kot..anyway, thanks kepada semua kerana sudi membantu.. cuma satu soalan aku tak terjawab lagi ni, trojan guader tu sesuai tak kalau aku install kat semua pc client kat cc aku ni..? berat tak? ni plak log hijackthis terbaru setelah aku menggunakan ComboFix tuh:Bleh tak ko paste log comboFix kat sini? Quote Share this post Link to post Share on other sites
Impreza_2004 0 Report post Posted June 15, 2007 try spycatcher express 2006 .. Quote Share this post Link to post Share on other sites
snurf 0 Report post Posted June 17, 2007 so far i'm preferred to SmitFraudFixtry to search from google and download it.. Quote Share this post Link to post Share on other sites
xtreme_paranoid 0 Report post Posted June 17, 2007 skang nih da ade Ad-Aware 2007..free jerk.yg pro version pon ade tp kene bayar try cari ngan google or kat download.comaku amik kat download.com..free versionspeed die scan lg laju dr yg dulu.. http://www.download.com/Ad-Aware-SE-Personal-Edition Quote Share this post Link to post Share on other sites