Forum Sementara Putera.com

Bersama kita perkemaskan forum ini sementara forum asal dalam pemulihan.

Forum putera dah kembali. Masalah sudah berjaya diselesaikan. Sila lawati http://forum.putera.com/tanya


    minta tolong !!

    Share

    mat5165
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 7
    Age : 40
    Location : perak
    Job/hobbies : game
    Registration date : 28/11/2009

    minta tolong !!

    Post by mat5165 on Sat Nov 28, 2009 9:37 am

    salam warga putera,
    PC dekstop sy ada masalah.bila sy buka online je ada je bende2 yg karut-marut tu..apa jua website sy serve mesti ada benda xxx tu kluar...sy dah pun beli & install antivirus(quick heal antivirus,total internet security).sy dah pun scan tp xdpt detect apa2 masalah pun..adakah ini spyware?macammana cara sy nk selesaikan masalh ni???
    harap otai2 putera dpt bg info/tips/cara2 nk selesaikan masalah sy ni?

    johnburn
    Moderators
    Moderators

    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    Re: minta tolong !!

    Post by johnburn on Sat Nov 28, 2009 11:20 am

    Download Hijackthis, scan dan paste lognya disini.


    --------------------------------------------

    tahukah kamu saat kamu menangis
    adalah air mata ku yang jatuh berlinang
    tahukah kamu saat kamu tersakiti
    adalah aku yang pertama terluka
    Jangan Klik

    mat5165
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 7
    Age : 40
    Location : perak
    Job/hobbies : game
    Registration date : 28/11/2009

    Re: minta tolong !!

    Post by mat5165 on Sat Nov 28, 2009 3:00 pm

    johnburn wrote:Download Hijackthis, scan dan paste lognya disini.

    thanks,
    sy akan cuba..

    mat5165
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 7
    Age : 40
    Location : perak
    Job/hobbies : game
    Registration date : 28/11/2009

    Re: minta tolong !!

    Post by mat5165 on Sat Nov 28, 2009 9:35 pm

    johnburn wrote:Download Hijackthis, scan dan paste lognya disini.

    johnburn,
    sy dah attach logfile tu...leh bukak x?

    mat5165
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 7
    Age : 40
    Location : perak
    Job/hobbies : game
    Registration date : 28/11/2009

    Re: minta tolong !!

    Post by mat5165 on Sat Nov 28, 2009 9:37 pm

    mat5165 wrote:
    johnburn wrote:Download Hijackthis, scan dan paste lognya disini.

    johnburn,
    sy dah attach logfile tu...leh bukak x?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:24:44 PM, on 11/28/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROUI.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\UPSCHD.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\SCANMSG.EXE
    C:\Program Files\Dealio Toolbar\SearchSettings.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\OnlineNT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\opssvc.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROXY.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\quhlpsvc.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\scanwscs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\GameTop.com\Cake Queen\CakeQueen.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\IRL78WVL\HijackThis[1].exe

    mat5165
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 7
    Age : 40
    Location : perak
    Job/hobbies : game
    Registration date : 28/11/2009

    Re: minta tolong !!

    Post by mat5165 on Sat Nov 28, 2009 9:43 pm

    mat5165 wrote:
    mat5165 wrote:
    johnburn wrote:Download Hijackthis, scan dan paste lognya disini.

    johnburn,
    sy dah attach logfile tu...leh bukak x?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:24:44 PM, on 11/28/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROUI.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\UPSCHD.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\SCANMSG.EXE
    C:\Program Files\Dealio Toolbar\SearchSettings.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\OnlineNT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\opssvc.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROXY.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\quhlpsvc.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\scanwscs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\GameTop.com\Cake Queen\CakeQueen.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\IRL78WVL\HijackThis[1].exe

    1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2077543
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
    O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Total Security Toolbar - {5C6227F4-39E2-4468-B69E-29AEB12A7F88} - C:\PROGRA~1\QUICKH~1\QUICKH~2\antiphis.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: IE ware plugin - {A9647484-125B-4CD9-B1B8-18F9456334F4} - c:\Program Files\I-Tori\net-warez\ie-ware.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Anti Popup - {EFCA9D4B-F2E8-487d-8505-E4D0E459ABFE} - C:\PROGRA~1\QUICKH~1\QUICKH~2\apop.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
    O3 - Toolbar: Total Security Toolbar - {5C6227F4-39E2-4468-B69E-29AEB12A7F88} - C:\PROGRA~1\QUICKH~1\QUICKH~2\antiphis.dll
    O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROUI.EXE
    O4 - HKLM\..\Run: [Update Scheduler] C:\PROGRA~1\QUICKH~1\QUICKH~2\UPSCHD.EXE /CHECK
    O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\QUICKH~1\QUICKH~2\CATEYE.EXE
    O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\QUICKH~1\QUICKH~2\SCANMSG.EXE
    O4 - HKLM\..\Run: [Startup Scan] C:\PROGRA~1\QUICKH~1\QUICKH~2\sensor.exe /loadrun
    O4 - HKLM\..\Run: [ResumeQuickupDownload] C:\PROGRA~1\QUICKH~1\QUICKH~2\acappaa.exe
    O4 - HKLM\..\Run: [Quick Heal Monitor] C:\PROGRA~1\QUICKH~1\QUICKH~1\op_mon.exe /tray /noservice
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe
    O4 - HKLM\..\RunOnce: [Startup Scan] C:\PROGRA~1\QUICKH~1\QUICKH~2\sensor.exe /check
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [crazy] C:\Documents and Settings\All Users\Application Data\crazya.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - Global Startup: MSconfig.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in Picsplorer - C:\Program Files\Picsplorer\picsplorer.htm
    O8 - Extra context menu item: Open link in Picsplorer - C:\Program Files\Picsplorer\picsplorer.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: c:\progra~1\quickh~1\quickh~1\wl_hook.dll
    O23 - Service: Quick Heal Client Security Service (acssrv) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Online Protection System - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\opssvc.exe
    O23 - Service: Quick Heal Total Security Mail Protection - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROXY.EXE
    O23 - Service: Quick Update Service - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\quhlpsvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Total Security Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\scanwscs.exe
    O23 - Service: Quick Heal Total Security Startup Handler (Startup Handler) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\strtsvc.exe
    O24 - Desktop Component 0: (no name) - http://mail.google.com/mail/help/images/logo1.gif

    --
    End of file - 11133 bytes

    johnburn
    Moderators
    Moderators

    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    Re: minta tolong !!

    Post by johnburn on Sun Nov 29, 2009 7:09 am

    knape log file tu separuh2?
    Buat permulaan, pergi ke Add or Remove programs dan remove software ni: Search Settings
    pastu scan blk ngan hijackthis dan bg log baru disini
    sila pastikn log tu lengkap. jgn buat cam yg ko dh pos kt atas ni ek. nt ssh nk bace log tuh


    --------------------------------------------

    tahukah kamu saat kamu menangis
    adalah air mata ku yang jatuh berlinang
    tahukah kamu saat kamu tersakiti
    adalah aku yang pertama terluka
    Jangan Klik

    hairulfadly
    Moderators
    Moderators

    Gender : Male Number of posts : 281
    Age : 33
    Location : Kuala Lumpur
    Job/hobbies : Wayang
    Registration date : 03/03/2009

    Re: minta tolong !!

    Post by hairulfadly on Sun Nov 29, 2009 5:34 pm

    Burn...
    Ko biasa guna Combofix tak?

    mat5165
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 7
    Age : 40
    Location : perak
    Job/hobbies : game
    Registration date : 28/11/2009

    Re: minta tolong !!

    Post by mat5165 on Sun Nov 29, 2009 9:05 pm

    johnburn wrote:knape log file tu separuh2?
    Buat permulaan, pergi ke Add or Remove programs dan remove software ni: Search Settings
    pastu scan blk ngan hijackthis dan bg log baru disini
    sila pastikn log tu lengkap. jgn buat cam yg ko dh pos kt atas ni ek. nt ssh nk bace log tuh

    johnburn,
    terima kasih byk2 ats kesudian saudara memberi maklumbalas...pc sy dah ok,sbb sy ikut post
    http://putera.forumotion.com/utiliti-dan-sekuriti-f55/selesai-acrotrayexe-malware-t5690.htm#87135..
    author by zareight..saudara zareight pun mengalami masalah yg sama spt saya...

    johnburn
    Moderators
    Moderators

    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    Re: minta tolong !!

    Post by johnburn on Mon Nov 30, 2009 6:20 am

    Yg kt thread tu, sy bg arahn berdasarkn keadaan/masalah pc dia. Mngkn berbeza dgn keadaan pc saudara. untuk kompemkn mmg dh ok sume, sy nasihtkn saudara pos log hijackthis untuk sy cek.


    --------------------------------------------

    tahukah kamu saat kamu menangis
    adalah air mata ku yang jatuh berlinang
    tahukah kamu saat kamu tersakiti
    adalah aku yang pertama terluka
    Jangan Klik

    dans kam
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 172
    Age : 35
    Location : Wangsa Maju
    Job/hobbies : PHP
    Registration date : 19/02/2009

    Re: minta tolong !!

    Post by dans kam on Mon Nov 30, 2009 8:14 pm

    ikut je kata master johnburn tu.
    Penyelesaian utk orang lain x semestinya 100% perfect untuk selesaikan masalah kita.

    Sementara ada org nak tolong ni..... Hargailah.....

    mat5165
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 7
    Age : 40
    Location : perak
    Job/hobbies : game
    Registration date : 28/11/2009

    Re: minta tolong !!

    Post by mat5165 on Wed Dec 02, 2009 9:39 pm

    johnburn,
    tima kasih krna sudi membantu,maaf 2-3 hari ni sy xdpt online..
    ni hijackthis log file tu..

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:34:40 PM, on 12/2/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROUI.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\UPSCHD.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\SCANMSG.EXE
    C:\Program Files\Dealio Toolbar\SearchSettings.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\OnlineNT.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\opssvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROXY.EXE
    C:\PROGRA~1\QUICKH~1\QUICKH~2\quhlpsvc.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\PROGRA~1\QUICKH~1\QUICKH~2\scanwscs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P2E369UO\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.my/
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
    O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Total Security Toolbar - {5C6227F4-39E2-4468-B69E-29AEB12A7F88} - C:\PROGRA~1\QUICKH~1\QUICKH~2\antiphis.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: IE ware plugin - {A9647484-125B-4CD9-B1B8-18F9456334F4} - c:\Program Files\I-Tori\net-warez\ie-ware.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Anti Popup - {EFCA9D4B-F2E8-487d-8505-E4D0E459ABFE} - C:\PROGRA~1\QUICKH~1\QUICKH~2\apop.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
    O3 - Toolbar: Total Security Toolbar - {5C6227F4-39E2-4468-B69E-29AEB12A7F88} - C:\PROGRA~1\QUICKH~1\QUICKH~2\antiphis.dll
    O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROUI.EXE
    O4 - HKLM\..\Run: [Update Scheduler] C:\PROGRA~1\QUICKH~1\QUICKH~2\UPSCHD.EXE /CHECK
    O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\QUICKH~1\QUICKH~2\CATEYE.EXE
    O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\QUICKH~1\QUICKH~2\SCANMSG.EXE
    O4 - HKLM\..\Run: [Startup Scan] C:\PROGRA~1\QUICKH~1\QUICKH~2\sensor.exe /loadrun
    O4 - HKLM\..\Run: [ResumeQuickupDownload] C:\PROGRA~1\QUICKH~1\QUICKH~2\acappaa.exe
    O4 - HKLM\..\Run: [Quick Heal Monitor] C:\PROGRA~1\QUICKH~1\QUICKH~1\op_mon.exe /tray /noservice
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunOnce: [Startup Scan] C:\PROGRA~1\QUICKH~1\QUICKH~2\sensor.exe /check
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [crazy] C:\Documents and Settings\All Users\Application Data\crazya.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - Global Startup: MSconfig.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in Picsplorer - C:\Program Files\Picsplorer\picsplorer.htm
    O8 - Extra context menu item: Open link in Picsplorer - C:\Program Files\Picsplorer\picsplorer.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: c:\progra~1\quickh~1\quickh~1\wl_hook.dll
    O23 - Service: Quick Heal Client Security Service (acssrv) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Online Protection System - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\opssvc.exe
    O23 - Service: Quick Heal Total Security Mail Protection - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\EMLPROXY.EXE
    O23 - Service: Quick Update Service - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\quhlpsvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Total Security Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\scanwscs.exe
    O23 - Service: Quick Heal Total Security Startup Handler (Startup Handler) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\strtsvc.exe
    O24 - Desktop Component 0: (no name) - http://mail.google.com/mail/help/images/logo1.gif

    --
    End of file - 10091 bytes

    Sponsored content

    Re: minta tolong !!

    Post by Sponsored content Today at 8:27 pm


      Current date/time is Mon Dec 05, 2016 8:27 pm