|
|
Aku ada problem dgn userinit.exe yg TAK pernah timbul2 sebelum ini..aku baru kena hentam dgn virut lagi..kali ke dua..aku dah cure guna live cd dr.web,la ni explorer.exe tak nak load kecuali manual loadkan.. mcm mana nak bagi explorer.exe tu load masa boot windows xp sp3? |
|
|
|
|
|
|
|
|
|
|
|
|
userinit tu bukan window punya process ke bro? |
|
|
|
|
|
|
|
|
|
|
|
Reply 2# aziz79
Yup,mmg TAPI sebelum ni x penah ada masa boot dulu2 la....la ni sampai ada 3userinit.exe....aku rasa aku dah 'ubat' semua .exe2 dgn live cd dr.web...adakah virut masih hidup dlm sistem??? |
|
|
|
|
|
|
|
|
|
|
|
|
yg pasti nya semua stand-alone virus killer cam stinger dan combofix TAK boleh execute kerana kluar warning-compromised by virut..... |
|
|
|
|
|
|
|
|
|
|
|
install hijackthis
run.pastu copy paste log kat sini |
|
|
|
|
|
|
|
|
|
|
|
rasa2 x de yg ganjil kat log tu..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:43, on 13-Jun-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=%windir%\explorer.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: PrayerTimes PC Pro.lnk = C:\Program Files\GuidedWays\PrayerTimesPro\PrayerTimes PC Pro.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PrayerTimes PC Pro.lnk = C:\Program Files\GuidedWays\PrayerTimesPro\PrayerTimes PC Pro.exe (User 'Default user')
O4 - Startup: PrayerTimes PC Pro.lnk = C:\Program Files\GuidedWays\PrayerTimesPro\PrayerTimes PC Pro.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9F523CF-D02B-4B08-BD50-743CCDAE7641}: NameServer = 202.188.1.5,202.188.0.133
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
--
End of file - 5082 bytes |
|
|
|
|
|
|
|
|
|
|
|
|
Apasal sampai ada 8 svchost.exe kat task mnager tu???? byk tu... |
|
|
|
|
|
|
|
|
|
|
|
aku rasa benda tu normal la bro..
svchost.exe memang banyak dlm system
selain akaun admin, akaun apa lagi dalam PC ko?
 |
|
|
|
|
|
|
|
|
|
|
|
Reply 8# aziz79
Satu je-admin.. |
|
|
|
|
|
|
|
|
|
|
|
pernah try iobit 360?
aziz79 Post at 13/6/2010 19:34 
Apa tu? lowyat tau la... |
|
|
|
|
|
|
|
|
|
|
|
Aku ada problem dgn userinit.exe yg TAK pernah timbul2 sebelum ini..aku baru kena hentam dgn vi ...
razhar Post at 13-6-2010 05:50 PM 
try guna process explorer. tengok process tu dari mana, kat each process, dia punya properties ada info pasal dia punya process termasuk TCP/IP punya I/O.
btw, dah try guna spybot? advance mode dia byk tools yg bleh explore smua running process ... :re: |
|
|
|
|
|
|
|
|
|
|
|
|
window xp punya svchost normal 2-3 jer... |
|
|
|
|
|
|
|
|
|
|
|
pakai av apa? |
|
|
|
|
|
|
|
|
|
|
|
Reply 14# budingyun
X pakai apa2 av...cuma ada malwarebytes anti malware je.. |
|
|
|
|
|
|
|
|
|
|
|
Reply 12# bzzts
 |
|
|
|
|
|
|
|
|
|
|
|
Post Last Edit by bzzts at 14-6-2010 02:42
Reply 16# razhar
kernel verifier? eSXi? apa lagi... locate la... search n destroy!
rightclick, pilih properties > image
kat situ ada dia bgtau path process tu duk kat mana.
sample:
 |
|
|
|
|
|
|
|
|
|
|
|
userinit.exe dengan svchost.ex bukan virus files... jangan delete file tu xp tak leh start nanti...
itu semua microsoft punya file penting untuk buka windows XP...
kalau ada virus attack mesti dari punca lain tu...
run "msconfig" tengok dalam "startup" dengan "services"... |
|
|
|
|
|
|
|
|
|
|
|
untuk window XP tengok dalam task manager file2 yang mencurigakan... ctrl+alt+delete ...
kemudian google cari info nama file tu |
|
|
|
|
|
|
|
|
|
|
|
Reply 17# bzzts
Aku dah search smlm..ko tgk ejaan pon salah...verifyer.... |
|
|
|
|
|
|
|
|
|
| |
|
Post time 13-6-2010 05:50 PM
变色卡
Post time 13-6-2010 06:21 PM
Author
