-
Content Count
80 -
Joined
-
Last visited
Posts posted by khairulnisa
-
-
dah..tp still tak dapat gak..
ComboFix 10-08-31.01 - User 09/01/2010 10:32:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.595 [GMT 8:00]
Running from: c:\documents and settings\User\My Documents\Downloads\Programs\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100831-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\User\Application Data\ldm.exe
c:\documents and settings\User\Application Data\setupv.exe
c:\windows\d4s.hst
c:\windows\struct~.ini
c:\windows\system32\Cache
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.
2010-08-30 23:46 . 2010-09-01 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Chit Chat For Facebook
2010-08-30 23:46 . 2010-08-30 23:47 -------- d-----w- c:\program files\Chit Chat For Facebook
2010-08-30 23:46 . 2010-08-30 23:46 -------- d-----w- c:\program files\AutocompletePro
2010-08-19 04:52 . 2010-08-19 04:52 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Octoshape
2010-08-18 12:10 . 2010-08-04 11:43 71960 ----a-w- c:\documents and settings\User\Application Data\Octoshape\Octoshape Streaming Services\sua-1008042-0-npoctoshape.dll
2010-08-18 12:10 . 2010-08-04 11:43 438784 ----a-w- c:\documents and settings\User\Application Data\Octoshape\Octoshape Streaming Services\sua-1008042-0-libOctoshapeClient.dll
2010-08-18 12:10 . 2010-08-04 11:43 124184 ----a-w- c:\documents and settings\User\Application Data\Octoshape\Octoshape Streaming Services\sua-1008042-0-apoctoshape.dll
2010-08-14 13:00 . 2010-08-17 15:07 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-10 03:43 . 2010-08-10 03:43 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Yahoo!
2010-08-08 11:53 . 2010-08-08 11:53 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5f2c8106-n\msvcp71.dll
2010-08-08 11:53 . 2010-08-08 11:53 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5f2c8106-n\jmc.dll
2010-08-08 11:53 . 2010-08-08 11:53 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5f2c8106-n\msvcr71.dll
2010-08-08 11:51 . 2010-08-08 11:51 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6610a1c2-n\decora-sse.dll
2010-08-08 11:51 . 2010-08-08 11:51 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6610a1c2-n\decora-d3d.dll
2010-08-02 05:51 . 2010-08-02 05:51 198064 ----a-w- c:\documents and settings\User\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 02:39 . 2010-05-25 08:04 -------- d-----w- c:\documents and settings\User\Application Data\DMCache
2010-08-31 12:01 . 2010-06-02 03:14 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-08-30 23:27 . 2010-01-15 17:11 -------- d-----w- c:\program files\GVR
2010-08-30 23:27 . 2010-01-04 15:12 -------- d-----w- c:\program files\mIRC
2010-08-30 16:31 . 2010-01-04 15:12 -------- d-----w- c:\documents and settings\User\Application Data\mIRC
2010-08-14 13:17 . 2010-05-25 08:04 -------- d-----w- c:\documents and settings\User\Application Data\IDM
2010-08-02 05:50 . 2010-05-25 08:04 -------- d-----w- c:\program files\Internet Download Manager
2010-07-29 22:00 . 2010-07-29 22:00 -------- d-----w- c:\documents and settings\User\Application Data\PlayFirst
2010-07-29 22:00 . 2010-07-29 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-07-29 22:00 . 2010-07-29 21:59 -------- d-----w- c:\program files\Diner Dash - Flo on the Go
2010-07-29 21:41 . 2010-07-29 21:41 -------- d--h--w- c:\documents and settings\User\Application Data\IFViewer
2010-07-29 18:34 . 2010-03-27 15:45 -------- d-----w- c:\program files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter
2010-07-22 04:46 . 2010-01-04 03:45 -------- d-----w- c:\documents and settings\User\Application Data\Winamp
2010-07-21 10:07 . 2010-07-21 10:06 3205464 ----a-w- c:\documents and settings\User\Application Data\IDM\idmupdt.exe
2010-07-19 07:48 . 2010-07-18 13:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-22 11:48 . 2010-06-21 04:17 560 ----a-w- c:\documents and settings\User\Application Data\ViewerApp.dat
2010-06-20 02:51 . 2010-06-20 02:51 50354 ----a-w- c:\documents and settings\User\Application Data\Facebook\uninstall.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll
2004-08-06 20:00 . 2004-08-06 20:00 168371 --sha-r- c:\windows\system32\fmclrdc.dll
.
------- Sigcheck -------
[-] 2009-01-09 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ncr3"="c:\program files\Panasonic\Ncr3\ncrcore3.exe" [2007-10-09 1634304]
"Octoshape Streaming Services"="c:\documents and settings\User\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-11 3171760]
"Chit Chat for Facebook"="c:\program files\Chit Chat For Facebook\CCFFacebook.exe" [2010-07-21 2583040]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-06 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 16248320]
"SkyTel"="SkyTel.EXE" [2006-07-19 2879488]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-13 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-13 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2010-6-20 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2010-6-20 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4658:TCP"= 4658:TCP:igidaxnv
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/24/2010 11:55 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/24/2010 11:55 AM 20560]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [11/4/2008 11:39 AM 14336]
S0 kzfwudda;kzfwudda;c:\windows\system32\Drivers\kzfwudda.sys --> c:\windows\system32\Drivers\kzfwudda.sys [?]
S0 owmylusc;owmylusc;c:\windows\system32\drivers\owmylusc.sys [1/14/2010 2:34 PM 40128]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/16/2010 3:05 PM 133104]
S2 nxsqmcoiq;Center Shell;c:\windows\system32\svchost.exe -k netsvcs [8/7/2004 4:00 AM 14336]
S2 pfptseov;Manager Helper;c:\windows\system32\svchost.exe -k netsvcs [8/7/2004 4:00 AM 14336]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [6/13/2010 8:42 PM 113280]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [7/22/2010 1:11 PM 100736]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys --> c:\windows\system32\DRIVERS\lv321av.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2/19/2010 11:58 PM 7680]
S3 SuperKillFile;SuperKillFile;c:\program files\GVR\geekzd.dll [8/31/2010 6:33 AM 3968]
S3 xkjdrmsm;xkjdrmsm;\??\c:\windows\System32\Drivers\xkjdrmsm.sys --> c:\windows\System32\Drivers\xkjdrmsm.sys [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2/19/2010 11:58 PM 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2/19/2010 11:58 PM 104960]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nxsqmcoiq
pfptseov
.
Contents of the 'Scheduled Tasks' folder
2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 07:05]
2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 07:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=13170&l=dis
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59} = 203.82.64.145 203.82.64.129
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\pk97mnip.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\User\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\User\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
.
------- File Associations -------
.
scrfile="%1" %*
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-PortGo - (no file)
HKLM-Run-LogitechVideo[inspector] - c:\program files\Acer\OrbiCam\InstallHelper.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 10:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nxsqmcoiq]
"ServiceDll"="c:\windows\system32\fmclrdc.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfptseov]
"ServiceDll"="c:\windows\system32\fmclrdc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0f174d39-3fa6-4fb0-9f36-89c2146c21b7}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d5
"Therad"=dword:0000000d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e5,d7,26,05,0b,6c,1c,c8,25,d0,bb,64,d0,02,ca,0c,50,89,4e,92,91,
1f,57,94,ec,db,5f,69,32,36,56,48,df,ca,0c,c7,af,02,10,35,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3480)
c:\windows\system32\msi.dll
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Panasonic\Ncr3\Ncrwd.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\docume~1\User\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Mobile Partner\Mobile Partner.exe
c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
**************************************************************************
.
Completion time: 2010-09-01 10:43:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-01 02:43
Pre-Run: 12,015,529,984 bytes free
Post-Run: 12,056,875,008 bytes free
- - End Of File - - F7E2BAB909B9AB0D8FCC036B9E60FEEB -
ok..tgh download..tp kan..
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer. -
hurm..xde effect pon..still xley update malwarebyte n xley nk run REG.. -
tak tahu mcm mana nak solve benda ni. sebab asal cari info passl malware ni kat http://www.malwarebytes.org/ pon tak boleh. server not found. try run REG pon dia blink je. camne ek nak hilang benda ni. kesian kat kawan2 asyik terima message yang bukan2 je.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:18 AM, on 8/31/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panasonic\Ncr3\ncrcore3.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\User\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Panasonic\Ncr3\Ncrwd.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\GVR\GVR.exe
C:\Program Files\GVR\GRTP.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13170&l=dis
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ncr3] C:\Program Files\Panasonic\Ncr3\ncrcore3.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\User\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Chit Chat for Facebook] C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.145 203.82.64.129
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
--
End of file - 8557 bytes -
utk fresh graduate electrical engineering xde ke? -
ada sesiapa tahu tak pasal steganography..sembunyi message y berbentuk audio di dalam cover message y juga berbentuk audio..teknik y nak digunakan ialah Least Significan Bit using MATLAB.. -
yela..yg dua tu xde pon time nk tick tu..
apsal lepas fix google talk xley guna ek? -
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
camne nk fixed yg ni? -
dh ok dah sket..
bley tlg cek dh clean blom?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:45 AM, on 1/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.uthm.edu.my:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; 127.0.0.1; *.uthm.edu.my; 10.*.*.*;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://192.168.10.253/JpegInst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 6159 bytes -
nk wat camne?
br je format ari tu..
xkn nk gi format blk kot..
tension tol..
dh la tgh siapkan fyp.. -
hijakcthis pon xberapa leh buka..
malwarebyte langsung la xleh..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:29 AM, on 1/16/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Panasonic\Ncr3\ncrcore3.exe
C:\Documents and Settings\User\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Panasonic\Ncr3\Ncrwd.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.10.253/
O1 - Hosts: 74.125.53.106 msnfix.changelog.fr
O1 - Hosts: 74.125.53.106 www.incodesolutions.com
O1 - Hosts: 74.125.53.106 virusinfo.prevx.com
O1 - Hosts: 74.125.53.106 download.bleepingcomputer.com
O1 - Hosts: 74.125.53.106 www.dazhizhu.cn
O1 - Hosts: 74.125.53.106 foro.noticias3d.com
O1 - Hosts: 74.125.53.106 www.spybotupdates.com
O1 - Hosts: 74.125.53.106 club.myce.com
O1 - Hosts: 74.125.53.106 www.k7computing.com
O1 - Hosts: 74.125.53.106 www.nabble.com
O1 - Hosts: 74.125.53.106 lurker.clamav.net
O1 - Hosts: 74.125.53.106 lexikon.ikarus.at
O1 - Hosts: 74.125.53.106 research.sunbelt-software.com
O1 - Hosts: 74.125.53.106 www.virusdoctor.jp
O1 - Hosts: 74.125.53.106 www.elitepvpers.de
O1 - Hosts: 74.125.53.106 guru.avg.com
O1 - Hosts: 74.125.53.106 downloads.sophos.com
O1 - Hosts: 74.125.53.106 share.skype.com
O1 - Hosts: 74.125.53.106 myantispyware.com
O1 - Hosts: 74.125.53.106 www.superuser.co.kr
O1 - Hosts: 74.125.53.106 ntfaq.co.kr
O1 - Hosts: 74.125.53.106 v.dreamwiz.com
O1 - Hosts: 74.125.53.106 cit.kookmin.ac.kr
O1 - Hosts: 74.125.53.106 forums.whatthetech.com
O1 - Hosts: 74.125.53.106 forum.hijackthis.de
O1 - Hosts: 74.125.53.106 avg.vo.llnwd.net
O1 - Hosts: 74.125.53.106 ftp.drweb.com
O1 - Hosts: 74.125.53.106 www.zonealarm.com
O1 - Hosts: 74.125.53.106 smadaver.com
O1 - Hosts: 74.125.53.106 support.emsisoft.com
O1 - Hosts: 74.125.53.106 www.huaifai.go.th
O1 - Hosts: 74.125.53.106 www.mostz.com
O1 - Hosts: 74.125.53.106 www.krupunmai.com
O1 - Hosts: 74.125.53.106 www.cddchiangmai.net
O1 - Hosts: 74.125.53.106 forum.malekal.com
O1 - Hosts: 74.125.53.106 tech.pantip.com
O1 - Hosts: 74.125.53.106 sapcupgrades.com
O1 - Hosts: 74.125.53.106 www.elguruinformatico.com
O1 - Hosts: 74.125.53.106 forums.avg.com
O1 - Hosts: 74.125.53.106 zastita.com
O1 - Hosts: 74.125.53.106 support.kaspersky.com
O1 - Hosts: 74.125.53.106 www.247fixes.com
O1 - Hosts: 74.125.53.106 forum.sysinternals.com
O1 - Hosts: 74.125.53.106 forum.telecharger.01net.com
O1 - Hosts: 74.125.53.106 sophos.com
O1 - Hosts: 74.125.53.106 foros.softonic.com
O1 - Hosts: 74.125.53.106 avast-home.uptodown.com
O1 - Hosts: 74.125.53.106 dr-web-cureit.softonic.com
O1 - Hosts: 74.125.53.106 heavenward.ru
O1 - Hosts: 74.125.53.106 forum.smadav.net
O1 - Hosts: 74.125.53.106 www.forum.kaspersky.com
O1 - Hosts: 74.125.53.106 www.f-secure.com
O1 - Hosts: 74.125.53.106 www.chkrootkit.org
O1 - Hosts: 74.125.53.106 diamondcs.com.au
O1 - Hosts: 74.125.53.106 www.rootkit.nl
O1 - Hosts: 74.125.53.106 www.sysinternals.com
O1 - Hosts: 74.125.53.106 z-oleg.com
O1 - Hosts: 74.125.53.106 espanol.dir.groups.yahoo.com
O1 - Hosts: 74.125.53.106 ftp01net.telechargement.fr
O1 - Hosts: 74.125.53.106 modelayu.com
O1 - Hosts: 74.125.53.106 vaksin.com
O1 - Hosts: 74.125.53.106 bbs.kaspersky.com.cn
O1 - Hosts: 74.125.53.106 www.castlecrops.com
O1 - Hosts: 74.125.53.106 www.misec.net
O1 - Hosts: 74.125.53.106 safecomputing.umn.edu
O1 - Hosts: 74.125.53.106 www.antirootkit.com
O1 - Hosts: 74.125.53.106 www.greatis.com
O1 - Hosts: 74.125.53.106 ar.answers.yahoo.com
O1 - Hosts: 74.125.53.106 www.elhacker.org
O1 - Hosts: 74.125.53.106 research.pandasecurity.com
O1 - Hosts: 74.125.53.106 www.tpu.ro
O1 - Hosts: 74.125.53.106 www.pinoyden.com
O1 - Hosts: 74.125.53.106 www.rootkit.com
O1 - Hosts: 74.125.53.106 www.pctools.com
O1 - Hosts: 74.125.53.106 www.pcsupportadvisor.com
O1 - Hosts: 74.125.53.106 www.resplendence.com
O1 - Hosts: 74.125.53.106 www.personal.psu.edu
O1 - Hosts: 74.125.53.106 foro.ethek.com
O1 - Hosts: 74.125.53.106 foro.elhacker.net
O1 - Hosts: 74.125.53.106 download.zonealarm.com
O1 - Hosts: 74.125.53.106 spywarehammer.com
O1 - Hosts: 74.125.53.106 www.codelain.com
O1 - Hosts: 74.125.53.106 vil.nail.com
O1 - Hosts: 74.125.53.106 search.mcafee.com
O1 - Hosts: 74.125.53.106 wwww.mcafee.com
O1 - Hosts: 74.125.53.106 download.nai.com
O1 - Hosts: 74.125.53.106 wwww.experts-exchange.com
O1 - Hosts: 74.125.53.106 www.bakunos.com
O1 - Hosts: 74.125.53.106 www.darkclockers.com
O1 - Hosts: 74.125.53.106 www2.gmer.net
O1 - Hosts: 74.125.53.106 ariefew.com
O1 - Hosts: 74.125.53.106 www.emsisoft.com
O1 - Hosts: 74.125.53.106 forum.romeonet.ro
O1 - Hosts: 74.125.53.106 www.Merijn.org
O1 - Hosts: 74.125.53.106 www.spywareinfo.com
O1 - Hosts: 74.125.53.106 www.spybot.info
O1 - Hosts: 74.125.53.106 www.viruslist.com
O1 - Hosts: 74.125.53.106 www.hijackthis.de
O1 - Hosts: 74.125.53.106 ftp.f-secure.com
O1 - Hosts: 74.125.53.106 forum.kaspersky.com
O1 - Hosts: 74.125.53.106 es.trendmicro-europe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [MS Virtual CLS] C:\WINDOWS\system32\wmipxty.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Ncr3] C:\Program Files\Panasonic\Ncr3\ncrcore3.exe
O4 - HKCU\..\Run: [Meebo Notifier] "C:\Documents and Settings\User\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\User\wpvq.exe \u
O4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://192.168.10.253/JpegInst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.67 203.82.64.41
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.67 203.82.64.41
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
--
End of file - 11470 bytes -
bila latihan ni?
kalo saya nk belajar php utk buat fyp boleh x? -
dh review dh router aztech ni. cam ok. harga rm245. balingi duk area puchong maybe xde prob la kot pkai digi. sy kat parit raja ni area kampung. xtau la ok ke tak. -
oo..harga dia brape ek?..router ni ada plug nk cucuk lan jugak x?..kalo guna celcom broadband laju x?..hehe..sory byk tanya.. ::icon_biggrin:: -
ada sesiapa bley recommend x mana2 brand 3g router wireless yg MURAH n ok.sbb sy nk bwat project yg menggunakan network camera.so perlu internet.xbley nk pkai internet universiti sbb network dia besar dan complicated.so pegawai it sroh pkai broadband je. -
This just for who those live in KL,SELANGOR,JOHOR n PENANG only.
Cardas Research & Consulting Sdn. Bhd. has appointed by Yahoo! Southeast Asia Pte. Ltd. to recruit Online Research Panelist to participate in their research studies surveys to help them understand what Malaysian Internet Users needs from the internet.
There are five (5) online research studies available throughout the year 2009. Once it is available, Yahoo! will email the registered panelist and survey can be done by just clicking on the link provided.
Five (5) Apple iPhone will be given out for each of the research studies. Panelist will get a chance to win an Apple iPhone on each survey they participate.
for those who r interested,please give me all the details.
Full Name:
Gender:
Race:
Age:
Contact No.:
Email:
State:
City:
District:
Where you usually access Internet?:
How frequent you use Internet?: -
QUOTE(cyber @ Jan 18 2009, 02:43 PM) <{POST_SNAPBACK}>bkn ke software ni sebagai simulator micro-p motorola 68k?
haah..btol la tuh..reti ke? -
ade sape2 reti guna software neh? -
m dad terlupe his password..
so xdpt nk buka laptop..
anyne cn give solution? -
ok..thankz
-
dh siap scan..tlg cek smula..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:00 PM, on 9/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\altera\80sp1\quartus\bin\jtagserver.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\MATLAB7\webserver\bin\win32\matlabserver.exe
C:\Program Files\Eset\nod32krn.exe
c:\matlab7\bin\win32\matlab.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: wbsys.dll fnfsvz.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\altera\80sp1\quartus\bin\jtagserver.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB7\webserver\bin\win32\matlabserver.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 7771 bytes
ni log dr malwarebytes
Malwarebytes' Anti-Malware 1.28
Database version: 1141
Windows 5.1.2600 Service Pack 2
9/12/2008 4:39:34 PM
mbam-log-2008-09-12 (16-39-34).txt
Scan type: Quick Scan
Objects scanned: 47080
Time elapsed: 5 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm473650e2 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\kvgbsglb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\service.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\BM473650e2.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM473650e2.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.28
Database version: 1141
Windows 5.1.2600 Service Pack 2
9/12/2008 5:31:20 PM
mbam-log-2008-09-12 (17-31-20).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 197994
Time elapsed: 46 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{EFE645F6-664B-4CFB-B5AC-790A3F3B5067}\RP48\A0010193.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EFE645F6-664B-4CFB-B5AC-790A3F3B5067}\RP48\A0013319.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EFE645F6-664B-4CFB-B5AC-790A3F3B5067}\RP48\A0013320.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\gAMes~~\burger shop\Burger Rush\burgerrushres.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:35 PM, on 9/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\altera\80sp1\quartus\bin\jtagserver.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\MATLAB7\webserver\bin\win32\matlabserver.exe
C:\Program Files\Eset\nod32krn.exe
c:\matlab7\bin\win32\matlab.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [bM473650e2] Rundll32.exe "C:\WINDOWS\system32\dpusxdwj.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: wbsys.dll fnfsvz.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\altera\80sp1\quartus\bin\jtagserver.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB7\webserver\bin\win32\matlabserver.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 7697 bytes
-
dah penah kena gak virus ni..bengang btol..virus antivirus 2008..cuci ngan doctor spyware..bley ilang la..
-
Setiap versi .NET framework samaada v1.1, 2.0 atau 3.5 mempunyai bugsyg perlu di fix.Anda perlu update framework samaada menggunakan auto-
update atau pergi terus ke Microsoft site utk download patches....
kalo nk download kena download patches ape?
Virus Yg Send Message Ym Kpd Contact List
in Utiliti & Sekuriti
Posted · Report reply