kripkorn 1 Report post Posted December 15, 2008 oo maslaah ini bleh diselesaikan disinihttp://forums.techguy.org/malware-removal-...s-log-file.html Quote Share this post Link to post Share on other sites
kerim 0 Report post Posted December 15, 2008 (edited) QUOTE(ekin_mache @ Dec 15 2008, 10:32 PM) <{POST_SNAPBACK}>ini hasil scan from hijackthisyg ekin garis tu..yg discan superantispyware sbg trojan dns changerip yg diset tu bermula ngan 85. tux kan streamyx set dns yg teruk kot..biasa streamyx bagi dns 202.188.0.132 tuOk lah...dah terang terang IP 85.255.x.x tu memang bukan dari Mesia. Delete jer lah entry tu. Spoiler : Information related to '85.255.112.0 - 85.255.127.255'inetnum: 85.255.112.0 - 85.255.127.255netname: UkrTeleGroupdescr: UkrTeleGroup Ltd.admin-c: UA481-RIPEtech-c: UA481-RIPEcountry: UAorg: ORG-UL25-RIPEstatus: ASSIGNED PI "status:" definitionsmnt-by: RIPE-NCC-HM-PI-MNTmnt-lower: RIPE-NCC-HM-PI-MNTmnt-by: UKRTELE-MNTmnt-routes: UKRTELE-MNTmnt-domains: UKRTELE-MNTsource: RIPE # Filteredorganisation: ORG-UL25-RIPEorg-name: UkrTeleGroup Ltd.org-type: LIRaddress: UkrTeleGroup Ltd. Mechnikova 58/5 65029 Odessa Ukrainephone: +380487311011fax-no: +380487502499mnt-ref: UKRTELE-MNTmnt-ref: RIPE-NCC-HM-MNTmnt-by: RIPE-NCC-HM-MNTsource: RIPE # Filtered Edited December 15, 2008 by kerim Quote Share this post Link to post Share on other sites
NUR ASYIKIN 0 Report post Posted December 15, 2008 tolong la plez..da masuk situ semalam..tapi byk sgt tread yg nak dibaca..n malas nak register..klo pndai..tlg erkboleh ke delete..x memudaratkan ker.. Quote Share this post Link to post Share on other sites
kripkorn 1 Report post Posted December 15, 2008 QUOTE(ekin_mache @ Dec 15 2008, 10:49 PM) <{POST_SNAPBACK}>tolong la plez..da masuk situ semalam..tapi byk sgt tread yg nak dibaca..n malas nak register..klo pndai..tlg erkboleh ke delete..x memudaratkan ker..delete je, ada problem kita handle lain lak Quote Share this post Link to post Share on other sites
ICEBOX 0 Report post Posted December 15, 2008 awk...cuba awk send fully log hijackthis 2 balik....sy nak tengok yg fully punya...leh send balik x...thanks... Quote Share this post Link to post Share on other sites
NUR ASYIKIN 0 Report post Posted December 15, 2008 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user.USER-58B65B6D62\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKLM\..\Policies\Explorer\Run: [Explorer] .vbsO4 - Startup: [waran tangkap] P2P Acceleration Patch.lnk = C:\Program Files\[waran tangkap] P2P Acceleration Patch\[waran tangkap] P2P Acceleration Patch.exeO8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{A43730E8-8208-49D3-9E82-D07B6A84B126}: Domain = 202.188.0.132O17 - HKLM\System\CCS\Services\Tcpip\..\{A43730E8-8208-49D3-9E82-D07B6A84B126}: NameServer = 85.255.115.51;85.255.112.187O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Stormser - Unknown owner - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe (file missing)O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exeO23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe--End of file - 5359 bytes Quote Share this post Link to post Share on other sites
ICEBOX 0 Report post Posted December 15, 2008 nanti sy bg tahu jwpnnya....nak minta tlg kwn sy....harap2 dia balas cepat.... Quote Share this post Link to post Share on other sites
kerim 0 Report post Posted December 15, 2008 (edited) Adoi aii...dah delete ke blom?Entry nih kasi buang...O17 - HKLM\System\CCS\Services\Tcpip\..\{A43730E8-8208-49D3-9E82-D07B6A84B126}: NameServer = 85.255.115.51;85.255.112.187O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187 Edited December 15, 2008 by kerim Quote Share this post Link to post Share on other sites
kripkorn 1 Report post Posted December 15, 2008 delete je yang part ada DNS tuh, xde side effect pun Quote Share this post Link to post Share on other sites
NUR ASYIKIN 0 Report post Posted December 15, 2008 (edited) ok tq..ekin cuba dulu erk Edited December 15, 2008 by ekin_mache Quote Share this post Link to post Share on other sites
kripkorn 1 Report post Posted December 15, 2008 demo delet jah kakah tuh, pastu gak, jadi gapo2 kita pakat2 ejas molek pulok. bbendo x payoh mano ni Quote Share this post Link to post Share on other sites
ICEBOX 0 Report post Posted December 15, 2008 awk...cuba awk delete dulu ye....ikut apa yg kripkorn 2 ckp....lepas 2.....awk restart pc 2....sblm restart 2...awk disconnectedkan dulu....internet 2....lepas 2..baru awk restart..masa restart 2...jgn connectedkan...internet 2....then...bila dah restart....awk guna balik hijackthis 2.....masa awk buat hijackthis 2...jgn connected kat internet lg...bila awk dah abis buat hijackthis 2 lg skali...baru awk connected internet & postkan kat sini balik...nak tengok...kalo offline ada masalah x...hoho....Fix kan nie...kwn i suruh....nasib baik dia balas cepat...awk fixkan nie skali...lepas 2...buat lg skali...hijackthis log yg baru punya....O4 - HKLM\..\Policies\Explorer\Run: [Explorer] .vbsO4 - Startup: [waran tangkap] P2P Acceleration Patch.lnk = C:\Program Files\[waran tangkap] P2P Acceleration Patch\[waran tangkap] P2P Acceleration Patch.exe Quote Share this post Link to post Share on other sites
NUR ASYIKIN 0 Report post Posted December 15, 2008 da delete n da restart..scan balik..x berubah la..and ip tu pon still dok situ gak..waaaaaaaaaaaaaaaa Quote Share this post Link to post Share on other sites
kripkorn 1 Report post Posted December 15, 2008 QUOTE(ekin_mache @ Dec 15 2008, 11:38 PM) <{POST_SNAPBACK}>da delete n da restart..scan balik..x berubah la..and ip tu pon still dok situ gak..waaaaaaaaaaaaaaaasuh router connectla, xyah pakai PPPOE Quote Share this post Link to post Share on other sites
NUR ASYIKIN 0 Report post Posted December 15, 2008 suh router connectla, xyah pakai PPPOE ape tu x paham Quote Share this post Link to post Share on other sites
kripkorn 1 Report post Posted December 15, 2008 QUOTE(ekin_mache @ Dec 15 2008, 11:48 PM) <{POST_SNAPBACK}>suh router connectla, xyah pakai PPPOE ape tu x pahamkita ada 2 cara nak connect internet, satu set dalam router, satu lagi kita connect guna windows Quote Share this post Link to post Share on other sites
ICEBOX 0 Report post Posted December 15, 2008 (edited) dude....u terangkan 1 per 1 kat ekin_mache nie....nanti dia lg xfaham pula....cian dia...awk...dah delete ke....yg bawah nie....i tengok pun...ada virus 2....O4 - HKLM\..\Policies\Explorer\Run: [Explorer] .vbsO4 - Startup: [waran tangkap] P2P Acceleration Patch.lnk = C:\Program Files\[waran tangkap] P2P Acceleration Patch\[waran tangkap] P2P Acceleration Patch.exe Edited December 15, 2008 by ICEBOX Quote Share this post Link to post Share on other sites
NUR ASYIKIN 0 Report post Posted December 15, 2008 macam mana ..x panda la..ajar r deh..haha Quote Share this post Link to post Share on other sites
kripkorn 1 Report post Posted December 15, 2008 QUOTE(ekin_mache @ Dec 15 2008, 11:51 PM) <{POST_SNAPBACK}>macam mana ..x panda la..ajar r deh..hahatry buat yang ice ajar tuh dulu, xleh nanti kawe ajar connect guna router Quote Share this post Link to post Share on other sites
NUR ASYIKIN 0 Report post Posted December 15, 2008 yang ni da x der..O4 - HKLM\..\Policies\Explorer\Run: [Explorer] .vbsO4 - Startup: [waran tangkap] P2P Acceleration Patch.lnk = C:\Program Files\[waran tangkap] P2P Acceleration Patch\[waran tangkap] P2P Acceleration Patch.exetapi tcp/ip tu x ilang lagidegil tol..guna clorox pon x lang ..hha Quote Share this post Link to post Share on other sites
ICEBOX 0 Report post Posted December 15, 2008 mcm nie awk....kalo awk nak fix 2...awk cuma tick yg mana ada masalah 2 je....apa yg kripkorn 2 ckp....yg 2...awk tick juga....yg sy ckpkan 2 juga..awk tick juga...lepas 2...awk tekan button fix 2...ok.....jgn gelabah....nanti..kwn2 kat sini akan cuba tlg awk...ok.. Quote Share this post Link to post Share on other sites
NUR ASYIKIN 0 Report post Posted December 15, 2008 x per..ekin cuba jer ..tq pada yg sudi tlg Quote Share this post Link to post Share on other sites
ICEBOX 0 Report post Posted December 15, 2008 (edited) owh..baguslah...lor..gitu pula....yg 2 masih ada ye....awk...nie knp file missing nie...awk ada uninstall software nie ye....awk guna anti virus apa skrang nie....kalo awk guna kaspersky internet security....mesti dia detect masalah2 2...O23 - Service: Stormser - Unknown owner - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe (file missing)O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)welcome....kripkorn....u ada idea lg xnak tangani masalah nie.... Edited December 15, 2008 by ICEBOX Quote Share this post Link to post Share on other sites
NUR ASYIKIN 0 Report post Posted December 15, 2008 x tau ler..kasperky ari tu da pakai..tapi dia x leh nak update..so ekin tukar pakai avast..da lama pakai avast..tapi virus masuk gak..ari tu try trend micro..skang pakai malwarebytes ngan superantispyware jer..yg tu je pon leh detect virus ni Quote Share this post Link to post Share on other sites
ICEBOX 0 Report post Posted December 15, 2008 kalo antivirus avira 2....dah cuba ke....avast xkuat...malwarebytes ngan superantispyware 2...update xfile2nya.... Quote Share this post Link to post Share on other sites
