razor 0 Report post Posted December 8, 2009 aku ade masalah sikit la tentang virus niaku pakai NOD32 anti virus.so skg ni virus dalam comp aku dah duduk dalam la.virus tu berjenama TRojen.aku dah cube delete trojen semasa unti virus aku detec. tpi setiap kali aku on pc jeevirus tu still detect. maksud nya still ade je dalm pc aku ni..ade sape2 yg handal x nk buang virus trojen ni.hampeh tul la virus ni YM la ni ...entah ape dia spam kene trojen. ::icon_porc:: Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted December 8, 2009 Download Hijackthis, scan dan paste lognya disini. Quote Share this post Link to post Share on other sites
razor 0 Report post Posted December 8, 2009 aku pon x paham ape result dia ni nah tengok sikit Code:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:22:58 PM, on 12/8/2009Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Windows\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\razor\Documents\Downloads\Programs\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLLO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /bootO4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - Startup: wmirpcw.exeO8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe--End of file - 6209 bytes Quote Share this post Link to post Share on other sites
razor 0 Report post Posted December 8, 2009 bile aku open je comp dia x sudah2 akan keluar ni. kalau on pc 10kali. 10 kali la akan kuar ni .aku quarantine kan dia.sampai penuh dalam peti antivirus aku. mcm mane nk buang. comp aku dah mule menunjukkan gile2 sikit. Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted December 8, 2009 Download combofix dan save ke DesktopOffkan dahulu antivirus ko.Tutup semua browser/windows dan double click ComboFix.exePas dh siap, satu log akan dikuarkn. Paste kandungan log tersebut beserta log hijackthis yg baru sini. Quote Share this post Link to post Share on other sites
test0123 1 Report post Posted December 9, 2009 O13 - Gopher Prefix:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local removed ni Quote Share this post Link to post Share on other sites
razor 0 Report post Posted December 9, 2009 test0123 wrote:O13 - Gopher Prefix:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local removed niCode:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:55:07 PM, on 12/9/2009Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IDMan.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exeC:\Windows\system32\wuauclt.exeC:\Users\razor\Documents\Downloads\Programs\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLLO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dllO4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /bootO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [IDMan] C:\Users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IDMan.exe /onbootO8 - Extra context menu item: Download all links with IDM - C:\Users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - C:\Users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IEGetVL.htmO8 - Extra context menu item: Download with IDM - C:\Users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IEExt.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dllO9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dllO23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe--End of file - 6796 bytesaku dah remove yg ko soh tu .boleh tau ape kebentu bende tu. tu ke virus dia Quote Share this post Link to post Share on other sites
razor 0 Report post Posted December 9, 2009 Code:ComboFix 09-12-08.04 - razor 12/09/2009 20:00:57.1.2 - x86Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1918.1283 [GMT 8:00]Running from: c:\users\razor\Documents\Downloads\Programs\ComboFix.exe.((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 ))))))))))))))))))))))))))))))).2009-12-09 11:59 . 2009-12-09 12:00 -------- d-----w- C:\32788R22FWJFW2009-12-08 17:23 . 2009-12-08 17:24 198064 ----a-w- c:\users\razor\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll2009-12-08 17:22 . 2009-12-08 17:22 -------- d-----w- c:\program files\Internet Download Manager2009-12-08 17:17 . 2009-12-08 17:24 -------- d-----w- c:\users\razor\AppData\Roaming\IDM2009-12-08 15:54 . 2009-12-08 15:54 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll2009-12-08 15:54 . 2009-12-08 15:54 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll2009-12-08 15:53 . 2009-12-08 15:53 311312 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\6.0\klif.sys2009-12-08 15:53 . 2009-12-08 15:53 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll2009-12-08 15:53 . 2009-12-08 15:53 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll2009-12-08 15:53 . 2009-12-08 15:53 311312 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\6.0\klif.sys2009-12-08 15:27 . 2009-12-08 15:27 95259 ----a-w- c:\windows\system32\drivers\klick.dat2009-12-08 15:27 . 2009-12-08 15:27 108059 ----a-w- c:\windows\system32\drivers\klin.dat2009-12-08 15:27 . 2009-12-08 15:27 -------- d-----w- c:\program files\Kaspersky Lab2009-12-08 15:26 . 2009-12-08 15:26 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files2009-12-08 15:12 . 2009-12-08 15:12 413696 ----a-w- c:\programdata\Data.exe2009-12-08 10:11 . 2009-12-08 16:54 -------- d-----w- c:\program files\Trojan Remover2009-12-07 15:29 . 2009-12-07 15:29 -------- d-----w- c:\programdata\XoftSpySE2009-12-05 07:05 . 2009-06-17 01:51 781435 ----a-w- c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\extensions\[email protected]\Download.dll2009-12-05 07:05 . 2009-05-07 04:49 22528 ----a-w- c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\extensions\[email protected]\components\firedownload.dll2009-12-05 04:09 . 2009-12-05 04:09 -------- d-----w- c:\programdata\McAfee2009-12-05 04:02 . 2009-12-05 04:02 -------- d-----w- c:\programdata\McAfee Security Scan2009-12-05 04:02 . 2009-12-06 06:49 -------- d-----w- c:\programdata\NOS2009-12-05 04:01 . 2009-11-06 01:20 34112 ----a-w- c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe2009-12-05 04:01 . 2009-11-06 01:20 32448 ----a-w- c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll2009-12-05 04:01 . 2009-11-06 01:20 22352 ----a-w- c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe2009-12-05 03:51 . 2009-12-05 04:31 -------- d-----w- c:\users\razor\AppData\Local\HardDrive2009-12-04 17:51 . 2009-12-04 18:18 -------- d-----w- c:\users\razor\AppData\Roaming\TeamViewer2009-12-04 17:51 . 2009-12-08 14:34 -------- d-----w- c:\program files\TeamViewer2009-12-04 17:49 . 2009-12-04 17:49 -------- d-----w- c:\users\razor\temp2009-12-02 14:22 . 2009-12-02 14:22 -------- d-----w- c:\users\razor\AppData\Local\Microsoft Games2009-11-29 15:19 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll2009-11-20 12:24 . 2009-11-20 12:24 -------- d-----w- c:\programdata\PopCap Games.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-12-09 11:41 . 2009-09-28 16:45 -------- d-----w- c:\programdata\Kaspersky Lab2009-12-09 11:41 . 2009-09-28 18:04 -------- d-----w- c:\users\razor\AppData\Roaming\DMCache2009-12-08 19:20 . 2009-09-28 17:49 -------- d-----w- c:\users\razor\AppData\Roaming\Skype2009-12-08 16:22 . 2009-09-29 12:17 -------- d-----w- c:\users\razor\AppData\Roaming\skypePM2009-12-08 15:09 . 2009-11-03 18:30 -------- d-----w- c:\program files\ESET2009-12-07 15:15 . 2009-10-12 12:32 -------- d-----w- c:\program files\Yahoo!2009-12-07 15:15 . 2009-11-05 05:20 -------- d-----w- c:\users\razor\AppData\Roaming\yahoo!2009-12-02 15:17 . 2009-10-18 15:59 -------- d-----w- c:\program files\Java2009-11-07 08:47 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll2009-11-07 08:47 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll2009-11-07 08:47 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll2009-11-07 07:54 . 2009-11-07 07:54 -------- d-----w- c:\program files\Intelore2009-11-02 12:42 . 2009-10-08 12:30 195456 ------w- c:\windows\system32\MpSigStub.exe2009-11-01 17:34 . 2009-10-30 14:00 -------- d-----w- c:\program files\QuickTime2009-11-01 17:34 . 2009-11-01 17:34 -------- d-----w- c:\programdata\Apple Computer2009-11-01 17:33 . 2009-10-30 13:59 -------- d-----w- c:\program files\Common Files\Apple2009-10-31 08:57 . 2009-10-31 08:09 -------- d-----w- c:\users\razor\AppData\Roaming\Apple Computer2009-10-31 08:09 . 2009-10-31 08:09 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}2009-10-31 08:08 . 2009-10-31 08:08 -------- d-----w- c:\program files\Bonjour2009-10-30 13:59 . 2009-10-30 13:59 -------- d-----w- c:\program files\Apple Software Update2009-10-30 13:59 . 2009-10-30 13:59 -------- d-----w- c:\programdata\Apple2009-10-25 08:41 . 2009-10-22 11:23 -------- d-----w- c:\program files\Pamela2009-10-22 12:20 . 2009-10-22 11:23 -------- d-----w- c:\users\razor\AppData\Roaming\Pamela2009-10-20 16:54 . 2009-10-20 16:54 59976 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe2009-10-20 12:34 . 2009-10-20 12:34 219664 ----a-w- c:\windows\system32\klogon.dll2009-10-15 17:43 . 2009-10-02 04:52 -------- d-----w- c:\program files\Common Files\Adobe2009-10-15 14:05 . 2009-10-15 14:05 -------- d-----w- c:\program files\UltraISO2009-10-15 14:05 . 2009-10-15 14:05 -------- d-----w- c:\program files\Common Files\EZB Systems2009-10-14 13:18 . 2009-10-14 13:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys2009-10-14 10:14 . 2009-10-14 10:14 -------- d-----w- c:\program files\MSXML 4.02009-10-12 12:33 . 2009-10-12 12:32 -------- d-----w- c:\programdata\Yahoo!2009-10-10 20:17 . 2009-10-18 15:59 411368 ----a-w- c:\windows\system32\deploytk.dll2009-10-05 22:53 . 2009-10-05 22:53 499712 ----a-w- c:\windows\system32\msvcp71.dll2009-10-05 22:53 . 2009-10-05 22:53 348160 ----a-w- c:\windows\system32\msvcr71.dll2009-10-03 12:02 . 2009-10-03 12:02 4151 ----a-w- c:\windows\unins000.dat2009-10-03 12:02 . 2009-10-03 12:02 794906 ----a-w- c:\windows\unins000.exe2009-10-02 11:39 . 2009-10-02 11:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys2009-10-02 04:46 . 2009-09-28 17:19 108824 ----a-w- c:\users\razor\AppData\Local\GDIPFONTCACHEV1.DAT2009-10-02 04:06 . 2009-10-20 11:59 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2009-09-29 12:17 . 2009-09-29 12:17 56 ---ha-w- c:\programdata\ezsidmv.dat2009-09-28 23:13 . 2009-09-28 23:13 0 ----a-w- c:\windows\ativpsrm.bin2009-09-28 17:17 . 2009-09-28 17:17 10134 ----a-r- c:\users\razor\AppData\Roaming\Microsoft\Installer\{37EC24B2-2E75-0AEB-F8A1-12A0C7EB5EED}\ARPPRODUCTICON.exe2009-09-14 06:46 . 2009-09-14 06:46 21520 ----a-w- c:\windows\system32\drivers\klim6.sys2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-09-24 5145912][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-05 198160]"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoShellSearchButto"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [9/14/2009 2:46 PM 21520]R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [6/11/2009 5:18 AM 139776].------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.commStart Page = hxxp://www.yahoo.com/mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.htmluInternet Settings,ProxyOverride = local;*.localuSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.comIE: Download all links with IDM - c:\users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IEGetAll.htmIE: Download FLV video content with IDM - c:\users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IEGetVL.htmIE: Download with IDM - c:\users\razor\AppData\Local\Temp\Rar$EX08.723\Crack\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}FF - ProfilePath - c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\FF - prefs.js: network.proxy.type - 2FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dllFF - component: c:\users\razor\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dllFF - component: c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\extensions\[email protected]\components\firedownload.dllFF - plugin: c:\users\razor\AppData\Roaming\Mozilla\Firefox\Profiles\k65srgjj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);.- - - - ORPHANS REMOVED - - - -HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exeHKLM-Run-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exeAddRemove-Trojan Remover_is1 - c:\program files\Trojan Remover\unins000.exe[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]"ImagePath"="\??\c:\users\razor\AppData\Local\Temp\OREB8B5.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-2717906171-2582682861-1281579759-1001_Classes\CLSID\{33174568-225c-4c81-b754-1f7a7208f5f2}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:00000122"Therad"=dword:00000015[HKEY_USERS\S-1-5-21-2717906171-2582682861-1281579759-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"scansk"=hex(0):4c,40,15,31,e4,9c,04,46,72,ef,2f,23,11,a7,2e,0d,db,80,bb,c4,20, af,51,22,62,17,b7,53,f3,ce,3c,96,44,f6,1d,5c,53,96,ec,18,00,00,00,00,00,00,\[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2009-12-09 20:09:32ComboFix-quarantined-files.txt 2009-12-09 12:09Pre-Run: 6,178,836,480 bytes freePost-Run: 6,452,056,064 bytes free- - End Of File - - A237BB156A9DC8012B0A76DBD1CF1124 aku dah fix kan dah ...boleh bagi tunjuk aja x ape bende yg ko suruh aku buat ni.bukn ape ..ilmu aku pasal virus ni sekadar ade virus scan pakai anti virus. kalau x ade, x ade lakalau ade scan memanjang.boleh kongsi2 sikit ilmu yg korg2 yg ade ni. mcm skill baru je ni. Quote Share this post Link to post Share on other sites
test0123 1 Report post Posted December 9, 2009 tu virus la..kira tak sepatutnya ada dlam registry pc ko tu.. ::icon_biggrin:: Quote Share this post Link to post Share on other sites
razor 0 Report post Posted December 9, 2009 test0123 wrote:tu virus la..kira tak sepatutnya ada dlam registry pc ko tu.. ::icon_biggrin::mcm mane nk tau kod2 pelik tu virus. aja sikit ::icon_eek:: Quote Share this post Link to post Share on other sites
test0123 1 Report post Posted December 10, 2009 cemana nak kata yer..aku pun bukan la pandai sangat...cuma tgk..buat compare dgn log yg ok...kekadang log file yg aku bgtaw kat sini tak semuanya betul..kekadang tu mis out jgk...heheheheh ::icon_biggrin:: membantu sekadar yg mampu... Quote Share this post Link to post Share on other sites
razor 0 Report post Posted December 10, 2009 razor wrote:test0123 wrote:tu virus la..kira tak sepatutnya ada dlam registry pc ko tu.. ::icon_biggrin::mcm mane nk tau kod2 pelik tu virus. aja sikit ::icon_eek::heheheehe ::icon_lol:: terima ksaihtu aku dah fix kan tu . tu result dia yg baru..boleh tengok2 kalau2 ade ape yg x sepatutnyeskg ni bile aku open PC je ade satu file detect kat IDM aku la..dia katekalau ko refer pada log aku tu..ade x file yg kene delete dalm IDM aku.atau ke kene unistall IDM semula..IDM aku skg ni mcm ade yg x kene laaaamcm gile2 sikit.aku dah uninstall dan isntall balik tpi bile dah isntall mcm IDM aku ni x betul .. ::icon_pale:: ::icon_question:: ::icon_scratch:: Quote Share this post Link to post Share on other sites
test0123 1 Report post Posted December 10, 2009 tgk log file ko dah ok..nak tanya awk tak on firewall ker? Quote Share this post Link to post Share on other sites
razor 0 Report post Posted December 10, 2009 test0123 wrote:tgk log file ko dah ok..nak tanya awk tak on firewall ker?firewall? aku on kan fire wall.tpi mungkin firewall aku jenis wall kayu playwood kot.tu yg virus dapt tembus denagn senang hati. ::icon_razz:: Quote Share this post Link to post Share on other sites
bob_spc 0 Report post Posted December 26, 2009 aku nak tanya anti virus apa yang elok untuk trojeng Quote Share this post Link to post Share on other sites
test0123 1 Report post Posted December 26, 2009 aku promote Eset Smart Security 4 ::icon_biggrin:: Quote Share this post Link to post Share on other sites
bob_spc 0 Report post Posted December 28, 2009 selain daripada Eset Smart Security 4 ape lagi yang sesuai Quote Share this post Link to post Share on other sites
bob_spc 0 Report post Posted December 28, 2009 selain daripada Eset Smart Security 4 ape lagi yang sesuai Quote Share this post Link to post Share on other sites
wanza 8 Report post Posted December 28, 2009 Microsoft Security Essantial...klik siniPenilaian AV Comparative baru-baru ni senaraikan MSE terbaik untuk antivirus percuma. Pastikan anda menggunakan Windows ori. Kalau tak guna, pandai-pandai la macam mana nak guna. Sebab ada genuine test.Kalau nak lagi bagus, guna Kaspersky Internet Security untuk pengguna internet tegar. Dah 2 tahun guna, tak pernah kena virus, trojan, spyware dengan adware. Serangan daripada orang yang berniat jahat pun tak lepas. 4.5/5 aku bagi kat KIV ni. Sepanjang aku melibatkan diri dalam dunia komputer ni, kebanyakan pengguna sanggup untuk tidak menggunakan antivirus berbayar atas alasan terpaksa mengeluarkan duit. Fungsi dan kelebihan antara edisi berbayar dan percuma jauh berbeza. Kalau yang guna antivirus percuma, janganlah nanti bising-bising kena virus la apa la. Data, maklumat, dokumen habis hilang sebab tak buat backup. Pendrive pun bersepah-sepah dengan virus. Pengalaman aku memasang dan memformat pc orang. Lain la kalo korang ada ilmu nak elakkan daripada virus walaupun guna yang percuma.Kepada yang malas nak memformat pc berulang-ulang kali, yang nak cucuk pendrive sesiapa pun tanpa rasa bimbang, kaspersky la aku sarankan. Kadang-kadang pelik juga kedai yang menjual pc tak cadangkan kepada pengguna dengan antivirus berbayar, strategi perniagaan untuk mendapatkan duit daripada pengguna yang tidak tahu apa-apa. Quote Share this post Link to post Share on other sites
bob_spc 0 Report post Posted December 29, 2009 Selepas install Microsoft Security Essantial macam mane nak remove balik sebab software ni x unistall. Quote Share this post Link to post Share on other sites
bob_spc 0 Report post Posted December 29, 2009 Fail MyDocuments.scr tu ape virus ke? Quote Share this post Link to post Share on other sites
neology 0 Report post Posted December 29, 2009 biasenya virus..try buat online scanning kat http://www.threatexpert.comupload file tersebut dan tunggu result.. Quote Share this post Link to post Share on other sites
test0123 1 Report post Posted December 29, 2009 bob_spc wrote:Selepas install Microsoft Security Essantial macam mane nak remove balik sebab software ni x unistall.How to Uninstall Microsoft Security Essentials Quote Share this post Link to post Share on other sites