Forum Sementara Putera.com

Would you like to react to this message? Create an account in a few clicks or log in to continue.
Forum Sementara Putera.com

Bersama kita perkemaskan forum ini sementara forum asal dalam pemulihan.

Forum putera dah kembali. Masalah sudah berjaya diselesaikan. Sila lawati http://forum.putera.com/tanya


4 posters

    minta tolong !!

    avatar
    mat5165
    Ahli Baharu
    Ahli Baharu


    Gender : Male Number of posts : 7
    Age : 47
    Location : perak
    Job/hobbies : game
    Registration date : 28/11/2009

    minta tolong !! Empty minta tolong !!

    Post by mat5165 Sat Nov 28, 2009 9:37 am

    salam warga putera,
    PC dekstop sy ada masalah.bila sy buka online je ada je bende2 yg karut-marut tu..apa jua website sy serve mesti ada benda xxx tu kluar...sy dah pun beli & install antivirus(quick heal antivirus,total internet security).sy dah pun scan tp xdpt detect apa2 masalah pun..adakah ini spyware?macammana cara sy nk selesaikan masalh ni???
    harap otai2 putera dpt bg info/tips/cara2 nk selesaikan masalah sy ni?
    johnburn
    johnburn
    Moderators
    Moderators


    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    minta tolong !! Empty Re: minta tolong !!

    Post by johnburn Sat Nov 28, 2009 11:20 am

    Download Hijackthis, scan dan paste lognya disini.
    avatar
    mat5165
    Ahli Baharu
    Ahli Baharu


    Gender : Male Number of posts : 7
    Age : 47
    Location : perak
    Job/hobbies : game
    Registration date : 28/11/2009

    minta tolong !! Empty Re: minta tolong !!

    Post by mat5165 Sat Nov 28, 2009 3:00 pm

    johnburn wrote:Download Hijackthis, scan dan paste lognya disini.

    thanks,
    sy akan cuba..
    avatar
    mat5165
    Ahli Baharu
    Ahli Baharu


    Gender : Male Number of posts : 7
    Age : 47
    Location : perak
    Job/hobbies : game
    Registration date : 28/11/2009

    minta tolong !! Empty Re: minta tolong !!

    Post by mat5165 Sat Nov 28, 2009 9:35 pm

    johnburn wrote:Download Hijackthis, scan dan paste lognya disini.

    johnburn,
    sy dah attach logfile tu...leh bukak x?
    avatar
    mat5165
    Ahli Baharu
    Ahli Baharu


    Gender : Male Number of posts : 7
    Age : 47
    Location : perak
    Job/hobbies : game
    Registration date : 28/11/2009

    minta tolong !! Empty Re: minta tolong !!

    Post by mat5165 Sat Nov 28, 2009 9:37 pm

    mat5165 wrote:
    johnburn wrote:Download Hijackthis, scan dan paste lognya disini.

    johnburn,
    sy dah attach logfile tu...leh bukak x?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:24:44 PM, on 11/28/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROUI.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\UPSCHD.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\SCANMSG.EXE
    C:\Program Files\Dealio Toolbar\SearchSettings.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\OnlineNT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\opssvc.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROXY.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\quhlpsvc.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\scanwscs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\GameTop.com\Cake Queen\CakeQueen.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\IRL78WVL\HijackThis[1].exe
    avatar
    mat5165
    Ahli Baharu
    Ahli Baharu


    Gender : Male Number of posts : 7
    Age : 47
    Location : perak
    Job/hobbies : game
    Registration date : 28/11/2009

    minta tolong !! Empty Re: minta tolong !!

    Post by mat5165 Sat Nov 28, 2009 9:43 pm

    mat5165 wrote:
    mat5165 wrote:
    johnburn wrote:Download Hijackthis, scan dan paste lognya disini.

    johnburn,
    sy dah attach logfile tu...leh bukak x?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:24:44 PM, on 11/28/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROUI.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\UPSCHD.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\SCANMSG.EXE
    C:\Program Files\Dealio Toolbar\SearchSettings.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\OnlineNT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\opssvc.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROXY.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\quhlpsvc.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\scanwscs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\GameTop.com\Cake Queen\CakeQueen.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\IRL78WVL\HijackThis[1].exe

    1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2077543
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
    O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Total Security Toolbar - {5C6227F4-39E2-4468-B69E-29AEB12A7F88} - C:\PROGRA~1\QUICKH~1\QUICKH~2\antiphis.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: IE ware plugin - {A9647484-125B-4CD9-B1B8-18F9456334F4} - c:\Program Files\I-Tori\net-warez\ie-ware.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Anti Popup - {EFCA9D4B-F2E8-487d-8505-E4D0E459ABFE} - C:\PROGRA~1\QUICKH~1\QUICKH~2\apop.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
    O3 - Toolbar: Total Security Toolbar - {5C6227F4-39E2-4468-B69E-29AEB12A7F88} - C:\PROGRA~1\QUICKH~1\QUICKH~2\antiphis.dll
    O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROUI.EXE
    O4 - HKLM\..\Run: [Update Scheduler] C:\PROGRA~1\QUICKH~1\QUICKH~2\UPSCHD.EXE /CHECK
    O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\QUICKH~1\QUICKH~2\CATEYE.EXE
    O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\QUICKH~1\QUICKH~2\SCANMSG.EXE
    O4 - HKLM\..\Run: [Startup Scan] C:\PROGRA~1\QUICKH~1\QUICKH~2\sensor.exe /loadrun
    O4 - HKLM\..\Run: [ResumeQuickupDownload] C:\PROGRA~1\QUICKH~1\QUICKH~2\acappaa.exe
    O4 - HKLM\..\Run: [Quick Heal Monitor] C:\PROGRA~1\QUICKH~1\QUICKH~1\op_mon.exe /tray /noservice
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe
    O4 - HKLM\..\RunOnce: [Startup Scan] C:\PROGRA~1\QUICKH~1\QUICKH~2\sensor.exe /check
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [crazy] C:\Documents and Settings\All Users\Application Data\crazya.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - Global Startup: MSconfig.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in Picsplorer - C:\Program Files\Picsplorer\picsplorer.htm
    O8 - Extra context menu item: Open link in Picsplorer - C:\Program Files\Picsplorer\picsplorer.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: c:\progra~1\quickh~1\quickh~1\wl_hook.dll
    O23 - Service: Quick Heal Client Security Service (acssrv) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Online Protection System - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\opssvc.exe
    O23 - Service: Quick Heal Total Security Mail Protection - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROXY.EXE
    O23 - Service: Quick Update Service - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\quhlpsvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Total Security Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\scanwscs.exe
    O23 - Service: Quick Heal Total Security Startup Handler (Startup Handler) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\strtsvc.exe
    O24 - Desktop Component 0: (no name) - http://mail.google.com/mail/help/images/logo1.gif

    --
    End of file - 11133 bytes
    johnburn
    johnburn
    Moderators
    Moderators


    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    minta tolong !! Empty Re: minta tolong !!

    Post by johnburn Sun Nov 29, 2009 7:09 am

    knape log file tu separuh2?
    Buat permulaan, pergi ke Add or Remove programs dan remove software ni: Search Settings
    pastu scan blk ngan hijackthis dan bg log baru disini
    sila pastikn log tu lengkap. jgn buat cam yg ko dh pos kt atas ni ek. nt ssh nk bace log tuh
    hairulfadly
    hairulfadly
    Moderators
    Moderators


    Gender : Male Number of posts : 281
    Age : 40
    Location : Kuala Lumpur
    Job/hobbies : Wayang
    Registration date : 03/03/2009

    minta tolong !! Empty Re: minta tolong !!

    Post by hairulfadly Sun Nov 29, 2009 5:34 pm

    Burn...
    Ko biasa guna Combofix tak?
    avatar
    mat5165
    Ahli Baharu
    Ahli Baharu


    Gender : Male Number of posts : 7
    Age : 47
    Location : perak
    Job/hobbies : game
    Registration date : 28/11/2009

    minta tolong !! Empty Re: minta tolong !!

    Post by mat5165 Sun Nov 29, 2009 9:05 pm

    johnburn wrote:knape log file tu separuh2?
    Buat permulaan, pergi ke Add or Remove programs dan remove software ni: Search Settings
    pastu scan blk ngan hijackthis dan bg log baru disini
    sila pastikn log tu lengkap. jgn buat cam yg ko dh pos kt atas ni ek. nt ssh nk bace log tuh

    johnburn,
    terima kasih byk2 ats kesudian saudara memberi maklumbalas...pc sy dah ok,sbb sy ikut post
    https://putera.forumms.net/utiliti-dan-sekuriti-f55/selesai-acrotrayexe-malware-t5690.htm#87135..
    author by zareight..saudara zareight pun mengalami masalah yg sama spt saya...
    johnburn
    johnburn
    Moderators
    Moderators


    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    minta tolong !! Empty Re: minta tolong !!

    Post by johnburn Mon Nov 30, 2009 6:20 am

    Yg kt thread tu, sy bg arahn berdasarkn keadaan/masalah pc dia. Mngkn berbeza dgn keadaan pc saudara. untuk kompemkn mmg dh ok sume, sy nasihtkn saudara pos log hijackthis untuk sy cek.
    dans kam
    dans kam
    Ahli Baharu
    Ahli Baharu


    Gender : Male Number of posts : 172
    Age : 42
    Location : Wangsa Maju
    Job/hobbies : PHP
    Registration date : 19/02/2009

    minta tolong !! Empty Re: minta tolong !!

    Post by dans kam Mon Nov 30, 2009 8:14 pm

    ikut je kata master johnburn tu.
    Penyelesaian utk orang lain x semestinya 100% perfect untuk selesaikan masalah kita.

    Sementara ada org nak tolong ni..... Hargailah.....
    avatar
    mat5165
    Ahli Baharu
    Ahli Baharu


    Gender : Male Number of posts : 7
    Age : 47
    Location : perak
    Job/hobbies : game
    Registration date : 28/11/2009

    minta tolong !! Empty Re: minta tolong !!

    Post by mat5165 Wed Dec 02, 2009 9:39 pm

    johnburn,
    tima kasih krna sudi membantu,maaf 2-3 hari ni sy xdpt online..
    ni hijackthis log file tu..

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:34:40 PM, on 12/2/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROUI.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\UPSCHD.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\SCANMSG.EXE
    C:\Program Files\Dealio Toolbar\SearchSettings.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\OnlineNT.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\opssvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROXY.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\quhlpsvc.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\scanwscs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P2E369UO\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.my/
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
    O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Total Security Toolbar - {5C6227F4-39E2-4468-B69E-29AEB12A7F88} - C:\PROGRA~1\QUICKH~1\QUICKH~2\antiphis.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: IE ware plugin - {A9647484-125B-4CD9-B1B8-18F9456334F4} - c:\Program Files\I-Tori\net-warez\ie-ware.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Anti Popup - {EFCA9D4B-F2E8-487d-8505-E4D0E459ABFE} - C:\PROGRA~1\QUICKH~1\QUICKH~2\apop.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
    O3 - Toolbar: Total Security Toolbar - {5C6227F4-39E2-4468-B69E-29AEB12A7F88} - C:\PROGRA~1\QUICKH~1\QUICKH~2\antiphis.dll
    O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROUI.EXE
    O4 - HKLM\..\Run: [Update Scheduler] C:\PROGRA~1\QUICKH~1\QUICKH~2\UPSCHD.EXE /CHECK
    O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\QUICKH~1\QUICKH~2\CATEYE.EXE
    O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\QUICKH~1\QUICKH~2\SCANMSG.EXE
    O4 - HKLM\..\Run: [Startup Scan] C:\PROGRA~1\QUICKH~1\QUICKH~2\sensor.exe /loadrun
    O4 - HKLM\..\Run: [ResumeQuickupDownload] C:\PROGRA~1\QUICKH~1\QUICKH~2\acappaa.exe
    O4 - HKLM\..\Run: [Quick Heal Monitor] C:\PROGRA~1\QUICKH~1\QUICKH~1\op_mon.exe /tray /noservice
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunOnce: [Startup Scan] C:\PROGRA~1\QUICKH~1\QUICKH~2\sensor.exe /check
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [crazy] C:\Documents and Settings\All Users\Application Data\crazya.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - Global Startup: MSconfig.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in Picsplorer - C:\Program Files\Picsplorer\picsplorer.htm
    O8 - Extra context menu item: Open link in Picsplorer - C:\Program Files\Picsplorer\picsplorer.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: c:\progra~1\quickh~1\quickh~1\wl_hook.dll
    O23 - Service: Quick Heal Client Security Service (acssrv) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Online Protection System - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\opssvc.exe
    O23 - Service: Quick Heal Total Security Mail Protection - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROXY.EXE
    O23 - Service: Quick Update Service - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\quhlpsvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Total Security Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\scanwscs.exe
    O23 - Service: Quick Heal Total Security Startup Handler (Startup Handler) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\strtsvc.exe
    O24 - Desktop Component 0: (no name) - http://mail.google.com/mail/help/images/logo1.gif

    --
    End of file - 10091 bytes

    Sponsored content


    minta tolong !! Empty Re: minta tolong !!

    Post by Sponsored content


      Current date/time is Fri Mar 29, 2024 4:32 am