PDA

View Full Version : Official General Discussion About Virus and Antivirus



Pages : 1 [2] 3

venantius
09-05-2011, 10:23 PM
Penyebab virus itu macem2:


Orang tersebut benci terhadap suatu produk software tertentu
Orang tersebut benci terhadap orang lain
Orang tersebut benci terhadap masa depannya sendiri
Orang tersebut memang iseng


Media yang dipakai juga macem2:


Lewat internet (software bajakan)
Lewat CD/DVD, USB, External HDD


Jadi hati2lah anda

Dan penyebab utamanya, karena user tidak peduli dengan kemanan sistemnya.

Mungkin virus maker bisa benci terhadap suatu produk software, bisa benci terhadap pihak tertentu, bisa karena ingin pamor/iseng. Tetapi jika targetnya peduli dengan sistem kemanan dan sama sekali tidak memberikan kesempatan untuk pihak lain mennysusupi sistem yang dimilikinya, lalu apa daya pihak lain yg ingin berbuat jahat?

Jars27
12-05-2011, 12:00 PM
saya ikut nimbrung ya...


Dan penyebab utamanya, karena user tidak peduli dengan kemanan sistemnya.

Mungkin virus maker bisa benci terhadap suatu produk software, bisa benci terhadap pihak tertentu, bisa karena ingin pamor/iseng. Tetapi jika targetnya peduli dengan sistem kemanan dan sama sekali tidak memberikan kesempatan untuk pihak lain mennysusupi sistem yang dimilikinya, lalu apa daya pihak lain yg ingin berbuat jahat?

Tapi bagaimana dengan virus yang baru dibuat... memang sih kalau cepat atau lambat pasti ada Antivirus yang bisa menangkalnya.. tapi selama tahap awal penyebaran pasti akan ada kerugian yang dialami korban. contoh, coba liat kerugian yang disebabkan virus conficker

spinx04
12-05-2011, 01:09 PM
saya ikut nimbrung ya...

Tapi bagaimana dengan virus yang baru dibuat... memang sih kalau cepat atau lambat pasti ada Antivirus yang bisa menangkalnya.. tapi selama tahap awal penyebaran pasti akan ada kerugian yang dialami korban. contoh, coba liat kerugian yang disebabkan virus confickerketahui cara kerja virus dan celah2 yang sering digunakannya, lalu baca artikel2 tentang cara antisipasi hingga penanganannya dan ambil/pahami logika metodenya. dengan itu mudah2an kita bisa mengantisipasi terkena virus hingga 90%, selebihnya baru percayakan sama antivirus :unyil:

kecebongoreng
12-05-2011, 02:56 PM
ketahui cara kerja virus dan celah2 yang sering digunakannya, lalu baca artikel2 tentang cara antisipasi hingga penanganannya dan ambil/pahami logika metodenya. dengan itu mudah2an kita bisa mengantisipasi terkena virus hingga 90%, selebihnya baru percayakan sama antivirus :unyil:Bikinkan daftar attack vector virus deh:hihi:
http://en.wikipedia.org/wiki/Computer_virus#Vectors_and_hosts

kecebongoreng
18-05-2011, 06:50 AM
http://www.chip.co.id/covers/chip/cover_chip_05_2011.png:shock:

enthusiast
02-06-2011, 07:38 PM
om..
req dong ramnit killer..
soalnya kmaren ane pake pcmav khusus buat ramnit kaga mempan ya? jadi bingung sndiri?

notox
05-06-2011, 10:32 AM
om..
req dong ramnit killer..
soalnya kmaren ane pake pcmav khusus buat ramnit kaga mempan ya? jadi bingung sndiri?

Untuk hapus Ramnit secara manual bisa coba langkah2 dari bro spinx04 disni:
http://www.indowebster.web.id/showthread.php?t=143421&p=8586413&viewfull=1#post8586413

Atau bisa juga juga menggunakan Antivirus livecd:

Matikan system restore
Lalu download dan burn file Drweb.iso ke CD
(http://download.geo.drweb.com/pub/drweb/livecd/)
Setelah jadi CD, pasang di kompi bervirus, set di Bios boot from CD/DVD
Pilih DrWeb-LiveCD (Default)
Setelah itu pilih DrWeb Scanner → add semua drive lalu scan


http://img64.imageshack.us/img64/208/1298362871drweblivecd60.jpg (http://img64.imageshack.us/i/1298362871drweblivecd60.jpg/)

Uploaded with ImageShack.us

spinx04
05-06-2011, 10:56 AM
http://www.chip.co.id/covers/chip/cover_chip_05_2011.png:shock:cariin link nya donk kk..:ngambek:


om..
req dong ramnit killer..
soalnya kmaren ane pake pcmav khusus buat ramnit kaga mempan ya? jadi bingung sndiri?karena pada umumnya antivirus cuma bisa mencegah, bukan mengobati :siul: (detect n delete virus sebelum menjangkit ke komputer), kecuali pake cara yang disebutkan kk notox di atas, itu pun karena ga masuk ke windows waktu gunainnya :unyil:

bruberry0
05-06-2011, 01:05 PM
Salam kenal para master semuanya

saya mau minta tolong...

Pc saya kayaknya kena virus shorcut berikut ciri2nya:

1. Klo di PC nya sendiri sih ga ada tanda2 kena virus

2. Klo di flashdisk bakal muncul shorcut terus folder aslinya bakal superhidden and read only.

3 Klo flashdisknya di format yang ada tinggal shorcut Recycler 1 tapi application, folder recycler yang asli dan di dalam folder recycler ada e5188982.exe

4. Virusnya hanya muncul di flasahdisk dan sejenisnya.

Dan pertanyaan nya:

1. kira2 kena virus apa ya?

2. cara ngehapusnya gmn?

Sori ga bisa ngasih ss lupa tadi he he he

Thx

spinx04
05-06-2011, 01:14 PM
^bruberry0
coba lihat post ini, sama ga ciri2nya...
http://www.indowebster.web.id/showthread.php?t=143421&p=8586413&viewfull=1#post8586413

kalo sama, cobain metode kk notox (http://www.indowebster.web.id/showthread.php?t=128299&p=10148652&viewfull=1#post10148652) di atas :siul:

kecebongoreng
05-06-2011, 01:17 PM
cariin link nya donk kk..:ngambek:Whew, digitalnya? Ay kurang tau apakah CHIP masih memberi versi digital dari majalahnya. Udah lama gak beli CHIP:kecewa:

spinx04
05-06-2011, 01:25 PM
Whew, digitalnya? Ay kurang tau apakah CHIP masih memberi versi digital dari majalahnya. Udah lama gak beli CHIP:kecewa:gitu ya...:kecewa:
:hiks:

laluabdrahman
05-06-2011, 02:31 PM
Whew, digitalnya? Ay kurang tau apakah CHIP masih memberi versi digital dari majalahnya. Udah lama gak beli CHIP:kecewa:
masih bro...

ginda01
07-06-2011, 04:50 PM
http://3.bp.blogspot.com/-GbHJgWP-Sig/Tabq1iNkj6I/AAAAAAAADc0/EJC9lDlu_u0/s400/clean-ramnit-6.jpg
Laporan dan keluhan serangan virus pada komputer pengguna Windows nampaknya meningkat pesat dari waktu kewaktu. Hal tersebut tentu membuat gerah dan risau Microsoft selaku produsennya. Tidak tinggal diam, akhirnya Microsoft memutuskan untuk membuat sendiri software anti virus guna melindungi sistem operasi buatannya itu.

Miscrosoft Security Essentials (MSE) adalah anti virus resmi yang dikeluarkan Microsoft untuk menanggulangi penyebaran malware yang semakin marak akhir-akhir ini.

Sebagai pengguna awam dan tidak mahir di dunia pervirusan, kami juga mengikuti perkembangan dan pergerakan virus yang banyak dilaporkan dan menyebar dengan cepat pada pengguna sitem operasi Windows.

Mengambil contoh tiga virus yang menurut pengamatan kami paling banyak menyebabkan insiden masal adalah virus Sality, Virut dan Ramnit. Dua virus pertama adalah pemain lama namun karena banyaknya varian dari keduanya, menjadikan virus tersebut sukar dimusnahkan.

Virus yang akhir-akhir ini banyak ditakuti adalah Ramnit variant. Ramnit menyebar dengan cepat dan varian virus ini cukup banyak. Ramnit tergolong malware berbahaya dan sulit dibersihkan. Sekali saja sebuah sistem terinfeksi olehnya, maka pembersihan sistem tidak dapat dilakukan dengan sebarang anti virus.

http://3.bp.blogspot.com/-RGV5JNfJuZo/Tabp_A2ezzI/AAAAAAAADcM/UDUW5dHr4lA/s400/clean-ramnit-1.jpg
Ikon berubah menjadi folder pada Flashdisk yang terinfeksi Ramnit
http://4.bp.blogspot.com/-WJMZMK0FDWk/Tabp_RNKJlI/AAAAAAAADcc/sEo48FA3Jqo/s400/clean-ramnit-3.jpg
Ramnit menciptakan file autorun.inf, Copy of Shortcut to (1).lnk sampai 4 dan folder RECYCLER berisi file virus pada flashdisk.

Sangat disayangkan manakala banyak orang yang mahir dibidang keamanan dan virus justru memberi informasi yang cenderung menakuti dan berlebihan dalam menangani serangan Ramnit. Dari yang mengatakan tamatnya sistem jika terserang Ramnit hingga yang memberi cara pembersihan hanya bisa dilakukan dengan memperbarui sistem, bahkan ekstrimnya, pembaruan sistem itu harus dengan cara memformat ulang semua hardisk yang digunakan... ;)

Tanpa mengurangi rasa hormat terhadap para ahli dan pakar virus yang menyarankan pembersihan Ramnit dengan cara tersebut, kami hanya sekedar berbagi pengalaman ketika mencoba membersihkan komputer dari virus Ramnit yang ditakuti itu.


Membersihkan Virus Ramnit dengan MSE;


Bagi kami, untuk membersihakn virus ramnit cukup menggunakan Miscrosoft Security Essentials (MSE) yang terupdate. Contoh berikut adalah saat kami membersihkan komputer dari Trojan:win32/Ramnit.A menurut MSE dan Ramnit.F.variant menurut PCMAV 5.0

http://4.bp.blogspot.com/-h49-9H6HRAs/Tabp_k1d1YI/AAAAAAAADck/PA672gY7mEY/s400/clean-ramnit-4.jpg

Sekedar informasi, saat Ramnit menyerang sistem akan membuat folder acak berisi induk virus yang akan dijalankan otomatis saat komputer dijalankan. Folder virus tersebut diletakkan pada folder Program Files. Selain itu, Ramnit juga meletakkan file virus pada folder Startup dan memanipulasi userinit pada registry. Variant lain mungkin memiliki cara dan file virus yang berbeda dengan contoh ini.
http://1.bp.blogspot.com/-Ex8bIySrbWw/Tabp_fWHLiI/AAAAAAAADcU/8KRqPCFWNN8/s400/clean-ramnit-2.jpg
Untuk membersihkan virus Ramnit variant ini, silahkan download dan instal MSE terbaru. Saat mendownload MSE sebaiknya Anda juga mendownload virus definisi MSE terbaru untuk diinstal secara manual setelah proses instalasi MSE selesai, karena kemungkinan Ramnit akan menghalangi Anda untuk mengupdate virus definisi secara online. Bagi pengguna Windows XP SP3, disamping membutuhkan kedua file MSE tersebut juga memerlukan file update Windows Installer versi 3 (KB942288) atau yang lebih baru dan instalasi beberapa patch akan diminta saat menginstal MSE pada Windows Xp yang tidak pernah diupdate.

http://download.microsoft.com/download/2/6/1/261fca42-22c0-4f91-9451-0e0f2e08356d/WindowsXP-KB942288-v3-x86.exe
http://3.bp.blogspot.com/-eDxAYMcTqi4/TabqAO92tPI/AAAAAAAADcs/iJwO47O29HU/s400/clean-ramnit-5.jpg
Setelah instalasi MSE selesai, silahkan restart komputer jika diminta. Setelah komputer dinyalakan ulang, segeralah menginstal virus definisi MSE yang telah Anda download.

Setelah semua siap, jalankan MSE lalu scan sistem pada mode Quick untuk memindai Ramnit yang aktif di memori. Tunggulah hingga proses pemindaian selesai dan Ramnit yang sedang aktif ditemukan, proses ini akan memerlukan waktu yang cukup lama karena Ramnit akan memperlambat proses pemindaian.

http://3.bp.blogspot.com/-GbHJgWP-Sig/Tabq1iNkj6I/AAAAAAAADc0/EJC9lDlu_u0/s400/clean-ramnit-6.jpg
MSE menemukan Rumnit yang aktif di memori
http://2.bp.blogspot.com/-pA8gFwmJK7o/Tabq1uVX2MI/AAAAAAAADc8/X-pDzeRDQGU/s400/clean-ramnit-7.jpg
Pembersihan memori dari infeksi Ramnit


Setelah memori berhasil dibersihkan dari Ramnit, restart komputer lalu scan semua isi hardisk dan flashdisk yang Anda gunakan dengan MSE.

http://2.bp.blogspot.com/-YxlUwUKrN8I/Tabq14jee3I/AAAAAAAADdE/1KkKO1y771c/s400/clean-ramnit-8.jpg
Scan total menggunakan MSE untuk membersihkan komputer dari infeksi Ramnit

.:: You must click 'Thank You' before you can see the data contained here. ::.

bayugila
08-06-2011, 10:57 PM
wah, spertinya ne virus makin populer.. smoga kompie ane ga kena..

man32
08-06-2011, 11:20 PM
broo
nih FD saya kena virus nih
gtw namanya
cuman dy didalam folder recycle ada file2 dengan nama2 special character
trs mau dihapus g bisa
:((
ada yg tau caranya g?
:???:

Gurudugan
09-06-2011, 05:41 AM
link untuk DL virus definisi MSE terbarunya mana Kk?
aku baca2 disini & msh cari2 mana link-nya?
http://www.microsoft.com/security/portal/Definitions/HowToMSE.aspx

Valtz
09-06-2011, 07:14 AM
link untuk DL virus definisi MSE terbarunya mana Kk?
aku baca2 disini & msh cari2 mana link-nya?
http://www.microsoft.com/security/portal/Definitions/HowToMSE.aspx

sama aku juga bingung masih baca baca g alangsung link downloadnya
soalnya kom temen ada yg kena recycler + shorcut gini

xprezzz
09-06-2011, 04:21 PM
betul sekali tuh ramnit pernah bikin gw pusing 2 hari 2 malam ...... nakal dan bandel amat nih virus !!!

Valtz
09-06-2011, 04:38 PM
betul sekali tuh ramnit pernah bikin gw pusing 2 hari 2 malam ...... nakal dan bandel amat nih virus !!!
yang paling masalah itu virusnya cepet nyebar oms
baru colok dah kena

spinx04
09-06-2011, 04:56 PM
http://3.bp.blogspot.com/-GbHJgWP-Sig/Tabq1iNkj6I/AAAAAAAADc0/EJC9lDlu_u0/s400/clean-ramnit-6.jpg
Laporan dan keluhan serangan virus pada komputer pengguna Windows nampaknya meningkat pesat dari waktu kewaktu. Hal tersebut tentu membuat gerah dan risau Microsoft selaku produsennya. Tidak tinggal diam, akhirnya Microsoft memutuskan untuk membuat sendiri software anti virus guna melindungi sistem operasi buatannya itu.

Miscrosoft Security Essentials (MSE) adalah anti virus resmi yang dikeluarkan Microsoft untuk menanggulangi penyebaran malware yang semakin marak akhir-akhir ini.

Sebagai pengguna awam dan tidak mahir di dunia pervirusan, kami juga mengikuti perkembangan dan pergerakan virus yang banyak dilaporkan dan menyebar dengan cepat pada pengguna sitem operasi Windows.

Mengambil contoh tiga virus yang menurut pengamatan kami paling banyak menyebabkan insiden masal adalah virus Sality, Virut dan Ramnit. Dua virus pertama adalah pemain lama namun karena banyaknya varian dari keduanya, menjadikan virus tersebut sukar dimusnahkan.

Virus yang akhir-akhir ini banyak ditakuti adalah Ramnit variant. Ramnit menyebar dengan cepat dan varian virus ini cukup banyak. Ramnit tergolong malware berbahaya dan sulit dibersihkan. Sekali saja sebuah sistem terinfeksi olehnya, maka pembersihan sistem tidak dapat dilakukan dengan sebarang anti virus.

http://3.bp.blogspot.com/-RGV5JNfJuZo/Tabp_A2ezzI/AAAAAAAADcM/UDUW5dHr4lA/s400/clean-ramnit-1.jpg
Ikon berubah menjadi folder pada Flashdisk yang terinfeksi Ramnit
http://4.bp.blogspot.com/-WJMZMK0FDWk/Tabp_RNKJlI/AAAAAAAADcc/sEo48FA3Jqo/s400/clean-ramnit-3.jpg
Ramnit menciptakan file autorun.inf, Copy of Shortcut to (1).lnk sampai 4 dan folder RECYCLER berisi file virus pada flashdisk.

Sangat disayangkan manakala banyak orang yang mahir dibidang keamanan dan virus justru memberi informasi yang cenderung menakuti dan berlebihan dalam menangani serangan Ramnit. Dari yang mengatakan tamatnya sistem jika terserang Ramnit hingga yang memberi cara pembersihan hanya bisa dilakukan dengan memperbarui sistem, bahkan ekstrimnya, pembaruan sistem itu harus dengan cara memformat ulang semua hardisk yang digunakan... ;)

Tanpa mengurangi rasa hormat terhadap para ahli dan pakar virus yang menyarankan pembersihan Ramnit dengan cara tersebut, kami hanya sekedar berbagi pengalaman ketika mencoba membersihkan komputer dari virus Ramnit yang ditakuti itu.


Membersihkan Virus Ramnit dengan MSE;


Bagi kami, untuk membersihakn virus ramnit cukup menggunakan Miscrosoft Security Essentials (MSE) yang terupdate. Contoh berikut adalah saat kami membersihkan komputer dari Trojan:win32/Ramnit.A menurut MSE dan Ramnit.F.variant menurut PCMAV 5.0

http://4.bp.blogspot.com/-h49-9H6HRAs/Tabp_k1d1YI/AAAAAAAADck/PA672gY7mEY/s400/clean-ramnit-4.jpg

Sekedar informasi, saat Ramnit menyerang sistem akan membuat folder acak berisi induk virus yang akan dijalankan otomatis saat komputer dijalankan. Folder virus tersebut diletakkan pada folder Program Files. Selain itu, Ramnit juga meletakkan file virus pada folder Startup dan memanipulasi userinit pada registry. Variant lain mungkin memiliki cara dan file virus yang berbeda dengan contoh ini.
http://1.bp.blogspot.com/-Ex8bIySrbWw/Tabp_fWHLiI/AAAAAAAADcU/8KRqPCFWNN8/s400/clean-ramnit-2.jpg
Untuk membersihkan virus Ramnit variant ini, silahkan download dan instal MSE terbaru. Saat mendownload MSE sebaiknya Anda juga mendownload virus definisi MSE terbaru untuk diinstal secara manual setelah proses instalasi MSE selesai, karena kemungkinan Ramnit akan menghalangi Anda untuk mengupdate virus definisi secara online. Bagi pengguna Windows XP SP3, disamping membutuhkan kedua file MSE tersebut juga memerlukan file update Windows Installer versi 3 (KB942288) atau yang lebih baru dan instalasi beberapa patch akan diminta saat menginstal MSE pada Windows Xp yang tidak pernah diupdate.

http://download.microsoft.com/download/2/6/1/261fca42-22c0-4f91-9451-0e0f2e08356d/WindowsXP-KB942288-v3-x86.exe
http://3.bp.blogspot.com/-eDxAYMcTqi4/TabqAO92tPI/AAAAAAAADcs/iJwO47O29HU/s400/clean-ramnit-5.jpg
Setelah instalasi MSE selesai, silahkan restart komputer jika diminta. Setelah komputer dinyalakan ulang, segeralah menginstal virus definisi MSE yang telah Anda download.

Setelah semua siap, jalankan MSE lalu scan sistem pada mode Quick untuk memindai Ramnit yang aktif di memori. Tunggulah hingga proses pemindaian selesai dan Ramnit yang sedang aktif ditemukan, proses ini akan memerlukan waktu yang cukup lama karena Ramnit akan memperlambat proses pemindaian.

http://3.bp.blogspot.com/-GbHJgWP-Sig/Tabq1iNkj6I/AAAAAAAADc0/EJC9lDlu_u0/s400/clean-ramnit-6.jpg
MSE menemukan Rumnit yang aktif di memori
http://2.bp.blogspot.com/-pA8gFwmJK7o/Tabq1uVX2MI/AAAAAAAADc8/X-pDzeRDQGU/s400/clean-ramnit-7.jpg
Pembersihan memori dari infeksi Ramnit


Setelah memori berhasil dibersihkan dari Ramnit, restart komputer lalu scan semua isi hardisk dan flashdisk yang Anda gunakan dengan MSE.

http://2.bp.blogspot.com/-YxlUwUKrN8I/Tabq14jee3I/AAAAAAAADdE/1KkKO1y771c/s400/clean-ramnit-8.jpg
Scan total menggunakan MSE untuk membersihkan komputer dari infeksi Ramnit

*** hidden content ***ini tutorial kamu bikin sendiri? :???:
anyway...kalo link-nya bukan hasil upload-an kamu sendiri sebaiknya jangan di hide-thanks...:sigh:

wildwind
09-06-2011, 06:03 PM
Tanya dong,, Untuk install MSE itu harus pake Windows yg genuine nggak ? Soalnya kemarin dpt dari tmn disuruh validate... Thanks

Valtz
09-06-2011, 06:05 PM
Tanya dong,, Untuk install MSE itu harus pake Windows yg genuine nggak ? Soalnya kemarin dpt dari tmn disuruh validate... Thanks

kayaknya gitu seh om yang ane tahu
emang om punya ga genuine?

sasayaku
09-06-2011, 08:37 PM
Tanya dong,, Untuk install MSE itu harus pake Windows yg genuine nggak ? Soalnya kemarin dpt dari tmn disuruh validate... Thanks

nggak kok brader, saya versi loader 197 DAZ (PC) dan 2.05 removeWAT (lapie) aman2 aja kok :top:


@ all yang ngebahas virus ramnit : mendingan discan dari luar bro2 semua, pake rescue disk AKA boot pake antivirus dari luar, terus scan lebih ampuh :top: kalo saya recommend kaspersky rescue disk / norton ghost buat duet... dijamin ga bakalan berantakan deh tuh kompie :top:

Valtz
09-06-2011, 08:39 PM
nggak kok brader, saya versi loader 197 DAZ (PC) dan 2.05 removeWAT (lapie) aman2 aja kok :top:


@ all yang ngebahas virus ramnit : mendingan discan dari luar bro2 semua, pake rescue disk AKA boot pake antivirus dari luar, terus scan lebih ampuh :top: kalo saya recommend kaspersky rescue disk / norton ghost buat duet... dijamin ga bakalan berantakan deh tuh kompie :top:

AVG perasaan ga kescan?
apa AVG ane aja jadul :iii:

wildwind
10-06-2011, 12:29 PM
nggak kok brader, saya versi loader 197 DAZ (PC) dan 2.05 removeWAT (lapie) aman2 aja kok :top:


@ all yang ngebahas virus ramnit : mendingan discan dari luar bro2 semua, pake rescue disk AKA boot pake antivirus dari luar, terus scan lebih ampuh :top: kalo saya recommend kaspersky rescue disk / norton ghost buat duet... dijamin ga bakalan berantakan deh tuh kompie :top:

boot pake antivirus dari luar gmn caranya?? Bisa tlg jelasin?

Valtz
10-06-2011, 01:16 PM
boot pake antivirus dari luar gmn caranya?? Bisa tlg jelasin?

di google banyak oms coba googling deh

alghazalie
11-06-2011, 10:06 AM
kalo misalkan virus ke detect trus dikarantina itu berart virus yg udah suspec ke folder dah dipindahin ya??? nah kalo dah masulk karantina trus di delete berarti virus ya dah hilang atau gimana??? please penjelasannya

spinx04
11-06-2011, 02:16 PM
kalo misalkan virus ke detect trus dikarantina itu berart virus yg udah suspec ke folder dah dipindahin ya??? nah kalo dah masulk karantina trus di delete berarti virus ya dah hilang atau gimana??? please penjelasannyafile2 yang di karantina sama antivirus tu dipindahin ke folder karantinanya antivirus yang bersangkutan untuk diperbaiki di masa depan (kalo metode untuk pembersihannya udah diketahui n di sertakan dalam update package di masa depan, kalau ada). file2 tersebut masih bisa di restore kalo memang penting kali n masih bisa di buka (n kalo ga khawatir terjangkit virus), oprek2 aja antivirusnya di bagian quarantine, pasti dapat. :siul:

Zalacool
16-06-2011, 06:18 AM
Kalau sekedar sality mah, ane tinggal delete aja pake avast. Bersih lagi dah :hahai:

Zalacool
16-06-2011, 06:25 AM
Btw, kalau dilihat dari ke efektifannya dalam mendelete virus, bagusan mana ya antara Avira, Avast, Ansav? :nongol:

Kalau smad*v mah ga usah di tanya. Jujur aja, ane mah udah bener2 kapok pake smadav. Ngerusakin PC aja gan :panda:

Ngedeletenya ga efektif mah klo smad*v itu. Mau pro kek mau free kek sama aja. Coba deh agan2 klo kena sality trus scan pake itu, apa yang terjadi? Virus tersebut tambah tersebar luas ke PC agan2. :panda:

mattarada
16-06-2011, 08:45 AM
Btw, kalau dilihat dari ke efektifannya dalam mendelete virus, bagusan mana ya antara Avira, Avast, Ansav? :nongol:

Kalau smad*v mah ga usah di tanya. Jujur aja, ane mah udah bener2 kapok pake smadav. Ngerusakin PC aja gan :panda:

Ngedeletenya ga efektif mah klo smad*v itu. Mau pro kek mau free kek sama aja. Coba deh agan2 klo kena sality trus scan pake itu, apa yang terjadi? Virus tersebut tambah tersebar luas ke PC agan2. :panda:

klo ane pake av*st gan...
entah bisa di atur atw tidak,,yg jelas av*st ga ada komprominya....

pas nge detek file yg terkontaminasi langsung delete....ga ada konfirmasi kayak ''karantina, ignore, dll''
makanya, sebaiknya av*st di instal tepat setelah inul.......

klo instal av*st sebagai pengganti antivirus lain yg kebobolan bisa gawat tuh.....

Zalacool
16-06-2011, 09:33 AM
klo ane pake av*st gan...
entah bisa di atur atw tidak,,yg jelas av*st ga ada komprominya....

pas nge detek file yg terkontaminasi langsung delete....ga ada konfirmasi kayak ''karantina, ignore, dll''
makanya, sebaiknya av*st di instal tepat setelah inul.......

klo instal av*st sebagai pengganti antivirus lain yg kebobolan bisa gawat tuh.....

hahaha.. Iya sayangnya crack avast cuma 1 tahun. Ga selamanya.

Brarti yg lain ribet dong bro. Ga bagus smua dlm mendelete virus2? Avast the best lah :hero:

dragonathz
20-06-2011, 05:38 PM
langsung saja,
saya dapet ancaman dari suatu situs...namanya beegosearch
dia berkedok mesin pencarian, yang mengganggu saat melakukan googling
saat saya mencari lewat google dan menklik salah 1 hasil temuannya,
akan langsung di pindahkan ke situs beegosearch
http://i56.tinypic.com/262xxqq.jpg
(yang di cari di beegosearch berbeda dengan yang dicari di google)
yang pingin ane tanyakan, gimana caranya biar bisa lepas dari ancaman tersebut?
apakah itu virus? sudah saya scan pakai Avira dan Smadav tidak ditemukan
apakah itu add-ons liar buat firefox? saya juga memakai G Chrome, tetap saja kena
mohon bantuannya dari agan-agan sekalian...trims
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:17, on 20/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RTPSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Dave\My Documents\Downloads\Programs\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Prog ram Files\OWiEmffS\onfucost.exe
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"
O4 - HKCU\..\Run: [PCMAV-RTP] "E:\PCMAV-4.6-BUILD-1-PCMAV.BIZ\PCMAV.exe" /RTP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D89D97A9-12C5-45E3-9353-3540761FE15C} (SealWebLaunch Control) - http://channel.dontblynk.com/Launcher/SealWebLaunch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{82D885E4-4F9D-49E7-A19A-F0BA3D88D2A2}: NameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6042F3-7429-479C-96C6-6D5106B88A52}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: cryptnet32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PCMAV RealTime Protector Service (PCMAVRTPService) - Unknown owner - C:\WINDOWS\system32\RTPSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13396 bytes

noctislucis
21-06-2011, 12:10 AM
kalo avg pake keygen ga ada sistem blacklist ya kalo automatic update?
punya saya yang avg 2011

notox
21-06-2011, 08:03 AM
langsung saja,
saya dapet ancaman dari suatu situs...namanya beegosearch
dia berkedok mesin pencarian, yang mengganggu saat melakukan googling
saat saya mencari lewat google dan menklik salah 1 hasil temuannya,
akan langsung di pindahkan ke situs beegosearch

(yang di cari di beegosearch berbeda dengan yang dicari di google)
yang pingin ane tanyakan, gimana caranya biar bisa lepas dari ancaman tersebut?
apakah itu virus? sudah saya scan pakai Avira dan Smadav tidak ditemukan
apakah itu add-ons liar buat firefox? saya juga memakai G Chrome, tetap saja kena
mohon bantuannya dari agan-agan sekalian...trims
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:17, on 20/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RTPSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Dave\My Documents\Downloads\Programs\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Prog ram Files\OWiEmffS\onfucost.exe
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"
O4 - HKCU\..\Run: [PCMAV-RTP] "E:\PCMAV-4.6-BUILD-1-PCMAV.BIZ\PCMAV.exe" /RTP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D89D97A9-12C5-45E3-9353-3540761FE15C} (SealWebLaunch Control) - http://channel.dontblynk.com/Launcher/SealWebLaunch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{82D885E4-4F9D-49E7-A19A-F0BA3D88D2A2}: NameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6042F3-7429-479C-96C6-6D5106B88A52}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: cryptnet32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PCMAV RealTime Protector Service (PCMAVRTPService) - Unknown owner - C:\WINDOWS\system32\RTPSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13396 bytes



Run lagi Hijackthis lalu checklist items dibawah → fix checked


F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Prog ram Files\OWiEmffS\onfucost.exe
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com


Reboot Komputer lalu download dan install Malwarebytes Free.
Update database nya kemudian lakukan full scan.

http://www.malwarebytes.org/products/malwarebytes_free
Semoga membantu :peace:

haragi
30-06-2011, 09:30 PM
ane mau minta bantuan nih ama sepuh2 disini
masalah ane,kompie ane tiba2 lambat.
ane udah scan pake kaspersky dapet 3,ane udah delete tapi tetep aja gk ada perubahan
nih log hijacknya
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\HiJackThis\Analyse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://id.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://id.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: Antiwpa - x86_AntiWPA.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9961 bytes


trus kalo tiap shutdown suka ada yg disuruh klik "end task" judulnya fudog.exe

notox
01-07-2011, 01:12 AM
ane mau minta bantuan nih ama sepuh2 disini
masalah ane,kompie ane tiba2 lambat.
ane udah scan pake kaspersky dapet 3,ane udah delete tapi tetep aja gk ada perubahan
nih log hijacknya

trus kalo tiap shutdown suka ada yg disuruh klik "end task" judulnya fudog.exe

Start → run → %windir%\prefetch
Delete semua file dalam folder prefetch.
(Windows akan create file .pf yang baru)

Saya lihat ada 2 antivirus yang terinstall, sebaiknya uninstall salah satu.
Recomendasi uninstall ThreatFire.

Repair Winsock dengan tools ini:

http://www.cexx.org/LSPFix.exe

Run lagi Hijackthis lalu checklist file dibawah kemudian Fixed Checked


R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O20 - Winlogon Notify: Antiwpa - x86_AntiWPA.dll (file missing)


Reboot Windows dan cek hasilnya..

noswald
06-07-2011, 09:37 AM
mau tanya dung antivirus yang bagus skrng ini apa ya? kaspersky, mcafee, atau ada yang lain?
klo pake 2 antivirus emang ga bagus ya(bikin lemot)?
saya minta pendapat senior2 disini lebih baik pake single antivir atau dual? trs antivirnya apa yg bagus untuk "single" atau kombinasi "dual"?

laluabdrahman
06-07-2011, 05:31 PM
mau tanya dung antivirus yang bagus skrng ini apa ya? kaspersky, mcafee, atau ada yang lain?
klo pake 2 antivirus emang ga bagus ya(bikin lemot)?
saya minta pendapat senior2 disini lebih baik pake single antivir atau dual? trs antivirnya apa yg bagus untuk "single" atau kombinasi "dual"?
sangat tidak disarankan pake 2 antivirus..
yang bagus Kaspersky PURE tp agak berat..kelebihannya updatenya mudah dan update an tersebut bisa di copy jd klw install ulang gak update dari awal lagi..
Norton juga bagus, gak kalah dibanding Kaspersky,, dan lebih ringan..

dazzal
09-07-2011, 07:16 PM
malam para sesepuh
ane minta tolong nih, temen ane laptop nya ga bisa browsing dan hnya bisa bka fb, setiap mw bka site yg lain slalu mncul pesan "the application was unable to start correctly (0xc0000135). click ok to close the application."
dan katanya dia kena virus SYITM.EXE, udah di scan & remove pkai nod32 tetep ga ngaruh !
bagaimana solusinya? haruskah instal ulang?
mohon bantuannya !

dyelewer
10-07-2011, 03:45 PM
malam para sesepuh
ane minta tolong nih, temen ane laptop nya ga bisa browsing dan hnya bisa bka fb, setiap mw bka site yg lain slalu mncul pesan "the application was unable to start correctly (0xc0000135). click ok to close the application."
dan katanya dia kena virus SYITM.EXE, udah di scan & remove pkai nod32 tetep ga ngaruh !
bagaimana solusinya? haruskah instal ulang?
mohon bantuannya !

syitm.exe remove instruction

1. Temporarily Disable System Restore, Reboot computer in SafeMode;

2. Locate syitm.exe virus files and uninstall syitm.exe files program. Follow the screen step-by-step screen instructions to complete uninstallation of syitm.exe.

3. Delete/Modify any values added to the registry related with syitm.exe,Exit registry editor and restart the computer;

4.Clean/delete all syitm.exeinfected file(s):syitm.exe and related,or rename syitm.exe virus files;

5.Please delete all your IE temp files with syitm.exe manually,run a whole scan with antivirus program ;


----------------------------------

Malware Generasi 4 Makin Gigih


JAKARTA - Malware juga ber-regenerasi dengan selalu muncul dalam bentuk dan varian baru dalam bentuk yang lebih kuat, lebih canggih. TDSS botnet, adalah salah satunya. TDSS botnet kini muncul dengan varian terbaru yaitu varian generasi ke 4, yang lebih berbahaya, dan lebih canggih.

TDSS atau juga dikenal dengan TDSS/TDL, atau Win32/Olmarik, menginfeksi komputer dan kemudian menerima perintah dari sebuah C& C server. Proses selanjutnya Win32/Olmarik. AVA zombies saling bekromunikasi dengan menggunakan Kademilia DHT (distributed hash table) peer-to-peer protocol. Dengan pola ini, masing-masing berperan sebagai C & C Server dan Client.

Bagaimana kerja masing-masing komponen tersebut, David Harley, Director of Malware Intelligence, ESET memaparkannya sebagai berikut.

Ketika sebuah PC terinfeksi oleh bot, komputer tersebut secara otomatis akan menjadi bagian dari jaringan bersama dengan komputer-komputer lain yang juga telah terinfeksi dan terkoneksi dengan C & C Server yang kita kenal sebagai botnet. Kemudian, pelaku kejahatan yang mengelola botnet tersebut perlu mengirimkan instruksi-instruksi ke malware di masing-masing komputer yang telah terinfeksi tersebut (zombie).

Tentu saja ada kalanya komunikasi yang dilakukan terhambat atau gagal tergantung dari botnet yang digunakan. Jika komunikasi yang dikirimkan dalam bentuk instruksi tersebut berhasil maka akan mengirimkan data yang diinginkan oleh ke "botmaster". Salah satu cara yang umum digunakan dalam komunikasi dua arah pada botnet adalah dengan men-setting beberapa komputer yang akan berperan sebagai "Command & Control" (C&C) server: server ini adalah versi jahat dari client/server model, dimana satu server akan melayani banyak komputer klien.

Melemahkan jaringan botnet bisa dilakukan salah satunya dengan melacak dan mematikan beberapa atau seluruh server C&C yang mengirimkan informasi ke komputer zombie yang telah terinfeksi dan memberikan instruksi yang harus dilakukan, kemudian jika server tersebut dimatikan, komputer zombie yang terkoneksi ke komputer server tidak lagi bisa berfungsi mengirimkan data atau melakukan seperti yang diinstruksikan oleh botmaster.

Dengan menggunakan Kademilia protocol, botmaster akan mampu meyatukan kelemahan dari pendekatan C & C, kemudian dengan menggunakan pendekatan kesamaan diantara masing masing komputer sebagai C & C server maupun zombie atau client yang telah terinfeksi.

Semua botnet menggunakan perverted form of distributed processing, tetapi pendekatan yang digunakan TDL4 atau Win32/Olmarik tersebut yaitu dengan manggunakan Kademilia protocol bisa melakukan distribusi data secara lebih baik.

Setelah menguasai sebuah jaringan dengan beberapa komputer berikut semua informasi yang dimiliki, lalu informasi yang berhasil dicuri akan disebar ke komputer dalam jaringan.

Botnet tidak begitu saja berhenti bekerja meskipun hanya tinggal satu komputer sementara komputer yang lainnya dalam jaringan botnet tersebut mati. Zombie masih bisa mendapatkan informasi dari jaringan lain yang terdekat, proses tersebut masih bisa dilakukan karena bot masih menyimpan semacam virtual phonebook yang disembunyikannya di hard disk. Saat bagi bot untuk berkomunikasi dengC&C server adalah ketika jumlah komputer dalam jaringan turun hingga dibawah 10


sumbb (http://techno.okezone.com/read/2011/07/09/325/477924/malware-generasi-4-makin-gigih)

faith
13-07-2011, 05:04 PM
Agan2 pernah ngalamin kyk gini gak?
http://img832.imageshack.us/img832/8369/eset2.jpg
pgbo[1].bmp itu apa y?bmp kan file gambar. Kadang2 ada file png jg. Pokoknya slalu format file gambar.


trus
http://img683.imageshack.us/img683/4903/eset1g.jpg
ada yg bisa jelasin gk itu file apa yg kedetect eset?

Kompt ini terhubung dalam satu jaringan. Kompt lain juga muncul kyk gitu. Dan klo di scan juga gak ada virus yg terdeteksi.

Mohon pencerahannya ya.:peace:

Btw ini log nya.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:10 AM, on 7/14/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Psi\Psi.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\OpenOffice.org 3\program\scalc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/ww.upgrade-full-appf10?A=WklVVCBMPTRVWTlYLU5TVlZMLU80QlpRLVFJTUNML VFURENILTQgST03Ny01NjEwNzk1NDggTG5nPXVzIFY9MTAwMTI wNCBPU1Y9NS4xLjI2MDAgT1M9V1hQUFg4NiBTU1A9Mi4w&cmpid=inc_10_test3
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [librtexec] javaw -jar "C:\Program Files\Java\jre6\lib\librtexec.jar"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Psi.lnk = C:\Program Files\Psi\Psi.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFD471DD-87B9-4389-96D1-CB28DAF6AE06}: NameServer = 202.134.0.155,203.130.193.74
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4926 bytes

notox
14-07-2011, 10:37 AM
Agan2 pernah ngalamin kyk gini gak?
http://img832.imageshack.us/img832/8369/eset2.jpg
pgbo[1].bmp itu apa y?bmp kan file gambar. Kadang2 ada file png jg. Pokoknya slalu format file gambar.

trus
http://img683.imageshack.us/img683/4903/eset1g.jpg
ada yg bisa jelasin gk itu file apa yg kedetect eset?

Kompt ini terhubung dalam satu jaringan. Kompt lain juga muncul kyk gitu. Dan klo di scan juga gak ada virus yg terdeteksi.

Mohon pencerahannya ya.:peace:

Coba scan dulu dengan Hijackthis | Pilih Do System Scan and save a log file
Kemudian post log nya disni dalam tag
[ /code]
[CODE]http://www.mediafire.com/download.php?d6gidyzhi49th5f

notox
14-07-2011, 05:53 PM
Btw ini log nya.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:10 AM, on 7/14/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Psi\Psi.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\OpenOffice.org 3\program\scalc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/ww.upgrade-full-appf10?A=WklVVCBMPTRVWTlYLU5TVlZMLU80QlpRLVFJTUNML VFURENILTQgST03Ny01NjEwNzk1NDggTG5nPXVzIFY9MTAwMTI wNCBPU1Y9NS4xLjI2MDAgT1M9V1hQUFg4NiBTU1A9Mi4w&cmpid=inc_10_test3
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [librtexec] javaw -jar "C:\Program Files\Java\jre6\lib\librtexec.jar"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Psi.lnk = C:\Program Files\Psi\Psi.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFD471DD-87B9-4389-96D1-CB28DAF6AE06}: NameServer = 202.134.0.155,203.130.193.74
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4926 bytes



Ok run lagi Hijackthis kemudian checklist file dibawah lalu pilih fix checked


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/ww.upgrade-full-appf10?A=WklVVCBMPTRVWTlYLU5TVlZMLU80QlpRLVFJ TUNMLVFURENILTQgST03Ny01NjEwNzk1NDggTG5nPXVzIFY9MT AwMTIwNCBPU1Y9NS4xLjI2MDAgT1M9 V1hQUFg4NiBTU1A9Mi4w&cmpid=inc_10_test3


Setelah itu lakukan persiapan berikut:
1. Disable / paused realtime protection dari Antivirus (ESET)
2. Download wwdc save di desktop → http://www.mediafire.com/?zmocktiz0zy
3. Lepas/disable koneksi internet dan LAN sementara.

Jalankan wwdc.exe lalu tutup semua port hingga tidak ada tanda berwarna merah.
(Hanya terdapat kuning di Netbios sedangkan sisanya hijau)
Setelah mendapat status seperti itu dan ada indikasi "congratulations your system is already well protected" berarti sudah aman.
Jika belum maka masih ada port yang perlu ditutup.
(diperlukan restart Windows setiap menutup port)

Tampilan akhir harus seperti ini:

http://img24.imageshack.us/img24/7805/77720607.jpg


Setelah selesai, aktifkan kembali antivirus dan pasang kembali koneksi internet/LAN.
Semoga membantu :peace:

faith
15-07-2011, 08:57 AM
Bro notox tipsnya sudah saya jalankan semua.:peace:
Tp bagaimana dg komputer yang lainnya ya? File apa yg harus di fix checked dg Hijackthis? Masa saya harus post log file tiap komputer dsini,hehehe.....
Aplikasi wwdc itu untuk menutup port2 supaya gk ada worm yg masuk ya?

notox
15-07-2011, 12:10 PM
Bro notox tipsnya sudah saya jalankan semua.:peace:
Tp bagaimana dg komputer yang lainnya ya? File apa yg harus di fix checked dg Hijackthis? Masa saya harus post log file tiap komputer dsini,hehehe.....
Aplikasi wwdc itu untuk menutup port2 supaya gk ada worm yg masuk ya?

Ok bro sama2 :peace:
Untuk komputer lain bisa langsung coba ke langkah wwdc.exe nya untuk nutup port.

monokoroboo
16-07-2011, 07:11 PM
Numpang tanya buat para sepuh. Barusan nemu kejadian di laptop teman. Setelah booting masuk windows, layarnya langsung tertutup oleh gambar lain (gambar ga jelas seperti blur, tapi BUKAN bokep). Dan laptopnya gak bisa beraktivitas apapun. Mau masuk windows explorer ga bisa, task manager ga bisa juga. Pokoknya tuh laptop hanya nampilin gambar itu doang.
Sepertinya emang virus sih, bagaimana cara membasminya? Soalnya teman saya takut tuh mau inul, kan data2nya blum dipindah, emang ga bisa dipindah sih.


BTW back to topic. SAya pake avast! dan PCMAV di komputer saya. Tokcer tuh. Gak pernah bermasalah hingga sekarang. Selain itu juga ringan, apalagi PCMAV bisa diatur2 supaya ngeblok .exe dari flashdisk. avast! sih tinggal donlot gratisan lalu register gratis juga. Sementara PCMAV dapat dari beli majalah pcmedia, 15ribuan doang, dapat antivirus lokal mantep. Oh ya, kalo bisa pcmav nya, ditambah juga librarynya dengan milik clam av. Selalu ada petunjuknya kok di bonus cd pcmedia.

Pengalaman pake smadav, waduh, kapok gue. Masak virus yuyun yg sudah jadul, masih bisa masuk. Padahal tuh virus sudah kadaluarsa....

kr1z4lid
17-07-2011, 12:10 AM
bisa minta tolong cek in LOG saya?
soalnya virusnya ga ke detect sama BITDEFENDER, ESET, KIS n SMADAV.
tipikal firusnya habisin size harddisk, tiba2 jadi penuh harddisk saya.
salah satu nama file virusnya = wnrtnq.exe
mohon bimbingannya... thx u.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:03:52, on 7/17/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Smadav\SM?RTP.exe
C:\Program Files\AutorunRemover\AutorunRemover.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIE GP.EXE
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
D:\Billing\CyberServer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Documents and Settings\Billing\Desktop\WINBOX.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\DOCUME~1\Billing\LOCALS~1\Temp\Rar$EX16.343\Key gen.exe
C:\DOCUME~1\Billing\LOCALS~1\Temp\Rar$EX16.343\Key gen.exe
C:\Documents and Settings\Billing\Local Settings\Temp\downloaded.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Downloads\Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=1586&gct=hp
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Billing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [EPSON Stylus TX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIE GP.EXE /FU "C:\DOCUME~1\Billing\LOCALS~1\Temp\E_S585.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Microsoft® Windows® Operating System] C:\Documents and Settings\Billing\Local Settings\Temp\Credentials\msvcnp.exe
O4 - HKCU\..\Run: [wmpnetk] C:\Documents and Settings\Billing\Local Settings\Temp\Credentials\\wmpnetk.exe
O4 - Global Startup: CyberServer.lnk = D:\Billing\CyberServer.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

--
End of file - 9308 bytes

notox
17-07-2011, 04:37 PM
Numpang tanya buat para sepuh. Barusan nemu kejadian di laptop teman. Setelah booting masuk windows, layarnya langsung tertutup oleh gambar lain (gambar ga jelas seperti blur, tapi BUKAN bokep). Dan laptopnya gak bisa beraktivitas apapun. Mau masuk windows explorer ga bisa, task manager ga bisa juga. Pokoknya tuh laptop hanya nampilin gambar itu doang.
Sepertinya emang virus sih, bagaimana cara membasminya? Soalnya teman saya takut tuh mau inul, kan data2nya blum dipindah, emang ga bisa dipindah sih.


Pakai Windows apa?
Coba masuk ke safe mode (sebelum booting tekan2 f8 → safe mode with networking)
Kalo bisa masuk, download dan install Malwarebytes Free lalu update database nya kemudian lakukan full scan.
http://www.malwarebytes.org/products/malwarebytes_free



bisa minta tolong cek in LOG saya?
soalnya virusnya ga ke detect sama BITDEFENDER, ESET, KIS n SMADAV.
tipikal firusnya habisin size harddisk, tiba2 jadi penuh harddisk saya.
salah satu nama file virusnya = wnrtnq.exe
mohon bimbingannya... thx u.

Sepertinya memang kena beberapa virus, sebaiknya lakukan tahap persiapan awal berikut:
1. Matikan System Restore (run → sysdm.cpl → System Protection → System Restore → Off)
2. Lepas koneksi internet dan LAN
3. Masuk ke safe mode Windows (sebelum booting tekan˛ f8 lalu pilih safe mode)

Masih dalam safe mode, Run lagi hijackthis, checklist 2 file dibawah lalu fix checked:


O4 - HKCU\..\Run: [EPSON Stylus TX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIE GP.EXE /FU "C:\DOCUME~1\Billing\LOCALS~1\Temp\E_S585.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Microsoft® Windows® Operating System] C:\Documents and Settings\Billing\Local Settings\Temp\Credentials\msvcnp.exe



Reboot Windows dan masuk ke normal mode serta pasang koneksi internet.
Lalu cek file-file dibawah:
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIE GP.EXE
C:\DOCUME~1\Billing\LOCALS~1\Temp\Rar$EX16.343\Key gen.exe
C:\DOCUME~1\Billing\LOCALS~1\Temp\Rar$EX16.343\Key gen.exe
C:\Documents and Settings\Billing\Local Settings\Temp\downloaded.exe
Search juga file wnrtnq.exe

Bisa gunakan fitur search pada Windows untuk masing2 file diatas, kemudian copy-paste kan setiap file tsb kedalam 1 folder (buat new folder).
Lalu upload masing2 file tersebut ke → http://www.virustotal.com
Post disini link hasil scan dari virustotal.

3Volution
27-07-2011, 01:37 AM
usul :
gimana kalo disini dibikinin list best antivirus tiap tahunnya skalian download link

maaf kalo post saya tidak berkenan

dayoun
30-07-2011, 03:52 AM
Smadav ane detech vir Russian type worm yang menginfeksi Uninstaler game ane.
seberapa parah sih kerusakan virus ini?

kecebongoreng
30-07-2011, 07:58 AM
usul :
gimana kalo disini dibikinin list best antivirus tiap tahunnya skalian download link Bila mendengar kata best, secara tidak langsung akan mengacu pada pendapat subjektif masing-masing pengguna.
Yang baik adalah membuat ujicoba/benchmark antivirus sendiri (yang dilakukan member IDWS) seperti pada forum tetangga berhuruf C.
Menggunakan best antivirus juga tidak menjamin bebas virus. Yang diperlukan pertamakali adalah edukasi dan sadar sekuriti.

roney
02-08-2011, 06:07 PM
ada yg tau cara nanganin / remove manual virus mamita.exe for win7 gak ?? kl ada tau tolong di share dunk
ane gak ngerti tentang windows soal na :(
thx buat yg da mao share / berbagi ilmu :peace:

CaLL_mE_Okta
02-08-2011, 08:32 PM
mas bro komp saya ada virus zbot.g
tiap gw execute file .exe
avg gw ngedetect
misal w3l.exe
http://i53.tinypic.com/208ut7r.jpg



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:38 PM, on 8/2/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\erwin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\erwin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\erwin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\erwin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\erwin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\erwin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\erwin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\erwin\My Documents\Downloads\Programs\HiJackThis.exe
C:\Documents and Settings\erwin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\prog ram files\microsoft\watermark.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Foxit PDF Creator Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\erwin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{37DDC921-3F06-45FE-B6DB-774A5CE3B28F}: NameServer = 203.130.193.74 202.134.0.155
O17 - HKLM\System\CS1\Services\Tcpip\..\{37DDC921-3F06-45FE-B6DB-774A5CE3B28F}: NameServer = 203.130.193.74 202.134.0.155
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6538 bytes

notox
02-08-2011, 10:50 PM
ada yg tau cara nanganin / remove manual virus mamita.exe for win7 gak ?? kl ada tau tolong di share dunk
ane gak ngerti tentang windows soal na :(
thx buat yg da mao share / berbagi ilmu :peace:

Sebaiknya scan dengan Antivirus terupdate aja :peace:



mas bro komp saya ada virus zbot.g
tiap gw execute file .exe
avg gw ngedetect
misal w3l.exe
http://i53.tinypic.com/208ut7r.jpg

-

Masuk ke Safe Mode Windows ( sebelum booting tekan2 f8 → safe mode)
Dalam safe mode jalankan Hijackthis lalu centang 2 item dibawah kemudian pilih fix checked

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\prog ram files\microsoft\watermark.exe
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe


Delete manual file berikut: c:\program files\microsoft\watermark.exe

Terakhir download ulang AVG → reinstall → update database nya → lalu lakukan full scan.
Semoga membantu :peace:

CaLL_mE_Okta
03-08-2011, 08:10 PM
Masuk ke Safe Mode Windows ( sebelum booting tekan2 f8 → safe mode)
Dalam safe mode jalankan Hijackthis lalu centang 2 item dibawah kemudian pilih fix checked

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\prog ram files\microsoft\watermark.exe
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe


Delete manual file berikut: c:\program files\microsoft\watermark.exe

Terakhir download ulang AVG → reinstall → update database nya → lalu lakukan full scan.
Semoga membantu :peace:

trus file yg sudah ke infected..gimana caranya biar bisa d pakek lg?:panik::panik:

roney
03-08-2011, 09:30 PM
@notox saia da coba make KIS ama symantec npoint terbaru tetap sama 2 2 na gak bs detect virus mamita.exe... saia cek di internet itu termasuk virus baru untuk win7 >.<

kl para mastah˛ disini ada yg tau cara nanganin na pls tolong ksh tau dunk share ilmu biar semua pada tau cara nanganin virus ini kek gmn :(

notox
03-08-2011, 10:29 PM
trus file yg sudah ke infected..gimana caranya biar bisa d pakek lg?:panik::panik:


File yang infected bisa di disinfect oleh Antivirus tapi kadang2 file tsb jadi rusak/corrupt.
Maka Sebaiknya download ulang file / re-install program yang terinfeksi virus.



@notox saia da coba make KIS ama symantec npoint terbaru tetap sama 2 2 na gak bs detect virus mamita.exe... saia cek di internet itu termasuk virus baru untuk win7 >.<

kl para mastah˛ disini ada yg tau cara nanganin na pls tolong ksh tau dunk share ilmu biar semua pada tau cara nanganin virus ini kek gmn :(

Scan dengan Hijackthis
Pilih Do system scan and save a log file
Post lognya disini
NB: jangan klik fix checked

http://www.mediafire.com/?d6gidyzhi49th5f

CaLL_mE_Okta
04-08-2011, 07:56 PM
File yang infected bisa di disinfect oleh Antivirus tapi kadang2 file tsb jadi rusak/corrupt.
Maka Sebaiknya download ulang file / re-install program yang terinfeksi virus.


wah thx banget bro ilmu nya...
kok bisa jagok banget jawab nya..kagum saya....

bighendz
07-08-2011, 05:16 PM
gan , kompi ane kena virus 10 menit countdown , cara ngilanginnya gimana ? setiap 10 menit kompi ane shutdown sendiri

aiyacoolz
10-08-2011, 01:55 PM
kk mw nanya kalo tiba-tiba folder di flash disk terhidden gara2 apa ya? virus ya?

ceritanya begini
setiap aku nyolok flashdisk tiba2 folder yang di dalam flashdisk menjadi terhidden, file2 di luar folder nggak hidden. Terus pas mau eject flash disk nya gak bisa2. Jadi, aku buka task manager, ada w14nb2a3f955 running. terus aku klik kanan go to process, ngarahnya ke winlogon.exe
buat eject flash disk ak hrs end task dulu w14nb2a3f955 nya, baru bisa,, itu gara2 virus bukan sih kk?? thanks..

deawemona
13-08-2011, 09:22 PM
kak mau nanya...
jadi gini ceritanya, setiap nyolokin flashdisk ke laptop, tiba2 folder2 yg ada di dalam flashdisk aku jadi kehidden. terus muncul shortcut yg namanya sama persis kyk folder aku yg kehidden tadi itu. nah terus yang shortcut tadi itu kalo aku klik kanan > open file location, itu mengarah ke cmd alias windows command processor. itu kenapa ya kak? terus caranya supaya mengatasi folder2 dalam flasdisk yg dicolok ke laptop saya tidak menjadi shortcut dan terhidden harus diapakan ya kak? mohon bantua anda. terima kasih.

mattarada
13-08-2011, 10:11 PM
cara munculkan fie hidden


1. Buka Command Prompt dengan cara Klik Start Menu – Accessories – Command Prompt

2. Tampilan pertama pada command prompt akan tampak seperti ini :

“C:\Documents and Settings\Username>” tanpa tanda kutip, dimana username merupakan profiles anda di komputer tersebut.

3. Setelah itu masuk ke Folder dimana file-file yang terhidden anda tersimpan. Misal kalau anda menyimpan file-file yang terhidden di folder document pada drive D maka anda masukan perintah berikut ini : “cd /d d:\document” tanpa tanda kutip sehingga tampilan di command prompt akan tampak seperti ini : “D:\document>”

Tips : sebaiknya anda kumpulkan file-file dan folder anda yang terHidden dalam satu folder, sehingga anda bisa menghemat waktu dan tidak harus melakukan langkah ini pada setiap file atau folder yang terhidden.

4. Waktunya anda merubah file-file anda tersebut menjadi visible atau tidak terhidden lagi, dengan memasukan perintah berikut : (tanpa tanda kutip)

“attrib -r -a -s -h /s /d” dengan perintah ini, maka semua file dan folder didalam folder tersebut (folder document di langkah 3) akan kembali muncul, dan tidak terhidden lagi.

Ket : r = read only, a=archive, s=system, h=hidden, tanda minus (-) untuk menghilangkan attribut pada suatu file, anda bisa menggantinya dengan tanda plus (+), untuk menambahkan attribut pada suatu file.

sebenarnya klo nyari d gugel dapat tuh,.. ini ane nemu d gugel beberapa bulan yg lalu.,,:panda:

shinigamidika
13-08-2011, 10:18 PM
cara munculkan fie hidden

---

sebenarnya klo nyari d gugel dapat tuh,.. ini ane nemu d gugel beberapa bulan yg lalu.,,:panda:
Sederhananya sih gini aja... Buka notepad, ketik/copas

@ echo off
echo Proses Sedang Berjalan...
attrib -r -a -s -h /s /d
echo Proses Selesai...
pause
Simpan dengan ekstensi .bat (misal namanya showhidden.bat)...
Terus kopi ke drive yg pengen dibuka hiddennya misal c, d, e, f dst...
Jalankan file .bat tadi... semua yg dihidden (superhidden/system hidden) bakal kebuka...

dayoun
13-08-2011, 10:44 PM
Kalau kembaliin data-data penting misalnya yang udah kena virus gimana gan???
Soalnya semua data start menu/icon wes pokoe semuanya kok berbentuk file .pdf
BTW tu virus macam ap ya gan???:???:menurut ane kok lucu banget cara infeksinya:hehe:

shinigamidika
13-08-2011, 11:12 PM
Kalau kembaliin data-data penting misalnya yang udah kena virus gimana gan???
Soalnya semua data start menu/icon wes pokoe semuanya kok berbentuk file .pdf
BTW tu virus macam ap ya gan???:???:menurut ane kok lucu banget cara infeksinya:hehe:
Yg dimaksud data itu dokumen ato program... Kalo dokumen bisa pake fixerion (plugin ansav)... Ato program repair yg laen... Klo yg dimaksud program sih,jarang bisa direpair antivirus... jadi perlu donlot n install ulang...

hoshikawaryuuji
13-08-2011, 11:22 PM
agan2.. external hard disk q kena recyler virus ini..
AVIRA q jadi STOPPED gk bisa START abis kena ni virus..
jadi shortcut smua isi ex hdd ny..
klo di buka lgs lag bgt jd 100% CPU usage ny..
trus aq pake ini yg di post d atas..


Sederhananya sih gini aja... Buka notepad, ketik

attrib -r -a -s -h /s /d
pause
Simpan dengan ekstensi .bat (misal namanya showhidden.bat)...
Terus kopi ke drive yg pengen dibuka hiddennya misal c, d, e, f dst...
Jalankan file .bat tadi... semua yg dihidden (superhidden/system hidden) bakal kebuka...

ada folder asli ny ama yg mgkn "VIRUS" ny di folder RECYLE ama RECYLER..
di hapus manual/SHIFT+DELETE bisa gk ya?
apa bakal regenerate lagi virus ny?
file ny hilang gk y? ada 300GB ini klo ilang buset2 dah..

shinigamidika
13-08-2011, 11:29 PM
agan2.. external hard disk q kena recyler virus ini..
AVIRA q jadi STOPPED gk bisa START abis kena ni virus..
jadi shortcut smua isi ex hdd ny..
klo di buka lgs lag bgt jd 100% CPU usage ny..
trus aq pake ini yg di post d atas..
ada folder asli ny ama yg mgkn "VIRUS" ny di folder RECYLE ama RECYLER..
di hapus manual/SHIFT+DELETE bisa gk ya?
apa bakal regenerate lagi virus ny?
file ny hilang gk y? ada 300GB ini klo ilang buset2 dah..
Kalo itu shortcut dan Folder yg berisi virus dihapus bisa...
Cuman bakalan balik lagi kalo virusnya masih idup...
Kalopun shortcutnya dihapus... Gak bakalan hilang data/file2nya...

hoshikawaryuuji
13-08-2011, 11:43 PM
Kalo itu shortcut dan Folder yg berisi virus dihapus bisa...
Cuman bakalan balik lagi kalo virusnya masih idup...
Kalopun shortcutnya dihapus... Gak bakalan hilang data/file2nya...

matiin virus ny gmn donk klo di hapus manual/ndiri gk bisa?
antivir ny (AVIRA trial) KOID gk bisa nyala gini..
hidupin antivir ny gmn ya?
di start scan gk mau.. nge lag doang trus frezze beberapa detik trus gk knp2..
browse2 di google sih kt ny musti lewat safe mode dlu ya?

notox
14-08-2011, 06:47 PM
gan , kompi ane kena virus 10 menit countdown , cara ngilanginnya gimana ? setiap 10 menit kompi ane shutdown sendiri


agan2.. external hard disk q kena recyler virus ini..
AVIRA q jadi STOPPED gk bisa START abis kena ni virus..
jadi shortcut smua isi ex hdd ny..
klo di buka lgs lag bgt jd 100% CPU usage ny..
trus aq pake ini yg di post d atas..



ada folder asli ny ama yg mgkn "VIRUS" ny di folder RECYLE ama RECYLER..
di hapus manual/SHIFT+DELETE bisa gk ya?
apa bakal regenerate lagi virus ny?
file ny hilang gk y? ada 300GB ini klo ilang buset2 dah..


Coba scan dengan Hijackthis
Pilih Do system scan and save a log file
Post lognya disini.
NB: jangan klik fix checked bila tidak disarankan.

http://www.mediafire.com/?d6gidyzhi49th5f

bishonen
15-08-2011, 01:58 PM
bro, komp wa kena virus nih. gr" tmn kntr gw nyolok FD dia k laptop gw. bit defender gw lgsg KO. trs wa cek email gw, dia spam mssg k semua contact list gw. ini log-nya


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:46:32, on 15/08/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Join Air\UIExec.exe
C:\Program Files\Smadav\SM?RTP.exe
C:\Windows\system32\igfxsrvc.exe
D:\Internet Download Manager\IDMan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\Internet Download Manager\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Users\hp\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\hp\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = c1.telkomsel.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxies.telkom.net.id:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\Join Air\UIExec.exe"
O4 - HKCU\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Megakey] C:\Users\hp\AppData\Local\Megamedia\Megakey\Megake y.exe /Tray
O4 - HKCU\..\Run: [MegakeyUpdater] C:\Users\hp\AppData\Local\Megamedia\Megakey\Megake yUpdater.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\hp\AppData\Local\Google\Update\GoogleUpda te.exe" /c
O4 - HKCU\..\Run: [IDMan] D:\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all links with IDM - D:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://vpn.telkomsel.co.id/SNX/CSHELL/extender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B044295-1342-449A-B025-0EBDBC1C65AD}: NameServer = 202.134.0.155,203.130.196.5
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Join Air\AssistantServices.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe


ad yg tau ini virus ap ??
bs recommend antivir yg bagus ?
sekalian link donlod sama crack-nya. kl lgsg k trit antivir yg bersangkutan bingung, bnyk bgt versi-nya.

notox
15-08-2011, 09:02 PM
@bishonen
Untuk persiapan awal akukan langkah dibawah:
1. Uninstall Smadav dan Bitdefender
2. Uninstall Megakey

Setelah itu Download dan install Malwarebytes Free.
Update database nya kemudian lakukan full scan.

http://www.malwarebytes.org/products/malwarebytes_free

- Post hasil log nya.
- Cek juga apakah masih ada spam message?

Navy0707
17-08-2011, 01:19 AM
gan ane mau nanya.
jadi gini mendadak ada program yg jalan namanya conime.exe pas ane cek di tab process pada Windows task manager.
Klik kanan open file sih munculnya adanya di
-C:\Windows\System32
Nah pertanyaannya, conime.exe itu virus bukan sih ? Cara ngeceknya gmn ?
jadi parno sendiri.
Ane coba googling katanya ada yg bilang itu emg bawaan dari microsoft untuk kompi asia. sejujurnya belum kerasa apa" sih di ane cuman ane penasaran aja itu tuh apa soalnya muncul mendadak di task manager.
thanks before :) !

notox
17-08-2011, 11:59 AM
gan ane mau nanya.
jadi gini mendadak ada program yg jalan namanya conime.exe pas ane cek di tab process pada Windows task manager.
Klik kanan open file sih munculnya adanya di
-C:\Windows\System32
Nah pertanyaannya, conime.exe itu virus bukan sih ? Cara ngeceknya gmn ?
jadi parno sendiri.
Ane coba googling katanya ada yg bilang itu emg bawaan dari microsoft untuk kompi asia. sejujurnya belum kerasa apa" sih di ane cuman ane penasaran aja itu tuh apa soalnya muncul mendadak di task manager.
thanks before :) !

copy file conime.exe ke ke desktop, lalu upload ke virustotal. (http://www.virustotal.com/)
Post link hasil scan nya dimari.

Navy0707
17-08-2011, 12:24 PM
copy file conime.exe ke ke desktop, lalu upload ke virustotal. (http://www.virustotal.com/)
Post link hasil scan nya dimari.

ini gan

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: 6080a176d09435fc8e6e800996656e18
Date first seen: 2009-05-01 16:09:09 (UTC)
Date last seen: 2011-08-17 00:31:57 (UTC)
Detection ratio: 0/42

What do you wish to do?


Gimana gan ? artinya ga ada kah ?

Oh iah ko mendadak di tab process jadi ga ada yah conime.exe nya ? kemaren ada sekarang ga -__-
jadi makin penasaran nih gan

notox
17-08-2011, 10:26 PM
ini gan

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: 6080a176d09435fc8e6e800996656e18
Date first seen: 2009-05-01 16:09:09 (UTC)
Date last seen: 2011-08-17 00:31:57 (UTC)
Detection ratio: 0/42

What do you wish to do?


Gimana gan ? artinya ga ada kah ?

Oh iah ko mendadak di tab process jadi ga ada yah conime.exe nya ? kemaren ada sekarang ga -__-
jadi makin penasaran nih gan

Coba scan dengan TDSSKiller kemudian post log nya disini.

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Navy0707
18-08-2011, 08:53 PM
ini gan setelah coba pake TDS killer


http://i1121.photobucket.com/albums/l513/navy0707/TDS.jpg


bagaimanakah ?

notox
19-08-2011, 12:27 AM
ini gan setelah coba pake TDS killer


http://i1121.photobucket.com/albums/l513/navy0707/TDS.jpg


bagaimanakah ?

Sepertinya ga ada masalah, file conime.exe dah hilang.

Untuk memastikan lagi sebaiknya lakukan juga full scan dengan antivirus yang terupdate.
:peace:

samuel_pardosi
01-09-2011, 10:20 AM
kk kalo virus copy of shortcut , setiap dikasi masuk flashdisk lgsg nular ,
gmn cara tanggulanginya , ane pake avast dan tuneup sbagai pembantu , tapi tetep aj ga bisa ,, gmn ya?

suryaadinata
04-09-2011, 01:14 PM
kk kalo virus copy of shortcut , setiap dikasi masuk flashdisk lgsg nular ,
gmn cara tanggulanginya , ane pake avast dan tuneup sbagai pembantu , tapi tetep aj ga bisa ,, gmn ya?

yg kena flashdisc kan?

1. scan dulu
2. backup
3. format flashdisc
4. sudah aman

cgnusardana
11-09-2011, 08:06 PM
kk kalo virus copy of shortcut , setiap dikasi masuk flashdisk lgsg nular ,
gmn cara tanggulanginya , ane pake avast dan tuneup sbagai pembantu , tapi tetep aj ga bisa ,, gmn ya?

tu pake avast yang edisi brapa ya :???:, udah d update belum :haha:

kalo tuneup-nya tu mending kagak d pake, biasanya malah membuat komputer error :hehe:

spinx04
11-09-2011, 09:10 PM
kk kalo virus copy of shortcut , setiap dikasi masuk flashdisk lgsg nular ,
gmn cara tanggulanginya , ane pake avast dan tuneup sbagai pembantu , tapi tetepjut aj ga bisa ,, gmn ya?
yg kena flashdisc kan?

1. scan dulu
2. backup
3. format flashdisc
4. sudah amanbiar aman, untuk langkah awal (kalo masi pake XP n belum kena virusnya) matikan dulu autorun/autoplay computernya. lalu untuk jaga2, setiap nyolokin flashdisk ke kompi or laptop, biasakan tekan tombol SHIFT, tahan, lalu colokin tu flashdisk. setelah proses detect selesai baru lepasin tombol SHIFT nya.

lebih lanjut baca:
http://www.indowebster.web.id/showthread.php?t=143421&p=9604574&viewfull=1#post9604574

lebih lanjut baca:
http://www.indowebster.web.id/showthread.php?t=143421&p=8586413&viewfull=1#post8586413

n baca:
http://www.indowebster.web.id/showthread.php?t=143421&p=8588482&viewfull=1#post8588482

cukup? :???:
:haha:


tu pake avast yang edisi brapa ya :???:, udah d update belum :haha:

kalo tuneup-nya tu mending kagak d pake, biasanya malah membuat komputer error :hehe:tepat sekali! :cambuk:

Navy0707
18-09-2011, 07:45 AM
gan kenapa yah CPU usage dan RAM usage nya lebih dari 50% mulu ? padahal dalam keadaan iddle.
Terus Windows Explolernya suka tiba" ketutup aja nih kalo lagi pake. Windows exploler is stop working gt.. kenapa yah gan ? virus kah ?

notox
18-09-2011, 06:50 PM
gan kenapa yah CPU usage dan RAM usage nya lebih dari 50% mulu ? padahal dalam keadaan iddle.
Terus Windows Explolernya suka tiba" ketutup aja nih kalo lagi pake. Windows exploler is stop working gt.. kenapa yah gan ? virus kah ?

Pake Windows apa?
Coba pasang Screenshot gambar Taskmanager lengkap → tab Processes → urutkan berdasar CPU usage.

cgnusardana
18-09-2011, 08:57 PM
gan kenapa yah CPU usage dan RAM usage nya lebih dari 50% mulu ? padahal dalam keadaan iddle.
Terus Windows Explolernya suka tiba" ketutup aja nih kalo lagi pake. Windows exploler is stop working gt.. kenapa yah gan ? virus kah ?

Kayaknya kenak Win32.Heur ato smacamnya tuh :???:...

dayoun
19-09-2011, 04:30 PM
Kak kalo domino.exe itu apa ya? apa virus juga? (win XP SP2)
Biasanya lokasinya di C:windows\system32

choli
19-09-2011, 04:53 PM
Kak kalo domino.exe itu apa ya? apa virus juga? (win XP SP2)
Biasanya lokasinya di C:windows\system32

Di ane sih nggga ada yah yang namanya domino.exe
Bisa jadi virus...

cgnusardana
20-09-2011, 09:43 AM
Kak kalo domino.exe itu apa ya? apa virus juga? (win XP SP2)
Biasanya lokasinya di C:windows\system32

Cobak aja tuh isa apa kagak kalo filenya d Cut<bukan Copy>...

Navy0707
20-09-2011, 02:22 PM
Pake Windows apa?
Coba pasang Screenshot gambar Taskmanager lengkap → tab Processes → urutkan berdasar CPU usage.

ini gan picnya

http://i1121.photobucket.com/albums/l513/navy0707/taskmgr2.png

http://i1121.photobucket.com/albums/l513/navy0707/taskmgr.jpg

mohon dibantu gan :)

choli
20-09-2011, 05:36 PM
Barusan kompie ane kena virus...
Virusnya sih virus lama : downadup...
Dia ngendon di system32/x dengan nama filenya: 'x' ama c:/documents and settings/Networkservice/Local Settings/Temporary Internet Files/Content.IE5/D2PIJTU4 dengan nama file: qiwpb[1].jpg
Ciri2 ini virus: beban kerja prosesor jadi berat banget. Ngga akan keliatan di task manager. Cuma lampu hddnya nyala terus dan buka program apapun jadi ngefreeze...

kecebongoreng
20-09-2011, 06:20 PM
ini gan picnyahttp://i1121.photobucket.com/albums/l513/navy0707/taskmgr2.pnghttp://i1121.photobucket.com/albums/l513/navy0707/taskmgr.jpgmohon dibantu gan :)(Tombol) Show processes from all users-nya belum ditekan, jadi tidak kelihatan itu. Dan klik kolom CPU supaya disusun descending.

masfandi
20-09-2011, 06:52 PM
Barusan kompie ane kena virus...
Virusnya sih virus lama : downadup...
Dia ngendon di system32/x dengan nama filenya: 'x' ama c:/documents and settings/Networkservice/Local Settings/Temporary Internet Files/Content.IE5/D2PIJTU4 dengan nama file: qiwpb[1].jpg
Ciri2 ini virus: beban kerja prosesor jadi berat banget. Ngga akan keliatan di task manager. Cuma lampu hddnya nyala terus dan buka program apapun jadi ngefreeze...Boleh minta sampelnya? :matabelo:

Navy0707
20-09-2011, 09:36 PM
Sorry gan sip ini udah ane klik process from all user. ini ane OS nya 7 64 bit :)
ini gan picnya

http://i1121.photobucket.com/albums/l513/navy0707/Untitled.jpg

http://i1121.photobucket.com/albums/l513/navy0707/Untitled2.jpg

mohon dibantu gan :)

kecebongoreng
20-09-2011, 10:42 PM
Sorry gan sip ini udah ane klik process from all user. ini ane OS nya 7 64 bit :)
ini gan picnyahttp://i1121.photobucket.com/albums/l513/navy0707/Untitled.jpghttp://i1121.photobucket.com/albums/l513/navy0707/Untitled2.jpgmohon dibantu gan :)Sayangnya lagi idle tu. Lain kali jalankan selalu setiap saat Windows Task Manager, begitu grafik hijau naik mendadak penuh, ambil screenshot.

Grafik Hijau itu
http://i52.tinypic.com/333wbd4.png

choli
21-09-2011, 11:05 AM
Boleh minta sampelnya? :matabelo:

http://www.mediafire.com/?y8ppchkr5079u8o

Dipass yah..
Kalo mau tau passnya, PM aja..

renaviez
25-09-2011, 10:24 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:41, on 24/09/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
D:\Program and Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Documents and Settings\Mrs. Rena\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mrs. Rena\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mrs. Rena\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mrs. Rena\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mrs. Rena\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mrs. Rena\Desktop\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://id.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://id.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\S-1-5-21-746137067-1383384898-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Hot%20Dish%202/Images/stg_drm.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Hot%20Dish%202/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{866DAD2E-1161-4DD5-A397-7C2DDD67D5A4}: NameServer = 192.168.9.1
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program and Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O24 - Desktop Component 0: (no name) - http://binusmaya.binus.ac.id/Images/Student/panah.gif

--
End of file - 6374 bytes

cekin dong :(:cry4:

overlordhextor
30-09-2011, 11:23 AM
Antivirus yang paling jempol apa ya??
Kompi ane kena virus yang susah diilangin...
Tiap kali masku plesdisk pasti ada folder recyclenya ama copy shortcut 4 biji...
Mohon pencerahannya

peter82
30-09-2011, 01:21 PM
https://lh6.googleusercontent.com/-vTxFsNwmkKo/ToVfD4RNPFI/AAAAAAAAAEU/RT2vNYML7H8/s288/error.JPG
maaf kalau salah tempat, ini virus atau OS yang corrupt ya :???:

choli
30-09-2011, 03:12 PM
Antivirus yang paling jempol apa ya??
Kompi ane kena virus yang susah diilangin...
Tiap kali masku plesdisk pasti ada folder recyclenya ama copy shortcut 4 biji...
Mohon pencerahannya
Bisa coba bitdefender TS 2011..



https://lh6.googleusercontent.com/-vTxFsNwmkKo/ToVfD4RNPFI/AAAAAAAAAEU/RT2vNYML7H8/s288/error.JPG
maaf kalau salah tempat, ini virus atau OS yang corrupt ya :???:

Virus...
Ati2 biasanya ntu virus makan pagefile windows...

adnanunique
01-10-2011, 06:01 PM
maaf kalo udah ada yg tanya

ane mau tanya beberapa hal:
1. Virus di Facebook yg modusnya klik link dari chat temen
itu virus berbahaya ga sih? terus kalo udah ngeklik virusnya nyebar ke temen kita yg online via chat, ada link virusnya, it's very annoying :lempar:
2. virus (ato malware yah) bm.exe di process, bikin CPU jadi 100% terus :hammer: itu ngatasinnya gimana yah? selama ini ane matiin secara manual di task managernya

terima kasih :makasi:

notox
01-10-2011, 07:24 PM
maaf kalo udah ada yg tanya

ane mau tanya beberapa hal:
1. Virus di Facebook yg modusnya klik link dari chat temen
itu virus berbahaya ga sih? terus kalo udah ngeklik virusnya nyebar ke temen kita yg online via chat, ada link virusnya, it's very annoying :lempar:
2. virus (ato malware yah) bm.exe di process, bikin CPU jadi 100% terus :hammer: itu ngatasinnya gimana yah? selama ini ane matiin secara manual di task managernya

terima kasih :makasi:

Coba cari lokasi file bm.exe lalu copy ke desktop terus upload ke → http://www.virustotal.com/
Post link hasil scan nya dimari.

Lakukan juga scan komputer dengan Hijackthis
Pilih Do system scan and save a log file
Post lognya disini.
NB: jangan klik fix checked bila tidak disarankan.

http://www.mediafire.com/?d6gidyzhi49th5f

Navy0707
01-10-2011, 08:39 PM
gan mau nanya. jadi gini ceritanya. beberapa hari ini temen" ane ngeluh. katanya sih mereka sering banget dapet email dari akun yahoo ane. isinya geje gt. Pdhl ane ga pernah kirim email ke mereka sama sekali.
Terus ane coba cek email ane. terus tiba" ada email dengan subject failure notice.

sendernya

MAILER-DAEMON@yahoo.com

dia krim email ke seluruh contact ane gitu. parah banget gan :hammer:

terus gmn nih solusinya yah gan ?
Terus bisa kasih penjelasan itu tuh apa (ini spam kah ?) ? Biasanya apa yah yg nyebabin kaya gitu ?
Email ane pass nya ketauan kah sama dia ?
terus solusinya gmn yah biar ga dijadiin zombie lagi ?
apakah dengan ganti pass email aja cukup ?

choli
01-10-2011, 08:54 PM
Kalo MAILER-DAEMON@yahoo.com
artinya: semua alamat email yang dikirimin email ama situ, semuanya inalid alias salah alamat emailnya...
Jadi MAILER-DAEMON@yahoo.com bukan spam...
Cuma kemungkinan gede sih akun emailnya udah ke-hack...
Dia berusaha untuk ngirim ke alamat email yang ngga jelas..
CMIIW.

notox
01-10-2011, 09:21 PM
gan mau nanya. jadi gini ceritanya. beberapa hari ini temen" ane ngeluh. katanya sih mereka sering banget dapet email dari akun yahoo ane. isinya geje gt. Pdhl ane ga pernah kirim email ke mereka sama sekali.
Terus ane coba cek email ane. terus tiba" ada email dengan subject failure notice.

sendernya

MAILER-DAEMON@yahoo.com

dia krim email ke seluruh contact ane gitu. parah banget gan :hammer:

terus gmn nih solusinya yah gan ?
Terus bisa kasih penjelasan itu tuh apa (ini spam kah ?) ? Biasanya apa yah yg nyebabin kaya gitu ?
Email ane pass nya ketauan kah sama dia ?
terus solusinya gmn yah biar ga dijadiin zombie lagi ?
apakah dengan ganti pass email aja cukup ?

Iya kemungkinan besar kena malware spammer.
Sebaiknya kalo ada email spam yang tidak dikenal dan mencurigakan jangan dibuka, baik link url atau attachment yang terkandung di dalamnya.
Saran:
- Clear cookies dan cache dari semua browser yang digunakan
- Ganti password email
- Scan dengan Superantispyware free (http://www.superantispyware.com/superantispyware.html)
- Aktifkan firewall Windows dan pasang Antivirus yang terupdate.
:hmm:

Btw email sy jg baru kena masalah serupa baru˛ ini :keringat:

Navy0707
02-10-2011, 05:42 PM
Iya kemungkinan besar kena malware spammer.
Sebaiknya kalo ada email spam yang tidak dikenal dan mencurigakan jangan dibuka, baik link url atau attachment yang terkandung di dalamnya.
Saran:
- Clear cookies dan cache dari semua browser yang digunakan
- Ganti password email
- Scan dengan Superantispyware free (http://www.superantispyware.com/superantispyware.html)
- Aktifkan firewall Windows dan pasang Antivirus yang terupdate.
:hmm:

Btw email sy jg baru kena masalah serupa baru˛ ini :keringat:
Kita senasib ternyata aduh :hammer:
nah anehnya itu gan. ane ga pernah buka attach ga jelas dan link ga jelas. biasanya ane nunggu kepastian dari si antivirus dulu. kalo indicatornya ijo baru ane masukin web nya. kalo ga yah ane ga masukin tapi ko bisa gitu ya -__- ?
oh iah thanks gan :D ternyata bener ada tracking cookie setelah di scan -__-
btw, kalo firewall windowsnya nya ga aktif karena antivirus nya gapapa kan ? ane pake Norton Internet Secury Suite gan. katanya sih dia skalian aktifin firewallnya. jadi bukan sama bawaan windowsnya.

notox
02-10-2011, 06:08 PM
Kita senasib ternyata aduh :hammer:
nah anehnya itu gan. ane ga pernah buka attach ga jelas dan link ga jelas. biasanya ane nunggu kepastian dari si antivirus dulu. kalo indicatornya ijo baru ane masukin web nya. kalo ga yah ane ga masukin tapi ko bisa gitu ya -__- ?
oh iah thanks gan :D ternyata bener ada tracking cookie setelah di scan -__-
btw, kalo firewall windowsnya nya ga aktif karena antivirus nya gapapa kan ? ane pake Norton Internet Secury Suite gan. katanya sih dia skalian aktifin firewallnya. jadi bukan sama bawaan windowsnya.

Ya gpp kalo Internet Security biasanya udah include firewall sendiri.
Thanks laporannya semoga bermanfaat buat yang lain.

slayersman
05-10-2011, 12:53 PM
Gini gan...
Ane pake Internet di Kost ane ISP Max!nd*

Semalem kan ane lg asik download2 game PC (biasa pelanggan mbok jamu)
Tau2 speed download ane naik, dari yg biasanya 80 kb/s bisa jadi 500kb/s - 1mb/s ++
Ane kan jadi semangat tuh, langsung gaspol download sebanyak mungkin.

Nah ane download 10 biji langsung, biasanyakan klo speed 500kb/s download 5 biji masing2 dapet 100kb/s. Ni ane download 10 biji tiap downloadan speednya 500kb/s berarti klo speed di total semua jadi 5mb/s donk.

G lama kemudian internet kostan ane mati semua, pengurus Internet kostan ane telepon yg punya ISP (Max!nd*) abis itu Interet nyala lagi.
Ane lanjutin tuh downloadan yg 10 biji tadi (speed masih LUARBIASAAA). Beberapa saat kemudia mati lagi Internet 1 kost , telepon lagi ke ISP. Kata tanya IP XXX.XXX.XXX.100 kostan ane nyedotnya gede banget (nyampe 16 mb/s) & computernya kena virus (Trojan ato apa lah gtu). Ama yang ngurus Internet di cek dah 1 1 IP yang nyedotnya paling gede, dan emang IP XXX.XXX.XXX.100 yang paling gede nyedotnya (IP yg komputer ane pake ).
Nah ama yang ngurus Internet di kostan ane, ane di suru jgn download apa2 dulu tunggu dia cek script nanti sore jam 6, takut internetnya di matiin lagi ama ISP (Max!nd*).

Yang jadi pertanyaan ane...
Apa emang virus bisa bikin computer ane speednya g bisa di limit? bahkan ama yg punya ISP?
Dah ane full scan pake "mbam" g ke deteksi apa2 (cman jamu2 ane yg kena).


Mohon pencerahannya suhu... ane gatel pngn download macem2, tiada hari tanpa download :( :( :(

Jujur sih sebenernya ane nggak merasa di rugikan ama ni virus (klo beneran, malahan ane happy speed gede :) ), cman takut Inet di matiin lagi ama ISP. Makannya ane g nekat download

kecebongoreng
05-10-2011, 01:14 PM
Gini gan...
Ane pake Internet di Kost ane ISP Max!nd*

Semalem kan ane lg asik download2 game PC (biasa pelanggan mbok jamu)
Tau2 speed download ane naik, dari yg biasanya 80 kb/s bisa jadi 500kb/s - 1mb/s ++
Ane kan jadi semangat tuh, langsung gaspol download sebanyak mungkin.

Nah ane download 10 biji langsung, biasanyakan klo speed 500kb/s download 5 biji masing2 dapet 100kb/s. Ni ane download 10 biji tiap downloadan speednya 500kb/s berarti klo speed di total semua jadi 5mb/s donk.

G lama kemudian internet kostan ane mati semua, pengurus Internet kostan ane telepon yg punya ISP (Max!nd*) abis itu Interet nyala lagi.
Ane lanjutin tuh downloadan yg 10 biji tadi (speed masih LUARBIASAAA). Beberapa saat kemudia mati lagi Internet 1 kost , telepon lagi ke ISP. Kata tanya IP XXX.XXX.XXX.100 kostan ane nyedotnya gede banget (nyampe 16 mb/s) & computernya kena virus (Trojan ato apa lah gtu). Ama yang ngurus Internet di cek dah 1 1 IP yang nyedotnya paling gede, dan emang IP XXX.XXX.XXX.100 yang paling gede nyedotnya (IP yg komputer ane pake ).
Nah ama yang ngurus Internet di kostan ane, ane di suru jgn download apa2 dulu tunggu dia cek script nanti sore jam 6, takut internetnya di matiin lagi ama ISP (Max!nd*).

Yang jadi pertanyaan ane...
Apa emang virus bisa bikin computer ane speednya g bisa di limit? bahkan ama yg punya ISP?
Dah ane full scan pake "mbam" g ke deteksi apa2 (cman jamu2 ane yg kena).


Mohon pencerahannya suhu... ane gatel pngn download macem2, tiada hari tanpa download :( :( :(

Jujur sih sebenernya ane nggak merasa di rugikan ama ni virus (klo beneran, malahan ane happy speed gede :) ), cman takut Inet di matiin lagi ama ISP. Makannya ane g nekat downloadKalu virus sih, menurut ay nggak, apalagi sudah kamu cek. Sedangkan bila dapat kecepatan segitu, bisa saja jaringan lagi bocor melebihi spesifikasi paket internet yang dibeli. Dan di sistem ISP sendiri ada semacam alert/automatic cut-off untuk yang konsumsi overbandwidth, baik karena aktivitas dunlut berlebihan maupun aktivitas malware (mencurigakan).

Dilihat-lihat lagi aja nanti.

PS: Kalau pakai IDM, batasi kecepatan dunlut maksimum mengikuti spesifikasi paket.

slayersman
05-10-2011, 01:57 PM
Kalu virus sih, menurut ay nggak, apalagi sudah kamu cek. Sedangkan bila dapat kecepatan segitu, bisa saja jaringan lagi bocor melebihi spesifikasi paket internet yang dibeli. Dan di sistem ISP sendiri ada semacam alert/automatic cut-off untuk yang konsumsi overbandwidth, baik karena aktivitas dunlut berlebihan maupun aktivitas malware (mencurigakan).

Dilihat-lihat lagi aja nanti.

PS: Kalau pakai IDM, batasi kecepatan dunlut maksimum mengikuti spesifikasi paket.

Ane pake IDM dah lama, biasanya sih speednya yg 80kb/s itu.
Kost ane juga pake bandwidth management (winbox).
Trus barusan IDM udah ane uninstal, tp dapet speednya masih sama ama pas pake IDM.

Feeling ane sih dari ISP-nya ane yg bocor, tp cman di komputer ane yang bisa dapet "bonus" speed :p

Mungkin ada masukan lain dari para suhu yang lain...
Klo ane download sekarang terancam Inet di matiin ama ISP :tolong:, suru nunggu ampe jam 6 :sedih:


Setelah jam 6...
Ternyata IP ane yg abnormal, setingan sama kek IP lain tp speednya sangat luarbiasa. Setelah di kasi IP baru speed kembali seperti biasa :(.
Feeling ane bener virus g ada yg nyebabin kek gini...

Tq buat yg dah berusaha bantu ane :matabelo:

8zack8
11-10-2011, 06:23 PM
hello, sbenarnya gw bingung ini error di sistem atau masalah di blocker antivirusnya atau gimana...

file autorun.inf gw ilang waktu terakhir gw colokin ke PC gw. padahal 2 hari yg lalu pas di colok ke netbook temen (Win 7) fine fine aja. cuman gak tau autorunnya di block sama antivirus dia apa gimana.

trus begitu gw pasang di PC gw ada file muncul AUTORUN_.inf

gw cek dan hasilnya sama kayak isi file autorun yg gw buat. cuman buat nampilin icon. tapi masalahnya begitu gw hapus dan ngecek pake hidden system file ttp gak muncul juga. dan walhasil gw mau bikin file autorun.inf yg baru buat gw timpuk gak bisa. pdhal gw gak set jadi read only.

ada yg punya masalah kayak gini nih?

PS: gw ngomongin HD Portable gw dink :hahaha:

spinx04
11-10-2011, 07:43 PM
^8zack8

kok agak aneh ya kedengarannya...:iii:
kalo ngirim file lain bisa? kalo bisa berarti memang sudah ada file or folder dengan nama autorun.inf yang exist di HDD nya.

btw, file autorun.inf dengan tujuan rubah icon HDD sebaiknya ga dibuat, karena ada virus2 yang mengganti isi file tersebut untuk menjalankan dirinya sendiri (virus) secara otomatis (pengalaman pribadi). lagi pula manfaatnya ga terlalu urgen, apalagi dibandingkan resikonya (cem yang aq sebut sebelumnya) :siul:

tambahan:
untuk munculin file2 or folder2 dalam HDD yang terhidden, pastikan command di CMD nya:


attrib -s -h *.* /s /d

CMIIW :maaf:

dhianjagger
14-10-2011, 03:35 AM
tanya...cara ngilangin virus TR/crypt.XPACK,Gen3 Trojan...ke detect trs sm avira..tp ga bs di remove....

cgnusardana
15-10-2011, 07:57 AM
tanya...cara ngilangin virus TR/crypt.XPACK,Gen3 Trojan...ke detect trs sm avira..tp ga bs di remove....

Udah d update belum tuh avira-nya :???: kalo gimana ya ganti anvir tuh skalian, pake AVAST ato AVG ato kasper, yang free2 ae tuh :haha:

Freakuensi
15-10-2011, 03:28 PM
tanya...cara ngilangin virus TR/crypt.XPACK,Gen3 Trojan...ke detect trs sm avira..tp ga bs di remove....

Masuk Safe Mode , lalu Scan lage pake AVIRA tersebut ..

dayoun
15-10-2011, 05:50 PM
tanya...cara ngilangin virus TR/crypt.XPACK,Gen3 Trojan...ke detect trs sm avira..tp ga bs di remove....

Pake aja Killer Machine, dijamin tokcer :top: Tp kita harus teliti ciri-ciri virus itu sendiri :haha:

pulpenbujel
21-10-2011, 09:08 AM
assalamu'alaykum....
ane mau tanya nih, komputer di kelas ane kena virus recycler, gejalanya tiap flesdis yang dimasukin jadi shortcut.

nah sekarang yang ane tanyain, di sekolah ane cuma bisa login dengan mode guest, jadi nggabisa instal apa apa di komputer itu, ada yang punya solusi ato antivir portabel yang bisa bunuh virus recycler? :bloon:
mohon bantuannya sangat karena guru2 ane jadi nggamau nancepin flesdisnya di komputer, dan materi pun jadi ketinggalan... :maaf:

choli
21-10-2011, 10:39 AM
assalamu'alaykum....
ane mau tanya nih, komputer di kelas ane kena virus recycler, gejalanya tiap flesdis yang dimasukin jadi shortcut.

nah sekarang yang ane tanyain, di sekolah ane cuma bisa login dengan mode guest, jadi nggabisa instal apa apa di komputer itu, ada yang punya solusi ato antivir portabel yang bisa bunuh virus recycler? :bloon:
mohon bantuannya sangat karena guru2 ane jadi nggamau nancepin flesdisnya di komputer, dan materi pun jadi ketinggalan... :maaf:

Hubungi aja admin yang mengurusi komputer sekolah...
Ya ati2 aja, kalo ada data2 penting disono..
Bisa situ sendiri yang diamuk karena mengotak-atik kompie sekolah...

pulpenbujel
21-10-2011, 06:32 PM
Hubungi aja admin yang mengurusi komputer sekolah...
Ya ati2 aja, kalo ada data2 penting disono..
Bisa situ sendiri yang diamuk karena mengotak-atik kompie sekolah...

emg ngga ada cara lain ya selain menghubungi adminnya...
pasti nanti diceramahin dulu baru dibenerin komputernya.. :dead:
di komputernya cuma ada antivirus nod32, itupun out of date :swt:
seandainya ada antivirus yang portable...

noerone
21-10-2011, 06:42 PM
emg ngga ada cara lain ya selain menghubungi adminnya...
pasti nanti diceramahin dulu baru dibenerin komputernya.. :dead:
di komputernya cuma ada antivirus nod32, itupun out of date :swt:
seandainya ada antivirus yang portable...

coba pake antivirus lokal aja dulu spt Smadav, Pc-mav, dsb. siapa tau bisa di bersihin & sudah portable juga.

pulpenbujel
21-10-2011, 06:55 PM
coba pake antivirus lokal aja dulu spt Smadav, Pc-mav, dsb. siapa tau bisa di bersihin & sudah portable juga.

smadav sama pcmav ada yang portable juga ya? kalo abang tau, dan kalo boleh tau boleh minta linknya sekalian.. :maaf:

choli
21-10-2011, 08:46 PM
smadav sama pcmav ada yang portable juga ya? kalo abang tau, dan kalo boleh tau boleh minta linknya sekalian.. :maaf:

Kalo ngga salah sih ada..
Tinggal search aja disini..
Cuma ya ati2 aja make AVnya...
Kalo ternyata virusnya udah menginfect OSnya, dan kesapu bersih file2 yang penting..
Ntar malah sama sekali ngga bisa booting lho..

pulpenbujel
21-10-2011, 09:12 PM
Kalo ngga salah sih ada..
Tinggal search aja disini..
Cuma ya ati2 aja make AVnya...
Kalo ternyata virusnya udah menginfect OSnya, dan kesapu bersih file2 yang penting..
Ntar malah sama sekali ngga bisa booting lho..

:kaget:
waduh, masalahnya ini komputer sekolah bang, bukan komputer ane pribadi...
kalo kenapa2 sama komputernya repot deh...
jadi serem mau nyoba :takut:

shinigamidika
21-10-2011, 09:40 PM
waduh, masalahnya ini komputer sekolah bang, bukan komputer ane pribadi...
kalo kenapa2 sama komputernya repot deh...
jadi serem mau nyoba
Sekedar saran sih...langkah
1. Bilang adminya klo ada pirus... biar dia yg beresin..
2. Klo dah dibilang gak diurus pirusnya... minta ijin admin buat bersihin...
3. Takut diceramahin admin... Mending bersihin sendiri...
4. Gak berani otak-atik komp sekolah... Biarin aja toh gak ngaruh... bukan komputer pribadi ente...

flarez
23-10-2011, 01:04 PM
minta bantuannya donk, laptop gw kna virus ni :tega:
entah nama virusnya apa, cuman tiba2 gw liat dr performance komputernya jd 100% terus
gw liat2 ada aplikasi2 gak penting yang muncul2 sndiri n dihapus nantinya keluar lagi
di end procces pun ntar waktu nyalain lagi virusnya nongol lagi
gmn ini? jadinya lemot laptop gw :maaf:
btw, aplikasi yang gw ceritain barusan definisi-nya Desk save gt, namanya bervariasi n d berbagai tempat d system
contoh namanya: awalnya "tasked.exe", lama kelamaan berubah jadi Z*.exe
mohon bantuannya :maaf:

pulpenbujel
23-10-2011, 01:37 PM
Sekedar saran sih...langkah
1. Bilang adminya klo ada pirus... biar dia yg beresin..
2. Klo dah dibilang gak diurus pirusnya... minta ijin admin buat bersihin...
3. Takut diceramahin admin... Mending bersihin sendiri...
4. Gak berani otak-atik komp sekolah... Biarin aja toh gak ngaruh... bukan komputer pribadi ente...

1. solved
2. solved
3. nah ini masalahnya, pake antivirus apa bang, soalnya cuma bisa login sbg guest, jadi nggabisa install apa2.. :yareyare:
4. kalo yang ini masalahnya sama guru2 bang, ane jadi ketinggalan pelajaran gara2 guru2 nggamau flesdisnya terinfeksi virus.. seharusnya materi lewat ppt(powerpoint), skrg materinya lewat ppt(PaPan Tulis) :lol:

kecebongoreng
23-10-2011, 02:58 PM
3. nah ini masalahnya, pake antivirus apa bang, soalnya cuma bisa login sbg guest, jadi nggabisa install apa2.. :yareyare:Seharsunya dengan live rescue-cd/flashdisk bisa itu.

4. kalo yang ini masalahnya sama guru2 bang, ane jadi ketinggalan pelajaran gara2 guru2 nggamau flesdisnya terinfeksi virus.. seharusnya materi lewat ppt(powerpoint), skrg materinya lewat ppt(PaPan Tulis) :lol:Suruh alternatif pakai LibreOffice.

pulpenbujel
23-10-2011, 04:43 PM
Seharsunya dengan live rescue-cd/flashdisk bisa itu.
apa itu? :bloon:

Suruh alternatif pakai LibreOffice.
apa itu? :bloon:

bneran ane nggak ngerti sama sekali bang.. :keringat:

choli
23-10-2011, 05:47 PM
1. solved
2. solved
3. nah ini masalahnya, pake antivirus apa bang, soalnya cuma bisa login sbg guest, jadi nggabisa install apa2.. :yareyare:
4. kalo yang ini masalahnya sama guru2 bang, ane jadi ketinggalan pelajaran gara2 guru2 nggamau flesdisnya terinfeksi virus.. seharusnya materi lewat ppt(powerpoint), skrg materinya lewat ppt(PaPan Tulis) :lol:

Selama fasilitas 'run' di windowsnya ngga diblokir, masih banyak jalan kok menuju roma.. :hahai:

pulpenbujel
23-10-2011, 05:55 PM
Selama fasilitas 'run' di windowsnya ngga diblokir, masih banyak jalan kok menuju roma.. :hahai:
:kaget:
masih ada jalan ya bro agar kompinya selamat dari virus?
caranya gimana bro? yes yes akhirnya ada yang nemu cara biar komputer kelasku selamet... :yahoo:

choli
23-10-2011, 06:02 PM
:kaget:
masih ada jalan ya bro agar kompinya selamat dari virus?
caranya gimana bro? yes yes akhirnya ada yang nemu cara biar komputer kelasku selamet... :yahoo:

Masuk ke 'run'.
Ketikan : 'control userpasswords2'
Tinggal ubah user+pass admin
Trus install aja AVnya, update, trus scan.

notox
23-10-2011, 06:48 PM
apa itu? :bloon:

apa itu? :bloon:

bneran ane nggak ngerti sama sekali bang.. :keringat:

Rescue CD → http://idws.in/146434



minta bantuannya donk, laptop gw kna virus ni :tega:
entah nama virusnya apa, cuman tiba2 gw liat dr performance komputernya jd 100% terus
gw liat2 ada aplikasi2 gak penting yang muncul2 sndiri n dihapus nantinya keluar lagi
di end procces pun ntar waktu nyalain lagi virusnya nongol lagi
gmn ini? jadinya lemot laptop gw :maaf:
btw, aplikasi yang gw ceritain barusan definisi-nya Desk save gt, namanya bervariasi n d berbagai tempat d system
contoh namanya: awalnya "tasked.exe", lama kelamaan berubah jadi Z*.exe
mohon bantuannya :maaf:

Coba scan dengan Hijackthis
Pilih Do system scan and save a log file
Post lognya disini.
NB: jangan klik fix checked bila tidak disarankan.

http://www.mediafire.com/?d6gidyzhi49th5f

flarez
23-10-2011, 08:33 PM
Rescue CD → http://idws.in/146434




Coba scan dengan Hijackthis
Pilih Do system scan and save a log file
Post lognya disini.
NB: jangan klik fix checked bila tidak disarankan.

http://www.mediafire.com/?d6gidyzhi49th5f
trus gmn? :???:
ada tulisan "edit Hijack this ato" apalah pake notepad2 gitu, gw rada gak paham
ada tulisan suruh reboot, trus create new file
bingung :swt:

notox
23-10-2011, 08:54 PM
trus gmn? :???:
ada tulisan "edit Hijack this ato" apalah pake notepad2 gitu, gw rada gak paham
ada tulisan suruh reboot, trus create new file
bingung :swt:

Ikuti sesuai post saya diatas, akan keluar notepad.
Nah copy-paste semua isinya lalu post dimari.
Yang penting jangan klik fix checked bila belum di sarankan

Contoh post → http://www.indowebster.web.id/showthread.php?t=128299&p=11264049&viewfull=1#post11264049

flarez
23-10-2011, 09:23 PM
malah keluar tulisan begini
http://img854.imageshack.us/img854/4127/newpicture6n.png
trus ini
http://img8.imageshack.us/img8/5637/newpicture7tq.png
setelah tu notepad-nya kosong blong
knp nih? :tolong:

Freakuensi
23-10-2011, 09:40 PM
minta bantuannya donk, laptop gw kna virus ni :tega:
entah nama virusnya apa, cuman tiba2 gw liat dr performance komputernya jd 100% terus
gw liat2 ada aplikasi2 gak penting yang muncul2 sndiri n dihapus nantinya keluar lagi
di end procces pun ntar waktu nyalain lagi virusnya nongol lagi
gmn ini? jadinya lemot laptop gw :maaf:
btw, aplikasi yang gw ceritain barusan definisi-nya Desk save gt, namanya bervariasi n d berbagai tempat d system
contoh namanya: awalnya "tasked.exe", lama kelamaan berubah jadi Z*.exe
mohon bantuannya :maaf:

Klo mau pake cara gue yang agak rumit seh monggo ..
-> Pertama download SMADAV v.8.7 -> Install
-> Lalu masuk Safe Mode (Setelah menu BIOS , pencet F8 / Delete , berulang kali lalu pilih SAFE MODE) .
-> Lalu Scan (System Area Deep) pake SMADAV yang udah di Install tadi .
-> Klo kagak nemu Virus sama sekali ..
-> Silakan di coba Fitur Tools -> One-Virus->By->User punya SmadaV , cek apakah ada program yang mencurigakan ..
-> Jika anda menemukan program yang mencurigakan silakan di Add Virus program tersebut .
-> Lalu Scan lage (Pake Quick Scan Jg gpp ..)

notox
23-10-2011, 10:19 PM
malah keluar tulisan begini
http://img854.imageshack.us/img854/4127/newpicture6n.png
trus ini
setelah tu notepad-nya kosong blong
knp nih? :tolong:

Buka folder Program Files\Trend Micro\HiJackThis
Klik kanan HijackThis.exe → run as administrator

http://img685.imageshack.us/img685/1423/hijk.jpg


Kemudian ketika ada tulisan "create file?" pada gambar dibawah → pilih yes

http://img8.imageshack.us/img8/5637/newpicture7tq.png

flarez
24-10-2011, 10:17 AM
Buka folder Program Files\Trend Micro\HiJackThis
Klik kanan HijackThis.exe → run as administrator

http://img685.imageshack.us/img685/1423/hijk.jpg



Kemudian ketika ada tulisan "create file?" pada gambar dibawah → pilih yes

http://img8.imageshack.us/img8/5637/newpicture7tq.png

maaf kalo gw agak ruwet, tapi kok Folder yg kk tulis kok gak ada ya? :maaf:
Program Files\Trend Micro\HiJackThis bener ini kan? di laptop gw gak ada folder itu di dlm folder program files-nya :iii:

kecebongoreng
24-10-2011, 03:29 PM
maaf kalo gw agak ruwet, tapi kok Folder yg kk tulis kok gak ada ya? :maaf:
Program Files\Trend Micro\HiJackThis bener ini kan? di laptop gw gak ada folder itu di dlm folder program files-nya :iii:Windows 7 64-bit, sedang programnya 32-bit. Cek di C:\Program Files (x86) seperti path di bawah
http://img8.imageshack.us/img8/5637/newpicture7tq.png

flarez
24-10-2011, 04:31 PM
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:26:38 PM, on 10/24/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files (x86)\NetZero\exec.exe
C:\Program Files (x86)\Smadav\SM?RTP.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Online Manager\BackgroundService\ModemListener.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\NetZero\exec.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Online Manager\ModemApplication.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\GRETECH\GOMPLA~1\GOM.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/eltima/{501A3744-4A5E-41DF-8A2B-16EAC9604148}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemood s.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: CustomSearch - {E2ED2BAD-5A88-4835-A887-AE28A318A55B} - C:\Users\elok\AppData\Local\wxpfree\CustomSearch.d ll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTl br.dll
O3 - Toolbar: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [wellcomm_Indonesia Sepang ModemListener] C:\Program Files (x86)\Online Manager\BackgroundService\ModemListener.exe start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files (x86)\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SM?RT-Protection] C:\Program Files (x86)\Smadav\SM?RTP.exe rtp
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Gcyoyu] C:\Users\elok\AppData\Roaming\Gcyoyu.exe
O4 - HKCU\..\Run: [Jcyoyx] C:\Users\elok\AppData\Roaming\Jcyoyx.exe
O4 - HKCU\..\Run: [TaskUpdate v1.3] "C:\Users\elok\AppData\Roaming\842E.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: dat.exe
O4 - Startup: wt4.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files (x86)\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files (x86)\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461 B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{28EE0452-0768-4202-BF49-2ADD96EE2917}: NameServer = 192.168.4.28 10.11.12.14
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MIF5BA~1\Office12\GRA32A~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: UxThemeAutoCrackService - Unknown owner - C:\windows\system32\?????????????V1.1.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: wellcomm_Indonesia Sepang Modem Device Helper - Unknown owner - C:\Program Files (x86)\Online Manager\BackgroundService\ServiceManager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14806 bytes
Jadinya ini :iii:
ini kenapa yah? :iii:

pulpenbujel
24-10-2011, 06:16 PM
Masuk ke 'run'.
Ketikan : 'control userpasswords2'
Tinggal ubah user+pass admin
Trus install aja AVnya, update, trus scan.

nice!! makasih tutornya...
besok ane coba di sekolah, kalo dah sukses ato gagal ane review gan.. :hahai:

masih bingung luck kudu tinggi.
emang bisa gagal ya? gagal gara2 apa? :bloon:

choli
24-10-2011, 07:23 PM
nice!! makasih tutornya...
besok ane coba di sekolah, kalo dah sukses ato gagal ane review gan.. :hahai:

masih bingung luck kudu tinggi.
emang bisa gagal ya? gagal gara2 apa? :bloon:

Kalo commandnya ternyata udah diblok ama adminnya... ya ngga bisa..
:hahai:

pulpenbujel
24-10-2011, 08:57 PM
Kalo commandnya ternyata udah diblok ama adminnya... ya ngga bisa..
:hahai:

olala, kalo soal itu kemungkinan commandnya di blokir adalah 1/10 karena adminnya sekolahku cuma bisa pasang password dan pasang deepfreeze :lol:

Navy0707
24-10-2011, 09:51 PM
gan ada yg bisa cekin kompi ane ?
gejalanya gini gan. kondisi idle nya CPU Usage nya bisa ampe 70% -_____-
terus suka mendadak ga bisa konek ke internet. sekalinya bisa koneksinya jadi lambat banget gan -___-
kena virus kah ? solusinya gmn yah ?

berikut log hijack nya
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:47:14, on 24/10/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
D:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\NetBeans 6.8\bin\netbeans.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] D:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3454112465-1446648155-2834703619-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Unduh dengan Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D87BE747-157C-49BD-A392-A68B75A54947} (IaxClientOcx Control) - file:///C:/Program%20Files/VoIP%20Rakyat%20Communicator/voiprakyat/src/voip_call/iaxWebPhone.CAB
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Arp Intelligent Protection Service Service (AIPS) - Unknown owner - C:\Program Files\netcut\services\AIPS.exe (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Layanan Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Layanan Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\o mtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\O RACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\O raClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\t nslsnr.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12858 bytes


dan ini Screen shoot di task manager
http://i1121.photobucket.com/albums/l513/navy0707/home.jpg

bisa dibantu gan ? segala ngelag soalnya nih -___-

notox
24-10-2011, 11:53 PM
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:26:38 PM, on 10/24/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:

--

Jadinya ini :iii:
ini kenapa yah? :iii:

:hi: flarez

Ok klik kanan Hijackthis.exe → run as administrator
Lalu checklist 16 files dibawah kemudian pilih Fix Checked
(ingat jangan salah checklist !)


R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
O4 - HKCU\..\Run: [Gcyoyu] C:\Users\elok\AppData\Roaming\Gcyoyu.exe
O4 - HKCU\..\Run: [Jcyoyx] C:\Users\elok\AppData\Roaming\Jcyoyx.exe
O4 - HKCU\..\Run: [TaskUpdate v1.3] "C:\Users\elok\AppData\Roaming\842E.exe"
O4 - Startup: dat.exe
O4 - Startup: wt4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: UxThemeAutoCrackService - Unknown owner - C:\windows\system32\?????????????V1.1.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)


Reboot Windows dan cek hasilnya.



gan ada yg bisa cekin kompi ane ?
gejalanya gini gan. kondisi idle nya CPU Usage nya bisa ampe 70% -_____-
terus suka mendadak ga bisa konek ke internet. sekalinya bisa koneksinya jadi lambat banget gan -___-
kena virus kah ? solusinya gmn yah ?

berikut log hijack nya
Logfile of Trend Micro HijackThis v2.0.4



dan ini Screen shoot di task manager

bisa dibantu gan ? segala ngelag soalnya nih -___-

:hi: Navy0707

Saya tidak melihat ada virus/aplikasi yang mencurigakan, hanya kemungkinan besar masalah lag karena terlalu banyak program/services yang running di background Windows.
Saran saya sebaiknya kurangi services dan startup yang kira2 kurang penting

Atau coba cara berikut:
start | run | msconfig.exe

Pada bag Services -> Hide All Microsoft Services, kemudian uncheck semua services sisanya (non Microsoft services)
Pada bagian Startup -> Uncheck semua Startup Items

Kemudian reboot dan cek apakah Windows masih lemot?
Bila lancar maka enable lagi services dan Startup satu persatu Services dan Startup yang penting utk digunakan.

kecebongoreng
25-10-2011, 03:10 AM
dan ini Screen shoot di task managerhttp://i1121.photobucket.com/albums/l513/navy0707/home.jpgbisa dibantu gan ? segala ngelag soalnya nih -___-

Proses System makan 20% cpu usage, seharusnya single-digit. Observasi lagi beberapa hari ke depan apakah tetap sema seperti itu. Kemungkinan ada third-party driver yang unstable.

kute
25-10-2011, 04:32 PM
senior-senior sekalian tolong bantu saya dong, berikan pencerahan kpd saya..
saya pake antivirus eset smart security 4, tiba2 lambang icon eset saya berubah yang biasanya biru jadi merah, setelah saya perkisa ternyata udah out of date dan saya udah coba update database viruses tapi tetep gak ada perubahan. Dan ternyata sekarang sudah ada versi terbarunya yaitu versi 5. kalo saya update biar bisa pake yang versi 5 apakah saya harus uninstall versi 4 saya baru kemudian saya instal versi 5 ? dan apa karna versi terbaru tersebut yang buat warna icon eset saya berubah juga?

flarez
25-10-2011, 05:21 PM
:hi: flarez

Ok klik kanan Hijackthis.exe → run as administrator
Lalu checklist 16 files dibawah kemudian pilih Fix Checked
(ingat jangan salah checklist !)


R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
O4 - HKCU\..\Run: [Gcyoyu] C:\Users\elok\AppData\Roaming\Gcyoyu.exe
O4 - HKCU\..\Run: [Jcyoyx] C:\Users\elok\AppData\Roaming\Jcyoyx.exe
O4 - HKCU\..\Run: [TaskUpdate v1.3] "C:\Users\elok\AppData\Roaming\842E.exe"
O4 - Startup: dat.exe
O4 - Startup: wt4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: UxThemeAutoCrackService - Unknown owner - C:\windows\system32\?????????????V1.1.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)


Reboot Windows dan cek hasilnya.




:hi: Navy0707

Saya tidak melihat ada virus/aplikasi yang mencurigakan, hanya kemungkinan besar masalah lag karena terlalu banyak program/services yang running di background Windows.
Saran saya sebaiknya kurangi services dan startup yang kira2 kurang penting

Atau coba cara berikut:
start | run | msconfig.exe

Pada bag Services -> Hide All Microsoft Services, kemudian uncheck semua services sisanya (non Microsoft services)
Pada bagian Startup -> Uncheck semua Startup Items

Kemudian reboot dan cek apakah Windows masih lemot?
Bila lancar maka enable lagi services dan Startup satu persatu Services dan Startup yang penting utk digunakan.

udah, dan hasilnya gak keluar lagi tuh program yang bikin berat :sembah: :sembah: :sembah:
sankyuu kk :sembah:

trus boleh tanya lgi nggak, barusan ada tulisan potentially or harmful program detected :iii:
kalo gak salah rorpian gen.exe ato apalah, itu kayaknya muncul terus enaknya diapain ?:iii:

notox
25-10-2011, 08:21 PM
senior-senior sekalian tolong bantu saya dong, berikan pencerahan kpd saya..
saya pake antivirus eset smart security 4, tiba2 lambang icon eset saya berubah yang biasanya biru jadi merah, setelah saya perkisa ternyata udah out of date dan saya udah coba update database viruses tapi tetep gak ada perubahan. Dan ternyata sekarang sudah ada versi terbarunya yaitu versi 5. kalo saya update biar bisa pake yang versi 5 apakah saya harus uninstall versi 4 saya baru kemudian saya instal versi 5 ? dan apa karna versi terbaru tersebut yang buat warna icon eset saya berubah juga?

Ya sebaiknya uninstall dulu versi 4 lalu fresh install yang versi 5.



udah, dan hasilnya gak keluar lagi tuh program yang bikin berat :sembah: :sembah: :sembah:
sankyuu kk :sembah:

trus boleh tanya lgi nggak, barusan ada tulisan potentially or harmful program detected :iii:
kalo gak salah rorpian gen.exe ato apalah, itu kayaknya muncul terus enaknya diapain ?:iii:

Sepertinya masih ada induk virus yang tersisa.
Ikuti langkah berikut:
1. Download Malwarebytes Free → http://www.malwarebytes.org/products/malwarebytes_free
2. Install lalu update Database → check for updates
3. Setelah itu lakukan full scan
4. Bila terdeteksi virus, Selesai scan pilih "Show Results"
5. Checklist file virus nya lalu klik Remove Selected
6. Bila muncul log notepad, copy-paste isi nya dimari.
:hmm:

Moon_Tox
28-10-2011, 09:24 PM
Hati˛ buat para mesum'ers facebook'ers :hihi:



In the month of January 2011 Symantec reported adult scams that targeted Indonesian Facebook users. These scams claimed to have an application in which users could view adult videos of Indonesian celebrities, taken from hidden cameras.
...

http://www.symantec.com/connect/sites/default/files/images/eee2.article%20thumbnail.jpg


http://www.symantec.com/connect/blogs/phishers-promote-indonesian-rock-star

pulpenbujel
28-10-2011, 09:52 PM
Hati˛ buat para mesum'ers facebook'ers :hihi:

eh? ini kan phising? apa hubungannya sama virus & antivirus? :bloon:

BTW :niceinfo:

Moon_Tox
28-10-2011, 10:23 PM
eh? ini kan phising? apa hubungannya sama virus & antivirus? :bloon:

BTW :niceinfo:

Hubungannya sama˛ bertema security.
Terjebak ke phishing link juga selain data/account/pass pribadi bisa curi, ada juga web phishing yang menyebarkan virus melalui fake file / exploit dari software.
Misalnya kamu biasa buka indowebster.com untuk download file, nah suatu saat kamu dijebak phishing link (melalui email/forum asing/teman/dan sebagainya), website palsu tsb dibuat sedemikian rupa mirip aslinya dan di store file virus yg disamarkan jadi file installer/pdf/dan lainnya.
Nah kalo kamu ga sadar, bisa jadi main download dan install aja.
Dan bla..bla..bla..
:peace:

flarez
31-10-2011, 07:18 PM
Ya sebaiknya uninstall dulu versi 4 lalu fresh install yang versi 5.




Sepertinya masih ada induk virus yang tersisa.
Ikuti langkah berikut:
1. Download Malwarebytes Free → http://www.malwarebytes.org/products/malwarebytes_free
2. Install lalu update Database → check for updates
3. Setelah itu lakukan full scan
4. Bila terdeteksi virus, Selesai scan pilih "Show Results"
5. Checklist file virus nya lalu klik Remove Selected
6. Bila muncul log notepad, copy-paste isi nya dimari.
:hmm:
maaf rada lam, inet gw habis mati gara2 gak ada pulsa, ini hasilnya :maaf:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8049

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/31/2011 7:16:13 PM
mbam-log-2011-10-31 (19-16-13).txt

Scan type: Quick scan
Objects scanned: 33936
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 54

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\elok\AppData\Roaming\1096.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\118.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\13CF.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\1526.exe (TROJAN.AGENT.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\1602.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\2666.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\278D.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\2B15.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\338D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\33EB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\3793.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\3E95.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\46DF.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\4845.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\4B91.exe (TROJAN.AGENT.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\514A.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\5253.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\5521.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\55F.tmp (VirTool.VBInject) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\561E.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\562A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\5956.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\5AEB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\5B78.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\5DD9.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\60E4.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\64BB.exe (TROJAN.AGENT.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\66AF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\752F.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\7770.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\7AAB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\7C32.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\7CBD.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\8130.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\88A0.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\9492.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\96E1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\9A4E.exe (TROJAN.AGENT.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\9E60.tmp (Backdoor.Bot.WPMH) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\A44B.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\A9D5.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\AD7D.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\ADAC.tmp (Backdoor.Bot.WPMH) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\B1B1.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\B2E9.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\B7AB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\B921.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\BBEF.exe (TROJAN.AGENT.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\D662.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\DDEF.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\E501.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\E5BC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\ED4A.exe (TROJAN.AGENT.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\EEF.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.

trus gmn? :bloon:

notox
31-10-2011, 11:09 PM
maaf rada lam, inet gw habis mati gara2 gak ada pulsa, ini hasilnya :maaf:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8049

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/31/2011 7:16:13 PM
mbam-log-2011-10-31 (19-16-13).txt

Scan type: Quick scan
Objects scanned: 33936
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 54

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\elok\AppData\Roaming\1096.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\118.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\13CF.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\1526.exe (TROJAN.AGENT.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\1602.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\2666.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\278D.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\2B15.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\338D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\33EB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\3793.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\3E95.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\46DF.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\4845.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\4B91.exe (TROJAN.AGENT.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\514A.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\5253.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\5521.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\55F.tmp (VirTool.VBInject) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\561E.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\562A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\5956.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\5AEB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\5B78.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\5DD9.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\60E4.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\64BB.exe (TROJAN.AGENT.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\66AF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\752F.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\7770.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\7AAB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\7C32.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\7CBD.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\8130.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\88A0.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\9492.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\96E1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\9A4E.exe (TROJAN.AGENT.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\9E60.tmp (Backdoor.Bot.WPMH) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\A44B.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\A9D5.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\AD7D.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\ADAC.tmp (Backdoor.Bot.WPMH) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\B1B1.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\B2E9.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\B7AB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\B921.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\BBEF.exe (TROJAN.AGENT.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\D662.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\DDEF.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\E501.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\E5BC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\ED4A.exe (TROJAN.AGENT.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Roaming\EEF.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.

trus gmn? :bloon:

:hi:
Jalankan lagi Malwarebytes → klik Quarantine → Delete ALL
Lakukan lagi Full Scan post lagi hasil log nya.
Dan cek apakah kondisi Windows sudah lancar?
:???:

flarez
01-11-2011, 05:16 PM
:hi:
Jalankan lagi Malwarebytes → klik Quarantine → Delete ALL
Lakukan lagi Full Scan post lagi hasil log nya.
Dan cek apakah kondisi Windows sudah lancar?
:???:
di scan lagi masih ada virusnya tuh :???:
log-nya...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8055

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/1/2011 5:11:53 PM
mbam-log-2011-11-01 (17-11-53).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 410315
Time elapsed: 1 hour(s), 1 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\2AA7A1OU\calcer[1].dat (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\2AA7A1OU\mycalc[1].dat (TROJAN.AGENT.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\2AA7A1OU\mycalc[2].dat (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\2AA7A1OU\sh1[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\2AA7A1OU\sh1[2].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\2AA7A1OU\sh1[3].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\5WBU17ZC\ah[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\5WBU17ZC\ah[2].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\5WBU17ZC\ah[3].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\5WBU17ZC\bh[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\5WBU17ZC\mycalc[2].dat (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\5WBU17ZC\sh1[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\HYPNQKXK\ah[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\HYPNQKXK\ah[2].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\HYPNQKXK\calcer[1].dat (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\HYPNQKXK\mycalc[2].dat (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\HYPNQKXK\mycalc[3].dat (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\HYPNQKXK\mycalc[4].dat (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\I01LN3C5\ah[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\I01LN3C5\qh[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\I01LN3C5\sh1[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\I01LN3C5\sh1[2].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\Temp\position4dllname. txt (Trojan.Small) -> Quarantined and deleted successfully.
c:\Users\elok\downloads\IDM\Patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
c:\Users\elok\AppData\Local\Temp\acd\tasked.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.

:iii:

Freakuensi
01-11-2011, 05:24 PM
di scan lagi masih ada virusnya tuh :???:
log-nya...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8055

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/1/2011 5:11:53 PM
mbam-log-2011-11-01 (17-11-53).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 410315
Time elapsed: 1 hour(s), 1 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\2AA7A1OU\calcer[1].dat (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\2AA7A1OU\mycalc[1].dat (TROJAN.AGENT.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\2AA7A1OU\mycalc[2].dat (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\2AA7A1OU\sh1[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\2AA7A1OU\sh1[2].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\2AA7A1OU\sh1[3].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\5WBU17ZC\ah[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\5WBU17ZC\ah[2].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\5WBU17ZC\ah[3].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\5WBU17ZC\bh[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\5WBU17ZC\mycalc[2].dat (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\5WBU17ZC\sh1[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\HYPNQKXK\ah[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\HYPNQKXK\ah[2].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\HYPNQKXK\calcer[1].dat (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\HYPNQKXK\mycalc[2].dat (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\HYPNQKXK\mycalc[3].dat (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\HYPNQKXK\mycalc[4].dat (Trojan.BitMiner) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\I01LN3C5\ah[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\I01LN3C5\qh[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\I01LN3C5\sh1[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\I01LN3C5\sh1[2].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\elok\AppData\Local\Temp\position4dllname. txt (Trojan.Small) -> Quarantined and deleted successfully.
c:\Users\elok\downloads\IDM\Patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
c:\Users\elok\AppData\Local\Temp\acd\tasked.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.

:iii:

Coba Scan and delete nya lewat Safe Mode ..
Soalnya sekarang banyak Virus yang ga mempan di Hapus klo emnk udah jalan di awal (Start Up)
Nah krn Safe mode itu tidak menjalankan Start Up , bisa dicoba lewat sana . scan -> delete nya ..

ryuzakix7
08-11-2011, 03:52 PM
mau tanya nih,
klu mau update mse offline crnya gmn ya? :iii:

kute
08-11-2011, 07:47 PM
mau nanya dong, bedanya NOD32 sama Eset Smart Security ??
Soalnya saya pake yg ESS 4 dan kebanyakan saya lihat poling antivirus adanya NOD32..
kalau misalkan beda mana, mana yg lebih bagus dari keduanya??

notox
11-11-2011, 07:26 PM
mau tanya nih,
klu mau update mse offline crnya gmn ya? :iii:

Download database MSE yang sesuai disni:
http://www.microsoft.com/security/portal/Definitions/ADL.aspx
:hmm:

flarez
12-11-2011, 10:05 AM
minta bantuan lagi dong :maaf:
kali ini kayak gini log-nya
kira2 knp y?:iii:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:37:39 AM, on 11/11/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AHA Dialer\Driver\HaierDcService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe
C:\Users\user\AppData\Local\Google\Update\GoogleUp date.exe
C:\Users\user\AppData\Local\Google\Update\1.3.21.7 9\GoogleCrashHandler.exe
C:\Program Files\Hotkey\Hotkey.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEMonitor.exe
C:\Windows\system32\SearchFilterHost.exe
E:\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=13170&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: getnow Toolbar - {44dd1156-ef31-4824-8a52-0b0f72c36ff2} - C:\Program Files\getnow\tbgetn.dll
R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: getnow Toolbar - {44dd1156-ef31-4824-8a52-0b0f72c36ff2} - C:\Program Files\getnow\tbgetn.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Windows 7 Starter Helper - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: getnow Toolbar - {44dd1156-ef31-4824-8a52-0b0f72c36ff2} - C:\Program Files\getnow\tbgetn.dll
O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HaierDcService] C:\Program Files\AHA Dialer\Driver\HaierDcService.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUp date.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot
O4 - HKCU\..\Run: [Wireless Terminal] "C:\Program Files\U_Modem\bin\U_Modem.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Hotkey.lnk = C:\Program Files\Hotkey\Hotkey.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PCMAV RealTime Protector Service (PCMAVRTPService) - Unknown owner - C:\Windows\system32\RTPSvc.exe
O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files\Hotkey\PowerBiosServer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\U_Modem\bin\CServiceUDisk.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7208 bytes

gejalanya jadi lemot gitu
kira2 apaan juga :iii:
mohon bantuannya :maaf:
dan terima kasih juga bantuannya selama ini :maaf:

notox
13-11-2011, 11:37 PM
minta bantuan lagi dong :maaf:
kali ini kayak gini log-nya
kira2 knp y?:iii:

Logfile of Trend Micro HijackThis v2.0.4

--

gejalanya jadi lemot gitu
kira2 apaan juga :iii:
mohon bantuannya :maaf:
dan terima kasih juga bantuannya selama ini :maaf:

Coba lakukan troubleshooting berikut:
start | run | msconfig.exe

Pada bag Services -> Hide All Microsoft Services, kemudian uncheck semua services sisanya (non Microsoft services)
Pada bagian Startup -> Uncheck semua Startup Items

Kemudian reboot Windows dan cek apakah masih lemot?
Bila lancar maka enable lagi Services dan Startup Items satu persatu sampai menemukan item/services mana yang membuat lemot.
:hmm:

allen_86
17-11-2011, 12:07 PM
gan,di laptop ane my computer jd kyk gini

http://s8.postimage.org/uqo4tsaq9/untitled3.jpg (http://postimage.org/image/uqo4tsaq9/)

knapa ya :???:

tehkotak88
17-11-2011, 07:45 PM
gan,di laptop ane my computer jd kyk gini

http://s8.postimage.org/uqo4tsaq9/untitled3.jpg (http://postimage.org/image/uqo4tsaq9/)

knapa ya :???:

wah gandain file tuh virusnya?

ganti ke win7 aja gan, biar ga rawan virus hehe...
apalagi klo suka tancep2 flashdisk dr org2

ane dulu kena virus 2 kali ya dr flashdisk
ga pernah tu dr browsing, udah secure internet skrg mah
asal ga macem2

Freakuensi
17-11-2011, 09:09 PM
gan,di laptop ane my computer jd kyk gini

http://s8.postimage.org/uqo4tsaq9/untitled3.jpg (http://postimage.org/image/uqo4tsaq9/)

knapa ya :???:

coba dlo di saafe mode .
klo di safe mode ga jalan berati itu virus .
nah silakan di cari sendiri di start up nya ..
start - > run - > msconfig -> startup

allen_86
17-11-2011, 10:16 PM
^

udah gan,ga ada yg jalan..tp tampilannya kadang2 ganda gt,nnt kalo udah di close trus buka explore lagi ga ganda lg...:hot:

ane udah scan pake anvir ( kaspersky,AVG,bitdefender,avira,avast ma yg terakhir ni eset ) ga ke detec virus...

ni virus jenis apa y gan :???: biar hilang pake anvir apa gan?

Freakuensi
18-11-2011, 12:41 AM
^

udah gan,ga ada yg jalan..tp tampilannya kadang2 ganda gt,nnt kalo udah di close trus buka explore lagi ga ganda lg...:hot:

ane udah scan pake anvir ( kaspersky,AVG,bitdefender,avira,avast ma yg terakhir ni eset ) ga ke detec virus...

ni virus jenis apa y gan :???: biar hilang pake anvir apa gan?

Ga tau . jadi di safe mode ga jalan ya ?
terus udah di cek 1 1 ga di start up nya ??

woove
18-11-2011, 08:49 AM
^
kalo dari pengalaman ane.. itu biasanya pertanda dalam waktu dekat hdd akan mokad
dari feeling sih sepertinya itu karena hdd lambat merespon sehingga tampil lebih dari 1 kali
coba ditest hdd tune apakah hdd masih dalam kondisi normal ato tidak

muyrrrrrr
18-11-2011, 11:12 AM
gan,di laptop ane my computer jd kyk gini

http://s8.postimage.org/uqo4tsaq9/untitled3.jpg (http://postimage.org/image/uqo4tsaq9/)

knapa ya :???:

itu pengaruhnya cuma ke hdd doang apa ke file juga (kalo file jadi ikut nge dobel juga kemungkinan virus)
coba defrag gan, mungkin ada hubunganya ke hardisk
kalo ada bad sector kan ketwan jadinya

Freakuensi
18-11-2011, 11:33 AM
^
kalo dari pengalaman ane.. itu biasanya pertanda dalam waktu dekat hdd akan mokad
dari feeling sih sepertinya itu karena hdd lambat merespon sehingga tampil lebih dari 1 kali
coba ditest hdd tune apakah hdd masih dalam kondisi normal ato tidak

Dia kan udha bilang klo di Safe mode ga jalan ..
Klo memank ada kerusakan di Hardisk ,
Coba di check pake Hardisk Sentinel ..

allen_86
18-11-2011, 07:26 PM
^
ini hasilnya gan, setelah ane cek pake Hardisk Sentinel

http://s10.postimage.org/3pai5zmyt/untitled545.jpg (http://postimage.org/image/3pai5zmyt/)

apa msh ada yg salah ama laptop ane :???:

Freakuensi
18-11-2011, 08:27 PM
^
ini hasilnya gan, setelah ane cek pake Hardisk Sentinel

http://s10.postimage.org/3pai5zmyt/untitled545.jpg (http://postimage.org/image/3pai5zmyt/)

apa msh ada yg salah ama laptop ane :???:

Tidak sama sekali . krn result nya Hardisk kmu masih dalam kondisi Excellent ..
Spt nya emnk terjangkit virus .
coba dah di diagnosa dolo ..
di start -> run -> msconfig -> startUp ,
bisa ga kirim SS menu startup nya mas bro ?? biar gue bisa liat secara seksama .
mana yang fault ..

allen_86
19-11-2011, 12:33 PM
^

ni gan

http://s12.postimage.org/4fnkdiko9/untitled3232.jpg (http://postimage.org/image/4fnkdiko9/)

mohon di bantu y gan..;)

Freakuensi
19-11-2011, 04:43 PM
^

ni gan

http://s12.postimage.org/4fnkdiko9/untitled3232.jpg (http://postimage.org/image/4fnkdiko9/)

mohon di bantu y gan..;)

Cmn itu aja yang di play ??? , klo iya coba di Unplay satu persatu ...
Masih tetep error gak ??

Navy0707
21-11-2011, 07:18 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:23, on 21/11/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files (x86)\SONY\Media Gallery\ElbServer.exe
C:\Program Files (x86)\Internet Download Manager\idman.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files\SONY\VAIO Care\listener.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\Users\EA16FG\Desktop\Utilities\HiJackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAP. EXE /FU "C:\Windows\TEMP\E_SF08B.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {21CEC2FC-24FA-4EEB-A043-3CC248060880} (DigitalicLauncher Control) - http://www.digimonmasters.com/inc/ActiveX/launcher/Digitalic%20Launcher.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O16 - DPF: {D87BE747-157C-49BD-A392-A68B75A54947} (IaxClientOcx Control) - file:///C:/Program%20Files%20(x86)/VoIP%20Rakyat%20Communicator/voiprakyat/src/voip_call/iaxWebPhone.CAB
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\SONY\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResou rceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\SONY\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\SONY\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15817 bytes


gan ini log hijack ane mohon ditelaah gan :( lappy ane entah kenapa kalo colok FD suka ga bisas kebaca filenya -__-
Jadi tulisannya pas diclick kanan properties diliat free spacenya 10 mb. Pas dibuka FDnya pake lappy ane isinya empty -__-
knp yah gan ?
Solusinya gmn gan ?
anehnya tuh cmn di lappy ane aja gan. kalo FD nya dicolok di PC ato laptop laen ga empty datanya. knp yah ?

8zack8
25-11-2011, 03:41 AM
^8zack8

kok agak aneh ya kedengarannya...:iii:
kalo ngirim file lain bisa? kalo bisa berarti memang sudah ada file or folder dengan nama autorun.inf yang exist di HDD nya.

btw, file autorun.inf dengan tujuan rubah icon HDD sebaiknya ga dibuat, karena ada virus2 yang mengganti isi file tersebut untuk menjalankan dirinya sendiri (virus) secara otomatis (pengalaman pribadi). lagi pula manfaatnya ga terlalu urgen, apalagi dibandingkan resikonya (cem yang aq sebut sebelumnya) :siul:

tambahan:
untuk munculin file2 or folder2 dalam HDD yang terhidden, pastikan command di CMD nya:



CMIIW :maaf:

sbb gan.

unlock via CMD ya? oke. entar gw coba. soalnya pas gw cari pake mode biasa ttp gak nemu.

notox
25-11-2011, 08:03 PM
Logfile of Trend Micro HijackThis --



gan ini log hijack ane mohon ditelaah gan :( lappy ane entah kenapa kalo colok FD suka ga bisas kebaca filenya -__-
Jadi tulisannya pas diclick kanan properties diliat free spacenya 10 mb. Pas dibuka FDnya pake lappy ane isinya empty -__-
knp yah gan ?
Solusinya gmn gan ?
anehnya tuh cmn di lappy ane aja gan. kalo FD nya dicolok di PC ato laptop laen ga empty datanya. knp yah ?

Windows di laptop kamu = Vista SP1 ya :???:
Demi stability dan security lebih terjamin sebaiknya lakukan upgrade ke Windows 7 SP1

Anyway jika tetap mau pertahankan Vista:
Run lagi Hijackthis lalu checklist 5 item dibawah:


O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O16 - DPF: {21CEC2FC-24FA-4EEB-A043-3CC248060880} (DigitalicLauncher Control) - http://www.digimonmasters.com/inc/Ac...20Launcher.cab
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

Reboot Windows dan cek hasilnya apakah masih error baca FD :???:

chennedy
03-12-2011, 05:55 PM
Mau tanya ni... Pernah kejadian ga?? Setiap Mau copy files k HDD Pc bisa hank... Overload Gt!! Tp kl ditunggu tar bisa lagi... Bingung penyebabnya... Baru2 aja terserang gt an.. Masalahnya dmana ya?? tolong pencerahan para master

notox
03-12-2011, 06:04 PM
Mau tanya ni... Pernah kejadian ga?? Setiap Mau copy files k HDD Pc bisa hank... Overload Gt!! Tp kl ditunggu tar bisa lagi... Bingung penyebabnya... Baru2 aja terserang gt an.. Masalahnya dmana ya?? tolong pencerahan para master

1. Cek di taskmanager ketika lemot, processes apa yang memakan banyak cpu usage?
(kalo bisa pasang screenshot nya disini)
2. Pastikan komputer tidak terinfeksi virus dengan full scan antivirus terupdate.
3. Cek kondisi HDD dengan HD Sentinel → http://idws.in/121663
:hmm:

Layfon
03-12-2011, 06:09 PM
nanya dong, akhir2 ini pc billing lemot, ini scan hijack nya


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:57:39 PM, on 12/3/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\UpdateReminder.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIG TP.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\EPSON\MyEpson Portal\mep.exe
C:\Program Files\EPSON\MyEpson Portal\mepService.exe
G:\AIMP2\AIMP2.exe
G:\Radmin Viewer 3\Radmin.exe
C:\WINDOWS\system32\r_server.exe
E:\billing40.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Documents and Settings\billing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\billing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\billing\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [EPSON L100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIG TP.EXE /FU "C:\WINDOWS\TEMP\E_S60.tmp" /EF "HKCU"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Foxit Software\Foxit Reader\plugins\GetFlash.exe -p
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{30BE20DF-91B8-4DB5-8B7F-9041AAE2DA50}: NameServer = 192.168.100.100,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MyEpson Portal Service - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\MyEpson Portal\mepService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe

--
End of file - 5278 bytes


kadang2 di task manager muncul winup.exe di system. yang kerasa itu buat browsing dan download lemot banget, ping jadi gede sampai 2000 an, dan yahoo ke blok,jadinya ga bisa buka email. mohon bantuannya :maaf:

notox
03-12-2011, 07:08 PM
nanya dong, akhir2 ini pc billing lemot, ini scan hijack nya


Logfile of Trend Micro HijackThis v2.0.4

--
End of file - 5278 bytes


kadang2 di task manager muncul winup.exe di system. yang kerasa itu buat browsing dan download lemot banget, ping jadi gede sampai 2000 an, dan yahoo ke blok,jadinya ga bisa buka email. mohon bantuannya :maaf:

:hi:
Untuk tahap persiapan awal (wajib dilakukan agar tidak menggangu proses pembersihan)
1. Uninstall DeepFreeze dan ESET NOD32
2. Matikan System Restore

Langkah selanjutnya:

Download TDSS Killer kemudian Unrar.

http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Restart Windows dan masuk ke Safe Mode with Networking
(sebelum booting tekan˛ terus F8 → safe mode with networking
Dalam safe mode run TDSS Killer.exe
Selesai scan maka akan muncul log scan TDSS (berupa notepad TXT) di drive Windows (biasanya C:) → copas log hasilnya disni

Masih di dalam Safe Mode, gunakan fasilitas search windows untuk mencari file winup.exe.
Bila nemu file tersebut copy ke desktop lalu upload ke http://www.virustotal.com.
Post link hasil scan virustotal / post hash file nya dimari.
:hmm:

Layfon
03-12-2011, 08:12 PM
:hi:
Untuk tahap persiapan awal (wajib dilakukan agar tidak menggangu proses pembersihan)
1. Uninstall DeepFreeze dan ESET NOD32
2. Matikan System Restore

Langkah selanjutnya:

Download TDSS Killer kemudian Unrar.

http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Restart Windows dan masuk ke Safe Mode with Networking
(sebelum booting tekan˛ terus F8 → safe mode with networking
Dalam safe mode run TDSS Killer.exe
Selesai scan maka akan muncul log scan TDSS (berupa notepad TXT) di drive Windows (biasanya C:) → copas log hasilnya disni

Masih di dalam Safe Mode, gunakan fasilitas search windows untuk mencari file winup.exe.
Bila nemu file tersebut copy ke desktop lalu upload ke http://www.virustotal.com.
Post link hasil scan virustotal / post hash file nya dimari.
:hmm:

maaf nih kk, ini step 1 harus ya..gw ga berani soalnya, kompi billing sih :sedih1

notox
03-12-2011, 09:48 PM
maaf nih kk, ini step 1 harus ya..gw ga berani soalnya, kompi billing sih :sedih1

Hmm kalo gitu sulit untuk pembersihan dan proses troubleshooting bila tidak mempunyai hak admin.

Sekedar info dan share pengalaman:
1. DeepFreeze = tidak menjamin Windows akan aman dari virus
Ref → http://idws.in/151293

2. Windows kamu = Windows XP SP2, sudah outdated dan rentan terhadap virus, exploit, malware, hacker, security hole dan lainnya.
Reference pentingnya menggunakan versi Windows yang terbaru (SP terbaru) dan melakukan Windows update
http://www.indowebster.web.id/showthread.php?t=143421&p=11257176&viewfull=1#post11257176
Sekedar sharing jadi keputusan tetap pada user masing˛ :peace:

cgnusardana
07-12-2011, 06:49 PM
:nangis: smoga ada yang tau ya, kmaren tiba2 d komputer keluar tulisan rootkit hidden, lokasinya d system 32, namanya floppy.sys, tuh kenapa ya :???:, o ya antivirusku Avast + update terbaru + deepFreeze 7.10 + OS windows xp home SP2 ori..

hengky_atmajaya
08-12-2011, 11:33 PM
http://www.4shared.com/file/DwfQYq79/hijackthis.htmlhttp://www.4shared.com/file/DwfQYq79/hijackthis.html

gejalanya pc proccessing 100% padahal tidak menjalankan aplikasi yg khusus.. jadi klo kita mau buka apa aja lemot... dan tidak menutup kemungkinan bikin internet lemot krn overload.. setelah dicari ditask manager penyebabnya wmiprvse.exe setelah tanya mbah google itu ternyata virus (damnnn).... ga tau penyebabnya apa dari kemarin.. padahal ga download/browsing yg "aneh2".... tolong agan-agan sayang klo harus instal ulang windows...thank u and Godspeed

hengky_atmajaya
08-12-2011, 11:35 PM
http://www.4shared.com/file/DwfQYq79/hijackthis.html
lanjutan yg diatas sorry,... hehehe

notox
09-12-2011, 08:58 PM
:nangis: smoga ada yang tau ya, kmaren tiba2 d komputer keluar tulisan rootkit hidden, lokasinya d system 32, namanya floppy.sys, tuh kenapa ya :???:, o ya antivirusku Avast + update terbaru + deepFreeze 7.10 + OS windows xp home SP2 ori..

Coba upload file floppy.sys ke http://www.virustotal.com
Lalu post hasil scan / checksum nya dimari.



http://www.4shared.com/file/DwfQYq79/hijackthis.htmlhttp://www.4shared.com/file/DwfQYq79/hijackthis.html

gejalanya pc proccessing 100% padahal tidak menjalankan aplikasi yg khusus.. jadi klo kita mau buka apa aja lemot... dan tidak menutup kemungkinan bikin internet lemot krn overload.. setelah dicari ditask manager penyebabnya wmiprvse.exe setelah tanya mbah google itu ternyata virus (damnnn).... ga tau penyebabnya apa dari kemarin.. padahal ga download/browsing yg "aneh2".... tolong agan-agan sayang klo harus instal ulang windows...thank u and Godspeed


http://www.4shared.com/file/DwfQYq79/hijackthis.html
lanjutan yg diatas sorry,... hehehe

Saran:

Uninstall program RelevantKnowledge melalui control panel.
Bila tidak ada/tidak bisa di uninstall maka lakukan delete manual.
Kill dahulu process dari taskmanager lalu delete file dilokasi berikut:
C:\Program Files\RelevantKnowledge\rlvknlg.exe

Jalankan lagi Hijackthis lalu checklist 3 items dibawah kemudian pilih fix checked


O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe


Reboot Windows kemudian uninstall bersih AVG untuk sementara waktu.
Kemudian cek apakah Windows masih lemot?
:???:

cgnusardana
10-12-2011, 09:06 AM
Coba upload file floppy.sys ke http://www.virustotal.com
Lalu post hasil scan / checksum nya dimari.

Wah, ini ama Avastnya langsung d delete gitu soalnya notox, tapi kok kayaknya kagak ada gejala2 yang membingungkan gitu ya, yaaa smoga aja tuh :lol:

ba_tux
11-12-2011, 11:23 PM
Sebenernya, cara paling ampuh untuk menanggulangi virus itu pake sistem operasi yang tidak rentan virus kayak Linux n Mac. Tapi kalo terpaksa pake windows, pastikan antivirus yang dipake selalu terupdate. Sebagus apapun antivirus tapi kalo gak pernah diupdate juga percuma

renairenairenai
14-12-2011, 01:28 AM
Peraturan yang selalu gw pake nih ya, yang alhasilnya gw ga pernah kena virus:
1. Gunakan anti virus yang bisa start-up lebih dahulu dari pada semua program yang ada. Ada 2 contoh virus yang punya start-up seperti ini. Avira dan ESED kalo ga salah.
2. Jangan pernah pake anti-virus lokal. Rata-rata anti virus lokal di kembangkan sama satu orang programmer aja. Anti virus luar kan yang ngembanginnya satu perusahaan penuh. Avira aja punya gedung sendiri. Anti virus lokal mah kelaut aja. Serius! Jangan bandingkan anti-virus yang dibuat sama ribuan orang dengan anti-virus yang dibuat sama 1 orang
3. JANGAN PERNAH MATIKAN ANTI VIRUS!
4. Kalo lo install bajakan dan ada peringatan kalo bajakan itu ada virusnya. JANGAN INSTALL! Kebanyakan orang pilih untuk matikan anti virus dan install bajakan, baru setelah selesai dinyalain lagi anti-virus.

Kurang lebih begitu aja d.

cgnusardana
14-12-2011, 07:54 AM
Peraturan yang selalu gw pake nih ya, yang alhasilnya gw ga pernah kena virus:
1. Gunakan anti virus yang bisa start-up lebih dahulu dari pada semua program yang ada. Ada 2 contoh virus yang punya start-up seperti ini. Avira dan ESED kalo ga salah.
2. Jangan pernah pake anti-virus lokal. Rata-rata anti virus lokal di kembangkan sama satu orang programmer aja. Anti virus luar kan yang ngembanginnya satu perusahaan penuh. Avira aja punya gedung sendiri. Anti virus lokal mah kelaut aja. Serius! Jangan bandingkan anti-virus yang dibuat sama ribuan orang dengan anti-virus yang dibuat sama 1 orang
3. JANGAN PERNAH MATIKAN ANTI VIRUS!
4. Kalo lo install bajakan dan ada peringatan kalo bajakan itu ada virusnya. JANGAN INSTALL! Kebanyakan orang pilih untuk matikan anti virus dan install bajakan, baru setelah selesai dinyalain lagi anti-virus.

Kurang lebih begitu aja d.

Stay Update-nya kurang tuh kayaknya :hoho:.. kalo kagak d update tuh anvir sama aja bunuh diri :dead:

:peace:

insidegraph
19-12-2011, 12:49 AM
mw tanya sob
komp gw lg idle ram usage nya ampe 60% lebih knp itu ya?
vrus atau apa?
kira-kira anti virus yg bagus apaan?
bru instal bitdfnder ga mw masuk di windows blank gt lyarnya
jd d unistal di safemode
ty before

cgnusardana
19-12-2011, 09:09 PM
mw tanya sob
komp gw lg idle ram usage nya ampe 60% lebih knp itu ya?
vrus atau apa?
kira-kira anti virus yg bagus apaan?
bru instal bitdfnder ga mw masuk di windows blank gt lyarnya
jd d unistal di safemode
ty before

:hi: Kalo ampek 60% gitu usage memorynya kayaknya gara tralu banyak program yang jalan saat start up, cobak mati'in yang kagak d perluin lewat klik run, trus ketik MSCONFIG, pilih pada tab startup, hilangkan centang2an yang kagak kepake
kalo anvir, kayaknya pake kasper ato AVAST juga lumayan tuh, kalo aku masih milih Avastnya, usage memorynya kagak tralu banyak tuh... BTW nih pake windows apa ya, kalo bisa tau RAM yang d pasang d komputer brapa giga :???:

insidegraph
20-12-2011, 09:29 PM
:hi: Kalo ampek 60% gitu usage memorynya kayaknya gara tralu banyak program yang jalan saat start up, cobak mati'in yang kagak d perluin lewat klik run, trus ketik MSCONFIG, pilih pada tab startup, hilangkan centang2an yang kagak kepake
kalo anvir, kayaknya pake kasper ato AVAST juga lumayan tuh, kalo aku masih milih Avastnya, usage memorynya kagak tralu banyak tuh... BTW nih pake windows apa ya, kalo bisa tau RAM yang d pasang d komputer brapa giga :???:

lg idle ga jalan apa sob, makan memeory 2gb.an
pake anvast sob
G pke windows7 yg 32bit ramny 4gb kedetect 3.5gb

itu masuknya normal ga?
apa ada virus?
apa ram kotor atau udah mulai rusak ya?
soalnya ngedit adobe after efect berat banget bawaanya

cgnusardana
22-12-2011, 04:32 AM
lg idle ga jalan apa sob, makan memeory 2gb.an
pake anvast sob
G pke windows7 yg 32bit ramny 4gb kedetect 3.5gb

itu masuknya normal ga?
apa ada virus?
apa ram kotor atau udah mulai rusak ya?
soalnya ngedit adobe after efect berat banget bawaanya

Tuh anvast udah versi terbaru kan :???: baik update atopun programnya.... kayaknya cuman tralu banyak program yang jalan pas startup aja kok, kalo maw yaaa anvirnya d buang trus d ganti ama AVAST ato Kasper ato AVG tapi yang versi berbayar, ntar habis install langsung scan, setelah itu uninstall ganti yang free lagi :haha:... kalo RAM rusak beda kayaknya gejalanya tuh :hoho:

manvanfuetz
20-01-2012, 09:01 PM
gan lepie ane kena virut, ramnit, sality sekaligus
nah ane pake smadav 8.84 pro tapi setiap ane fullscan ga ada kena virusnya,baru ketauan ada virus pas mindahin data dari lepie ane ke lepie sepupu ane..
mohon petunjuk sama solusinya ya gan, masalahnya harddiskeksternal ane juga kena,
kalo diinstal ulang ane susah dapet file-filenya lagi..
sama kira-kira antivirus yg ampuh buat basmi virut, ramnit, sality apa ya?
lepie ane netbook axioo pico intel atom
terima kasih

notox
20-01-2012, 09:07 PM
gan lepie ane kena virut, ramnit, sality sekaligus
nah ane pake smadav 8.84 pro tapi setiap ane fullscan ga ada kena virusnya,baru ketauan ada virus pas mindahin data dari lepie ane ke lepie sepupu ane..
mohon petunjuk sama solusinya ya gan, masalahnya harddiskeksternal ane juga kena,
kalo diinstal ulang ane susah dapet file-filenya lagi..
sama kira-kira antivirus yg ampuh buat basmi virut, ramnit, sality apa ya?
lepie ane netbook axioo pico intel atom
terima kasih

:hi:
Sebaiknya bikin Antivirus Rescue Disc di komputer/laptop lain yang bebas dari virus.
Setelah jadi, lakukan full scan dengan Rescue Disc tersebut di netbook anda yang kena virus.
http://idws.in/146434
Good luck :hmm:

cgnusardana
20-01-2012, 11:13 PM
:hi:.. ni tadi ada komputer temen, pake avast yang free version 6 + update terbaru baik program ataupun databasenya, katanya d system32 nya ada file a.exe dan b.exe, tapi iconnya kok kayak gambar icon point blank, waktu d scan katanya no thread detected, kalo d biarin ntar ada notif dari avast, katanya tuh 2 file berbau heuristic, jadi bingung jg ama ni avast :swt:... apa perlu ganti anvir mungkin yaa :???:...

shinigamidika
20-01-2012, 11:56 PM
gan lepie ane kena virut, ramnit, sality sekaligus
nah ane pake smadav 8.84 pro tapi setiap ane fullscan ga ada kena virusnya,baru ketauan ada virus pas mindahin data dari lepie ane ke lepie sepupu ane..
mohon petunjuk sama solusinya ya gan, masalahnya harddiskeksternal ane juga kena,
kalo diinstal ulang ane susah dapet file-filenya lagi..
sama kira-kira antivirus yg ampuh buat basmi virut, ramnit, sality apa ya?
lepie ane netbook axioo pico intel atom
terima kasih
Kemaren lepi temen kena ranmit...
Terus dipaksain install antivir (avira) 2012 + update database yg baru..
Trus discan tuh laptop..
Hasilnya si ranmit bisa ilang... Beberapa program yg keinfect jg bisa direpair..
Bisa dicoba jg sbg alternatif..

manvanfuetz
21-01-2012, 08:34 PM
mau tanya lagi kaka
ane donlot virut killer sama sality killer kira-kira efektif ga?
mohon petunjuknya
terima kasih

cgnusardana
21-01-2012, 08:41 PM
mau tanya lagi kaka
ane donlot virut killer sama sality killer kira-kira efektif ga?
mohon petunjuknya
terima kasih

Kayaknya mending install anvir2 yang udah punya nama besar gt, lebih terjamin, ntar donlot yang macem2 ternyata malware ato virus juga tuh :swt:...

manvanfuetz
22-01-2012, 08:57 AM
Kayaknya mending install anvir2 yang udah punya nama besar gt, lebih terjamin, ntar donlot yang macem2 ternyata malware ato virus juga tuh :swt:...

oo.. soalnya aplikasi killernya cuman 113 kb,
terpaksa harus install ulang
thnx ka infonya..

kecebongoreng
22-01-2012, 10:47 AM
:hi:.. ni tadi ada komputer temen, pake avast yang free version 6 + update terbaru baik program ataupun databasenya, katanya d system32 nya ada file a.exe dan b.exe, tapi iconnya kok kayak gambar icon point blank, waktu d scan katanya no thread detected, kalo d biarin ntar ada notif dari avast, katanya tuh 2 file berbau heuristic, jadi bingung jg ama ni avast :swt:... apa perlu ganti anvir mungkin yaa :???:...Heuristic, artinya fungsi pengenalan signature virus Avast berfungsi dengan baik, karena dua file itu punya signature/cara kerja yang mirip-mirip virus. Apalagi icon-nya mencurigakan begitu. Dibabat.

Sewaktu on-demand scan hasilnya "no threat detected" sedang real-time scan "suspicious/heuristic", artinya setting heuristic pada on-demand scanner dan real-time scanner berbeda. Rekomendasi: setting pengenala heuristic menjadi maksimum, lebih baik banyak false alarm daripada kadung digigit virus:kaget:


mw tanya sob
komp gw lg idle ram usage nya ampe 60% lebih knp itu ya?Normal, di sini aja 55% dengan usable 3692 MB. Gak usah diperhatiin, kan memori masih berlimpah.

cgnusardana
23-01-2012, 03:00 PM
Heuristic, artinya fungsi pengenalan signature virus Avast berfungsi dengan baik, karena dua file itu punya signature/cara kerja yang mirip-mirip virus. Apalagi icon-nya mencurigakan begitu. Dibabat.

Sewaktu on-demand scan hasilnya "no threat detected" sedang real-time scan "suspicious/heuristic", artinya setting heuristic pada on-demand scanner dan real-time scanner berbeda. Rekomendasi: setting pengenala heuristic menjadi maksimum, lebih baik banyak false alarm daripada kadung digigit virus:kaget:

Normal, di sini aja 55% dengan usable 3692 MB. Gak usah diperhatiin, kan memori masih berlimpah.

tapi ntar kalo d setting maksimum gitu kagak ngehapus patch2 crack2 gitu ya kecebongoreng :swt:... kmaren udah langsung tak cobak tak hapus, langsung shift + del berhasil dengan baik, dan gak balik lagi ternyata :haha:... nih d sini juga pake deep freeze 7.1 + AVAST 6.0 sbagai pelindung, efektif kagak ya kira2 :???:...

kecebongoreng
23-01-2012, 09:58 PM
tapi ntar kalo d setting maksimum gitu kagak ngehapus patch2 crack2 gitu ya kecebongoreng :swt:... kmaren udah langsung tak cobak tak hapus, langsung shift + del berhasil dengan baik, dan gak balik lagi ternyata :haha:...Ooo nyimpen patch dan crack. Di software antivirus yang ay pakai, ada fungsi Exclude file/folder, pakai fungsi Exclude saja, dicari dulu di Avast. Atau simpan file patch dan crack tersebut dalam format kompresi 7z, yang setau ay tidak semua software antivirus dukung untuk di-scan dalemannya.


nih d sini juga pake deep freeze 7.1 + AVAST 6.0 sbagai pelindung, efektif kagak ya kira2 :???:...Cukuplah, tergantung individunya. Walaupun metode 'pengamanan' kita berbeda, tetap saja yang paling ampuh itu ada mempersiapkan backup (backup file dan system image). Ketika komputer kena virus, kita tinggal tertawa-tawa saja karena sudah ada backup-nya, tinggal restore:haha:

cgnusardana
24-01-2012, 07:54 AM
Ooo nyimpen patch dan crack. Di software antivirus yang ay pakai, ada fungsi Exclude file/folder, pakai fungsi Exclude saja, dicari dulu di Avast. Atau simpan file patch dan crack tersebut dalam format kompresi 7z, yang setau ay tidak semua software antivirus dukung untuk di-scan dalemannya.

Cukuplah, tergantung individunya. Walaupun metode 'pengamanan' kita berbeda, tetap saja yang paling ampuh itu ada mempersiapkan backup (backup file dan system image). Ketika komputer kena virus, kita tinggal tertawa-tawa saja karena sudah ada backup-nya, tinggal restore:haha:

Kalo d sini mawnya aku jadiin MDS punya alcohol gitu, biar kagak kejangkit lagi, terinspirasi dari jawaban kecebonggoreng emang yang d compress gitu :malu:...

Yup, udah saia backup pake acronis :hoho:... :niceinfo:...

keemchee
02-02-2012, 12:58 AM
mau nanya, ini local disknya berubah icon trus pas di double click malah masuk ke window search..:suram:

http://i43.tinypic.com/iycyo4.jpg


kira" kena virus apa yah, trus pake antivirus apa yg bisa basmi virus kyk gini...:???:


ini log dari hijackthis...




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:48:45 AM, on 2/2/2012
Platform: Windows XP SP3, v.6055 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\system32\crypserv.exe
C:\WINXP\system32\WinFLService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINXP\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINXP\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINXP\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Keyboard Driver\OEMDriver.exe
C:\WINXP\system32\rundll32.exe
C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINXP\system32\WinFLTray.exe
C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\NewSoftware's\Folder Lock\FLComServ.exe
C:\Program Files\Autorun Eater\billy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINXP\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O1 - Hosts: 127.0.1.1 mirror3.tonec.com
O1 - Hosts: e-product-registration.html
O1 - Hosts: ml
O1 - Hosts: html
O1 - Hosts: 2cba06859c3dcd87b47525e97a3b80
O1 - Hosts: ml?NeroSID=392cba06859c3dcd87b47525e97a3
O1 - Hosts: b80
O1 - Hosts: e-product-registration.html?NeroSID=392c
O1 - Hosts: ba06859c3dcd87b47525e97a3b80
O1 - Hosts: ml&sa=X&oi=smap&resnum=1&ct=result&cd=6&
O1 - Hosts: usg=AFQjCNFRzc_q0umeKlIj7pPYNNBYCFbXkg
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\AntiVirus\WebFilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\AntiVirus\WebFilter\AVKWebIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINXP\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINXP\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINXP\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINXP\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [KBDriver] C:\Program Files\Keyboard Driver\OEMDriver.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [WinFLTray] C:\WINXP\system32\WinFLTray.exe
O4 - HKCU\..\Run: [FLBackup] C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D02DF646-31A2-4BAF-9CB9-BD8BF7E8A4E1} (JCWebCtrl Class) - http://hunterblade.beeboomonline.com/static/activex/joychinawebctrl.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1C8536C-FC51-4E68-9BBE-30092B00F25E}: NameServer = 10.0.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Filesystem Monitor (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINXP\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLService - NewSoftwares.net, Inc. - C:\WINXP\system32\WinFLService.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINXP\system32\GameMon.des.exe (file missing)
O23 - Service: PCMAV RealTime Protector Service (PCMAVRTPService) - Unknown owner - C:\WINXP\system32\RTPSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINXP\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\WINXP\system32\xsherlock.xem

--
End of file - 11929 bytes



sedikit bantuan dari anda sangat berarti buat saia...:xiexie::xiexie:

mattarada
02-02-2012, 10:12 AM
numpang tanya...
ada yg pernah ngalamin yg kaya gini??? :iii:
http://s13.postimage.org/cuhcfaxat/New_Picture.jpg
banyak file/folder aneh... :swt:
udah coba scan pake avast, tp file/folder yg aneh2 itu ga bisa ke scan... ga bisa di delet pula :sigh:

somebody help me :sekarat:
banyak data penting didalam :dead:

notox
02-02-2012, 07:04 PM
mau nanya, ini local disknya berubah icon trus pas di double click malah masuk ke window search..:suram:

http://i43.tinypic.com/iycyo4.jpg

kira" kena virus apa yah, trus pake antivirus apa yg bisa basmi virus kyk gini...:???:
ini log dari hijackthis...


End of file - 11929 bytes


sedikit bantuan dari anda sangat berarti buat saia...:xiexie::xiexie:

Run lagi hijackthis lalu checklist items dibawah kemudian pilih fixed checked


R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O1 - Hosts: e-product-registration.html
O1 - Hosts: ml
O1 - Hosts: html
O1 - Hosts: b80


Reboot Windows lalu uninstall G Data Antivirus.
Kemudian lakukan langkah berikut:

1. Download Malwarebytes Free -> http://www.malwarebytes.org/products/malwarebytes_free
2. Install lalu update Database -> check for updates
3. Setelah itu lakukan full scan
4. Bila terdeteksi virus, Selesai scan pilih "Show Results"
5. Checklist file virus nya lalu klik Remove Selected
6. Bila muncul log notepad, copy-paste isi nya dimari.

Lakukan full scan juga dengan tools ini:
http://www.softpedia.com/get/Antivirus/Win32-Sality-Remover.shtml

-----------------------------------------------------------------------

numpang tanya...
ada yg pernah ngalamin yg kaya gini??? :iii:
http://s13.postimage.org/cuhcfaxat/New_Picture.jpg
banyak file/folder aneh... :swt:
udah coba scan pake avast, tp file/folder yg aneh2 itu ga bisa ke scan... ga bisa di delet pula :sigh:

somebody help me :sekarat:
banyak data penting didalam :dead:

1. Masuk ke Safe Mode With Networking.
Caranya sebelum booting tekan˛ terus tombol F8 → pilih Safe Mode With Networking
2. Lakukan Scan dengan Malwarebytes sesuai post saya diatas
3. Post log nya dimari.
Semoga berhasil :peace:

mattarada
02-02-2012, 10:47 PM
Kemudian lakukan langkah berikut:

1. Download Malwarebytes Free -> http://www.malwarebytes.org/products/malwarebytes_free
2. Install lalu update Database -> check for updates
3. Setelah itu lakukan full scan
4. Bila terdeteksi virus, Selesai scan pilih "Show Results"
5. Checklist file virus nya lalu klik Remove Selected
6. Bila muncul log notepad, copy-paste isi nya dimari.

Lakukan full scan juga dengan tools ini:
http://www.softpedia.com/get/Antivirus/Win32-Sality-Remover.shtml

-----------------------------------------------------------------------


1. Masuk ke Safe Mode With Networking.
Caranya sebelum booting tekan˛ terus tombol F8 → pilih Safe Mode With Networking
2. Lakukan Scan dengan Malwarebytes sesuai post saya diatas
3. Post log nya dimari.
Semoga berhasil :peace:

udah gw ikutin langkah2 diatas... dan hasil lognya seperti ini...

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Karaeng Mattarada :: Z-REX [administrator]

Protection: Enabled

02/02/2012 23:25:50
mbam-log-2012-02-02 (23-25-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 119
Time elapsed: 12 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


dan hasilnya kayak gini...
http://s14.postimage.org/x3n8ilrmn/New_Picture_1.jpg
foldernya udah hilang, tepatnya tersembunyi,... gmana munculin folder yg lama kk?? :ogmatabelo::iii:

cgnusardana
03-02-2012, 12:07 AM
mau nanya, ini local disknya berubah icon trus pas di double click malah masuk ke window search..:suram:

http://i43.tinypic.com/iycyo4.jpg


kira" kena virus apa yah, trus pake antivirus apa yg bisa basmi virus kyk gini...:???:


ini log dari hijackthis...




Tuh biasanya kalo kayak gitu, brarti d root foldernya ada autorun.inf nya yang ngeganti icon sama perintah explorer-nya, biasanya d sebabkan virus<so pasti kalo tidak d pake oleh usernya :hoho:>...

keemchee
03-02-2012, 09:47 AM
Run lagi hijackthis lalu checklist items dibawah kemudian pilih fixed checked


R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O1 - Hosts: e-product-registration.html
O1 - Hosts: ml
O1 - Hosts: html
O1 - Hosts: b80


Reboot Windows lalu uninstall G Data Antivirus.
Kemudian lakukan langkah berikut:

1. Download Malwarebytes Free -> http://www.malwarebytes.org/products/malwarebytes_free
2. Install lalu update Database -> check for updates
3. Setelah itu lakukan full scan
4. Bila terdeteksi virus, Selesai scan pilih "Show Results"
5. Checklist file virus nya lalu klik Remove Selected
6. Bila muncul log notepad, copy-paste isi nya dimari.

Lakukan full scan juga dengan tools ini:
http://www.softpedia.com/get/Antivirus/Win32-Sality-Remover.shtml

-----------------------------------------------------------------------


ini hasil log malwarebytes



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GUNTUR [administrator]

2/2/2012 9:47:05 PM
mbam-log-2012-02-02 (21-47-05).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 598322
Time elapsed: 2 hour(s), 3 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCM AVRTPSERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\PCMAVRTPSer vice (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\System Volume Information\_restore{2FD24A80-F065-4672-9063-8B607E67D3AB}\RP277\A0177525.exe (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2FD24A80-F065-4672-9063-8B607E67D3AB}\RP220\A0095563.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
E:\D\Skill\Hacking and Protecting\CLIENT\VNC Enterprise 4.42\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{2FD24A80-F065-4672-9063-8B607E67D3AB}\RP255\A0113581.ExE (Packer.ModifiedUPX) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{2FD24A80-F065-4672-9063-8B607E67D3AB}\RP255\A0113585.DLL (Spyware.Passwords) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{2FD24A80-F065-4672-9063-8B607E67D3AB}\RP271\A0154805.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
E:\E\Games\KONAMI\Pro Evolution Soccer 2012\G1SLpatch\launcher\boot\def.bot (Backdoor.Bifrose) -> Quarantined and deleted successfully.
E:\E\Games\KONAMI\Pro Evolution Soccer 2012\G1SLpatch\launcher\spo\idn.spo (Backdoor.Bifrose) -> Quarantined and deleted successfully.
E:\E\Games\KONAMI\Pro Evolution Soccer 2012\G1SLpatch\launcher\spo\int.spo (Backdoor.Bifrose) -> Quarantined and deleted successfully.

(end)



kmrn buat ngembaliin fungsi double click nya uda pake cara ini...

Start/Run trus ketik: regsvr32 /i shell32

berhasil, tp icon nya blom berubah, jd masih ragu...jgn" msh ad yg ngumpet di dalem...:swt:

notox
03-02-2012, 10:49 AM
ini hasil log malwarebytes



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GUNTUR [administrator]

2/2/2012 9:47:05 PM
mbam-log-2012-02-02 (21-47-05).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 598322
Time elapsed: 2 hour(s), 3 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCM AVRTPSERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\PCMAVRTPSer vice (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\System Volume Information\_restore{2FD24A80-F065-4672-9063-8B607E67D3AB}\RP277\A0177525.exe (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2FD24A80-F065-4672-9063-8B607E67D3AB}\RP220\A0095563.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
E:\D\Skill\Hacking and Protecting\CLIENT\VNC Enterprise 4.42\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{2FD24A80-F065-4672-9063-8B607E67D3AB}\RP255\A0113581.ExE (Packer.ModifiedUPX) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{2FD24A80-F065-4672-9063-8B607E67D3AB}\RP255\A0113585.DLL (Spyware.Passwords) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{2FD24A80-F065-4672-9063-8B607E67D3AB}\RP271\A0154805.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
E:\E\Games\KONAMI\Pro Evolution Soccer 2012\G1SLpatch\launcher\boot\def.bot (Backdoor.Bifrose) -> Quarantined and deleted successfully.
E:\E\Games\KONAMI\Pro Evolution Soccer 2012\G1SLpatch\launcher\spo\idn.spo (Backdoor.Bifrose) -> Quarantined and deleted successfully.
E:\E\Games\KONAMI\Pro Evolution Soccer 2012\G1SLpatch\launcher\spo\int.spo (Backdoor.Bifrose) -> Quarantined and deleted successfully.

(end)



kmrn buat ngembaliin fungsi double click nya uda pake cara ini...

Start/Run trus ketik: regsvr32 /i shell32

berhasil, tp icon nya blom berubah, jd masih ragu...jgn" msh ad yg ngumpet di dalem...:swt:

Ok bro beberapa file suspect sudah di delete Malwarebytes.

Sekarang download file dibawah → extract Winrar → double click file .bat
Lalu reboot Windows dan cek apakah Icon nya udah normal?
http://www.mediafire.com/?jlcly8lr1900886
:???:

keemchee
03-02-2012, 02:11 PM
Ok bro beberapa file suspect sudah di delete Malwarebytes.

Sekarang download file dibawah → extract Winrar → double click file .bat
Lalu reboot Windows dan cek apakah Icon nya udah normal?
http://www.mediafire.com/?jlcly8lr1900886
:???:

masih sama...:keringat:

cgnusardana
03-02-2012, 07:15 PM
masih sama...:keringat:

Mbantuin njawab lagi ni :hoho:... cobak kalo hidden file system-nya d aktifin<jadi bisa ngeliat hidden file system, trus cobak periksa d Root partisi HDD itu, apa ada autorun.inf ato kagak... :maaf: kalo salah...

keemchee
03-02-2012, 07:32 PM
ngecek hidden file, ada file kyk gini...manifest tuh apa ya? :???:

http://i43.tinypic.com/t6cd9z.jpg

dejivrur
03-02-2012, 10:33 PM
buat para master disini tolongin gw dong butuh bantuan infonya
harddisk gw waktu dibuka folder-foldernya filenya semua hilang
tapi diliat propertinya space harddisk tetap terpakai
tetapi ada beberapa file yang masih keliatan di folder hardisk tsb, tapi ga bisa dibuka
gw coba setel folder option yang show hidden file tetap tidak membantu
gw coba setel parameter atribut dari cmd juga parameter selalu salah seakan akan folder itu tdk pernah eksis
waktu gw coba delete malah muncul target is no longer on the location, verify the folder location blah blah blah
dugaan gw sejauh ini sih virus
tapi setelah gw scan pakai antivirus avg dan avira malah yang ke scan cuma beberapa ratus file
logikanya dari space harddisk total 225gb hanya 1,4 gb yang free
jadi kemanakah semua file yang tidak ter scan itu? masalah cukup sayang untuk format ulang harddisk itu karena isinya film film langka yang bahkan cukup susah dicari di internet

tolong bantu gw plis... tolong dong... banyak data penting didalam termasuk kerja keras beberapa bulan terakhir untuk tugas akhir ini... apa yang mesti gw lakuin karena gw sendiri cukup bingung dengan problem ini
yang bantu jawab pasti gw kirim cendol segar
terima kasi banyak:ogmatabelo::ogmatabelo::ogmatabelo::ogmatab elo::ogmatabelo:

shinigamidika
03-02-2012, 10:58 PM
^
yang dibuka bukan cuman hidden file nya... tapi super/system hiddennya..
Coba folder option>hilangin centang pada hide protected operating system...
Klo caranya bener... folder2 yg superhidden bisa keliatan..

dejivrur
04-02-2012, 12:13 AM
^
yang dibuka bukan cuman hidden file nya... tapi super/system hiddennya..
Coba folder option>hilangin centang pada hide protected operating system...
Klo caranya bener... folder2 yg superhidden bisa keliatan..

sudah dicoba sarannya bro
tapi tetap saja folder masih menyembunyikan file dan pada propertiesnya di folder folder tsb deskripsinya 0bytes
padahal tetap saja space harddisk terisi penuh
wah gimana lagi ya ngakalinnya? gw bener bener bingung banget nih
makasih udah coba bantuin ya

keemchee
04-02-2012, 12:23 AM
utk masalah saia uda fix...dan ternyata setelah saia teliti emg ada penyusup...:keringat:
namun sejauh ini identitas si tersangka masih belum diketahui...:sigh:

setelah gugling, saia nemu software buat benerin registry nya...
namanya Registry Mechanic ---> punya saia, dan yg saia upload ver.7.0
icon sudah kembali seperti semula...:elegan:

ini uda saia lokalin + key nya juga...
http://idws.us/bcgggec

thx bgt buat yg uda ngebantu saia...:xiexie::xiexie:

shinigamidika
04-02-2012, 07:05 AM
sudah dicoba sarannya bro
tapi tetap saja folder masih menyembunyikan file dan pada propertiesnya di folder folder tsb deskripsinya 0bytes
padahal tetap saja space harddisk terisi penuh
wah gimana lagi ya ngakalinnya? gw bener bener bingung banget nih
makasih udah coba bantuin ya
Klo mau ngecek foldernya ada gak..
ketik di cmd

d:
dir /a
itu untuk drive d.. klo drive e dst tinggal ganti hurufnya...
Klo mau buka file yg supperhidden... donlt ini
http://www.mediafire.com/?dici49cq31x2wib
ekstrak terus taruh/copy ke drive yg pengen dibuka super hiddennya..
terus double click...
Klo pake dua cara itu gak keliatan folder nya..
berarti udah ilang..

dejivrur
04-02-2012, 06:43 PM
Klo mau ngecek foldernya ada gak..
ketik di cmd

d:
dir /a
itu untuk drive d.. klo drive e dst tinggal ganti hurufnya...
Klo mau buka file yg supperhidden... donlt ini
http://www.mediafire.com/?dici49cq31x2wib
ekstrak terus taruh/copy ke drive yg pengen dibuka super hiddennya..
terus double click...
Klo pake dua cara itu gak keliatan folder nya..
berarti udah ilang..

heheh setelah restart komp ternyata semua filenya sdh bisa terbaca dan muncul lagi
terima kasih banyak ya bro atas bantuannya semoga bro selalu diberkati oleh yang maha kuasa :)

peter82
09-02-2012, 01:52 PM
http://vvcap.net/db/loejQx4G_fg29vjqUN_V.pnghttp://vvcap.net/db/biEUHbUDgrO4MiZz0lxz.png
anu ..tanya ini kena virus apa ya :(( sudah update avast dan full scan masih ada :((
mohon pencerahannya :maaf:

notox
09-02-2012, 09:44 PM
http://vvcap.net/db/loejQx4G_fg29vjqUN_V.pnghttp://vvcap.net/db/biEUHbUDgrO4MiZz0lxz.png
anu ..tanya ini kena virus apa ya :(( sudah update avast dan full scan masih ada :((
mohon pencerahannya :maaf:

Kalo dari taskmanager sepertinya firefox banyak memakai CPU usage.
Coba test uninstall sementara Firefox nya lalu cek masih tinggi ga CPU usage nya?
:???:

peter82
09-02-2012, 10:00 PM
Kalo dari taskmanager sepertinya firefox banyak memakai CPU usage.
Coba test uninstall sementara Firefox nya lalu cek masih tinggi ga CPU usage nya?
:???:
biasa juga segitu hyung, avast detect tcpwanmlib.exe sebagai virus, langsung di block tapi komp jadi lelet
dan waktu startup ada service.exe yang run dan mematikan semua firewall avast :???:

notox
09-02-2012, 10:52 PM
biasa juga segitu hyung, avast detect tcpwanmlib.exe sebagai virus, langsung di block tapi komp jadi lelet
dan waktu startup ada service.exe yang run dan mematikan semua firewall avast :???:

Coba scan dengan Hijackthis.
Pilih Do system scan and save a log file
Post lognya disini.
NB: jangan klik fix checked bila tidak disarankan.
http://www.mediafire.com/?d6gidyzhi49th5f

Search juga file tcpwanmlib.exe kemudian masukan ke rar/zip lalu upload untuk saya cek.
:hmm:

peter82
10-02-2012, 07:02 AM
Coba scan dengan Hijackthis.
Pilih Do system scan and save a log file
Post lognya disini.
NB: jangan klik fix checked bila tidak disarankan.
http://www.mediafire.com/?d6gidyzhi49th5f

Search juga file tcpwanmlib.exe kemudian masukan ke rar/zip lalu upload untuk saya cek.
:hmm:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:38:53, on 10/02/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\PROLiNK PCM100 UI\bin\MonServiceUDisk.exe
C:\WINDOWS\System32\tcpwanmlib.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Smadav\SM?RTP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\VVCap\VVCap.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PROLiNK PCM100 UI\bin\App.exe
C:\WINDOWS\system32\CMD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.youtube.com/watch?v=yLs7Qk3oN80
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [VVCap] C:\Program Files\VVCap\VVCap.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{52CCF0C3-68EB-4A2C-9E02-99BF00933CCD}: NameServer = 8.8.8.8
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\PROLiNK PCM100 UI\bin\MonServiceUDisk.exe
O23 - Service: Windows Native Monthing (WanmSvc) - Unknown owner - C:\WINDOWS\System32\tcpwanmlib.exe

--
End of file - 3922 bytes

belum gw fix hyung :)
http://www.mediafire.com/?w24v1gma4r1hd9k
file rar tcpwanmlib.exe
thanks berat hyung :maaf:

bighendz
10-02-2012, 03:31 PM
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:38:53, on 10/02/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\PROLiNK PCM100 UI\bin\MonServiceUDisk.exe
C:\WINDOWS\System32\tcpwanmlib.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Smadav\SM?RTP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\VVCap\VVCap.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PROLiNK PCM100 UI\bin\App.exe
C:\WINDOWS\system32\CMD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.youtube.com/watch?v=yLs7Qk3oN80
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [VVCap] C:\Program Files\VVCap\VVCap.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{52CCF0C3-68EB-4A2C-9E02-99BF00933CCD}: NameServer = 8.8.8.8
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\PROLiNK PCM100 UI\bin\MonServiceUDisk.exe
O23 - Service: Windows Native Monthing (WanmSvc) - Unknown owner - C:\WINDOWS\System32\tcpwanmlib.exe

--
End of file - 3922 bytes

belum gw fix hyung :)
http://www.mediafire.com/?w24v1gma4r1hd9k
file rar tcpwanmlib.exe
thanks berat hyung :maaf:

coba aja di scan pake ESET Sys-Rescue , itu anti virus langsung lewat boot nge scannya , jadi ga pake startup windows dulu :elegan:
mungkin aja bisa di fix , dan ane pernah kena virus yang lebih parah tapi wal hasil kompi ane balik kaya sedia kala :unyil:

peter82
11-02-2012, 08:14 AM
coba aja di scan pake ESET Sys-Rescue , itu anti virus langsung lewat boot nge scannya , jadi ga pake startup windows dulu :elegan:
mungkin aja bisa di fix , dan ane pernah kena virus yang lebih parah tapi wal hasil kompi ane balik kaya sedia kala :unyil:

tubrukan gw install dengan avast :iii:

notox
11-02-2012, 08:21 AM
Logfile of Trend Micro HijackThis v2.0.4

--
End of file - 3922 bytes

belum gw fix hyung :)
http://www.mediafire.com/?w24v1gma4r1hd9k
file rar tcpwanmlib.exe
thanks berat hyung :maaf:

Coba buka folder C:\WINDOWS\System32\tcpwanmlib.exe
Copy file tcpwanmlib.exe ke desktop / drive lain kemudian masukan ke rar dan upload.

Yang aniki upload sebelumnya itu file prefetch nya dari tcpwanmlib.exe
:hmm:

gaara_hisoka
14-02-2012, 10:09 AM
Misi om... mau nanya kemaren aye kena malware system check... udah ke blok sama ESET...

tapi tampilan kompi jadi kacau... gimana cara nge-restorenya yap... thanks :maaf:

notox
17-02-2012, 03:20 PM
Misi om... mau nanya kemaren aye kena malware system check... udah ke blok sama ESET...

tapi tampilan kompi jadi kacau... gimana cara nge-restorenya yap... thanks :maaf:

1. Pake Windows apa?
2. Sebaiknya pasang tampilan yang kacau tersebut (bisa via Print Screen maupun dari camera dig)
3. Apakah virusnya sudah hilang tuntas atau hanya di block oleh ESET?

gaara_hisoka
24-02-2012, 09:48 PM
Pake windows 7 Professinal 32 bit...

virus udah kehapus semua pake NOD + malwarebytes

sekarang tinggal cara nge-restorenya gimana nih... :bingung:

http://a6.sphotos.ak.fbcdn.net/hphotos-ak-snc7/425519_195940437180828_100002946199932_323334_1057 172223_n.jpg

liat aja om... jadi ngaco...

di desktop juga shortcut program abis, ilang semua :dead:

notox
24-02-2012, 10:36 PM
Pake windows 7 Professinal 32 bit...

virus udah kehapus semua pake NOD + malwarebytes

sekarang tinggal cara nge-restorenya gimana nih... :bingung:

http://a6.sphotos.ak.fbcdn.net/hphotos-ak-snc7/425519_195940437180828_100002946199932_323334_1057 172223_n.jpg

liat aja om... jadi ngaco...

di desktop juga shortcut program abis, ilang semua :dead:


Start → search → cmd.exe | Klik kanan cmd.exe → run as administrator
Pada admin command prompt ketikan sfc /scannow
Post hasil scannya dan cek apakah tampilan masih bermasalah
:???:

gaara_hisoka
25-02-2012, 12:14 AM
katanya gak ada masalah om... :facepalm:

notox
25-02-2012, 02:52 AM
katanya gak ada masalah om... :facepalm:

Hmm sepertinya tinggal ada 2 pilihan:
- Reinstall Windows (format ulang)
- Repair Windows 7 (http://www.indowebster.web.id/showthread.php?t=149096&p=9008448&viewfull=1#post9008448) (bila ingin mempertahankan data dan program files)
:hmm:

gaara_hisoka
25-02-2012, 04:17 AM
Hmm sepertinya tinggal ada 2 pilihan:
- Reinstall Windows (format ulang)
- Repair Windows 7 (http://www.indowebster.web.id/showthread.php?t=149096&p=9008448&viewfull=1#post9008448) (bila ingin mempertahankan data dan program files)
:hmm:

dua-duanya muskil nih om... komputer kantor...

harus minta master DVD nya ke orang IT... :panda:

firebrush
13-03-2012, 01:39 PM
gan numpang tanya...
menurut agan antivirus lokal atau yg luar negri yg lebi bgus??
truz yg plng bgus antivirus apa??
thx...

choli
13-03-2012, 01:54 PM
gan numpang tanya...
menurut agan antivirus lokal atau yg luar negri yg lebi bgus??
truz yg plng bgus antivirus apa??
thx...
IMO
Luar negeri lah yang lebih bagus..

IMO lagi
Karena ane pengguna bitdef, maka ane jawab bitdef.
Dengan catatan: virus def nya diupdate teratur & scan access file...

firebrush
14-03-2012, 11:54 AM
IMO
Luar negeri lah yang lebih bagus..

IMO lagi
Karena ane pengguna bitdef, maka ane jawab bitdef.
Dengan catatan: virus def nya diupdate teratur & scan access file...


waduh ane gag punya bitdefender...
ane punyanya Avast ama nod32 smart security 4...
agan recommend yg mana antara itu??

choli
14-03-2012, 12:26 PM
waduh ane gag punya bitdefender...
ane punyanya Avast ama nod32 smart security 4...
agan recommend yg mana antara itu??


Diantara 3 merek ini:
Ane sih milih nod32 yah...

firebrush
14-03-2012, 02:07 PM
Diantara 3 merek ini:
Ane sih milih nod32 yah...


thx gan sharenya....:ogtop::ogtop:
tp dimana ane bisa dpet update nod32-nya gan??
agan punya gag linknya???:oggajes::oggajes:

cgnusardana
14-03-2012, 03:44 PM
waduh ane gag punya bitdefender...
ane punyanya Avast ama nod32 smart security 4...
agan recommend yg mana antara itu??

Pake AVAST, free edition malahan, biar updatenya gampang :hoho:...

kevinsenjaya
14-03-2012, 04:07 PM
waduh ane gag punya bitdefender...
ane punyanya Avast ama nod32 smart security 4...
agan recommend yg mana antara itu??

kalo ane dari dulu komputer dan laptop selalu pake AVG
mantab punya gan ada yang free pula
tp ane saranin ambil yang internet edition udah incl. firewall
kalo ga salah harganya 200rb

firebrush
14-03-2012, 05:10 PM
Pake AVAST, free edition malahan, biar updatenya gampang :hoho:...

tp ane perna denger tmen ane kalo ada serial number Avast yg long time...
tp hrus punya akun dlu di Avast katanya..
agan ada yg tw gag gimana cara daftarinnya??:oggaring::oggaring:

firebrush
14-03-2012, 05:13 PM
kalo ane dari dulu komputer dan laptop selalu pake AVG
mantab punya gan ada yang free pula
tp ane saranin ambil yang internet edition udah incl. firewall
kalo ga salah harganya 200rb

mahal amad...:ogtanya::ogtanya:
mendingan pke norton aja kalo harganya udah sgitu...:hot::hot:
tp yg gratisan tetep lebi enak...:hahai::hahai:

cgnusardana
15-03-2012, 07:18 AM
tp ane perna denger tmen ane kalo ada serial number Avast yg long time...
tp hrus punya akun dlu di Avast katanya..
agan ada yg tw gag gimana cara daftarinnya??:oggaring::oggaring:

Tuh bukan jadi anggota, cuman ngisi form, trus ntar serialnya d kirim d email kita, kalo kagak gitu mana tau avastnya alamat email kita :lol:.. Yup, kalo kagak pake serial itu ntar isa d pake-nya cuman 1 bulan, kalo d kasik serial jadi 1 Tahun :top:...

kliv
15-03-2012, 10:04 AM
antivirus buat system bagusnya apa?

firebrush
15-03-2012, 01:57 PM
Tuh bukan jadi anggota, cuman ngisi form, trus ntar serialnya d kirim d email kita, kalo kagak gitu mana tau avastnya alamat email kita :lol:.. Yup, kalo kagak pake serial itu ntar isa d pake-nya cuman 1 bulan, kalo d kasik serial jadi 1 Tahun :top:...

dimana gan ane bisa ngisi ntu form??:ogtanya::ogtanya:

firebrush
15-03-2012, 04:52 PM
antivirus buat system bagusnya apa?


mnrt ane n udah nyoba antara Eset Smart Security 4 atau Avast...

cgnusardana
15-03-2012, 11:45 PM
dimana gan ane bisa ngisi ntu form??:ogtanya::ogtanya:

bisa dari AVAST.com trus bagian licensing center, ato lebih mudahnya, langsung klik icon avast yang deket jam, setelah itu pilih maintenance dan pilih registration, setelah itu klik register program, o ya kalo yang proses ini juga butuh internet lho :hehe:..