COMPUTER STUFF
Home > LOEKELOE > COMPUTER STUFF > Kaskus Virus Klinik - Part 2
Total Views: 458663
Page 112 of 500 | ‹ First  < 107 108 109 110 111 112 113 114 115 116 117 >  Last ›

the_urban - 02/10/2010 06:13 PM
#2221

Quote:
Original Posted By Tom1Su
Kalau virtual memorynya masih aktif maka data di memory RAMnya disimpan sebagian di HDD, agar RAMnya tetap lowong. Memang OSnya sih stabil kinerjanya tapi jadi rada lelet sebab, baca memory RAM lebih cepat dari baca memory di HDD. Karena jumlahnya gak statis maka file pagefiles.sys-nya pun berubah-ubah terus (dinamis).
Spoiler for pagefiles.sys

Semoga penjelasannya cukup dimengerti gan

Ciao..........................


eh udah gw cb nih gan.. cm kok gak ketemu yah file pagefiles.sys-nya
ah iya jg, laptop gw ini suka mati sendiri klo fannya muter kenceng krn panas, dan barusan gw cek pas mati gara2 begitu spacenya yg dari sekian menjadi berkurang
Tom1Su - 02/10/2010 06:30 PM
#2222

Quote:
Original Posted By the_urban
eh udah gw cb nih gan.. cm kok gak ketemu yah file pagefiles.sys-nya
ah iya jg, laptop gw ini suka mati sendiri klo fannya muter kenceng krn panas, dan barusan gw cek pas mati gara2 begitu spacenya yg dari sekian menjadi berkurang

Coba uncheck dulu "Hide protected operating system files" di Folder Options > View. Soalnya attribut filenya Hidden.
Coba lihat temperatur CPUnya pake SpeedFan.
Jangan terlalu sering dibiarkan overheat laptopnya, sayang tuh barang mahal.
Kalau sudah rada berumur dan sering mati spt itu, sebaiknya di bersihkan saluran ventilasi fan-nya, tentu saja serahkan sama yg sudah pengalaman. Dan kalau belum pernah agan bersihkan, pasti agan akan kaget kalau lihat sendiri daleman laptopnya.
the_urban - 02/10/2010 06:46 PM
#2223

Quote:
Original Posted By Tom1Su
Coba uncheck dulu "Hide protected operating system files" di Folder Options > View. Soalnya attribut filenya Hidden.
Coba lihat temperatur CPUnya pake SpeedFan.
Jangan terlalu sering dibiarkan overheat laptopnya, sayang tuh barang mahal.
Kalau sudah rada berumur dan sering mati spt itu, sebaiknya di bersihkan saluran ventilasi fan-nya, tentu saja serahkan sama yg sudah pengalaman. Dan kalau belum pernah agan bersihkan, pasti agan akan kaget kalau lihat sendiri daleman laptopnya.


ah iya ada, sebesar 1.5 gb pagefiles-nya
iya emang udh berumur sih.. nanti akan gw cb dibersihin
thanks berat bro
Hanya_1 - 02/10/2010 07:47 PM
#2224

Gan KOmp teman ane sepertinya kena virus Xiabu.exe ada rekomendasi antivirusnya gan?
Tom1Su - 02/10/2010 07:58 PM
#2225

Quote:
Original Posted By Hanya_1
Gan KOmp teman ane sepertinya kena virus Xiabu.exe ada rekomendasi antivirusnya gan?

Xiabu ini termasuk kategori Malware gan, coba scan pake Malwarebytes' Anti-Malware
Hanya_1 - 02/10/2010 08:03 PM
#2226

Quote:
Original Posted By Tom1Su
Xiabu ini termasuk kategori Malware gan, coba scan pake Malwarebytes' Anti-Malware


Oke Thanks saya coba dulu sebentar saya kabarin gan

sedikit info sepertinya TKM nya uda ga bisa di donlod dari link di depan
Hanya_1 - 02/10/2010 08:23 PM
#2227

hmmm sudah saya scan banyak yg kena .. tapi Xiabu ini ga kena
Ada yg punya TKM ga gan ? minta link nya donk

Laptopnya EmachinesD720 di instal Xp

tiap kali start windows ada notifikasi [code]
savedump.exe-application error
The instruction at "0x007202f5" referenced memory at " 0x007202f5" . The memory could not be "written"

Click OK to terminate the program
Click Cancel To debug the program [/code]

Abis itu masuk desktop sebentar trus blue screen restart
Hanya_1 - 02/10/2010 08:45 PM
#2228

Mohon di cek Log HJT ini gan
mohon sarannya untuk AV
Spoiler for HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:03 PM, on 10/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21256)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Admin\xiabu.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\os5b4qmnm.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PragmaDigm\ProcessKiller\prckiller.exe
[COLOR="Red"]C:\DOCUME~1\Admin\LOCALS~1\Temp\kmxpyk.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\jtixx.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\w862e9.exe[/COLOR]
C:\Documents and Settings\Admin\My Documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://id.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://id.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://id.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xiabu] C:\Documents and Settings\Admin\xiabu.exe
04 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Shortcut to autorun.exe.lnk = D:\autorun.exe
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{921D761B-75EC-411F-8238-20F13422C806}: NameServer = 202.134.1.10,202.134.0.155
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Windows Accounts Driver (WindowsRemote) - Unknown owner - C:\WINDOWS\system32\os5b4qmnm.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7903 bytes

saya uda coba menandai beberapa yg saya curigai tapi ga bisa di hapus gan karena ga ketemu induk nya dan blom bisa dunlud TKM nih ..
Mohon bantuan para seniorr...
rizkidfr3ak - 02/10/2010 09:42 PM
#2229

gimana ya gan ngehapus virus autorun ama recyle ??
setiap habis di delet muncul lagi gan..
Tom1Su - 02/10/2010 09:44 PM
#2230

Quote:
Original Posted By Hanya_1
Mohon di cek Log HJT ini gan
mohon sarannya untuk AV
saya uda coba menandai beberapa yg saya curigai tapi ga bisa di hapus gan karena ga ketemu induk nya dan blom bisa dunlud TKM nih ..
Mohon bantuan para seniorr...

Jalankan lagi HijackThis-nya lalu beri centang di bagian berikut ini:

[CODE]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O4 - HKCU\..\Run: [xiabu] C:\Documents and Settings\Admin\xiabu.exe
O4 - Global Startup: Shortcut to autorun.exe.lnk = D:\autorun.exe
O23 - Service: Windows Accounts Driver (WindowsRemote) - Unknown owner - C:\WINDOWS\system32\os5b4qmnm.exe[/CODE]

Setelah dicentang, klik tombol "Fix checked" lalu restart PCnya.
Kemudian setelah masuk windows, delete file berikut
[CODE]C:\Documents and Settings\Admin\xiabu.exe
D:\autorun.exe
C:\WINDOWS\system32\os5b4qmnm.exe[/CODE]
Bersihkan juga file2 temp-nya pake CCleaner.
Biar lebih yakin bisa di full scan lagi PC-nya.

Good luck
Hanya_1 - 02/10/2010 09:59 PM
#2231

Quote:
Original Posted By Tom1Su
Jalankan lagi HijackThis-nya lalu beri centang di bagian berikut ini:

[CODE]O4 - HKCU\..\Run: [xiabu] C:\Documents and Settings\Admin\xiabu.exe
O4 - Global Startup: Shortcut to autorun.exe.lnk = D:\autorun.exe
O23 - Service: Windows Accounts Driver (WindowsRemote) - Unknown owner - C:\WINDOWS\system32\os5b4qmnm.exe[/CODE]

Setelah dicentang, klik tombol "Fix checked" lalu restart PCnya.
Kemudian setelah masuk windows, delete file berikut
[CODE]C:\Documents and Settings\Admin\xiabu.exe
D:\autorun.exe
C:\WINDOWS\system32\os5b4qmnm.exe[/CODE]
Bersihkan juga file2 temp-nya pake CCleaner.
Biar lebih yakin bisa di full scan lagi PC-nya.

Good luck


Bro kalau mp notify.exe
dengan error sama seperti yg di atas knapa yah
apakah masalah pada windows nya?
kena bluskrin mulu nih skrg
Tom1Su - 02/10/2010 10:05 PM
#2232

Quote:
Original Posted By Hanya_1
Bro kalau mp notify.exe
dengan error sama seperti yg di atas knapa yah
apakah masalah pada windows nya?
kena bluskrin mulu nih skrg

Coba ikuti dulu tutor di atas, jalankan lagi hijackthis-nya.
Maaf sudah di update, ada yg terlewat.
Hanya_1 - 02/10/2010 10:11 PM
#2233

Quote:
Original Posted By Tom1Su
Coba ikuti dulu tutor di atas, jalankan lagi hijackthis-nya.
Maaf sudah di update, ada yg terlewat.


:toast Oke gan

Untuk xiaku tadi uda berhasil saya hapus dengan TKM.. jadi sewaktu saya scan dgn hjt uda ga ada .. file VB nya juga uda saya hapus dari Folder.. skrg lagi coba jalankan sesuai yg agan kasih tau
Good.Friend - 02/10/2010 11:40 PM
#2234

gan ane butuh pertolongan nih urgent banget
pc ane kan pake anti virus smadav
nah pas ane nyolokin hape ane pake kabel data , tiba" ada warning virus , yaudah ane fix all , eh tapi pas ane buka folder mmc hape ane malah kayak gini




pas ane buka folder mmc camdig ane lewat pc juga kayak gitu gan
nyembuhinnya gimana gan? ane baca page one tapi ga ngerti masalah yang sekarang ane hadapin tuh virus macam apa , ga ngerti apa" masalah virus
tolong ya gan , makasih
agungtse - 03/10/2010 12:31 AM
#2235

Quote:
Original Posted By Good.Friend
gan ane butuh pertolongan nih urgent banget
pc ane kan pake anti virus smadav
nah pas ane nyolokin hape ane pake kabel data , tiba" ada warning virus , yaudah ane fix all , eh tapi pas ane buka folder mmc hape ane malah kayak gini




pas ane buka folder mmc camdig ane lewat pc juga kayak gitu gan
nyembuhinnya gimana gan? ane baca page one tapi ga ngerti masalah yang sekarang ane hadapin tuh virus macam apa , ga ngerti apa" masalah virus
tolong ya gan , makasih


fd ane juga gitu gan
ane udah scan pake kaspersky udah di scan jg
folder aslinya ga ada semua, semua brubah jadi shortcut
gimana cara ngatasinnya?
pliiis help
dixx-jr - 03/10/2010 01:33 AM
#2236

Quote:
Original Posted By Tom1Su
Tinggal pilih/klik drive eksternalnya, setelah itu klik 'OK'. Semua file/folder yg ada di eksternal HDD langsung di reset attributnya.
Spoiler for Screenshot...

Tapi kalau mau pake yg lainnya, silahkan googling sendiri ya, maaf...


thx gan, solved...

tp HE nya ttp ga bs autorun, n klo di dobel klik dia msh minta duaAssoy.scr nya gan.. klo di explore sih bs gan?? apa msh kurang bersih ya gan??
Tom1Su - 03/10/2010 01:45 AM
#2237

Quote:
Original Posted By dixx-jr
thx gan, solved...

tp HE nya ttp ga bs autorun, n klo di dobel klik dia msh minta duaAssoy.scr nya gan.. klo di explore sih bs gan?? apa msh kurang bersih ya gan??

Cari dan delete file yg namanya AUTORUN.INF di HD eksternalnya.
enjelpuspa - 03/10/2010 03:12 AM
#2238

kalo smadav bagus gak gan?

masa di sekolah ane PCnya pake smadav semua
elecktro24 - 03/10/2010 03:39 AM
#2239
ask
gan drive C lepie ane, kok tyap dnyalain size filenya nambah terus y
bbrapa hri yg lalu 15gb, skrg jd 22,5gb
apa sesepuh ada yg tw knapa n dmn permasalahannya?

Spoiler for hijackhits

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:36:08 AM, on 10/3/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\System32\nvSCPAPISvr.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\ACEngSvr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\presentationsettings.exe
C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
E:\Software Installer\(Portable Software)\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp

elecktro24 - 03/10/2010 03:42 AM
#2240

Spoiler for sambungan hijackhits ane

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B39FED9-2DAB-4899-A119-080E03D865C3}: NameServer = 202.155.0.10 202.155.0.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - ASUSTeK Computer Inc. - C:\Windows\system32\FBAgent.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11943 bytes


Terimakasih yang sangat bwat agan sesepuh yg bisa ngasih solusi n pencerahannya..
Page 112 of 500 | ‹ First  < 107 108 109 110 111 112 113 114 115 116 117 >  Last ›
Home > LOEKELOE > COMPUTER STUFF > Kaskus Virus Klinik - Part 2