Panglima Khalid 132 Report post Posted March 18, 2013 (edited) seperti dalam gambar di atas... forum akan auto resize kan? sorry kalau besar sangat..lupa pulak camna nak kecikkan.. laptop budak sekolah bantuan kerajaan. sepupu aku punya. Atom N455 1.66Ghz 1GB DDR3 ram win7 starter asalnya kena virus. dan pakai avast free antivirus. desktop, taskbar, dan di start menu...semua link menjadi ikon MPC Star. file rar jadi Yahoo messenger. aku remove avast, install MSE, scan dan buang virus. tapi di desktop, taskbar, dan di start menu...masih sama. kalau klik/doubleclick akan buka MPC Star Player. kalau rightclick dan tengok propertis, macam dalam gambar. open file location ke file sebenar, ikon ok, boleh buka program.. log HijackThis adalah seperti berikut:- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:03:40, on 18/03/2013 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\USER\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Windows\system32\igfxsrvc.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Download Manager\IDMan.exe D:\Documents\Downloads\Programs\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- End of file - 5877 bytes harap dapat membantu saya memperbaiki laptop ni.. Edited March 18, 2013 by Panglima Khalid Share this post Link to post Share on other sites
anak_kampung 1 Report post Posted March 18, 2013 saudara boleh cuba scan pakai kaspersky rescue disk. https://support.kaspersky.com/viruses/rescuedisk Share this post Link to post Share on other sites
khorback 11 Report post Posted March 18, 2013 sama dok cerita cam gini? http://www.wooutilities.com/exeerrors-library/fix-mpcstar-exe-info.html Share this post Link to post Share on other sites
dvdbane 86 Report post Posted March 18, 2013 (edited) ni die just ubah registry je download kat sni file registry utk fix for exe link klu xbleh,download ms fix it ni link 2 cara ni just utk setelkn exe extension shj so,next kte kne restore yg lain2 mcm winrar etc so download ni Types atau Unassoc klu nk portable,amek unassoc klu nk GUI lawa skit,amek Types just utk bg clean sume mende,da scan gne MSE kn so xsalah klu scan plak gne Malwarebytes psl MSE ni die xscan registry p/s : ak harap klu kte bg link utk bantu sape2,mohon check dlu link tu jgn bg random link atau link2 yg boleh menyebabkn lg bnyk masalah wooutilities Edited March 18, 2013 by dvdbane Share this post Link to post Share on other sites
Panglima Khalid 132 Report post Posted March 19, 2013 sorry, lewat masuk balik... thx atas cadangan2 penyelesaian..saya akan cuba satu2. sedang donlod kaspersky rescue disk. wootilitis tu, macam lebih kurang kot.. bukan file .exe ditukar. file .exe boleh akses tapi kena cari dalam c>programfiles lah yang ditukar adalah link. semuanya. start menu habis semua sama ikon. tapi bila rightclick>properties>open folder location, masuk ke folder program tersebut dan ada file .exe yang dikehendaki. =-=-=-=-= lagi satu yg diubahnya...keyboard. tak dapat nak reply melalui laptop tu di sini...aku save tulisan keyboard pun takleh masuk sharing file dia, cucuk USB pun macam dah tak detect..huhu lebih kurangnya, IOP, JKL, NM<> diubah jadi numeric keypad Share this post Link to post Share on other sites
Panglima Khalid 132 Report post Posted March 19, 2013 (edited) so,next kte kne restore yg lain2 mcm winrar etc so download ni Types atau Unassoc klu nk portable,amek unassoc klu nk GUI lawa skit,amek Types alhamdulillah...aku try Unassoc, ok dah link, boleh bukak program dengan jayanya. keyboard masih problem. kena tekan tak lepas button 'fn' bar4 14,-e chr60e = baru jumpe chrome sample tulisan keyboard yg turut diubah sang virus nakal. q w e r t y 4 5 6 - [ ] a s d f g h 1 2 3 + ' \ z x c v b n 0 , . / ` 1 2 3 4 5 6 7 8 9 * - = Edited March 19, 2013 by Panglima Khalid Share this post Link to post Share on other sites
dvdbane 86 Report post Posted March 19, 2013 tkan Fn+Num lock Share this post Link to post Share on other sites
Panglima Khalid 132 Report post Posted March 19, 2013 (edited) cis.... keyboard problem ni just on/off NumLock... hahaha...link so, problem solved... dan TERIMA KASIH kepada semua yg membantu, secara langsung dan tidak langsung :) Edited March 19, 2013 by Panglima Khalid Share this post Link to post Share on other sites