CCPB - Shareware & Freeware
Home > LOEKELOE > COMPUTER STUFF > CCPB - Shareware & Freeware > CCPB Virus Klinik - Virus Problem & Antivirus
Total Views: 133320 Share : Facebook ShareFacebook Twitter ShareTwitter Google+ ShareGoogle+
Page 3 of 218 |  < 1 2 3 4 5 6 7 8 >  Last ›

...isa... - 22/05/2011 10:27 PM
#41

Quote:
Original Posted By blacknvc
hapus manual ya gan ? soalnya si kapurbarus cuman bisa block aja .gag bisa ngehapus exe nya ?


iya gan... hapus manual aja. Di PC yang masih bersih D
atau kalo takut.. bisa lewat MiniXP o
harikk - 22/05/2011 11:05 PM
#42

Quote:
Original Posted By b034n4
dari depan gan \(


Ngga tau harus ngomong apa gan.. :sorry

Quote:
Original Posted By yeah...
Gan, ane kena virus svchost.exe keliatannya nih gan.
Jadi skrg, tiap ane konek ke internet, sering timeout ga jelas gitu, jadi risih pas download gan. Mohon pencerahannya ya gan gimana cara ngatasin ini.

Logfile of Trend Micro HijackThis v2.0.2

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\program files\microsoft\watermark.exe


think:
Post no 18
Post no 15

Quote:
Original Posted By PostJunker
ada cara ngatasin virus sality ga? soalnya yg di link klinik virus yg sebelumnya mati.
sality di komp ku varian .aa , susah banget basmi nya muncul2 terus \(
boleh minta salitykiller kaspersky yg versi baru? soalnya di blok koneksi ke kaspersky.com nya jd gabisa, mungkin bisa download dr mediafire gt\(


Adanya di sendspace gan \) Liat disini.

Quote:
Original Posted By tigoragustinuss

Perbedaan link dari:

1. kask.us: http://kask.us/3260347 sekitar 3 menit
2. Insert link dari kaskus: dimari .... sekitar 1 menit

Jadi keputusannya adalah bagi saya pakailah Insert link dari kaskus daripada url kask.us....


Tengkiu infonya gan.. shakehand
Soalnye belom pernah ngetes shortener nya kaskus \)
afifdahnoe - 23/05/2011 12:39 AM
#43

Gan komputer ane kena virus kan ane abis download file yang extensinya Rar Truz Ane extract setelah ane extract Eh komputer ane malah BIRU" SEMUA LAYARNYA + MOUSENYA GERAK" SENIDIR truz ane restart balik seperti semula And tara data D ane / file D ane minta di format ulang + ada file baru yg extensi nya .inf + kode" kaya 01 01 01000 101 010 truz sama kode" dos gitu gan..!! tpi filenya dah ane apus pke Shift Dell ..!! nah yg ane tanya bisa gk gan Data" yg di D ane di balikin lagi Tanpa format.. !! ilovekaskus ilovekaskus ilovekaskus
siboy198 - 23/05/2011 12:44 AM
#44

gan, tolongin ane dong,, laptop ane kayanya kena virus nih,, soalnya kalau ngenet jadi luambaaat, terus kadang cannot open page mulu di firefox nya..

kira2 virus apa yang yang mungkin menclok di komputer ane
midnightkid - 23/05/2011 09:31 AM
#45

saya ingin bergabung, apakah diijinkan?
matabelo:
yeyepp - 23/05/2011 01:12 PM
#46

gan tolong artiin hijacktiiiss dari kompi ane kiss

Spoiler for log hijack
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:16 PM, on 5/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINXP\Explorer.EXE
C:\WINXP\RTHDCPL.EXE
C:\WINXP\system32\igfxtray.exe
C:\WINXP\system32\hkcmd.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Smadav\SM?RTP.exe
C:\Program Files\Join Air\UIExec.exe
C:\Program Files\IM Magician\Vicamon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Venus Mobile\PCSService_C.exe
C:\Program Files\Join Air\AssistantServices.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Venus Mobile\Venus Mobile.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINXP\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINXP\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\Join Air\UIExec.exe"
O4 - HKLM\..\Run: [IMMON] "C:\Program Files\IM Magician\Vicamon.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{64BF2334-91F5-4BAF-97FD-CD5180B08869}: NameServer = 8.8.8.8 8.8.4.4
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: PCSService_C - Unknown owner - C:\Program Files\Venus Mobile\PCSService_C.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Join Air\AssistantServices.exe

--
End of file - 5455 bytes
vsepr29 - 23/05/2011 02:26 PM
#47

Gan tolong dibantu..
komputer ane aneh ni..tiap ada flashdisk masuk,trus FD nya di buka,slalu ada file namanya myporno.avi..ane dikira punya bok*p deh..padahal ga ada..ini kenapa ya?
d scan smadav ga ada apa2..

Spoiler for log hijack
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:28:39, on 23/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PROLiNK HSPA\AssistantServices.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PROLiNK HSPA\UIExec.exe
C:\Program Files\Smadav\SM?RTP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.freefind.com/find.html?id=16330618&m=0&p=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.freefind.com/find.html?id=16330618&m=0&p=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.freefind.com/find.html?id=16330618
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.freefind.com/find.html?id=16330618
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.freefind.com/find.html?id=16330618
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.freefind.com/find.html?id=16330618&w=0&p=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.freefind.com/find.html?id=16330618&m=0&p=0
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [UIExec] C:\Program Files\PROLiNK HSPA\UIExec.exe
O4 - HKLM\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe
O4 - HKUS\S-1-5-18\..\Run: [GoAway] rundll.exe user.exe, EXITWINDOWS (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documents and Settings\Mira\tpwmwe.exe \u (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GoAway] rundll.exe user.exe, EXITWINDOWS (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E87C1FD3-B84B-4EB3-98C8-FD8CD37911C5}: NameServer = 202.134.1.10,202.134.1.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\DVDXST~1\DVDXUT~1.0\DVDGhost\DVDGHO~1.DLL
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\PROLiNK HSPA\AssistantServices.exe
O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5705 bytes


makasih gan sblmnya..\)
midun_trk - 23/05/2011 04:44 PM
#48

Gan, semua file fodrmat jpeg dan video di flashdisk ane berubah menjadi shoutcut dengan ukuran 2Kb, tetapi sudah ane scan dengan antivir, smadav tetap ga nemu , di laptop sistem C: dan D: tidak terdapat hal serupa di flashdisk ane,jadi intinya flashdisk ane kenapa, dan gimana mengembalikan data2 ane itu, ATTRIB di CMD juga g muncul file terhidden gan \(
Tom1Su - 23/05/2011 06:36 PM
#49

Quote:
Original Posted By yeyepp
gan tolong artiin hijacktiiiss dari kompi ane kiss

Spoiler for log hijack
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:16 PM, on 5/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:

End of file - 5455 bytes

Walaupun folder windowsnya, rada" nyeleneh. Tapi kalau dilihat dari hasil log HJT-nya, gak terdeteksi adanya proses loading file dan registry yg aneh/membahayakan gan. Semua masih termasuk kategori aman.
==================================================


Quote:
Original Posted By vsepr29
Gan tolong dibantu..
komputer ane aneh ni..tiap ada flashdisk masuk,trus FD nya di buka,slalu ada file namanya myporno.avi..ane dikira punya bok*p deh..padahal ga ada..ini kenapa ya?
d scan smadav ga ada apa2..

Spoiler for log hijack
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:28:39, on 23/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:

--
End of file - 5705 bytes


makasih gan sblmnya..\)

Dilihat dari log HJT-nya, memang ada proses di PC-nya yg perlu dicurigai sebagai ulahnya trojan gan.
Spoiler for Suspected
O4 - HKUS\S-1-5-18\..\Run: [GoAway] rundll.exe user.exe, EXITWINDOWS (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documents and Settings\Mira\tpwmwe.exe \u (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GoAway] rundll.exe user.exe, EXITWINDOWS (User 'Default user')


Untuk meyakinkan, coba install scanner yg ringan2 dulu, pake Malwarebytes' Anti-Malware atau SUPERAntiSpyware. Terserah mau pilih yg mana saja. Selesai diinstall & updating database, langsung lakukan proses scanning.
kasakkusuk36 - 23/05/2011 07:01 PM
#50

Quote:
Original Posted By vsepr29
Gan tolong dibantu..
komputer ane aneh ni..tiap ada flashdisk masuk,trus FD nya di buka,slalu ada file namanya myporno.avi..ane dikira punya bok*p deh..padahal ga ada..ini kenapa ya?
d scan smadav ga ada apa2..

Spoiler for log hijack
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:28:39, on 23/05/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PROLiNK HSPA\AssistantServices.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PROLiNK HSPA\UIExec.exe
C:\Program Files\Smadav\SM?RTP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.freefind.com/find.html?id=16330618&m=0&p=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.freefind.com/find.html?id=16330618&m=0&p=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.freefind.com/find.html?id=16330618
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.freefind.com/find.html?id=16330618
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.freefind.com/find.html?id=16330618
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.freefind.com/find.html?id=16330618&w=0&p=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.freefind.com/find.html?id=16330618&m=0&p=0
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [UIExec] C:\Program Files\PROLiNK HSPA\UIExec.exe
O4 - HKLM\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe
O4 - HKUS\S-1-5-18\..\Run: [GoAway] rundll.exe user.exe, EXITWINDOWS (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documents and Settings\Mira\tpwmwe.exe \u (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GoAway] rundll.exe user.exe, EXITWINDOWS (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E87C1FD3-B84B-4EB3-98C8-FD8CD37911C5}: NameServer = 202.134.1.10,202.134.1.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\DVDXST~1\DVDXUT~1.0\DVDGhost\DVDGHO~1.DLL
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\PROLiNK HSPA\AssistantServices.exe
O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5705 bytes


makasih gan sblmnya..\)



coba apus ini gan:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.freefind.com/find.html?id=16330618&m=0&p=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.freefind.com/find.html?id=16330618&m=0&p=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.freefind.com/find.html?id=16330618
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.freefind.com/find.html?id=16330618
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.freefind.com/find.html?id=16330618
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.freefind.com/find.html?id=16330618&w=0&p=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.freefind.com/find.html?id=16330618&m=0&p=0
kasakkusuk36 - 23/05/2011 07:03 PM
#51

Quote:
Original Posted By midun_trk
Gan, semua file fodrmat jpeg dan video di flashdisk ane berubah menjadi shoutcut dengan ukuran 2Kb, tetapi sudah ane scan dengan antivir, smadav tetap ga nemu , di laptop sistem C: dan D: tidak terdapat hal serupa di flashdisk ane,jadi intinya flashdisk ane kenapa, dan gimana mengembalikan data2 ane itu, ATTRIB di CMD juga g muncul file terhidden gan \(


sorry gan, gak bisa nerawang kalo gak ada datanya.
tapi bisa coba scan dulu pake ini http://www.eset.com/us/online-scanner
vsepr29 - 23/05/2011 07:09 PM
#52

Quote:
Original Posted By Tom1Su



Dilihat dari log HJT-nya, memang ada proses di PC-nya yg perlu dicurigai sebagai ulahnya trojan gan.
Spoiler for Suspected
O4 - HKUS\S-1-5-18\..\Run: [GoAway] rundll.exe user.exe, EXITWINDOWS (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documents and Settings\Mira\tpwmwe.exe \u (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GoAway] rundll.exe user.exe, EXITWINDOWS (User 'Default user')


Untuk meyakinkan, coba install scanner yg ringan2 dulu, pake Malwarebytes' Anti-Malware atau SUPERAntiSpyware. Terserah mau pilih yg mana saja. Selesai diinstall & updating database, langsung lakukan proses scanning.
ane udah install yg malware nih..n udah d scan sampe brsih juga..apa prlu scan lagi?
thx jawabannya..\)
Quote:
Original Posted By kasakkusuk36
coba apus ini gan:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.freefind.com/find.html?id=16330618&m=0&p=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.freefind.com/find.html?id=16330618&m=0&p=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.freefind.com/find.html?id=16330618
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.freefind.com/find.html?id=16330618
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.freefind.com/find.html?id=16330618
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.freefind.com/find.html?id=16330618&w=0&p=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.freefind.com/find.html?id=16330618&m=0&p=0
sorii..cara hapusnya gmana ya gan?thx jawabannya..D
kasakkusuk36 - 23/05/2011 07:11 PM
#53

Quote:
Original Posted By vsepr29
ane udah install yg malware nih..n udah d scan sampe brsih juga..apa prlu scan lagi?
thx jawabannya..\)
sorii..cara hapusnya gmana ya gan?thx jawabannya..D



sorry gan, yg ini jangan diapus:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

kalo ane ngapus pake regedit \) \) hihihihihi
vsepr29 - 23/05/2011 07:15 PM
#54

Quote:
Original Posted By kasakkusuk36
sorry gan, yg ini jangan diapus:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

kalo ane ngapus pake regedit \) \) hihihihihi


kalo buka regedit ane ud bisa gan..
slanjutnya gmana?hammer
hehe..D
Bhengals - 23/05/2011 07:48 PM
#55

Misi agan2...
Ane cuma mau minta tolong...
Komputer ane kena virus nama na kalo ga salah yumi.exe, tapi di smadav kena na yumi.exe, hurufnyaberantakan.pif ama autorun.inf (tiap drive). Gejala na isi drive hilang. Buat sementara ane kasih pict gejala na dulu (mungkin dengan pick na aja udah ada yang tau), log hj na nyusul (soal na agak sekarang agak eror buat boting >- jadi males)...

Spoiler for Virus 1 : kalo kurang jelas di klik ya
CCPB Virus Klinik - Virus Problem & Antivirus

Spoiler for Virus 2 : kalo kurang jelas di klik ya
CCPB Virus Klinik - Virus Problem & Antivirus

Spoiler for Virus 3 : ini cmd na ane copy ke word (ga tau cara ambil gambar cmd p )
CCPB Virus Klinik - Virus Problem & Antivirus


Maaf kalo berantakan banget, ane lagi suntuk banget si...
Sebelum na makasih... D D D
...isa... - 23/05/2011 07:58 PM
#56

Quote:
Original Posted By Bhengals
Misi agan2...
Ane cuma mau minta tolong...
Komputer ane kena virus nama na kalo ga salah yumi.exe, tapi di smadav kena na yumi.exe, hurufnyaberantakan.pif ama autorun.inf (tiap drive). Gejala na isi drive hilang. Buat sementara ane kasih pict gejala na dulu (mungkin dengan pick na aja udah ada yang tau), log hj na nyusul (soal na agak sekarang agak eror buat boting >- jadi males)...

Spoiler for Virus 1 : kalo kurang jelas di klik ya
CCPB Virus Klinik - Virus Problem & Antivirus

Spoiler for Virus 2 : kalo kurang jelas di klik ya
CCPB Virus Klinik - Virus Problem & Antivirus

Spoiler for Virus 3 : ini cmd na ane copy ke word (ga tau cara ambil gambar cmd p )
CCPB Virus Klinik - Virus Problem & Antivirus


Maaf kalo berantakan banget, ane lagi suntuk banget si...
Sebelum na makasih... D D D


coba di >tools===folder >option==views...

check di show hidden file & Uncheck di hidden operating system files..
kelihatan ga gan?

kalo masih ada cara nampilinnya..
masuk CMD

Ketik drive tujuan misal E: Enter
trus kettik attrib -r -a -s -h /s /d Enter lagi..
nunggu beberapa saat.. Insya Allah kembali..

Kalo hidden file masih ga keliatan, post lagi gan... Ane bantu recovery nya o
harikk - 23/05/2011 08:02 PM
#57

Quote:
Original Posted By kasakkusuk36
coba apus ini gan:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.freefind.com/find.html?id=16330618&m=0&p=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.freefind.com/find.html?id=16330618&m=0&p=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.freefind.com/find.html?id=16330618
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.freefind.com/find.html?id=16330618
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.freefind.com/find.html?id=16330618
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.freefind.com/find.html?id=16330618&w=0&p=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.freefind.com/find.html?id=16330618&m=0&p=0


Quote:
Original Posted By vsepr29
kalo buka regedit ane ud bisa gan..
slanjutnya gmana?hammer
hehe..D


Sori ane koreksi dikit. Istilah nya bukan dihapus tapi baris yg ada URLnya itu dikosongin. Kalo lewat regedit berarti hapus valuenya dan bukan key nya.

Caranya bisa juga pake HijackThis; liat disini HijackThis Tutorial
vsepr29 - 23/05/2011 08:09 PM
#58

Quote:
Original Posted By harikk
Sori ane koreksi dikit. Istilah nya bukan dihapus tapi baris yg ada URLnya itu dikosongin. Kalo lewat regedit berarti hapus valuenya dan bukan key nya.

Caranya bisa juga pake HijackThis; liat disini HijackThis Tutorial


Oke gan..langsung di coba..D

msh g ngrti gan..hammer
ane ud nyoba..apa gini aja yah,pake hijack,trus pilih file yg mau di kosongi,trus klik fix?
harikk - 23/05/2011 08:29 PM
#59

Quote:
Original Posted By vsepr29
Oke gan..langsung di coba..D

msh g ngrti gan..
ane ud nyoba..apa gini aja yah,pake hijack,trus pilih file yg mau di kosongi,trus klik fix?


Yap. Agan bener thumbup:
BTW, tolong diperiksa lagi apa masalah agan ada kemiripan dengan laporan Symantec yang ini
Karena virus ini juga bikin link myporno.avi

Quote:
Original Posted By Bhengals
Misi agan2...
Ane cuma mau minta tolong...
Komputer ane kena virus nama na kalo ga salah yumi.exe, tapi di smadav kena na yumi.exe, hurufnyaberantakan.pif ama autorun.inf (tiap drive). Gejala na isi drive hilang.



Kalo agan mau masalahnya jadi terang benderang; sebaiknya autorun.inf nya dulu yang dibuka di command prompt.
Terus pake menu type/ edit dan diliat isinya merujuk ke file apa (sumber penularannya) \)
Kemudian coba temukan file tsb dan coba upload ke Virustotal..

Quote:
Original Posted By siboy198
gan, tolongin ane dong,, laptop ane kayanya kena virus nih,, soalnya kalau ngenet jadi luambaaat, terus kadang cannot open page mulu di firefox nya..


Quote:
Original Posted By midun_trk
Gan, semua file fodrmat jpeg dan video di flashdisk ane berubah menjadi shoutcut dengan ukuran 2Kb, tetapi sudah ane scan dengan antivir, smadav tetap ga nemu , di laptop sistem C: dan D: tidak terdapat hal serupa di flashdisk ane,jadi intinya flashdisk ane kenapa, dan gimana mengembalikan data2 ane itu, ATTRIB di CMD juga g muncul file terhidden gan \(


Tolong HijackThis log nya gan \)
Atau kalo mau menyelesaikan sendiri; coba dulu Security Task Manager >-- Windows Task Manager yang telah disempurnakan ;)
Aplikasinya bisa langsung kirim file2 yang mencurigakan ke Virustotal..
vsepr29 - 23/05/2011 09:29 PM
#60

Quote:
Original Posted By harikk
Yap. Agan bener thumbup:
BTW, tolong diperiksa lagi apa masalah agan ada kemiripan dengan laporan Symantec yang ini
Karena virus ini juga bikin link myporno.avi





Wah..ane malah g ngrti baca laporannya gan..
sblmya prnah ada masalah juga sama windows generic host process..tp skrg udah beres..tinggal yang myporno aja yang g beres..
Page 3 of 218 |  < 1 2 3 4 5 6 7 8 >  Last ›
Home > LOEKELOE > COMPUTER STUFF > CCPB - Shareware & Freeware > CCPB Virus Klinik - Virus Problem & Antivirus