Jump to content
khairulnisa

Virus Yg Send Message Ym Kpd Contact List

Recommended Posts

tak tahu mcm mana nak solve benda ni. sebab asal cari info passl malware ni kat http://www.malwarebytes.org/ pon tak boleh. server not found. try run REG pon dia blink je. camne ek nak hilang benda ni. kesian kat kawan2 asyik terima message yang bukan2 je.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:18 AM, on 8/31/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panasonic\Ncr3\ncrcore3.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\User\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Panasonic\Ncr3\Ncrwd.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\GVR\GVR.exe
C:\Program Files\GVR\GRTP.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13170&l=dis
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ncr3] C:\Program Files\Panasonic\Ncr3\ncrcore3.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\User\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Chit Chat for Facebook] C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.145 203.82.64.129
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 8557 bytes Edited by khairulnisa

Share this post


Link to post
Share on other sites
R3 - [b]URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
[/b][size="2"]O2 - [b]BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)[/b] [/size]
O4 - [b]HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe[/b] [size="2"]

fix entry ni..reboot[/size] Edited by test0123

Share this post


Link to post
Share on other sites
ok..tgh download..tp kan..

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Share this post


Link to post
Share on other sites
dah..tp still tak dapat gak..

ComboFix 10-08-31.01 - User 09/01/2010 10:32:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.595 [GMT 8:00]
Running from: c:\documents and settings\User\My Documents\Downloads\Programs\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100831-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\ldm.exe
c:\documents and settings\User\Application Data\setupv.exe
c:\windows\d4s.hst
c:\windows\struct~.ini
c:\windows\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-08-30 23:46 . 2010-09-01 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Chit Chat For Facebook
2010-08-30 23:46 . 2010-08-30 23:47 -------- d-----w- c:\program files\Chit Chat For Facebook
2010-08-30 23:46 . 2010-08-30 23:46 -------- d-----w- c:\program files\AutocompletePro
2010-08-19 04:52 . 2010-08-19 04:52 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Octoshape
2010-08-18 12:10 . 2010-08-04 11:43 71960 ----a-w- c:\documents and settings\User\Application Data\Octoshape\Octoshape Streaming Services\sua-1008042-0-npoctoshape.dll
2010-08-18 12:10 . 2010-08-04 11:43 438784 ----a-w- c:\documents and settings\User\Application Data\Octoshape\Octoshape Streaming Services\sua-1008042-0-libOctoshapeClient.dll
2010-08-18 12:10 . 2010-08-04 11:43 124184 ----a-w- c:\documents and settings\User\Application Data\Octoshape\Octoshape Streaming Services\sua-1008042-0-apoctoshape.dll
2010-08-14 13:00 . 2010-08-17 15:07 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-10 03:43 . 2010-08-10 03:43 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Yahoo!
2010-08-08 11:53 . 2010-08-08 11:53 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5f2c8106-n\msvcp71.dll
2010-08-08 11:53 . 2010-08-08 11:53 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5f2c8106-n\jmc.dll
2010-08-08 11:53 . 2010-08-08 11:53 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5f2c8106-n\msvcr71.dll
2010-08-08 11:51 . 2010-08-08 11:51 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6610a1c2-n\decora-sse.dll
2010-08-08 11:51 . 2010-08-08 11:51 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6610a1c2-n\decora-d3d.dll
2010-08-02 05:51 . 2010-08-02 05:51 198064 ----a-w- c:\documents and settings\User\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 02:39 . 2010-05-25 08:04 -------- d-----w- c:\documents and settings\User\Application Data\DMCache
2010-08-31 12:01 . 2010-06-02 03:14 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-08-30 23:27 . 2010-01-15 17:11 -------- d-----w- c:\program files\GVR
2010-08-30 23:27 . 2010-01-04 15:12 -------- d-----w- c:\program files\mIRC
2010-08-30 16:31 . 2010-01-04 15:12 -------- d-----w- c:\documents and settings\User\Application Data\mIRC
2010-08-14 13:17 . 2010-05-25 08:04 -------- d-----w- c:\documents and settings\User\Application Data\IDM
2010-08-02 05:50 . 2010-05-25 08:04 -------- d-----w- c:\program files\Internet Download Manager
2010-07-29 22:00 . 2010-07-29 22:00 -------- d-----w- c:\documents and settings\User\Application Data\PlayFirst
2010-07-29 22:00 . 2010-07-29 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-07-29 22:00 . 2010-07-29 21:59 -------- d-----w- c:\program files\Diner Dash - Flo on the Go
2010-07-29 21:41 . 2010-07-29 21:41 -------- d--h--w- c:\documents and settings\User\Application Data\IFViewer
2010-07-29 18:34 . 2010-03-27 15:45 -------- d-----w- c:\program files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter
2010-07-22 04:46 . 2010-01-04 03:45 -------- d-----w- c:\documents and settings\User\Application Data\Winamp
2010-07-21 10:07 . 2010-07-21 10:06 3205464 ----a-w- c:\documents and settings\User\Application Data\IDM\idmupdt.exe
2010-07-19 07:48 . 2010-07-18 13:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-22 11:48 . 2010-06-21 04:17 560 ----a-w- c:\documents and settings\User\Application Data\ViewerApp.dat
2010-06-20 02:51 . 2010-06-20 02:51 50354 ----a-w- c:\documents and settings\User\Application Data\Facebook\uninstall.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll
2004-08-06 20:00 . 2004-08-06 20:00 168371 --sha-r- c:\windows\system32\fmclrdc.dll
.

------- Sigcheck -------

[-] 2009-01-09 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ncr3"="c:\program files\Panasonic\Ncr3\ncrcore3.exe" [2007-10-09 1634304]
"Octoshape Streaming Services"="c:\documents and settings\User\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-11 3171760]
"Chit Chat for Facebook"="c:\program files\Chit Chat For Facebook\CCFFacebook.exe" [2010-07-21 2583040]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-06 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 16248320]
"SkyTel"="SkyTel.EXE" [2006-07-19 2879488]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-13 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-13 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2010-6-20 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2010-6-20 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4658:TCP"= 4658:TCP:igidaxnv

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/24/2010 11:55 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/24/2010 11:55 AM 20560]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [11/4/2008 11:39 AM 14336]
S0 kzfwudda;kzfwudda;c:\windows\system32\Drivers\kzfwudda.sys --> c:\windows\system32\Drivers\kzfwudda.sys [?]
S0 owmylusc;owmylusc;c:\windows\system32\drivers\owmylusc.sys [1/14/2010 2:34 PM 40128]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/16/2010 3:05 PM 133104]
S2 nxsqmcoiq;Center Shell;c:\windows\system32\svchost.exe -k netsvcs [8/7/2004 4:00 AM 14336]
S2 pfptseov;Manager Helper;c:\windows\system32\svchost.exe -k netsvcs [8/7/2004 4:00 AM 14336]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [6/13/2010 8:42 PM 113280]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [7/22/2010 1:11 PM 100736]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys --> c:\windows\system32\DRIVERS\lv321av.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2/19/2010 11:58 PM 7680]
S3 SuperKillFile;SuperKillFile;c:\program files\GVR\geekzd.dll [8/31/2010 6:33 AM 3968]
S3 xkjdrmsm;xkjdrmsm;\??\c:\windows\System32\Drivers\xkjdrmsm.sys --> c:\windows\System32\Drivers\xkjdrmsm.sys [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2/19/2010 11:58 PM 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2/19/2010 11:58 PM 104960]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nxsqmcoiq
pfptseov
.
Contents of the 'Scheduled Tasks' folder

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 07:05]

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 07:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=13170&l=dis
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59} = 203.82.64.145 203.82.64.129
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\pk97mnip.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\User\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\User\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
.
------- File Associations -------
.
scrfile="%1" %*
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-PortGo - (no file)
HKLM-Run-LogitechVideo[inspector] - c:\program files\Acer\OrbiCam\InstallHelper.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 10:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nxsqmcoiq]
"ServiceDll"="c:\windows\system32\fmclrdc.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfptseov]
"ServiceDll"="c:\windows\system32\fmclrdc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0f174d39-3fa6-4fb0-9f36-89c2146c21b7}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d5
"Therad"=dword:0000000d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e5,d7,26,05,0b,6c,1c,c8,25,d0,bb,64,d0,02,ca,0c,50,89,4e,92,91,
1f,57,94,ec,db,5f,69,32,36,56,48,df,ca,0c,c7,af,02,10,35,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3480)
c:\windows\system32\msi.dll
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Panasonic\Ncr3\Ncrwd.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\docume~1\User\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Mobile Partner\Mobile Partner.exe
c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
**************************************************************************
.
Completion time: 2010-09-01 10:43:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-01 02:43

Pre-Run: 12,015,529,984 bytes free
Post-Run: 12,056,875,008 bytes free

- - End Of File - - F7E2BAB909B9AB0D8FCC036B9E60FEEB

Share this post


Link to post
Share on other sites
orait.. mungkin ko kena worm ni >>[b] W32 Sohanad.B or W32 Sohanad.C

[/b]tp sy pun x knfem la. ko try download file ni >> [url="http://avsharath.googlepages.com/DisableW32Sohanad.vbs"]http://avsharath.googlepages.com/DisableW32Sohanad.vbs[/url]

siap d-load, ko double-clikc utk run, pastu restart. lps restart, cari fail >> svhost32.exe << dlm folder windows (klu ada). restart balik, pstu try la YM ko. hrp2 da ok.:125:

Share this post


Link to post
Share on other sites
interesting ! keep it up looking forward more information. I am using [url=http://www.sourcinggate.com/zenithink-zt-180-epad-10-inch-mid-android-21-wifi-720p-gravity-sensor-1ghz-cpu-rj45-adapter-silver-p-14216.html]zenithink[/url] Andriod 2.2 Tablet PC surfing the forum and your post, nice wow,,wow~~.

Share this post


Link to post
Share on other sites
cdgn @lizone76 mmg btol
try uninstall ym
klu bleh,ko gne revouninstaller bio ilang sume traces dlm pc ko
then download latest one,reinstall

malwarebytes xle update?
[url="http://majorgeeks.com/Malwarebytes_Anti-Malware_Database_d6025.html"]download kat sni[/url]

check ko nye host file
die ad tmbh entry kot
C:\WINDOWS\system32\drivers\etc
bkak file hosts gne notepad
klu vista/7,right klik run as admin notepad
delete entri dlm tu except
127.0.0.1 localhost

another choice for malware scanner is Super Anti Spyware

Share this post


Link to post
Share on other sites
На мой взгляд это очень интересная тема. Предлагаю всем активнее принять участие в обсуждении.

--------------------------------------------------------------------
[URL=http://www.pi7.ru/index.php?newsid=3212][IMG]http://2ip.ru/bar/ip13.gif[/IMG][/URL]
Ваш IP... Орерационная система... и Браузер

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...