Forum Sementara Putera.com

Bersama kita perkemaskan forum ini sementara forum asal dalam pemulihan.

Forum putera dah kembali. Masalah sudah berjaya diselesaikan. Sila lawati http://forum.putera.com/tanya


    Adakah ini disebabkan virus...

    Share

    ryna168
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 346
    Age : 34
    Registration date : 03/03/2009

    Adakah ini disebabkan virus...

    Post by ryna168 on Tue Jul 14, 2009 4:35 pm

    salam2 puteranian.

    rina rasa laptop rina kena serang virus..sbb setiap kali rina shutdown laptop rina, kuar satu teks yg warning..
    cthnya camni: hpqSTE08.exe - DLL Initialization Failed. yg pada bahagian underline tu..teksnya selalu berubah2.

    lepas tu lak, bila rina on laptop...kuar mcm ni


    apa sebenarnya problem laptop rina?
    dah scan guna avira n malware...tapi takda detect pun virus...cuma bila shutdown tu..kuar satu benda yg rina rasa ianya virus..

    mikicun
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 199
    Location : somewhere i belongs...
    Registration date : 15/02/2009

    Re: Adakah ini disebabkan virus...

    Post by mikicun on Tue Jul 14, 2009 5:31 pm

    hpqSTE08.exe file information

    The process HP CUE Status or HP CUE Status Root belongs to the software hp digital imaging - hp all-in-one series or HP Photosmart Premier or HP Driver Diagnostics or HP Photo and Imaging 2.0 - by Hewlett-Packard Co (www.hp.com) or Hewlett-Packard Development Company, L.P.

    hpqste08.exe is a process installed alongside HP Imaging devices and provides additional configuration options for these devices. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems."

    Description: hpqSTE08.exe is located in a subfolder of "C:\Program Files". Known file sizes on Windows XP are 204,800 bytes (50% of all occurrence), 239,320 bytes, 151,552 bytes, 271,960 bytes, 239,192 bytes, 184,320 bytes.

    The program is not visible. It is not a Windows core file. The application can be removed using the control panel Add\Remove programs applet. Therefore the technical security rating is 24% dangerous, however also read the users reviews.

    If hpqSTE08.exe is located in a subfolder of the "My Files" folder then the security rating is 22% dangerous. File size is 239,320 bytes. The program is not visible. The process can be uninstalled in the Control Panel. The file is digitally signed. File hpqSTE08.exe is not a Windows system file.

    Important: Some malware camouflage themselves as hpqSTE08.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the hpqSTE08.exe process on your pc whether it is pest.

    ryna168
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 346
    Age : 34
    Registration date : 03/03/2009

    Re: Adakah ini disebabkan virus...

    Post by ryna168 on Tue Jul 14, 2009 5:34 pm

    camne nak wat benda tu ilang mikicun..

    mikicun
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 199
    Location : somewhere i belongs...
    Registration date : 15/02/2009

    Re: Adakah ini disebabkan virus...

    Post by mikicun on Tue Jul 14, 2009 6:21 pm

    uninstall...

    ryna168
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 346
    Age : 34
    Registration date : 03/03/2009

    Re: Adakah ini disebabkan virus...

    Post by ryna168 on Tue Jul 14, 2009 6:23 pm

    uninstall?
    program tu rina guna..camne nak uninstall.

    mikicun
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 199
    Location : somewhere i belongs...
    Registration date : 15/02/2009

    Re: Adakah ini disebabkan virus...

    Post by mikicun on Tue Jul 14, 2009 6:29 pm

    uninstall pastu install la balik...
    klau still prob... x dapat nak nolong weh...

    ryna168
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 346
    Age : 34
    Registration date : 03/03/2009

    Re: Adakah ini disebabkan virus...

    Post by ryna168 on Tue Jul 14, 2009 6:32 pm

    kira bkn virus lah ek....rina cuma takut virus je...kalau xvirus...xpe gak...xdalah risau sgt..

    ryna168
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 346
    Age : 34
    Registration date : 03/03/2009

    Re: Adakah ini disebabkan virus...

    Post by ryna168 on Thu Jul 16, 2009 9:15 am

    nak tanya sesiapa yg arif...naper bila rina shutdown laptop ni, ada byk jenis ???...exe yg kuar.bkn setakat satu jer. mcm2.cuma yg bezanya,bahagian hadapan bertukar2 tapi yg belakang tetap ".exe."cth seperti, hpqSTE08.exe
    ada gak, jke.exe.,yma.exe. n mcm2 lagi. rina nak uninstall, rina pun tak tahu file maner yg dimaksudkn..

    help me..

    OngBok
    Moderators
    Moderators

    Gender : Male Number of posts : 729
    Location : Dungun Terengganu
    Job/hobbies : Pesara JKR
    Registration date : 18/02/2009

    Re: Adakah ini disebabkan virus...

    Post by OngBok on Thu Jul 16, 2009 10:03 am

    Cuba paste log HijackThis kat sini

    ryna168
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 346
    Age : 34
    Registration date : 03/03/2009

    Re: Adakah ini disebabkan virus...

    Post by ryna168 on Thu Jul 16, 2009 10:07 am

    camne nak wat log HijackThis tu...

    OngBok
    Moderators
    Moderators

    Gender : Male Number of posts : 729
    Location : Dungun Terengganu
    Job/hobbies : Pesara JKR
    Registration date : 18/02/2009

    Re: Adakah ini disebabkan virus...

    Post by OngBok on Thu Jul 16, 2009 12:16 pm

    Mula2 download program hijackthis.
    Lepas tu buat scanning guna hijackthis.(HT)
    Copy result dan paste kat sini

    Dari main page HT, klik Do system scan and save logfile
    Lepas tu copy dan paste logfile;

    Contoh:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:31:53 PM, on 7/16/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
    C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C4F72927-87F5-4293-B10C-B975B061134D}: NameServer = 202.188.0.133 202.188.1.5
    O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
    O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
    O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

    --
    End of file - 3278 bytes

    ryna168
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 346
    Age : 34
    Registration date : 03/03/2009

    Re: Adakah ini disebabkan virus...

    Post by ryna168 on Thu Jul 16, 2009 3:56 pm

    ni hijackthis lepas rina scan...:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:55:03, on 16/07/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\SweetIM\Messenger\SweetIM.exe
    C:\Program Files\Athan\Athan.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\program files\uninstall information\egdfd.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\windows\inf\svchost.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\DOCUME~1\ACER\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [asegdf] c:\program files\uninstall information\egdfd.exe
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [systems] c:\windows\inf\svchost.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{46B2A33F-0863-4D0C-B51C-8F70BE7070F9}: NameServer = 203.82.64.67 203.82.64.41
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Perkhidmatan Kemas Kini Google (gupdate1c9fb1fd95f9e10) (gupdate1c9fb1fd95f9e10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 10193 bytes

    mikicun
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 199
    Location : somewhere i belongs...
    Registration date : 15/02/2009

    Re: Adakah ini disebabkan virus...

    Post by mikicun on Thu Jul 16, 2009 5:11 pm

    ryna168 wrote:ni hijackthis lepas rina scan...:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:55:03, on 16/07/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\program files\uninstall information\egdfd.exe
    C:\windows\inf\svchost.exe
    C:\DOCUME~1\ACER\LOCALS~1\Temp\RtkBtMnt.exe

    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [asegdf] c:\program files\uninstall information\egdfd.exe
    O4 - HKCU\..\Run: [systems] c:\windows\inf\svchost.exe

    --
    End of file - 10193 bytes

    buang semua tuh...

    melor
    Ahli Baharu
    Ahli Baharu

    Number of posts : 51
    Registration date : 16/04/2009

    Re: Adakah ini disebabkan virus...

    Post by melor on Thu Jul 16, 2009 5:15 pm

    try masuk link nie ada banyak program antivirushttp://www.filehippo.com/

    ryna168
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 346
    Age : 34
    Registration date : 03/03/2009

    Re: Adakah ini disebabkan virus...

    Post by ryna168 on Thu Jul 16, 2009 5:26 pm

    camne nak buang tu... rina tak tahu yg maner filenya..

    cari kat drive C, tak jumpa pun. actually, tu program per sbnrnya? kalau buang, xmenjejaskn window ke.


    Last edited by ryna168 on Thu Jul 16, 2009 5:32 pm; edited 1 time in total

    ryna168
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 346
    Age : 34
    Registration date : 03/03/2009

    Re: Adakah ini disebabkan virus...

    Post by ryna168 on Thu Jul 16, 2009 5:27 pm

    melor wrote:try masuk link nie ada banyak program antivirushttp://www.filehippo.com/

    rina bkn cari program antivirus...yg rina nak tahu, camne nak settle supaya bila rina shutdown / on laptop, xda kuar benda2 tu.

    mikicun
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 199
    Location : somewhere i belongs...
    Registration date : 15/02/2009

    Re: Adakah ini disebabkan virus...

    Post by mikicun on Thu Jul 16, 2009 11:43 pm

    bukak notepad dan copy paste text bawah nih pastu save as .bat file


    @echo off
    TASKKILL /F /IM egdfd.exe /T
    attrib -h -s -r "C:\program files\uninstall information\egdfd.exe"
    ren "C:\program files\uninstall information\egdfd.exe" 0.exe
    del /q "C:\program files\uninstall information\0.exe"
    attrib -h -s -r C:\windows\inf\svchost.exe
    ren C:\windows\inf\svchost.exe 0.exe
    del /q C:\windows\inf\0.exe
    TASKKILL /F /IM RtkBtMnt.exe /T
    attrib -h -s -r %temp%\RtkBtMnt.exe
    ren %temp%\RtkBtMnt.exe 0.exe
    del /q %temp%\0.exe

    REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Device Detector" /f
    REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v asegdf /f
    REG DELETE HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v systems /f
    echo.
    pause
    exit


    Last edited by mikicun on Fri Jul 17, 2009 12:25 pm; edited 1 time in total

    ryna168
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 346
    Age : 34
    Registration date : 03/03/2009

    Re: Adakah ini disebabkan virus...

    Post by ryna168 on Fri Jul 17, 2009 9:55 am

    cara yg mikicun ajar ni untuk watpe ek..lepas wat mcm tu nanti, apa jadi lak lepas tu mikicun.

    ryna168
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 346
    Age : 34
    Registration date : 03/03/2009

    Re: Adakah ini disebabkan virus...

    Post by ryna168 on Sat Jul 18, 2009 10:40 am

    ilang lak mikicun ni..akak nak tanya ni, kalau copy paste benda tu, program yg ada dlm laptop akak tu terdelete ker? apa benda yg di delete tu..kang susah lak nak install balik.

    ayoi
    Moderators
    Moderators

    Gender : Male Number of posts : 1090
    Age : 86
    Registration date : 04/03/2009

    Re: Adakah ini disebabkan virus...

    Post by ayoi on Sat Jul 18, 2009 2:32 pm

    win xp kan..

    type msconfig kat run enter..


    kat start up tu... buang la yang automatik up tu.. pilih mana yang suka... software takkan ilang.


    --------------------------------------------
    ku mencuba survey
    Don't break my heart

    e_sentinel
    Ahli Baharu
    Ahli Baharu

    Number of posts : 479
    Registration date : 02/03/2009

    Re: Adakah ini disebabkan virus...

    Post by e_sentinel on Sat Jul 18, 2009 4:58 pm

    svchost.exe adalah file penting Windows, iaitu "Generic Host Process" utk "Win32 Services" dan untuk menguruskan file2 DLL termasuk menjadi tunjang kepada aplikasi2 utama dalam Windows.

    Ia mesti berada di C:\Windows\System32 tetapi dalam laptop Rina, ia berada di C:\Windows\inf dan ia pastinya Malware. Itu sebab Rina selalu dapat error DLL kerana file2 DLL ni x dapat nak locate path/file sebenar svchost.exe.

    Keputusan dari Rina sendiri samaada nak remove atau tidak Malware tu.

    ryna168
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 346
    Age : 34
    Registration date : 03/03/2009

    Re: Adakah ini disebabkan virus...

    Post by ryna168 on Sat Jul 18, 2009 10:58 pm

    uit!...cam complicated gak tu sedara ayoi n e_sentinel.. leh jelaskan cara camne nak wat:

    1. kat start up, apa file automatik yg nak dibuang..tak faham.
    2. remove malware tu apa maksudnya, buang terus ker malware? kalau dah buang..xkan ada lagi ke benda camtu bila rina shutdown laptop..

    Sponsored content

    Re: Adakah ini disebabkan virus...

    Post by Sponsored content Today at 6:44 pm


      Current date/time is Sat Dec 10, 2016 6:44 pm