Jump to content

shahrizal

Members
 View Profile  See their activity

  • Content Count

    275

  • Joined

  • Last visited

Posts posted by shahrizal

  3. Posted · Edited by shahrizal · Report reply

    ComboFix 07-08-04.3 - "md_syukor" 2008-07-11 12:23:20.1 [GMT 8:00] - NTFS

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\bsva-egihsg52.exe

    ((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))

    2008-07-09 09:28 88,576 --a------ C:\WINDOWS\system32\bdsjbrlo.dll

    2008-06-25 18:23 321,920 --a------ C:\WINDOWS\system32\fcccbaWo.dll

    2008-06-25 18:23 131,757 --ahs---- C:\WINDOWS\system32\oWabcccf.ini2

    2008-06-25 18:19 28,800 --a------ C:\WINDOWS\system32\jkkKeddd.dll

    2008-06-25 18:18 28,800 --a------ C:\WINDOWS\system32\nnnnKBur.dll

    2008-06-25 18:14 <DIR> d-------- C:\Program Files\Antivirus 2008 PRO

    2008-06-25 18:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ADSL Software Ltd

    2008-06-25 13:55 15,316 ---hs---- C:\WINDOWS\system32\xiao.vbs

    2008-06-25 08:51 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\FileOpen

    2008-06-25 08:51 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\AdobeUM

    2008-06-25 08:34 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll

    2008-06-25 08:34 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

    2008-06-25 08:34 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

    2008-06-25 08:34 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

    2008-06-25 08:34 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

    2008-06-25 08:34 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

    2008-06-25 08:34 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

    2008-06-25 08:34 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

    2008-06-25 08:25 <DIR> d-------- C:\WINDOWS\network diagnostic

    2008-06-23 17:14 <DIR> d-------- C:\Program Files\Windows Media Connect 2

    2008-06-23 17:12 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

    2008-06-23 16:33 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\Nikon

    2008-06-23 15:59 <DIR> d--hs---- C:\DOCUME~1\MD_SYU~1\UserData

    2008-06-23 15:38 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\Yahoo!

    2008-06-23 15:37 2,097,152 --ah----- C:\DOCUME~1\MD_SYU~1\NTUSER.DAT

    2008-06-23 15:37 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\Symantec

    2008-06-23 15:37 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\Sonic

    2008-06-19 16:08 786,432 --ah----- C:\DOCUME~1\hlow01\NTUSER.DAT

    2008-06-19 16:08 <DIR> d-------- C:\DOCUME~1\hlow01\APPLIC~1\Symantec

    2008-06-19 16:08 <DIR> d-------- C:\DOCUME~1\hlow01\APPLIC~1\Sonic

    2008-06-19 11:42 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

    2008-06-19 11:42 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

    2008-06-12 11:57 <DIR> d-------- C:\DOCUME~1\rarvi01\APPLIC~1\Yahoo!

    2008-06-12 11:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-06-12 11:53 --------- d-------- C:\Program Files\Yahoo!

    2008-05-08 20:28 202752 --------- C:\WINDOWS\system32\dllcache\rmcast.sys

    2008-05-07 13:18 1287680 --a------ C:\WINDOWS\system32\quartz.dll

    2008-05-07 13:18 1287680 --------- C:\WINDOWS\system32\dllcache\quartz.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\winsystem.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\userconfig9x.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\winsystem.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\vbsys2.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\thun32.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\thun.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\temp#01.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\taack.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\taack.dat

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\sysreq.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\ssvchost.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\ssvchost.com

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\ssurf022.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\sncntr.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\Rundl1.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\regm64.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\regc64.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\psoft1.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\psof1.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\ps1.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\newsd32.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\netode.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\mwin32.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\mtr2.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\msvchost.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\mssecu.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\msnbho.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\msgp.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\medup020.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\medup012.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\hoproxy.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\h@tkeysh@@k.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\emesx.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\bdn.com

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\awtoolb.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\anticipator.dll

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\akttzn.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\mssecu.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\iTunesMusic.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\FVProtect.exe

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\bdn.com

    2008-05-06 09:17 4096 --a------ C:\WINDOWS\a.bat

    2008-04-23 22:16 3591680 --------- C:\WINDOWS\system32\dllcache\mshtml.dll

    2008-04-23 12:16 826368 --------- C:\WINDOWS\system32\dllcache\wininet.dll

    2008-04-23 12:16 671232 --------- C:\WINDOWS\system32\dllcache\mstime.dll

    2008-04-23 12:16 478208 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll

    2008-04-23 12:16 44544 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll

    2008-04-23 12:16 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll

    2008-04-23 12:16 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll

    2008-04-23 12:16 347136 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll

    2008-04-23 12:16 27648 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll

    2008-04-23 12:16 233472 --------- C:\WINDOWS\system32\dllcache\webcheck.dll

    2008-04-23 12:16 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll

    2008-04-23 12:16 214528 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll

    2008-04-23 12:16 193024 --------- C:\WINDOWS\system32\dllcache\msrating.dll

    2008-04-23 12:16 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll

    2008-04-23 12:16 133120 --------- C:\WINDOWS\system32\dllcache\extmgr.dll

    2008-04-23 12:16 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll

    2008-04-23 12:16 1159680 --------- C:\WINDOWS\system32\dllcache\urlmon.dll

    2008-04-23 12:16 105984 --------- C:\WINDOWS\system32\dllcache\url.dll

    2008-04-23 12:16 102912 --------- C:\WINDOWS\system32\dllcache\occache.dll

    2008-04-22 15:40 625664 --------- C:\WINDOWS\system32\dllcache\iexplore.exe

    2008-04-22 15:39 70656 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe

    2008-04-21 15:04 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll

    2008-04-21 15:04 1494528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll

    2008-04-21 15:03 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll

    2008-04-21 15:03 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll

    2008-04-21 15:03 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll

    2008-04-20 13:07 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39D67F39-6F48-438A-80A2-F86FE363C215}]

    2008-06-25 18:18 28800 --a------ C:\WINDOWS\system32\nnnnKBur.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E53D4E9-4C2D-40FA-AFB8-83BA12C58DDB}]

    2008-06-25 18:23 321920 --a------ C:\WINDOWS\system32\fcccbaWo.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-08-31 15:21]

    "3a81bac8"="C:\WINDOWS\system32\bdsjbrlo.dll" [2008-07-09 09:28]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00]

    "antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" [2008-06-25 18:14]

    "WinSpywareProtect"="C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe" [2008-06-25 18:16]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    "Explorer"=xiao.vbs

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    "{39D67F39-6F48-438A-80A2-F86FE363C215}"= C:\WINDOWS\system32\nnnnKBur.dll [2008-06-25 18:18 28800]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnKBur]

    nnnnKBur.dll 2008-06-25 18:18 28800 C:\WINDOWS\system32\nnnnKBur.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\acaegmgr.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ahnsd.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ahnsdsv.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\APVXDWIN.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arvmon.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVENGINE.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avg.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgnt.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avguard.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccapp.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccevtmgr.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccsetmgr.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defwatch.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\egui.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ekrn.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fwmain.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gr9x3863r.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guid.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp_1.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mcshield.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpstart.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw32.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVFNSVR.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psview.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SMC.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\snipesword.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spidernet.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\srgui.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssm.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Tbmon.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TBSCAN.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\THGUARD.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanHunter.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\woptiutilities.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsyscheck.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZONEALARM.exe]

    DEBUGGER=SDF

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\fcccbaWo

    "Notification Packages"= scecli AsWlnPkg

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2000478354-1682526488-839522115-8399\Scripts\Logon\0\0]

    "Script"=sa.bat

    SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

    @="Driver"

    R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys

    R1 ClntMgmt.sys;ClntMgmt.sys;C:\WINDOWS\system32\Drivers\ClntMgmt.sys

    R1 eabfiltr;EABFiltr;\??\C:\WINDOWS\system32\drivers\EABFiltr.sys

    R1 IPSECDRV;SafeNet IPSec Plugin;\??\C:\WINDOWS\system32\Drivers\IPSECDRV.sys

    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

    R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe -k Cognizance

    R2 Crypto;Crypto;\??\C:\WINDOWS\system32\Drivers\Crypto.sys

    R2 ntrtscan;OfficeScanNT RealTime Scan;C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

    R2 TM_CFW;Common Firewall Driver;\??\C:\Program Files\Trend Micro\OfficeScan Client\tm_cfw.sys

    R2 TmFilter;Trend Micro Filter;\??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys

    R2 tmlisten;OfficeScanNT Listener;C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

    R2 TmPreFilter;Trend Micro PreFilter;\??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys

    R2 VSApiNt;Trend Micro VSAPI NT;\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys

    R3 CAMCAUD;Conexant AMC Audio;C:\WINDOWS\system32\drivers\camc6aud.sys

    R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camc6hal.sys

    R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys

    R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys

    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys

    R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys

    S3 eabusb;eabusb;\??\C:\WINDOWS\system32\drivers\eabusb.sys

    S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys

    S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"

    S3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys

    S3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    Cognizance ASChannel

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45d83df0-4bbb-11dd-8c6f-babef0cd1183}]

    AutoRun\command- wscript.exe xiao.vbs

    find\Command- wscript.exe xiao.vbs

    open\Command- wscript.exe xiao.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{654e6360-40f7-11dd-8c53-babea0cb1183}]

    AutoRun\command- wscript.exe xiao.vbs

    find\Command- wscript.exe xiao.vbs

    open\Command- wscript.exe xiao.vbs

    Contents of the 'Scheduled Tasks' folder

    2008-07-11 04:22:00 C:\WINDOWS\Tasks\At1.job

    ************************************************************

    **************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-07-11 12:28:55

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]

    "DisplayName"="\x9458\x225\x9458\x225\1"

    "DeviceDesc"="\x9458\x225\x9458\x225\1"

    "ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b"

    "MFG"="\x564"

    "ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"

    "DeviceInstanceIds"=str(7):"c:\swsetup\vid2\sbdrv\smbus\smbusati.inf"

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    ************************************************************

    **************

    Completion time: 2008-07-11 12:30:16

    C:\ComboFix-quarantined-files.txt ... 2008-07-11 12:30

    --- E O F ---

    nie dia dari combo fix

  4. Posted · Report reply

    sory la geng......

    IE tu aku dah try setkan default homepage dia...... tapi dia aku kuar jugak about:blank.... tapi yang peliknya FF ok je run cantik... aku pakai firefox... tapi nak tahu cam ne nak solve kan benda nie..... ke ada spyware atau malware atau virus yang block nie

  5. Posted · Report reply

    tu repeater yang di pacthes ..dan pengunaan pada linksys model WRT54GL..

    kalau model lain.. kan naya.. tak configure...

    pada sharizal ... ko leh bagi tau tak model apa nak guna.. kalau takde router lagi leh la beli model tu keduanya sekali... kalau ada satu contoh dlink or aztech.. mean ko kena beli wireless repeater plus acces point....

    kalau nak pakai cable beli wireless extended....

    kena pakai sama brand la router wireless tu... em nampaknya x ble buat la.... coz satu cap PROLONIK satu CAP WRT54GL.........

    kena pakai cable jugak la....

  9. Posted · Report reply

    akum

    kat labtop aku dah kena spyware kot.... kuar iklan mcm2 suruh beli... aku dah buat dengan combo fix... dan smartfraudfix tapi x hilang benda tu.... aku try uninstall tapi tak ble.... try buang kat program files kat C tetap tak ble cma ne nak buang benda yang menyusahkan nie

    plze help me :excl:

  10. Posted · Edited by shahrizal · Report reply

    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

    dia kuar benda tu nape

    aku update slalu AV aku....

    aku rasa ok kot AV aku coz aku tak ble download benda tu...... dan tgkj kat protection status mmg ada yang site diblok

    pendapat ko.... tapi x kuar mesej cam ko

  15. Posted · Report reply

    ngko punyer kes pun sama mcm aku nak buat...

    aku guna 2 router wrt54gl, pastu aku sambung guna WDS.

    save sket x pyh nak tarik cable panjang2....

    wpun jd separuh, tp still ok lg speed dia...

    WDS apa dia ye kurang tahu la ... cam nme nak buat line tanpa pakai wire coz cdg aku sok nak tarik wayar dari AP 1 ke AP 2(wrt54gl) tapi dah try ok jln ....

  16. Posted · Report reply

    jarak wireless baru tu tak jauh dalam 50 meter...... yang lama untuk tingkat bawah yang baru untuk tingkat atas.... wirelea router yang baru linsys WRT54G..... apa kaedah yang paling senang nak buat.... coz aku pun kurang lagi ilmu dalam network nie....

  18. Posted · Edited by shahrizal · Report reply

    uiks... monitor bleh jd cam ular? bahaya tu... :huh:

    mesti monitor ko dah lama pakai kan? aku aku rasa monitor ko dah cukup umur kot... beli jela monitor baru..

    ye ke bukan grafik kad ke... duit lagi

  21. Posted · Report reply

    Setahu aku.. kalau router tu tukar mode modem nye jadi bridge maka aktif remote end point jadi 1 sahaja utk pppoe .. dlm kes ni.. kalau pc tu dlm keaadan biasa maka pc tu boleh buat session pppoe.... manakala wireless tu tidak.. cam tu la sebaliknya.

    so kalau keadaan mcm ni sila config balik router tu as pppoe client dan run NAT mcm biasa.. so pc dan wireless run internet bersama.

    maksud tuan.... router x ble setting sebagai bridge la kena setup bagi PPOE... emmm tq...

    satu lagi nak tanya NAT kena disable ke enable....... apa fungsi NAT nie

  23. Posted · Report reply

    akum aku ada satu prob

    aku punya router di sambungkan dengan PC aku dan wireles aku ada password

    aku punya router setting sebagai bridge x pakao PPOE maksudnya kena dial la baru ble connect..... masalahnya bila nak connect kat laptop x ble masuk aku dah masukkan password.. dan kat display bawah kat jam dah tunjukk dah connect... apa kena nie aku x tahu... aku try ping router ok je... ping yahoo x dapat.... harap jasa baik kawan2 dan otai2 bantu saya

×
×
  • Create New...