Tuan Mazwan Misbah 0 Report post Posted December 23, 2007 Bro....saya ada masalah ngan pc sy r....setiap kali kalau klik my computer...desktop ngan otomatik nya x kuar...senang cite desktop tu mcm lumpuh r.....bila check guna tune up utilities process manager...saya ada terjumpa beberapa file yg mencurigakan lah dgn extension .dll...ianya opened by mljii.ape benda ni r...n one more...masa guna process manager tu juga..saya jumpa satu folder ngan nama burn.virus ke r.....mintak tolong puteranian sume...saya akan cuba untuk upload kat korang folder ni k Share this post Link to post Share on other sites
johnburn 6 Report post Posted December 23, 2007 Sertakan skali log hijackthis Share this post Link to post Share on other sites
Tuan Mazwan Misbah 0 Report post Posted December 23, 2007 ni link untuk folder burn...xtau r jd atau x aku upload ni. www.zeronetwork.110mb.com/upload/Burn.zip ..johnburn...sebentar ye...nk install hijackthis jap.jap lagi aku paste logok john...ni log...tlg check kan Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 11:38:37 AM, on 12/24/2007Platform: Windows Vista (WinNT 6.00.1904)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\cFosSpeed\cfosspeed.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Windows\System32\rundll32.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Program Files\Aztech WL635USB Wireless B+G\TIWLANCu.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Windows\explorer.exeC:\PROGRA~1\Mozilla Firefox\firefox.exeC:\Program Files\TuneUp Utilities 2007\Integrator.exeC:\Program Files\TuneUp Utilities 2007\ProcessManager.exeC:\Windows\system32\Taskmgr.exeC:\Windows\system32\NOTEPAD.EXEF:\Setup\Other Software and Utilities\HiJackThis_v2.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\KILL_S~1\AppData\Local\Temp\hgdda.dll,#1O4 - HKCU\..\Run: [accecb76] rundll32.exe "C:\Users\KILL_S~1\AppData\Local\Temp\tnmppjqs.dll",bO4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KILL_S~1\AppData\Local\Temp\mljii.dll,cO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Aztech WL635USB Wireless B+G Utility.lnk = C:\Program Files\Aztech WL635USB Wireless B+G\TIWLANCu.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO13 - Gopher Prefix: O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dllO22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exeO23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)--End of file - 4434 bytes Share this post Link to post Share on other sites
dukun 0 Report post Posted December 23, 2007 O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\KILL_S~1\AppData\Local\Temp\hgdda.dll,#1O4 - HKCU\..\Run: [accecb76] rundll32.exe "C:\Users\KILL_S~1\AppData\Local\Temp\tnmppjqs.dll",bO4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KILL_S~1\AppData\Local\Temp\mljii.dll,cO23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)--End of file - 4434 bytesuntuk prob tu, fix yang nie dulu.. Share this post Link to post Share on other sites
Tuan Mazwan Misbah 0 Report post Posted December 23, 2007 aku dh fix n aku dh restart pc aku....ni log yg baruLogfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 12:00:51 PM, on 12/24/2007Platform: Windows Vista (WinNT 6.00.1904)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\cFosSpeed\cfosspeed.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Windows\System32\rundll32.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Windows\System32\rundll32.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Aztech WL635USB Wireless B+G\TIWLANCu.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Windows\System32\rundll32.exeC:\PROGRA~1\Mozilla Firefox\firefox.exeF:\Setup\Other Software and Utilities\HiJackThis_v2.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KILL_S~1\AppData\Local\Temp\mljii.dll,cO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Aztech WL635USB Wireless B+G Utility.lnk = C:\Program Files\Aztech WL635USB Wireless B+G\TIWLANCu.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO13 - Gopher Prefix: O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dllO22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exeO23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)--End of file - 4121 bytes Share this post Link to post Share on other sites
Geekspro 0 Report post Posted December 23, 2007 Kill ster file burn.zip tu macam takde pape pun.. Share this post Link to post Share on other sites
Tuan Mazwan Misbah 0 Report post Posted December 23, 2007 oyaka....file burn tu ada dlm windows r...xtau mcm mane bleh ada....jap ek...nk zip kan file windows skali Share this post Link to post Share on other sites
johnburn 6 Report post Posted December 23, 2007 Download Vundo Fix dan savekan ke desktop.Double-click VundoFix.exe untuk menjalankannya.Click butang Scan for Vundo.Selepas selesai proses scanning, click butang Remove Vundo.Ikuti arahan yg keluar.Sila paste C:\vundofix.txt dan log hijackthis yg baru. Share this post Link to post Share on other sites
Tuan Mazwan Misbah 0 Report post Posted December 23, 2007 Download Vundo Fix dan savekan ke desktop.Double-click VundoFix.exe untuk menjalankannya.Click butang Scan for Vundo.Selepas selesai proses scanning, click butang Remove Vundo.Ikuti arahan yg keluar.Sila paste C:\vundofix.txt dan log hijackthis yg baru.bro...utiliti ni bleh pakai ke kat vista r... Share this post Link to post Share on other sites
johnburn 6 Report post Posted December 23, 2007 Kl ikut developer die, bleh Share this post Link to post Share on other sites
Tuan Mazwan Misbah 0 Report post Posted December 23, 2007 Kl ikut developer die, blehha ok...la ni baru phase 2 Share this post Link to post Share on other sites
Tuan Mazwan Misbah 0 Report post Posted December 23, 2007 bro...mane vundotxt nya...xda pun Share this post Link to post Share on other sites
mafisto_killerz 0 Report post Posted December 23, 2007 bro...mane vundotxt nya...xda punO4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KILL_S~1\AppData\Local\Temp\mljii.dll,cO13 - Gopher Prefix:try fix 2 entry nie dulu k.. tgk apa jd. Share this post Link to post Share on other sites
Tuan Mazwan Misbah 0 Report post Posted December 23, 2007 aku dh try...tp still ada lg rada cara x kita leh buang dr regedit ke Share this post Link to post Share on other sites
dukun 0 Report post Posted December 23, 2007 buat dalam safe mode Share this post Link to post Share on other sites
Tuan Mazwan Misbah 0 Report post Posted December 23, 2007 buat dalam safe modemaksud ko ape rain...scan AV ke Share this post Link to post Share on other sites
Tuan Mazwan Misbah 0 Report post Posted December 24, 2007 hello........any solution?aku dh try buang dr system regedit...tp stil jd lg la....tolong r aku......tlggggggggggggg Share this post Link to post Share on other sites
Tuan Mazwan Misbah 0 Report post Posted December 24, 2007 Kepada yg telah membantu...terima kasih.perkara ni telah pun setel.aku dh jalankan fix yg aku perolehi dr google...tp berhati2 la kerana mljii tu merupakan spyware yg tidak kurang hebatnya. Share this post Link to post Share on other sites