4 posters

antivirus kene telan, task manager hilang....virus ker atau aper? tolongggg

matsuyama kouji: Ahli Baharu; Number of posts : 4
Registration date : 16/06/2009

Post n°1

antivirus kene telan, task manager hilang....virus ker atau aper? tolongggg

by matsuyama kouji Wed Jan 06, 2010 12:19 am

nie hasil scan hijack this

tolong tengok yer...kawan2....menda nie jadi lepas install software window media player.etc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:19 AM, on 1/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\WINMINE.EXE
C:\WINDOWS\system32\WINMINE.EXE
C:\WINDOWS\system32\WINMINE.EXE
C:\WINDOWS\system32\WINMINE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX00.712\IBProcMan.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX26.243\IBProcMan.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX42.028\IBProcMan.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX47.027\IBProcMan.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX59.935\IBProcMan.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX63.047\IBProcMan.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX72.238\IBProcMan.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX78.748\IBProcMan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 3709 bytes

bazsh

bazsh: Ahli Baharu; Gender : Male Number of posts : 401
Age : 42
Location : New Castle
Job/hobbies : Surfing/Games
Registration date : 20/02/2009

Post n°2

Re: antivirus kene telan, task manager hilang....virus ker atau aper? tolongggg

by bazsh Wed Jan 06, 2010 12:53 am

C:\WINDOWS\system32\WINMINE.EXE
C:\WINDOWS\system32\WINMINE.EXE
C:\WINDOWS\system32\WINMINE.EXE
C:\WINDOWS\system32\WINMINE.EXE
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX00.712\IBProcMan.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX26.243\IBProcMan.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX42.028\IBProcMan.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX47.027\IBProcMan.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX59.935\IBProcMan.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX63.047\IBProcMan.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX72.238\IBProcMan.exe
C:\DOCUME~1\targa\LOCALS~1\Temp\Rar$EX78.748\IBProcMan.exe

Aku x mahir nak analyse HJT
Tp bro recognize ke process2 ni?

johnburn

johnburn: Moderators; Gender : Male Number of posts : 755
Location : Terengganu
Registration date : 07/03/2009

Post n°3

Re: antivirus kene telan, task manager hilang....virus ker atau aper? tolongggg

by johnburn Wed Jan 06, 2010 2:16 am

yg tu minesweeper dgn IBProcMan (Itty Bitty process manager) yg dibuka dari file winrar tanpa ekstrak terlebih dahulu.

Download Malwarebyte, install, update, dan scan. Pastu paste log malwarebyte dgn log hijackthis yg baru sini

matsuyama kouji

matsuyama kouji: Ahli Baharu; Number of posts : 4
Registration date : 16/06/2009

Post n°4

Re: antivirus kene telan, task manager hilang....virus ker atau aper? tolongggg

by matsuyama kouji Wed Jan 06, 2010 2:39 am

ha yg nie Malware pyer

Malwarebytes' Anti-Malware 1.43
Database version: 3496
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/6/2010 2:32:22 AM
mbam-log-2010-01-06 (02-32-22).txt

Scan type: Quick Scan
Objects scanned: 101083
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ha yg ni hijackthis puyer...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:37 AM, on 1/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 3331 bytes

bazsh

bazsh: Ahli Baharu; Gender : Male Number of posts : 401
Age : 42
Location : New Castle
Job/hobbies : Surfing/Games
Registration date : 20/02/2009

Post n°5

Re: antivirus kene telan, task manager hilang....virus ker atau aper? tolongggg

by bazsh Wed Jan 06, 2010 11:35 am

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)

Tick & fix entry berikut

e_sentinel

e_sentinel: Ahli Baharu; Number of posts : 479
Registration date : 02/03/2009

Post n°6

Re: antivirus kene telan, task manager hilang....virus ker atau aper? tolongggg

by e_sentinel Wed Jan 06, 2010 12:28 pm

Jangan lupa entry 07 sama ye Smile

matsuyama kouji

matsuyama kouji: Ahli Baharu; Number of posts : 4
Registration date : 16/06/2009

Post n°7

SAHABAT2 SEMUA

by matsuyama kouji Thu Jan 07, 2010 1:17 am

terima kasih di atas keperihatinan dan kesudian untuk membantu sya. saya amat menghargainya. masalah dah selesai...tp power dvd, winamp, nero dah hilang skali...tp task manager dah kuar....saya kene install balik semua nih... termia ksih sekali lagi...u all r the best cheers