masalah virus dikomputer aku

[razor 0]

aku ade masalah sikit la tentang virus ni

aku pakai NOD32 anti virus.
so skg ni virus dalam comp aku dah duduk dalam la.
virus tu berjenama TRojen.
aku dah cube delete trojen semasa unti virus aku detec. tpi setiap kali aku on pc jee
virus tu still detect. maksud nya still ade je dalm pc aku ni..
ade sape2 yg handal x nk buang virus trojen ni.
hampeh tul la virus ni YM la ni ...entah ape dia spam kene trojen. ::icon_porc::

[johnburn 6]

Download Hijackthis, scan dan paste lognya disini.

[razor 0]

aku pon x paham ape result dia ni nah tengok sikit

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:58 PM, on 12/8/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\razor\Documents\Downloads\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: wmirpcw.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 6209 bytes


[razor 0]

bile aku open je comp dia x sudah2 akan keluar ni. kalau on pc 10kali. 10 kali la akan kuar ni .aku quarantine kan dia.sampai penuh dalam peti antivirus aku. mcm mane nk buang. comp aku dah mule menunjukkan gile2 sikit.

[johnburn 6]

Download combofix dan save ke Desktop
Offkan dahulu antivirus ko.
Tutup semua browser/windows dan double click ComboFix.exe
Pas dh siap, satu log akan dikuarkn. Paste kandungan log tersebut beserta log hijackthis yg baru sini.

[test0123 1]

O13 - Gopher Prefix:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

removed ni

[razor 0]

test0123 wrote:O13 - Gopher Prefix:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

removed ni

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:07 PM, on 12/9/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IDMan.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Windows\system32\wuauclt.exe
C:\Users\razor\Documents\Downloads\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [IDMan] C:\Users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IDMan.exe /onboot
O8 - Extra context menu item: Download all links with IDM - C:\Users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 6796 bytes

aku dah remove yg ko soh tu .
boleh tau ape kebentu bende tu. tu ke virus dia

[razor 0]

Code:

ComboFix 09-12-08.04 - razor 12/09/2009  20:00:57.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.44.1033.18.1918.1283 [GMT 8:00]
Running from: c:\users\razor\Documents\Downloads\Programs\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2009-11-09 to 2009-12-09  )))))))))))))))))))))))))))))))
.

2009-12-09 11:59 . 2009-12-09 12:00   --------   d-----w-   C:\32788R22FWJFW
2009-12-08 17:23 . 2009-12-08 17:24   198064   ----a-w-   c:\users\razor\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-12-08 17:22 . 2009-12-08 17:22   --------   d-----w-   c:\program files\Internet Download Manager
2009-12-08 17:17 . 2009-12-08 17:24   --------   d-----w-   c:\users\razor\AppData\Roaming\IDM
2009-12-08 15:54 . 2009-12-08 15:54   109072   ----a-w-   c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2009-12-08 15:54 . 2009-12-08 15:54   80400   ----a-w-   c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-08 15:53 . 2009-12-08 15:53   311312   ----a-w-   c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\6.0\klif.sys
2009-12-08 15:53 . 2009-12-08 15:53   109072   ----a-w-   c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2009-12-08 15:53 . 2009-12-08 15:53   80400   ----a-w-   c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-08 15:53 . 2009-12-08 15:53   311312   ----a-w-   c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\6.0\klif.sys
2009-12-08 15:27 . 2009-12-08 15:27   95259   ----a-w-   c:\windows\system32\drivers\klick.dat
2009-12-08 15:27 . 2009-12-08 15:27   108059   ----a-w-   c:\windows\system32\drivers\klin.dat
2009-12-08 15:27 . 2009-12-08 15:27   --------   d-----w-   c:\program files\Kaspersky Lab
2009-12-08 15:26 . 2009-12-08 15:26   --------   d-----w-   c:\programdata\Kaspersky Lab Setup Files
2009-12-08 15:12 . 2009-12-08 15:12   413696   ----a-w-   c:\programdata\Data.exe
2009-12-08 10:11 . 2009-12-08 16:54   --------   d-----w-   c:\program files\Trojan Remover
2009-12-07 15:29 . 2009-12-07 15:29   --------   d-----w-   c:\programdata\XoftSpySE
2009-12-05 07:05 . 2009-06-17 01:51   781435   ----a-w-   c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\extensions\[email protected]\Download.dll
2009-12-05 07:05 . 2009-05-07 04:49   22528   ----a-w-   c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\extensions\[email protected]\components\firedownload.dll
2009-12-05 04:09 . 2009-12-05 04:09   --------   d-----w-   c:\programdata\McAfee
2009-12-05 04:02 . 2009-12-05 04:02   --------   d-----w-   c:\programdata\McAfee Security Scan
2009-12-05 04:02 . 2009-12-06 06:49   --------   d-----w-   c:\programdata\NOS
2009-12-05 04:01 . 2009-11-06 01:20   34112   ----a-w-   c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-12-05 04:01 . 2009-11-06 01:20   32448   ----a-w-   c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-12-05 04:01 . 2009-11-06 01:20   22352   ----a-w-   c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-12-05 03:51 . 2009-12-05 04:31   --------   d-----w-   c:\users\razor\AppData\Local\HardDrive
2009-12-04 17:51 . 2009-12-04 18:18   --------   d-----w-   c:\users\razor\AppData\Roaming\TeamViewer
2009-12-04 17:51 . 2009-12-08 14:34   --------   d-----w-   c:\program files\TeamViewer
2009-12-04 17:49 . 2009-12-04 17:49   --------   d-----w-   c:\users\razor\temp
2009-12-02 14:22 . 2009-12-02 14:22   --------   d-----w-   c:\users\razor\AppData\Local\Microsoft Games
2009-11-29 15:19 . 2009-10-29 07:22   2048   ----a-w-   c:\windows\system32\tzres.dll
2009-11-20 12:24 . 2009-11-20 12:24   --------   d-----w-   c:\programdata\PopCap Games

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 11:41 . 2009-09-28 16:45   --------   d-----w-   c:\programdata\Kaspersky Lab
2009-12-09 11:41 . 2009-09-28 18:04   --------   d-----w-   c:\users\razor\AppData\Roaming\DMCache
2009-12-08 19:20 . 2009-09-28 17:49   --------   d-----w-   c:\users\razor\AppData\Roaming\Skype
2009-12-08 16:22 . 2009-09-29 12:17   --------   d-----w-   c:\users\razor\AppData\Roaming\skypePM
2009-12-08 15:09 . 2009-11-03 18:30   --------   d-----w-   c:\program files\ESET
2009-12-07 15:15 . 2009-10-12 12:32   --------   d-----w-   c:\program files\Yahoo!
2009-12-07 15:15 . 2009-11-05 05:20   --------   d-----w-   c:\users\razor\AppData\Roaming\yahoo!
2009-12-02 15:17 . 2009-10-18 15:59   --------   d-----w-   c:\program files\Java
2009-11-07 08:47 . 2009-07-13 23:40   249856   ----a-w-   c:\windows\system32\uxtheme.dll
2009-11-07 08:47 . 2009-07-13 23:39   2755072   ----a-w-   c:\windows\system32\themeui.dll
2009-11-07 08:47 . 2009-07-13 23:39   37376   ----a-w-   c:\windows\system32\themeservice.dll
2009-11-07 07:54 . 2009-11-07 07:54   --------   d-----w-   c:\program files\Intelore
2009-11-02 12:42 . 2009-10-08 12:30   195456   ------w-   c:\windows\system32\MpSigStub.exe
2009-11-01 17:34 . 2009-10-30 14:00   --------   d-----w-   c:\program files\QuickTime
2009-11-01 17:34 . 2009-11-01 17:34   --------   d-----w-   c:\programdata\Apple Computer
2009-11-01 17:33 . 2009-10-30 13:59   --------   d-----w-   c:\program files\Common Files\Apple
2009-10-31 08:57 . 2009-10-31 08:09   --------   d-----w-   c:\users\razor\AppData\Roaming\Apple Computer
2009-10-31 08:09 . 2009-10-31 08:09   --------   d-----w-   c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-31 08:08 . 2009-10-31 08:08   --------   d-----w-   c:\program files\Bonjour
2009-10-30 13:59 . 2009-10-30 13:59   --------   d-----w-   c:\program files\Apple Software Update
2009-10-30 13:59 . 2009-10-30 13:59   --------   d-----w-   c:\programdata\Apple
2009-10-25 08:41 . 2009-10-22 11:23   --------   d-----w-   c:\program files\Pamela
2009-10-22 12:20 . 2009-10-22 11:23   --------   d-----w-   c:\users\razor\AppData\Roaming\Pamela
2009-10-20 16:54 . 2009-10-20 16:54   59976   ----a-w-   c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-10-20 12:34 . 2009-10-20 12:34   219664   ----a-w-   c:\windows\system32\klogon.dll
2009-10-15 17:43 . 2009-10-02 04:52   --------   d-----w-   c:\program files\Common Files\Adobe
2009-10-15 14:05 . 2009-10-15 14:05   --------   d-----w-   c:\program files\UltraISO
2009-10-15 14:05 . 2009-10-15 14:05   --------   d-----w-   c:\program files\Common Files\EZB Systems
2009-10-14 13:18 . 2009-10-14 13:18   36880   ----a-w-   c:\windows\system32\drivers\klbg.sys
2009-10-14 10:14 . 2009-10-14 10:14   --------   d-----w-   c:\program files\MSXML 4.0
2009-10-12 12:33 . 2009-10-12 12:32   --------   d-----w-   c:\programdata\Yahoo!
2009-10-10 20:17 . 2009-10-18 15:59   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-10-05 22:53 . 2009-10-05 22:53   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2009-10-05 22:53 . 2009-10-05 22:53   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2009-10-03 12:02 . 2009-10-03 12:02   4151   ----a-w-   c:\windows\unins000.dat
2009-10-03 12:02 . 2009-10-03 12:02   794906   ----a-w-   c:\windows\unins000.exe
2009-10-02 11:39 . 2009-10-02 11:39   19472   ----a-w-   c:\windows\system32\drivers\klmouflt.sys
2009-10-02 04:46 . 2009-09-28 17:19   108824   ----a-w-   c:\users\razor\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-02 04:06 . 2009-10-20 11:59   728648   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2009-09-29 12:17 . 2009-09-29 12:17   56   ---ha-w-   c:\programdata\ezsidmv.dat
2009-09-28 23:13 . 2009-09-28 23:13   0   ----a-w-   c:\windows\ativpsrm.bin
2009-09-28 17:17 . 2009-09-28 17:17   10134   ----a-r-   c:\users\razor\AppData\Roaming\Microsoft\Installer\{37EC24B2-2E75-0AEB-F8A1-12A0C7EB5EED}\ARPPRODUCTICON.exe
2009-09-14 06:46 . 2009-09-14 06:46   21520   ----a-w-   c:\windows\system32\drivers\klim6.sys
2009-06-10 21:26 . 2009-07-14 02:04   9633792   --sha-r-   c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42   396800   --sha-w-   c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-09-24 5145912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-05 198160]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoShellSearchButto"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [9/14/2009 2:46 PM 21520]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [6/11/2009 5:18 AM 139776]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
IE: Download all links with IDM - c:\users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IEGetAll.htm
IE: Download FLV video content with IDM - c:\users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IEGetVL.htm
IE: Download with IDM - c:\users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
FF - ProfilePath - c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - component: c:\users\razor\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\extensions\[email protected]\components\firedownload.dll
FF - plugin: c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe
AddRemove-Trojan Remover_is1 - c:\program files\Trojan Remover\unins000.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\razor\AppData\Local\Temp\OREB8B5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2717906171-2582682861-1281579759-1001_Classes\CLSID\{33174568-225c-4c81-b754-1f7a7208f5f2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000122
"Therad"=dword:00000015

[HKEY_USERS\S-1-5-21-2717906171-2582682861-1281579759-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):4c,40,15,31,e4,9c,04,46,72,ef,2f,23,11,a7,2e,0d,db,80,bb,c4,20,
  af,51,22,62,17,b7,53,f3,ce,3c,96,44,f6,1d,5c,53,96,ec,18,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2009-12-09  20:09:32
ComboFix-quarantined-files.txt  2009-12-09 12:09

Pre-Run: 6,178,836,480 bytes free
Post-Run: 6,452,056,064 bytes free

- - End Of File - - A237BB156A9DC8012B0A76DBD1CF1124


aku dah fix kan dah ...

boleh bagi tunjuk aja x ape bende yg ko suruh aku buat ni.
bukn ape ..ilmu aku pasal virus ni sekadar ade virus scan pakai anti virus. kalau x ade, x ade la
kalau ade scan memanjang.

boleh kongsi2 sikit ilmu yg korg2 yg ade ni. mcm skill baru je ni.

[test0123 1]

tu virus la..kira tak sepatutnya ada dlam registry pc ko tu..
::icon_biggrin::

[razor 0]

test0123 wrote:tu virus la..kira tak sepatutnya ada dlam registry pc ko tu..
::icon_biggrin::

mcm mane nk tau kod2 pelik tu virus. aja sikit ::icon_eek::

[test0123 1]

cemana nak kata yer..aku pun bukan la pandai sangat...cuma tgk..buat compare dgn log yg ok...kekadang log file yg aku bgtaw kat sini tak semuanya betul..kekadang tu mis out jgk...heheheheh ::icon_biggrin::
membantu sekadar yg mampu...

[razor 0]

razor wrote:

test0123 wrote:tu virus la..kira tak sepatutnya ada dlam registry pc ko tu..
::icon_biggrin::

mcm mane nk tau kod2 pelik tu virus. aja sikit ::icon_eek::

heheheehe ::icon_lol:: terima ksaih

tu aku dah fix kan tu . tu result dia yg baru..
boleh tengok2 kalau2 ade ape yg x sepatutnye
skg ni bile aku open PC je ade satu file detect kat IDM aku la..dia kate
kalau ko refer pada log aku tu..ade x file yg kene delete dalm IDM aku.
atau ke kene unistall IDM semula..
IDM aku skg ni mcm ade yg x kene laaaa
mcm gile2 sikit.
aku dah uninstall dan isntall balik tpi
bile dah isntall mcm IDM aku ni x betul ..
::icon_pale:: ::icon_question::

::icon_scratch::

[test0123 1]

tgk log file ko dah ok..nak tanya awk tak on firewall ker?

[razor 0]

test0123 wrote:tgk log file ko dah ok..nak tanya awk tak on firewall ker?

firewall? aku on kan fire wall.
tpi mungkin firewall aku jenis wall kayu playwood kot.
tu yg virus dapt tembus denagn senang hati. ::icon_razz::

[bob_spc 0]

aku nak tanya anti virus apa yang elok untuk trojeng

[test0123 1]

aku promote Eset Smart Security 4 ::icon_biggrin::

[bob_spc 0]

selain daripada Eset Smart Security 4 ape lagi yang sesuai

[bob_spc 0]

selain daripada Eset Smart Security 4 ape lagi yang sesuai

[wanza 8]

Microsoft Security Essantial...klik sini

Penilaian AV Comparative baru-baru ni senaraikan MSE terbaik untuk antivirus percuma. Pastikan anda menggunakan Windows ori. Kalau tak guna, pandai-pandai la macam mana nak guna. Sebab ada genuine test.

Kalau nak lagi bagus, guna Kaspersky Internet Security untuk pengguna internet tegar. Dah 2 tahun guna, tak pernah kena virus, trojan, spyware dengan adware. Serangan daripada orang yang berniat jahat pun tak lepas. 4.5/5 aku bagi kat KIV ni.

Sepanjang aku melibatkan diri dalam dunia komputer ni, kebanyakan pengguna sanggup untuk tidak menggunakan antivirus berbayar atas alasan terpaksa mengeluarkan duit. Fungsi dan kelebihan antara edisi berbayar dan percuma jauh berbeza. Kalau yang guna antivirus percuma, janganlah nanti bising-bising kena virus la apa la. Data, maklumat, dokumen habis hilang sebab tak buat backup. Pendrive pun bersepah-sepah dengan virus. Pengalaman aku memasang dan memformat pc orang. Lain la kalo korang ada ilmu nak elakkan daripada virus walaupun guna yang percuma.

Kepada yang malas nak memformat pc berulang-ulang kali, yang nak cucuk pendrive sesiapa pun tanpa rasa bimbang, kaspersky la aku sarankan. Kadang-kadang pelik juga kedai yang menjual pc tak cadangkan kepada pengguna dengan antivirus berbayar, strategi perniagaan untuk mendapatkan duit daripada pengguna yang tidak tahu apa-apa.

[bob_spc 0]

Selepas install Microsoft Security Essantial macam mane nak remove balik sebab software ni x unistall.

[bob_spc 0]

Fail MyDocuments.scr tu ape virus ke?

[neology 0]

biasenya virus..try buat online scanning kat http://www.threatexpert.com

upload file tersebut dan tunggu result..

[test0123 1]

bob_spc wrote:Selepas install Microsoft Security Essantial macam mane nak remove balik sebab software ni x unistall.

How to Uninstall Microsoft Security Essentials