CariDotMy

 Forgot password?
 Register

ADVERTISEMENT

12Next
Return to list New
View: 8830|Reply: 30

HIJACKTHIS! from www.merijin.org

[Copy link]
Post time 22-12-2006 04:33 PM | Show all posts |Read mode
rasanya ramai yg dah tau pasal software Hijackthis! dari www.merijin.org.

powerful tools tapi very-very dangerous. macam bom, sesuai dgn icon dia.
silap godek, abis windows korang jahanam, jadi... kalau nk guna, kena tau apa yg korang nak buat.

aku jangka kan thread ni akan jadi thread yg paing panjang sebab ramai akan tempek scan log diorang kat sini... :lol

okey, tanpa melengahkan masa, software ni buleh didapati di www.merijin.org.
software ni adalah free. open source. boleh juga dijumpai di download.com, softpedia.com, dan lelain website.

homepage: http://www.spywareinfo.com/
download page: http://www.spywareinfo.com/~merijn/programs.php

download link: http://www.merijn.org/files/hijackthis.zip





bagi yg nak mintak bantuan, sila scan, dan korang akan dapat scan log.
setelah, korang dapat scan log, copy dari log tu dan paste kat forum ni. (sila gunakan font yg kecik).

contoh log:



Logfile of HijackThis v1.99.1
Scan saved at 4:05:48: PM, on 22/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Arovax Shield\ArovaxShield.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RAM Def XT\RAMDef.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\bagero\My Documents\torrent\utorrent.exe
C:\Documents and Settings\bagero\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: TuoTuHelper.LDown - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: CutePDF Writer Companion - {8C3733AE-F794-439A-A959-844DCA64F1A2} - C:\Program Files\Acro Software\CutePDF Writer Companion\CPWC_Co.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [\\PC2\EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P29 "\\PC2\EPSON Stylus C67 Series" /O6 "USB003" /M "Stylus C67"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe -tray
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

[ Last edited by  bzzts at 13-1-2007 11:32 PM ]
Reply

Use magic Report


ADVERTISEMENT


 Author| Post time 22-12-2006 04:35 PM | Show all posts
sebelom korang proceed dgn step 2 dan 3 dalam gambar tu, sila dapatkan rujukan dari pakar kat sini (bukan aku) aku ni mana reti sgt baca registry nih... rosakkan registry orang tau ler... :lol :nana:
Reply

Use magic Report

Post time 23-12-2006 01:05 AM | Show all posts
menarik...................
Reply

Use magic Report

Post time 25-12-2006 10:48 PM | Show all posts

ok me start..pakar,tlg tengok sat aper yg problem

Logfile of HijackThis v1.99.1
Scan saved at 10:46:58 PM, on 12/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/preview
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} (WeeklyExecuter Class) - http://www.liporn.com/install/tload.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DDE7F7D-8B31-4837-9560-A00808893795}: NameServer = 202.188.0.133 202.188.1.5
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE



[ Last edited by  bzzts at 13-1-2007 11:33 PM ]
Reply

Use magic Report

Post time 26-12-2006 01:28 AM | Show all posts

Reply #5 jimbait's post


sebelum tepek log file tu, kena beritahu apa problem dengan your pc. kalau tak de problem, tak payahlah tepek.

Rate

1

View Rating Log

Reply

Use magic Report

Post time 26-12-2006 06:13 PM | Show all posts
err....aku x de problem la...
benda ni nak detect spyware kan??
Reply

Use magic Report

Follow Us
 Author| Post time 26-12-2006 07:24 PM | Show all posts

Reply #7 jimbait's post

mende ni biasanya last weapon utk org2 yg dah buntu cari anasir jahat dlm pc... :lol
Reply

Use magic Report

Post time 26-12-2006 10:16 PM | Show all posts

Reply #8 bzzts's post

so...adakah terdapat anasir jahat dlm pc aku??
malas la nak scan guna anti spyware...lama sangat...
baik guna hijackthis jer kot??
Reply

Use magic Report


ADVERTISEMENT


Post time 27-12-2006 12:58 AM | Show all posts

Reply #6 jimbait's post


yes, untuk check spyware dan yang sewaktu dengannya. biasanya, ia digunakan untuk cari spyware yang anti-spyware lain tak boleh nak cuci. so, basically, you need to know apa spyware yang computer you dah kena. from there, run hijackthis, paste the log file and it will be easier for other people to find out where you need to fix. actually, it works best with other anti spyware and not by itself.
Reply

Use magic Report

Post time 27-12-2006 12:59 AM | Show all posts

Reply #8 jimbait's post


kalau nak cepat, clean up all the cache and temp files sebelum run anti spyware.
Reply

Use magic Report

Post time 27-12-2006 09:10 AM | Show all posts
Hijack This adalah satu program yang akan analyzes registry computer dan akan bagi lapuran, ia akan detect jika ada dialers spyware, pop-up dan viruses. Sebelum fix apa? guna Hijack this ni, create system Restore point dulu.

Aku cadangkan, Scan guna

Ad-Aware SE Personal and Spybot - Search & Destroy (update dulu)  sebelum guna Hijack this

[ Last edited by  trunks at 9-1-2007 08:34 AM ]
Reply

Use magic Report

Post time 8-1-2007 06:28 PM | Show all posts

Reply #8 jimbait's post

ko duk area USJ/Taipan ke ?
Reply

Use magic Report

Post time 13-1-2007 08:39 PM | Show all posts

Reply #4 jimbait's post

hijackthis..sangat power..aku selalu pakai untuk buang macam2lah anasir jahat kat internet explorer.

O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} (WeeklyExecuter Class) - http://www.liporn.com/install/tload.cab

humm.. ini agak meragukan..
Reply

Use magic Report

Post time 16-1-2007 11:37 AM | Show all posts
to tell u d truth, aku slalu dgr pasal hijackthis nih...
n klau kt forum memane pn, diorg mmg suggest utk ade bende nih..
sng nak tgk registry kt dlm pc..
but d problem is...
aku tk brape paham ape guner dier..
hehe, so, sifu2 sekalian.. tlg explain kt aku yg tk pandei nih

[ Last edited by  bzzts at 20-1-2007 11:51 PM ]
Reply

Use magic Report

Post time 30-1-2007 08:18 AM | Show all posts

aku punya problem ngan ie. Start2 je keluar homepage dalam tulisan cina. dah tu bila aku nak reset balik homepage pergi google tak buleh. dah try guna ad-adware SE personal edition tapi still kuar benda yang sama everytime aku bukak ie aku. hopefully boleh le anda2 yang pakar membantu aku yang miskin hina ni


Logfile of HijackThis v1.99.1
Scan saved at 08:15:21, on 30/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe
C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINNT\system32\realschd.exe
C:\WINNT\system32\internat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\drivers\spoclsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\winnt\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.8757.com/
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe,C:\WINNT\system32\KKlaTool.exe
O1 - Hosts: 60.190.223.106 localhost
O1 - Hosts: 60.190.223.106
www.4199.com
O1 - Hosts: 60.190.223.106 www.9505.com
O1 - Hosts: 60.190.223.106 www.huoche.com.cn
O1 - Hosts: 60.190.223.106 www.lieche.cn
O1 - Hosts: 60.190.223.106 www.piao.com.cn
O1 - Hosts: 60.190.223.106 train.hepost.com
O1 - Hosts: 60.190.223.106
www.huochepiao.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe" -run -n Workstation -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [realschd.exe] C:\WINNT\system32\realschd.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [svcshare] C:\WINNT\system32\drivers\spoclsv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ArcInfoSetupRestart.lnk = C:\Documents and Settings\JASM\Local Settings\Temp\ArcInfoSetupRestart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: GameSetup.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Bingo -
http://download2.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132106475828
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4940/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{028A66F2-CEC1-4290-97A9-ED9A4D7C367F}: NameServer = 10.19.158.2,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{028A66F2-CEC1-4290-97A9-ED9A4D7C367F}: NameServer = 10.19.158.2,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{028A66F2-CEC1-4290-97A9-ED9A4D7C367F}: NameServer = 10.19.158.2,202.188.1.5
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINNT\Downloaded Program Files\mimectl.dll
O18 - Filter: text/html - {09172B1A-D8D9-4810-92ED-626F2F414052} - C:\WINNT\system32\dfssvc.dll
O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe" -run bl -n Workstation -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: Kaspersky Network Agent (klnagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

Reply

Use magic Report

Post time 30-1-2007 09:11 AM | Show all posts
Originally posted by cokkodok at 30-1-2007 08:18 AM
O1 - Hosts: 60.190.223.106 localhost
O1 - Hosts: 60.190.223.106 www.4199.com
O1 - Hosts: 60.190.223.106 www.9505.com
O1 - Hosts: 60.190.223.106 www.huoche.com.cn
O1 - Hosts: 60.190.223.106 www.lieche.cn
O1 - Hosts: 60.190.223.106 www.piao.com.cn
O1 - Hosts: 60.190.223.106 train.hepost.com
O1 - Hosts: 60.190.223.106 www.huochepiao.com ...



your system has been infected by kklatool malware.

check your hosts file, probably under C:\WINNT\system32\drivers\etc folder. delete all the above entries and leave only:

127.0.0.1       localhost

don't worry about any lines started with #. i see that you have spybot installed. update its database and run it against the malware. if not, download it and install. let us know how it goes.
Reply

Use magic Report


ADVERTISEMENT


Post time 30-1-2007 12:33 PM | Show all posts
TQ.

aku try dulu..result nye later on i bagitau
Reply

Use magic Report

Post time 30-1-2007 03:02 PM | Show all posts
homepage tu still exist. Dah try utk delete tapi keep on existing. camner eh? still takleh reset pegi google la.
Reply

Use magic Report

Post time 30-1-2007 03:15 PM | Show all posts

Reply #18 cokkodok's post


search for KKlaTool.exe and rename it to KKlaTool.exe.bkp. reboot and see if it work. if it does, delete KKlaTool.exe permanently. check if your hosts file is clean.
Reply

Use magic Report

Post time 30-1-2007 03:21 PM | Show all posts

kalau tak jalan juga, cuba yang ni:

klik sini: Trojan.ADIRSS Removal Procedure
Reply

Use magic Report

12Next
Return to list New
You have to log in before you can reply Login | Register

Points Rules

 

ADVERTISEMENT


Forum Hot Topic
...BYE 2024, HELLO 2025...
seribulan...BYE 2024, HELLO 2025...
Views : 54404 Replies : 3
...AZAM TAHUN 2025...
seribulan...AZAM TAHUN 2025...
Views : 54459 Replies : 20
Konsert Siti-Judika bak 'hadir muktamar PAS, kerusi takde nombor' mutu penganjuran hauk!
maklukpenggodaKonsert Siti-Judika bak 'hadir mukta
Views : 4941 Replies : 26
HILANG kawan, sakit ke?
fahdramliHILANG kawan, sakit ke?
Views : 45949 Replies : 90
Nek Ta tak bayar hutang MARA hampir RM1 juta!
PrickfordNek Ta tak bayar hutang MARA hampir RM1
Views : 32531 Replies : 638
Aku Bukan Ustazah cetus fenomena, paling popular 2024
maklukpenggodaAku Bukan Ustazah cetus fenomena, paling
Views : 8347 Replies : 2
Hafidz Roshdi vs. Ngai
maklukpenggodaHafidz Roshdi vs. Ngai
Views : 282418 Replies : 8326
Harga sawit lebih RM1,000 satu tan, peneroka tidak rambang mata
AbahmungHarga sawit lebih RM1,000 satu tan, pene
Views : 54541 Replies : 11
Sindiket 'Counter Setting' masih beroperasi di KLIA, dakwa sumber
AbahmungSindiket 'Counter Setting' masih
Views : 55256 Replies : 4
madu gula tok matahari
aaanf14madu gula tok matahari
Views : 98590 Replies : 1015

 

ADVERTISEMENT


 


ADVERTISEMENT
Follow Us

ADVERTISEMENT


Mobile|Archiver|Mobile*default|About Us|CariDotMy

16-12-2024 02:38 AM GMT+8 , Processed in 0.416810 second(s), 32 queries , Gzip On, Redis On.

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

Quick Reply To Top Return to the list