shahrizal 0 Report post Posted July 2, 2008 akumkat labtop aku dah kena spyware kot.... kuar iklan mcm2 suruh beli... aku dah buat dengan combo fix... dan smartfraudfix tapi x hilang benda tu.... aku try uninstall tapi tak ble.... try buang kat program files kat C tetap tak ble cma ne nak buang benda yang menyusahkan nieplze help me Quote Share this post Link to post Share on other sites
Gigabyte 1 Report post Posted July 2, 2008 kalau kena spyware x blh suka2 delete je kena la scan guna ant ispyware cuba dld soft nie install and scan Quote Share this post Link to post Share on other sites
Optimus07 0 Report post Posted July 2, 2008 Minta tolong kt bro baok... Quote Share this post Link to post Share on other sites
baok 0 Report post Posted July 2, 2008 Minta tolong kt bro baok...Post log ComboFix tuh.. carik kat C:\combofix.txt Quote Share this post Link to post Share on other sites
shahrizal 0 Report post Posted July 3, 2008 selain tu apa cara nak bunang spyware tu Quote Share this post Link to post Share on other sites
baok 0 Report post Posted July 3, 2008 selain tu apa cara nak bunang spyware tuPos log tu dulu supaya sy boleh tgk apa yg ada.. kalau setakat nak tanya cammana nk buang spyware tu byk caranya.. tp apa yg ada kat dalam komputer tu... so, carik log combofix kat C:\combofix.txt dan post kan log dia kat sini... Takde log, sori, sy takleh tolong.. Quote Share this post Link to post Share on other sites
ayoi 1 Report post Posted July 3, 2008 selain tu apa cara nak bunang spyware tuinstal revo uninstaller... boleh buang program tu..... tapi lepas buang biasa anti spyware yang ada ware tu mula buat hal kat pc.. so prepair la antivirus latest update. Quote Share this post Link to post Share on other sites
Gigabyte 1 Report post Posted July 3, 2008 dld and scan dulu soft yg aku bg tu. Kalau dah scan tpi tak hilang gak baru inform kat sini semula. Antara soft lain blh try spyboot search and destroy search kat google Quote Share this post Link to post Share on other sites
Mr.Right 0 Report post Posted July 3, 2008 Slm sume..ak cube ko try antispyware ni ..ko msk kat page ni http://www.pctools.com/spyware-doctor/ Quote Share this post Link to post Share on other sites
x_quisite 0 Report post Posted July 4, 2008 Slm sume..ak cube ko try antispyware ni ..ko msk kat page ni http://www.pctools.com/spyware-doctor/ spyware doctor bkan software p'cuma..bley download tp scan je bley..nak remove spyware kne beli dlu..anyway,bg problem spyware kau tu besanya dia akn link kn ngan webpage..cbe kau bg tau nme page atau url yg spyware tu bkak??..kalo juz spyware biasa kau scan je ngan adaware..cme biasany spyware yg siap ngn link ni xbley ilang dgn scan je spyware je..psal dia da kacau registry comp..nant kau t'msuk lg webpage tu,spyware tu msuk balik.. Quote Share this post Link to post Share on other sites
Hiruka 4 Report post Posted July 4, 2008 arituh aku kena satu infection nih..pelik gak tetiba kena..tiap kali klik folder akan kuar eror msg nih...pastu satu webpage akan dibukak dengan paparan cam gambar nih..pastu scan pkai SUPERAntispyware, restart terus clean...maybe versi baru gak kot trojan ni..Bitdefender aku pon relax jer....hahasekadar panduan..klu lom try SUPERAntispyware nih, sila² la.. Quote Share this post Link to post Share on other sites
B@zShâ„¢ 1 Report post Posted July 4, 2008 (edited) Cuba2 lah juga Malwarebytes Anti-Malware v1.19Boleh download kat bawah niwww.malwarebytes.org Edited July 4, 2008 by B@zSh Quote Share this post Link to post Share on other sites
shahrizal 0 Report post Posted July 11, 2008 (edited) ComboFix 07-08-04.3 - "md_syukor" 2008-07-11 12:23:20.1 [GMT 8:00] - NTFS Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\WINDOWS\system32\bsva-egihsg52.exe((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))2008-07-09 09:28 88,576 --a------ C:\WINDOWS\system32\bdsjbrlo.dll2008-06-25 18:23 321,920 --a------ C:\WINDOWS\system32\fcccbaWo.dll2008-06-25 18:23 131,757 --ahs---- C:\WINDOWS\system32\oWabcccf.ini22008-06-25 18:19 28,800 --a------ C:\WINDOWS\system32\jkkKeddd.dll2008-06-25 18:18 28,800 --a------ C:\WINDOWS\system32\nnnnKBur.dll2008-06-25 18:14 <DIR> d-------- C:\Program Files\Antivirus 2008 PRO2008-06-25 18:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ADSL Software Ltd2008-06-25 13:55 15,316 ---hs---- C:\WINDOWS\system32\xiao.vbs2008-06-25 08:51 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\FileOpen2008-06-25 08:51 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\AdobeUM2008-06-25 08:34 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll2008-06-25 08:34 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll2008-06-25 08:34 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll2008-06-25 08:34 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll2008-06-25 08:34 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll2008-06-25 08:34 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll2008-06-25 08:34 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat2008-06-25 08:34 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe2008-06-25 08:25 <DIR> d-------- C:\WINDOWS\network diagnostic2008-06-23 17:14 <DIR> d-------- C:\Program Files\Windows Media Connect 22008-06-23 17:12 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF2008-06-23 16:33 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\Nikon2008-06-23 15:59 <DIR> d--hs---- C:\DOCUME~1\MD_SYU~1\UserData2008-06-23 15:38 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\Yahoo!2008-06-23 15:37 2,097,152 --ah----- C:\DOCUME~1\MD_SYU~1\NTUSER.DAT2008-06-23 15:37 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\Symantec2008-06-23 15:37 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\Sonic2008-06-19 16:08 786,432 --ah----- C:\DOCUME~1\hlow01\NTUSER.DAT2008-06-19 16:08 <DIR> d-------- C:\DOCUME~1\hlow01\APPLIC~1\Symantec2008-06-19 16:08 <DIR> d-------- C:\DOCUME~1\hlow01\APPLIC~1\Sonic2008-06-19 11:42 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys2008-06-19 11:42 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys2008-06-12 11:57 <DIR> d-------- C:\DOCUME~1\rarvi01\APPLIC~1\Yahoo!2008-06-12 11:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2008-06-12 11:53 --------- d-------- C:\Program Files\Yahoo!2008-05-08 20:28 202752 --------- C:\WINDOWS\system32\dllcache\rmcast.sys2008-05-07 13:18 1287680 --a------ C:\WINDOWS\system32\quartz.dll2008-05-07 13:18 1287680 --------- C:\WINDOWS\system32\dllcache\quartz.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\winsystem.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\userconfig9x.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\winsystem.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\vbsys2.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\thun32.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\thun.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\temp#01.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\taack.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\taack.dat2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\sysreq.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\ssvchost.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\ssvchost.com2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\ssurf022.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\sncntr.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\Rundl1.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\regm64.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\regc64.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\psoft1.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\psof1.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\ps1.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\newsd32.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\netode.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\mwin32.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\mtr2.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\msvchost.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\mssecu.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\msnbho.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\msgp.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\medup020.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\medup012.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\hoproxy.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\h@tkeysh@@k.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\emesx.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\bdn.com2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\awtoolb.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\anticipator.dll2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\akttzn.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\mssecu.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\iTunesMusic.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\FVProtect.exe2008-05-06 09:17 4096 --a------ C:\WINDOWS\bdn.com2008-05-06 09:17 4096 --a------ C:\WINDOWS\a.bat2008-04-23 22:16 3591680 --------- C:\WINDOWS\system32\dllcache\mshtml.dll2008-04-23 12:16 826368 --------- C:\WINDOWS\system32\dllcache\wininet.dll2008-04-23 12:16 671232 --------- C:\WINDOWS\system32\dllcache\mstime.dll2008-04-23 12:16 478208 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll2008-04-23 12:16 44544 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll2008-04-23 12:16 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll2008-04-23 12:16 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll2008-04-23 12:16 347136 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll2008-04-23 12:16 27648 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll2008-04-23 12:16 233472 --------- C:\WINDOWS\system32\dllcache\webcheck.dll2008-04-23 12:16 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll2008-04-23 12:16 214528 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll2008-04-23 12:16 193024 --------- C:\WINDOWS\system32\dllcache\msrating.dll2008-04-23 12:16 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll2008-04-23 12:16 133120 --------- C:\WINDOWS\system32\dllcache\extmgr.dll2008-04-23 12:16 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll2008-04-23 12:16 1159680 --------- C:\WINDOWS\system32\dllcache\urlmon.dll2008-04-23 12:16 105984 --------- C:\WINDOWS\system32\dllcache\url.dll2008-04-23 12:16 102912 --------- C:\WINDOWS\system32\dllcache\occache.dll2008-04-22 15:40 625664 --------- C:\WINDOWS\system32\dllcache\iexplore.exe2008-04-22 15:39 70656 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe2008-04-21 15:04 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll2008-04-21 15:04 1494528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll2008-04-21 15:03 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll2008-04-21 15:03 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll2008-04-21 15:03 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll2008-04-20 13:07 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39D67F39-6F48-438A-80A2-F86FE363C215}]2008-06-25 18:18 28800 --a------ C:\WINDOWS\system32\nnnnKBur.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E53D4E9-4C2D-40FA-AFB8-83BA12C58DDB}]2008-06-25 18:23 321920 --a------ C:\WINDOWS\system32\fcccbaWo.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-08-31 15:21]"3a81bac8"="C:\WINDOWS\system32\bdsjbrlo.dll" [2008-07-09 09:28][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00]"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" [2008-06-25 18:14]"WinSpywareProtect"="C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe" [2008-06-25 18:16][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]"Explorer"=xiao.vbs[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{39D67F39-6F48-438A-80A2-F86FE363C215}"= C:\WINDOWS\system32\nnnnKBur.dll [2008-06-25 18:18 28800][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnKBur] nnnnKBur.dll 2008-06-25 18:18 28800 C:\WINDOWS\system32\nnnnKBur.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\acaegmgr.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ahnsd.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ahnsdsv.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\APVXDWIN.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arvmon.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVENGINE.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avg.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgnt.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avguard.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccapp.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccevtmgr.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccsetmgr.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defwatch.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\egui.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ekrn.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fwmain.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gr9x3863r.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guid.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp_1.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mcshield.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpstart.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw32.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVFNSVR.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psview.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SMC.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\snipesword.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spidernet.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\srgui.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssm.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Tbmon.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TBSCAN.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\THGUARD.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanHunter.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\woptiutilities.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsyscheck.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZONEALARM.exe]DEBUGGER=SDF[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\WINDOWS\system32\fcccbaWo"Notification Packages"= scecli AsWlnPkg[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2000478354-1682526488-839522115-8399\Scripts\Logon\0\0]"Script"=sa.batSafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]@="Driver"R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sysR1 ClntMgmt.sys;ClntMgmt.sys;C:\WINDOWS\system32\Drivers\ClntMgmt.sysR1 eabfiltr;EABFiltr;\??\C:\WINDOWS\system32\drivers\EABFiltr.sysR1 IPSECDRV;SafeNet IPSec Plugin;\??\C:\WINDOWS\system32\Drivers\IPSECDRV.sysR1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sysR2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe -k CognizanceR2 Crypto;Crypto;\??\C:\WINDOWS\system32\Drivers\Crypto.sysR2 ntrtscan;OfficeScanNT RealTime Scan;C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exeR2 TM_CFW;Common Firewall Driver;\??\C:\Program Files\Trend Micro\OfficeScan Client\tm_cfw.sysR2 TmFilter;Trend Micro Filter;\??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sysR2 tmlisten;OfficeScanNT Listener;C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exeR2 TmPreFilter;Trend Micro PreFilter;\??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sysR2 VSApiNt;Trend Micro VSAPI NT;\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sysR3 CAMCAUD;Conexant AMC Audio;C:\WINDOWS\system32\drivers\camc6aud.sysR3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camc6hal.sysR3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sysR3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sysR3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sysR3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sysS3 eabusb;eabusb;\??\C:\WINDOWS\system32\drivers\eabusb.sysS3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sysS3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"S3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sysS3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]Cognizance ASChannel[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45d83df0-4bbb-11dd-8c6f-babef0cd1183}]AutoRun\command- wscript.exe xiao.vbsfind\Command- wscript.exe xiao.vbsopen\Command- wscript.exe xiao.vbs[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{654e6360-40f7-11dd-8c53-babea0cb1183}]AutoRun\command- wscript.exe xiao.vbsfind\Command- wscript.exe xiao.vbsopen\Command- wscript.exe xiao.vbsContents of the 'Scheduled Tasks' folder2008-07-11 04:22:00 C:\WINDOWS\Tasks\At1.job **************************************************************************catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-11 12:28:55Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden registry entries ...[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]"DisplayName"="\x9458\x225\x9458\x225\1""DeviceDesc"="\x9458\x225\x9458\x225\1""ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b""MFG"="\x564""ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF""DeviceInstanceIds"=str(7):"c:\swsetup\vid2\sbdrv\smbus\smbusati.inf"scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2008-07-11 12:30:16C:\ComboFix-quarantined-files.txt ... 2008-07-11 12:30 --- E O F ---nie dia dari combo fix Edited July 11, 2008 by shahrizal Quote Share this post Link to post Share on other sites
x_quisite 0 Report post Posted July 13, 2008 camni la shahrizal..daripada apa yg aku paham,problem kau tu cam problem DaSz..Kalau btul tu problem kau sama cam problem DaSz,aku cadangkan 1 program..kau xyah install pun..Kau download je program yg aku bg ni..Program tu berupaya untuk membuang:AntiSpyPro, Files Secure, IE AntiVirus, IEDefender,Malware Bell, and Malware Protector 2008.Menghilangkan "Fake Alerts" yg dibuat oleh Trojan-Downloader.Win32.Delf. Removes Trojan-Downloader.Win32.Delf Program ni xyah install,kau run je..dlam masa lbey kurang sminit (biasany xsmpai),spyware tu akn d remove dan registry kau akan dibetulkan smula..icon kat desktop kau akan hilang skejap smasa dlam proses repair..itu normal..http://rapidshare.com/files/129380131/Archive.zipPERINGATAN: Dalam folder zip yg aku bg ni ada 2 program..kau guna SATU sahaja mengikut apa yg aku tulis kat 'note'..Baca file 'note' tu dulu utk kau tahu mne 1 program yg kau kne guna Quote Share this post Link to post Share on other sites
baok 0 Report post Posted July 13, 2008 (edited) Helo shahrizal, sori lambat reply... Kalau aku tolong kau tentang masalah spyware dan tak reply kat kau dalam masa 24 jam, tolong ingatkan aku menerusi pm.. kadang2 aku ada hal.. kadang2 aku terlupa..Bagi aku sedikit masa utk analisa log kau.. jap lg aku bagi aku punya fixCopy/paste yg di bawah ke dalam Notepad dan save kan kat Desktop sebagai CFScript.txtKillAll:: File:: C:\WINDOWS\system32\bdsjbrlo.dll C:\WINDOWS\system32\fcccbaWo.dll C:\WINDOWS\system32\oWabcccf.ini2 C:\WINDOWS\system32\jkkKeddd.dll C:\WINDOWS\system32\nnnnKBur.dll C:\WINDOWS\winsystem.exe C:\WINDOWS\userconfig9x.dll C:\WINDOWS\system32\WINWGPX.EXE C:\WINDOWS\system32\winsystem.exe C:\WINDOWS\system32\winlogonpc.exe C:\WINDOWS\system32\vcatchpi.dll C:\WINDOWS\system32\vbsys2.dll C:\WINDOWS\system32\thun32.dll C:\WINDOWS\system32\thun.dll C:\WINDOWS\system32\temp#01.exe C:\WINDOWS\system32\taack.exe C:\WINDOWS\system32\taack.dat C:\WINDOWS\system32\sysreq.exe C:\WINDOWS\system32\ssvchost.exe C:\WINDOWS\system32\ssvchost.com C:\WINDOWS\system32\ssurf022.dll C:\WINDOWS\system32\sncntr.exe C:\WINDOWS\system32\Rundl1.exe C:\WINDOWS\system32\regm64.dll C:\WINDOWS\system32\regc64.dll C:\WINDOWS\system32\psoft1.exe C:\WINDOWS\system32\psof1.exe C:\WINDOWS\system32\ps1.exe C:\WINDOWS\system32\newsd32.exe C:\WINDOWS\system32\netode.exe C:\WINDOWS\system32\mwin32.exe C:\WINDOWS\system32\mtr2.exe C:\WINDOWS\system32\msvchost.exe C:\WINDOWS\system32\mssecu.exe C:\WINDOWS\system32\msnbho.dll C:\WINDOWS\system32\msgp.exe C:\WINDOWS\system32\medup020.dll C:\WINDOWS\system32\medup012.dll C:\WINDOWS\system32\hxiwlgpm.exe C:\WINDOWS\system32\hxiwlgpm.dat C:\WINDOWS\system32\hoproxy.dll C:\WINDOWS\system32\h@tkeysh@@k.dll C:\WINDOWS\system32\emesx.dll C:\WINDOWS\system32\dpcproxy.exe C:\WINDOWS\system32\bdn.com C:\WINDOWS\system32\awtoolb.dll C:\WINDOWS\system32\anticipator.dll C:\WINDOWS\system32\akttzn.exe C:\WINDOWS\mssecu.exe C:\WINDOWS\iTunesMusic.exe C:\WINDOWS\FVProtect.exe C:\WINDOWS\bdn.com C:\WINDOWS\a.bat C:\WINDOWS\Tasks\At1.job C:\WINDOWS\system32\xiao.vbs Folder:: C:\Program Files\Antivirus 2008 PRO C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39D67F39-6F48-438A-80A2-F86FE363C215}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E53D4E9-4C2D-40FA-AFB8-83BA12C58DDB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "3a81bac8"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "antivirus-2008pro.exe"=- "WinSpywareProtect"=- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] "Explorer"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnKBur] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45d83df0-4bbb-11dd-8c6f-babef0cd1183}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{654e6360-40f7-11dd-8c53-babea0cb1183}]Kemudian lepas save kat Notepad, drag CFScript.txt tadi ke dalam ComboFix seperti di bawah...Kemudian postkan log dia (lepas ComboFix abes proses) kat sini...-----EDIT-----Post di edit untuk membetulkan script Edited July 13, 2008 by baok Quote Share this post Link to post Share on other sites