Jump to content
Sign in to follow this  
Followers 0
shahrizal

Tak Ble Delete Program

By shahrizal, in Utiliti & Sekuriti

Recommended Posts

shahrizal    0

shahrizal
Posted

akum

kat labtop aku dah kena spyware kot.... kuar iklan mcm2 suruh beli... aku dah buat dengan combo fix... dan smartfraudfix tapi x hilang benda tu.... aku try uninstall tapi tak ble.... try buang kat program files kat C tetap tak ble cma ne nak buang benda yang menyusahkan nie

plze help me :excl:

Share this post

Link to post
Share on other sites

baok    0

baok
Posted

selain tu apa cara nak bunang spyware tu

Pos log tu dulu supaya sy boleh tgk apa yg ada.. kalau setakat nak tanya cammana nk buang spyware tu byk caranya.. tp apa yg ada kat dalam komputer tu... so, carik log combofix kat C:\combofix.txt dan post kan log dia kat sini... Takde log, sori, sy takleh tolong..

Share this post

Link to post
Share on other sites

ayoi    1

ayoi
Posted

selain tu apa cara nak bunang spyware tu

instal revo uninstaller... boleh buang program tu..... tapi lepas buang biasa anti spyware yang ada ware tu mula buat hal kat pc.. so prepair la antivirus latest update.

Share this post

Link to post
Share on other sites

Gigabyte    1

Gigabyte
Posted

dld and scan dulu soft yg aku bg tu. Kalau dah scan tpi tak hilang gak baru inform kat sini semula. Antara soft lain blh try spyboot search and destroy search kat google

Share this post

Link to post
Share on other sites

x_quisite    0

x_quisite
Posted

Slm sume..ak cube ko try antispyware ni ..ko msk kat page ni http://www.pctools.com/spyware-doctor/ ^_^

spyware doctor bkan software p'cuma..bley download tp scan je bley..nak remove spyware kne beli dlu..

anyway,bg problem spyware kau tu besanya dia akn link kn ngan webpage..cbe kau bg tau nme page atau url yg spyware tu bkak??..kalo juz spyware biasa kau scan je ngan adaware..cme biasany spyware yg siap ngn link ni xbley ilang dgn scan je spyware je..psal dia da kacau registry comp..nant kau t'msuk lg webpage tu,spyware tu msuk balik..

Share this post

Link to post
Share on other sites

Hiruka    4

Hiruka
Posted

arituh aku kena satu infection nih..pelik gak tetiba kena..tiap kali klik folder akan kuar eror msg nih...

newspywarefn0.jpg

pastu satu webpage akan dibukak dengan paparan cam gambar nih..

newspyware02ch6.jpg

pastu scan pkai SUPERAntispyware, restart terus clean...maybe versi baru gak kot trojan ni..Bitdefender aku pon relax jer....haha

sekadar panduan..klu lom try SUPERAntispyware nih, sila² la..:D

Share this post

Link to post
Share on other sites

shahrizal    0

shahrizal
Posted (edited)

ComboFix 07-08-04.3 - "md_syukor" 2008-07-11 12:23:20.1 [GMT 8:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\bsva-egihsg52.exe

((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))

2008-07-09 09:28 88,576 --a------ C:\WINDOWS\system32\bdsjbrlo.dll

2008-06-25 18:23 321,920 --a------ C:\WINDOWS\system32\fcccbaWo.dll

2008-06-25 18:23 131,757 --ahs---- C:\WINDOWS\system32\oWabcccf.ini2

2008-06-25 18:19 28,800 --a------ C:\WINDOWS\system32\jkkKeddd.dll

2008-06-25 18:18 28,800 --a------ C:\WINDOWS\system32\nnnnKBur.dll

2008-06-25 18:14 <DIR> d-------- C:\Program Files\Antivirus 2008 PRO

2008-06-25 18:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ADSL Software Ltd

2008-06-25 13:55 15,316 ---hs---- C:\WINDOWS\system32\xiao.vbs

2008-06-25 08:51 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\FileOpen

2008-06-25 08:51 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\AdobeUM

2008-06-25 08:34 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll

2008-06-25 08:34 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-06-25 08:34 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-06-25 08:34 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-06-25 08:34 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-06-25 08:34 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-06-25 08:34 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-06-25 08:34 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-25 08:25 <DIR> d-------- C:\WINDOWS\network diagnostic

2008-06-23 17:14 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2008-06-23 17:12 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-06-23 16:33 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\Nikon

2008-06-23 15:59 <DIR> d--hs---- C:\DOCUME~1\MD_SYU~1\UserData

2008-06-23 15:38 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\Yahoo!

2008-06-23 15:37 2,097,152 --ah----- C:\DOCUME~1\MD_SYU~1\NTUSER.DAT

2008-06-23 15:37 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\Symantec

2008-06-23 15:37 <DIR> d-------- C:\DOCUME~1\MD_SYU~1\APPLIC~1\Sonic

2008-06-19 16:08 786,432 --ah----- C:\DOCUME~1\hlow01\NTUSER.DAT

2008-06-19 16:08 <DIR> d-------- C:\DOCUME~1\hlow01\APPLIC~1\Symantec

2008-06-19 16:08 <DIR> d-------- C:\DOCUME~1\hlow01\APPLIC~1\Sonic

2008-06-19 11:42 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-19 11:42 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-12 11:57 <DIR> d-------- C:\DOCUME~1\rarvi01\APPLIC~1\Yahoo!

2008-06-12 11:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-06-12 11:53 --------- d-------- C:\Program Files\Yahoo!

2008-05-08 20:28 202752 --------- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-07 13:18 1287680 --a------ C:\WINDOWS\system32\quartz.dll

2008-05-07 13:18 1287680 --------- C:\WINDOWS\system32\dllcache\quartz.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\winsystem.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\userconfig9x.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\winsystem.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\vbsys2.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\thun32.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\thun.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\temp#01.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\taack.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\taack.dat

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\sysreq.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\ssvchost.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\ssvchost.com

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\ssurf022.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\sncntr.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\Rundl1.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\regm64.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\regc64.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\psoft1.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\psof1.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\ps1.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\newsd32.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\netode.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\mwin32.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\mtr2.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\msvchost.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\mssecu.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\msnbho.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\msgp.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\medup020.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\medup012.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\hoproxy.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\h@tkeysh@@k.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\emesx.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\bdn.com

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\awtoolb.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\anticipator.dll

2008-05-06 09:17 4096 --a------ C:\WINDOWS\system32\akttzn.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\mssecu.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\iTunesMusic.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\FVProtect.exe

2008-05-06 09:17 4096 --a------ C:\WINDOWS\bdn.com

2008-05-06 09:17 4096 --a------ C:\WINDOWS\a.bat

2008-04-23 22:16 3591680 --------- C:\WINDOWS\system32\dllcache\mshtml.dll

2008-04-23 12:16 826368 --------- C:\WINDOWS\system32\dllcache\wininet.dll

2008-04-23 12:16 671232 --------- C:\WINDOWS\system32\dllcache\mstime.dll

2008-04-23 12:16 478208 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll

2008-04-23 12:16 44544 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll

2008-04-23 12:16 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll

2008-04-23 12:16 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll

2008-04-23 12:16 347136 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll

2008-04-23 12:16 27648 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll

2008-04-23 12:16 233472 --------- C:\WINDOWS\system32\dllcache\webcheck.dll

2008-04-23 12:16 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll

2008-04-23 12:16 214528 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll

2008-04-23 12:16 193024 --------- C:\WINDOWS\system32\dllcache\msrating.dll

2008-04-23 12:16 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll

2008-04-23 12:16 133120 --------- C:\WINDOWS\system32\dllcache\extmgr.dll

2008-04-23 12:16 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll

2008-04-23 12:16 1159680 --------- C:\WINDOWS\system32\dllcache\urlmon.dll

2008-04-23 12:16 105984 --------- C:\WINDOWS\system32\dllcache\url.dll

2008-04-23 12:16 102912 --------- C:\WINDOWS\system32\dllcache\occache.dll

2008-04-22 15:40 625664 --------- C:\WINDOWS\system32\dllcache\iexplore.exe

2008-04-22 15:39 70656 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-04-21 15:04 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll

2008-04-21 15:04 1494528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll

2008-04-21 15:03 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll

2008-04-21 15:03 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll

2008-04-21 15:03 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll

2008-04-20 13:07 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39D67F39-6F48-438A-80A2-F86FE363C215}]

2008-06-25 18:18 28800 --a------ C:\WINDOWS\system32\nnnnKBur.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E53D4E9-4C2D-40FA-AFB8-83BA12C58DDB}]

2008-06-25 18:23 321920 --a------ C:\WINDOWS\system32\fcccbaWo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-08-31 15:21]

"3a81bac8"="C:\WINDOWS\system32\bdsjbrlo.dll" [2008-07-09 09:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00]

"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" [2008-06-25 18:14]

"WinSpywareProtect"="C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe" [2008-06-25 18:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

"Explorer"=xiao.vbs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{39D67F39-6F48-438A-80A2-F86FE363C215}"= C:\WINDOWS\system32\nnnnKBur.dll [2008-06-25 18:18 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnKBur]

nnnnKBur.dll 2008-06-25 18:18 28800 C:\WINDOWS\system32\nnnnKBur.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\acaegmgr.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ahnsd.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ahnsdsv.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\APVXDWIN.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arvmon.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVENGINE.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avg.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgnt.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avguard.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccapp.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccevtmgr.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccsetmgr.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defwatch.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\egui.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ekrn.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fwmain.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gr9x3863r.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guid.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp_1.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mcshield.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpstart.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw32.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVFNSVR.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psview.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SMC.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\snipesword.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spidernet.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\srgui.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssm.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Tbmon.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TBSCAN.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\THGUARD.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanHunter.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\woptiutilities.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsyscheck.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZONEALARM.exe]

DEBUGGER=SDF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\fcccbaWo

"Notification Packages"= scecli AsWlnPkg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2000478354-1682526488-839522115-8399\Scripts\Logon\0\0]

"Script"=sa.bat

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

@="Driver"

R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys

R1 ClntMgmt.sys;ClntMgmt.sys;C:\WINDOWS\system32\Drivers\ClntMgmt.sys

R1 eabfiltr;EABFiltr;\??\C:\WINDOWS\system32\drivers\EABFiltr.sys

R1 IPSECDRV;SafeNet IPSec Plugin;\??\C:\WINDOWS\system32\Drivers\IPSECDRV.sys

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe -k Cognizance

R2 Crypto;Crypto;\??\C:\WINDOWS\system32\Drivers\Crypto.sys

R2 ntrtscan;OfficeScanNT RealTime Scan;C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

R2 TM_CFW;Common Firewall Driver;\??\C:\Program Files\Trend Micro\OfficeScan Client\tm_cfw.sys

R2 TmFilter;Trend Micro Filter;\??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys

R2 tmlisten;OfficeScanNT Listener;C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

R2 TmPreFilter;Trend Micro PreFilter;\??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys

R2 VSApiNt;Trend Micro VSAPI NT;\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys

R3 CAMCAUD;Conexant AMC Audio;C:\WINDOWS\system32\drivers\camc6aud.sys

R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camc6hal.sys

R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys

R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys

R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys

S3 eabusb;eabusb;\??\C:\WINDOWS\system32\drivers\eabusb.sys

S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys

S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"

S3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys

S3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45d83df0-4bbb-11dd-8c6f-babef0cd1183}]

AutoRun\command- wscript.exe xiao.vbs

find\Command- wscript.exe xiao.vbs

open\Command- wscript.exe xiao.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{654e6360-40f7-11dd-8c53-babea0cb1183}]

AutoRun\command- wscript.exe xiao.vbs

find\Command- wscript.exe xiao.vbs

open\Command- wscript.exe xiao.vbs

Contents of the 'Scheduled Tasks' folder

2008-07-11 04:22:00 C:\WINDOWS\Tasks\At1.job

************************************************************

**************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-11 12:28:55

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]

"DisplayName"="\x9458\x225\x9458\x225\1"

"DeviceDesc"="\x9458\x225\x9458\x225\1"

"ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b"

"MFG"="\x564"

"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"

"DeviceInstanceIds"=str(7):"c:\swsetup\vid2\sbdrv\smbus\smbusati.inf"

scanning hidden files ...

scan completed successfully

hidden files: 0

************************************************************

**************

Completion time: 2008-07-11 12:30:16

C:\ComboFix-quarantined-files.txt ... 2008-07-11 12:30

--- E O F ---

nie dia dari combo fix

Edited by shahrizal

Share this post

Link to post
Share on other sites

x_quisite    0

x_quisite
Posted

camni la shahrizal..daripada apa yg aku paham,problem kau tu cam problem DaSz..Kalau btul tu problem kau sama cam problem DaSz,aku cadangkan 1 program..kau xyah install pun..Kau download je program yg aku bg ni..Program tu berupaya untuk membuang:

AntiSpyPro, Files Secure, IE AntiVirus, IEDefender,

Malware Bell, and Malware Protector 2008.

Menghilangkan "Fake Alerts" yg dibuat oleh Trojan-Downloader.

Win32.Delf. Removes Trojan-Downloader.Win32.Delf

Program ni xyah install,kau run je..dlam masa lbey kurang sminit (biasany xsmpai),spyware tu akn d remove dan registry kau akan dibetulkan smula..icon kat desktop kau akan hilang skejap smasa dlam proses repair..itu normal..

http://rapidshare.com/files/129380131/Archive.zip

PERINGATAN: Dalam folder zip yg aku bg ni ada 2 program..kau guna SATU sahaja mengikut apa yg aku tulis kat 'note'..Baca file 'note' tu dulu utk kau tahu mne 1 program yg kau kne guna

Share this post

Link to post
Share on other sites

baok    0

baok
Posted (edited)

Helo shahrizal, sori lambat reply... Kalau aku tolong kau tentang masalah spyware dan tak reply kat kau dalam masa 24 jam, tolong ingatkan aku menerusi pm.. kadang2 aku ada hal.. kadang2 aku terlupa..

Bagi aku sedikit masa utk analisa log kau.. jap lg aku bagi aku punya fix

Copy/paste yg di bawah ke dalam Notepad dan save kan kat Desktop sebagai CFScript.txt

KillAll::

File::
C:\WINDOWS\system32\bdsjbrlo.dll
C:\WINDOWS\system32\fcccbaWo.dll
C:\WINDOWS\system32\oWabcccf.ini2
C:\WINDOWS\system32\jkkKeddd.dll
C:\WINDOWS\system32\nnnnKBur.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\bdn.com
C:\WINDOWS\a.bat
C:\WINDOWS\Tasks\At1.job 
C:\WINDOWS\system32\xiao.vbs

Folder::
C:\Program Files\Antivirus 2008 PRO
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39D67F39-6F48-438A-80A2-F86FE363C215}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E53D4E9-4C2D-40FA-AFB8-83BA12C58DDB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3a81bac8"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"antivirus-2008pro.exe"=-
"WinSpywareProtect"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"Explorer"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnKBur] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45d83df0-4bbb-11dd-8c6f-babef0cd1183}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{654e6360-40f7-11dd-8c53-babea0cb1183}]

Kemudian lepas save kat Notepad, drag CFScript.txt tadi ke dalam ComboFix seperti di bawah...

th_CFScript.gif

Kemudian postkan log dia (lepas ComboFix abes proses) kat sini...

-----EDIT-----

Post di edit untuk membetulkan script

Edited by baok

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...