khend: Trojan / HTML Script Virus (Windows XP)

Khend

Trojan / HTML Script Virus (Windows XP)

Selama seminggu terakhir ini, Avira telah memperingatkan saya beberapa kali Trojan, namun juga bukan merupakan sistem Avira scan penuh, atau scan MBAM menemukan apa pun.

Saya telah diposting log DDS, dan melekat baik attach.txt dan ark.txt sebagai file. Zip.

Terima kasih telah meluangkan waktu untuk melihat.

Berikut adalah item di saya Avira karantina:

Berisi pengenalan pola dari appl / WinLock.A aplikasi C: \ Documents and Settings \ Steve \ Application Data \ dwlGina3.dll
Berisi pengenalan pola dari appl / WinLock.A aplikasi C: \ Documents and Settings \ Steve \ Local Settings \ Application Data \ dwlGina3.dll
Berisi pengenalan pola dari appl / WinLock.A aplikasi C: \ Documents and Settings \ Steve \ Local Settings \ Application Data \ dwlGina3.dll
Berisi pengenalan pola dari appl / WinLock.A aplikasi C: \ Documents and Settings \ Dan \ Application Data \ dwlGina3.dll
Berisi pengenalan pola virus HTML / Malicious.PDF.Gen script HTML C: \ Documents and Settings \ Steve \ Local Settings \ Temp \ Acr3B.tmp
Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068379.exe
Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068380.exe
Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068381.exe
Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068382.exe
Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068383.exe
Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068384.exe
Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068385.exe
Apakah TR / Trash.Gen Trojan C: \ System Volume Information \ _restore {1E827FEA-C1CA-4779-8180-5FD4C976D44A} \ RP281 \ A0068386.exe
Berisi pengenalan pola EXP / Pidief.akx mengeksploitasi C: \ Documents and Settings \ Steve \ Local Settings \ Temp \ plugtmp-1 \ 1ddfp.php plugin-

Berikut ini saya log DDS:
.
DDS (Ver_2011-08-26,01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Jalankan oleh Dan di 16:00:28 pada 2011/11/09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.182 [GMT 0:00]
.
AV: AntiVir Desktop * Diaktifkan / Diperbarui * {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Menjalankan Proses ===============
.
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost-k DcomLaunch
svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs
svchost.exe
svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Avira \ AntiVir Desktop \ sched.exe
svchost.exe
C: \ Program Files \ Avira \ AntiVir Desktop \ avguard.exe
C: \ Program Files \ Common Files \ Apple \ Dukungan Mobile Device \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ EXE
c: \ APPS \ PowerCinema \ Kernel \ TV \ CLCapSvc.exe
c: \ APPS \ PowerCinema \ Kernel \ CLML_NTService \ CLMLServer.exe
C: \ Program Files \ Avira \ AntiVir Desktop \ avshadow.exe
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ svchost.exe-k imgsvc
C: \ Program Files \ Sonic \ DigitalMedia LE v7 \ MyDVD LE \ USBDeviceService.exe
c: \ APPS \ PowerCinema \ Kernel \ TV \ CLSched.exe
C: \ WINDOWS \ System32 \ svchost.exe-k HTTPFilter
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ SOUNDMAN.EXE
C: \ APPS \ PowerCinema \ PCMService.exe
C: \ Program Files \ Sonic \ DigitalMedia LE v7 \ MyDVD LE \ DetectorApp.exe
C: \ Program Files \ Common Files \ InstallShield \ updateservice \ issch.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ PROGRA ~ 1 \ GOTOSO ~ 1 \ VADERE ~ 1 \ Vaderetro_oe.exe
C: \ Program Files \ Avira \ AntiVir Desktop \ avgnt.exe
C: \ Program Files \ Common Files \ Java \ Java Pembaruan \ jusched.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Documents and Settings \ Dan \ Desktop \ dds.scr
.
============== Pseudo HJT Laporan ===============
.
uStart Halaman = sekitar : Kosong
mDefault_Page_URL = hxxp :/ / www.yahoo.com/?ilc=8
mStart Halaman = hxxp :/ / www.yahoo.com/?ilc=8
Pengaturan uInternet, ProxyOverride = *. lokal
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - Tidak Ada File
BHO: Kelas AcroIEHlprObj: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c: \ program files \ adobe \ acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - Tidak Ada File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c: \ program files \ file umum \ microsoft shared \ windows live \ WindowsLiveLogin.dll
BHO: Java (tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c: \ program files \ java \ jre6 \ bin \ jp2ssv.dll
BHO: JQSIEStartDetectorImpl Kelas: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c: \ program files \ java \ jre6 \ lib \ menyebarkan \ jqs \ yaitu \ jqs_plugin.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - Tidak Ada File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Tidak Ada File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Tidak Ada File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c: \ windows \ system32 \ shdocvw.dll
uRun: [CCleaner] "c: \ program files \ CCleaner \ CCleaner.exe" / AUTO
uRun: [ctfmon.exe] c: \ windows \ system32 \ ctfmon.exe
mRun: [soundman] SOUNDMAN.EXE
mRun: [PCMService] "c: \ aplikasi \ PowerCinema \ PCMService.exe"
mRun: [DetectorApp] c: \ program files \ sonik \ digitalmedia le v7 \ mydvd le \ DetectorApp.exe
mRun: [ISUSPM Startup] c: \ progra ~ 1 \ umum ~ 1 \ instal ~ 1 \ pembaruan ~ 1 \ ISUSPM.exe-startup
mRun: [ISUSScheduler] "c: \ program files \ file umum \ InstallShield \ updateservice \ issch.exe"-start
mRun: [Vade Retro Outlook Express] "c: \ progra ~ 1 \ gotoso ~ 1 \ vadere ~ 1 \ Vaderetro_oe.exe"
mRun: [avgnt] "c: \ program files \ avira \ AntiVir Desktop \ avgnt.exe" / menit
mRun: [SunJavaUpdateSched] "c: \ program files \ file umum \ java \ java update \ jusched.exe"
dRun: [ctfmon.exe] c: \ windows \ system32 \ ctfmon.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} -% windir% \ Jaringan Diagnostik \ xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c: \ program files \ utusan \ msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c: \ windows \ system32 \ shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp :/ / java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp :/ / java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp :/ / java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp :/ / java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Antarmuka \ {F9F330CE-AFF2-4E0E-9E59-E25077BFCC77}: DhcpNameServer = 192.168.0.1
Beritahu: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c: \ windows \ system32 \ WPDShServiceObj.dll
Host: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c: \ Documents and Settings \ Dan \ aplikasi data \ mozilla \ firefox \ profiles \ 2cqiyjwl.default \
.
============= LAYANAN / DRIVER ===============
.
R1 avgio; avgio c: \ program files \ avira \ AntiVir Desktop \ avgio.sys [2010/11/03 11608]
R2 AntiVirSchedulerService; Avira AntiVir Penjadwal c: \ program files \ avira \ AntiVir Desktop \ sched.exe [2010/11/03 136.360]
R2 AntiVirService; Avira AntiVir Garda c: \ program files \ avira \ AntiVir Desktop \ avguard.exe [2010/11/03 269.480]
R2 avgntflt; avgntflt c: \ windows \ system32 \ drivers \ avgntflt.sys [2010/11/03 66616]
Clr_optimization_v4.0.30319_32 S2, Microsoft NET Framework NGEN v4.0.30319_X86 c:. \ Windows \ microsoft.net \ kerangka \ v4.0.30319 \ mscorsvw.exe [2010/03/18 130.384]
S3 Lavasoft Kernexplorer; Lavasoft pembantu pengemudi; \ \ c:? -: [?] \ Program files \ Lavasoft \ ad-aware \ kernexplorer.sys> c \ program files \ Lavasoft \ ad-aware \ KernExplorer.sys
S3 WinRM; Windows Remote Management (WS-Management); c: \ windows \ system32 \ svchost.exe-k WinRM [2006/09/05 14336]
S3 WPFFontCache_v0400; Windows Presentation Foundation Font Cache 4.0.0.0 c: \ windows \ microsoft.net \ kerangka \ v4.0.30319 \ WPF \ WPFFontCache_v0400.exe [2010/03/18 753.504]
.
=============== Dibuat 30 terakhir ================
.
2011/11/09 15:17:38 -------- d - h - r-c: \ Documents and Settings \ Dan \ terbaru
2011/11/04 19:57:55 -------- d ----- w-c: \ program files \ Realtek AC97
.
==================== Find3M ====================
.
2011/10/17 11:07:35 414.368 ---- aw-c: \ windows \ system32 \ FlashPlayerCPLApp.cpl
2011-10-03 04

03 472808 ---- aw-c: \ windows \ system32 \ deployJava1.dll
2011/10/03 01:37:52 73728 ---- aw-c: \ windows \ system32 \ javacpl.cpl
2011/09/26 10:41:20 611.328 ---- aw-c: \ windows \ system32 \ uiautomationcore.dll
2011/09/26 10:41:20 220.160 ---- aw-c: \ windows \ system32 \ oleacc.dll
2011/09/26 10:41:14 20480 ---- aw-c: \ windows \ system32 \ oleaccrc.dll
2011/09/22 10:36:23 101.720 ---- aw-c: \ windows \ system32 \ drivers \ SBREDrv.sys
2011/09/09 09:12:13 599.040 ---- aw-c: \ windows \ system32 \ crypt32.dll
2011/09/06 13:20:51 1.858.944 ---- aw-c: \ windows \ system32 \ win32k.sys
2011/08/31 16:00:50 22216 ---- aw-c: \ windows \ system32 \ drivers \ mbam.sys
2011/08/22 23:48:55 916.480 ---- aw-c: \ windows \ system32 \ wininet.dll
2011/08/22 23:48:54 43.520 ------ w-c: \ windows \ system32 \ licmgr10.dll
2011/08/22 23:48:54 1.469.440 ------ w-c: \ windows \ system32 \ inetcpl.cpl
2011/08/22 11:56:39 385.024 ---- aw-c: \ windows \ system32 \ html.iec
2011/08/17 13:49:54 138.496 ---- aw-c: \ windows \ system32 \ drivers \ afd.sys
.
============= FINISH: 16:01:38.46 ===============

Re: Trojan / Virus Script HTML (Windows XP)

Halo HertsMan123. Mari kita lihat apakah ComboFix menemukan apa-apa.

-------------------------------------------------- ----

Harap tetap dengan saya sampai diberi 'semua jelas' bahkan jika gejala yang tampaknya mereda.

Mohon ikuti petunjuk saya dan silahkan lakukan tidak memperbaiki sendiri atau menjalankan scanner kecuali diminta oleh penolong.

-------------------------------------------------- ----

Jika ada file pribadi, pics, dll pada komputer Anda, Anda tidak bisa hidup tanpa, kembali mereka sekarang hanya sebagai pencegahan.

Cadangan Darurat Prosedur - Forum Tech Support

-------------------------------------------------- ----

Silakan kunjungi halaman web untuk link download, dan petunjuk untuk menjalankan ComboFix:

Sebuah panduan dan tutorial tentang cara menggunakan ComboFix

* Pastikan Anda telah menonaktifkan semua program antivirus dan antimalware sehingga mereka tidak mengganggu jalannya ComboFix.

Mendapatkan bantuan di sini

Silahkan posting C: \ ComboFix.txt dalam balasan Anda berikutnya untuk diperiksa lebih lanjut.

Silahkan mengaktifkan kembali antivirus anda sebelum posting log ComboFix.txt.

Re: Trojan / Virus Script HTML (Windows XP)

ComboFix Login di bawah. Aku membuka Avira untuk menonaktifkan Anti Virus, dan mengatakan Menonaktifkan, namun ketika saya berlari ComboFix pesan muncul mengatakan AntiVirus itu masih berjalan, tapi itu scan akan berlanjut.
Setelah ComboFix telah menjalankan scan, sebuah shortcut Internet Explorer muncul di desktop saya.
Lag masih terjadi.

Terima kasih :)

ComboFix 11-11-14.02 - Dan 14/11/2011 18:12:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.247 [GMT 0:00]
Menjalankan dari: c: \ Documents and Settings \ Dana \ Desktop \ ComboFix.exe
AV: AntiVir Desktop * Diaktifkan / Diperbarui * {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((Penghapusan lain))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
c: \ Documents and Settings \ Administrator \ WINDOWS
c: \ Documents and Settings \ All Users \ Application Data \ Tarma Installer
c: \ Documents and Settings \ All Users \ Application Data \ Tarma Installer \ {D6B25B8D-0566-42B1-A23D-7576138435D6} \ _Setup.dll
c: \ Documents and Settings \ All Users \ Application Data \ Tarma Installer \ {D6B25B8D-0566-42B1-A23D-7576138435D6} \ Setup.dat
c: \ Documents and Settings \ All Users \ Application Data \ Tarma Installer \ {D6B25B8D-0566-42B1-A23D-7576138435D6} \ Setup.exe
c: \ Documents and Settings \ All Users \ Application Data \ Tarma Installer \ {D6B25B8D-0566-42B1-A23D-7576138435D6} \ Setup.ico
c: \ Documents and Settings \ Dan \ WINDOWS
c: \ Documents and Settings \ Default User \ WINDOWS
c: \ Documents and Settings \ Steve \ Local Settings \ Application Data \ uk6.exe
c: \ Documents and Settings \ Steve \ Local Settings \ Application Data \ uk66.exe
c: \ Documents and Settings \ Steve \ WINDOWS
C: \ install.exe
c: \ windows \ system32 \ config \ systemprofile \ WINDOWS
.
.
(((((((((((((((((((((((((File Dibuat dari 2011/10/14 ke 2011-11-14))))))))))) ))))))))))))))))))))
.
.
2011/11/14 16:24. 2011/11/14 18:30 -------- d ----- w-c: \ Documents and Settings \ Administrator
2011/11/04 19:57. 2011/11/04 19:58 -------- d ----- w-c: \ program files \ Realtek AC97
2011/11/04 16:17. 2011/11/04 16:17 -------- d ----- w-c: \ Documents and Settings \ New Folder
.
.
.
((((((((((((((((((((((((((((((((((((((((Find3M Laporan)))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2011/11/13 09:10. 2011/08/28 16:11 414.368 ---- aw-c: \ windows \ system32 \ FlashPlayerCPLApp.cpl
2011/10/10 14:22. 2006/08/27 19:30 692.736 ---- aw-c: \ windows \ system32 \ inetcomm.dll
2011/10/03 04:06. 2010-11-02 22:19 472.808 ---- aw-c: \ windows \ system32 \ deployJava1.dll
2011/10/03 01:37. 2011/07/01 19:00 73728 ---- aw-c: \ windows \ system32 \ javacpl.cpl
2011/09/28 07:06. 2006/09/05 14:50 599.040 ---- aw-c: \ windows \ system32 \ crypt32.dll
2011/09/26 10:41. 2008-07-29 19:59 611.328 ---- aw-c: \ windows \ system32 \ uiautomationcore.dll
2011/09/26 10:41. 2006/09/05 14:56 220.160 ---- aw-c: \ windows \ system32 \ oleacc.dll
2011/09/26 10:41. 2006/09/05 14:56 20.480 ---- aw-c: \ windows \ system32 \ oleaccrc.dll
2011/09/22 10:36. 2011/03/17 09:50 101.720 ---- aw-c: \ windows \ system32 \ drivers \ SBREDrv.sys
2011/09/06 13:20. 2006-08-28 3:19 1.858.944 ---- aw-c: \ windows \ system32 \ win32k.sys
2011/08/31 16:00. 2010-11-03 21:33 22216 ---- aw-c: \ windows \ system32 \ drivers \ mbam.sys
2011/08/22 23:48. 2006-08-28 03:19 916.480 ---- aw-c: \ windows \ system32 \ wininet.dll
2011/08/22 23:48. 2006/09/05 14:54 43.520 ------ w-c: \ windows \ system32 \ licmgr10.dll
2011/08/22 23:48. 2006/09/05 14:52 1.469.440 ------ w-c: \ windows \ system32 \ inetcpl.cpl
2011/08/22 11:56. 2006/09/05 14:52 385.024 ---- aw-c: \ windows \ system32 \ html.iec
2011/08/17 13:49. 2006/09/05 14:49 138.496 ---- aw-c: \ windows \ system32 \ drivers \ afd.sys
.
.
(((((((((((((((((((((((((((((((((((((Reg Poin Memuat)))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Catatan * entri kosong & entri standar legit tidak ditampilkan
REGEDIT4
.
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]
"CCleaner" = "c: \ program files \ CCleaner \ CCleaner.exe" [2011/07/25 2585408]
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]
"Penata suara" = "SOUNDMAN.EXE" [2007/04/16 577.536]
"PCMService" = "c: \ aplikasi \ PowerCinema \ PCMService.exe" [2006/02/23 147.456]
"DetectorApp" = "c: \ program files \ Sonic \ DigitalMedia LE v7 \ MyDVD LE \ DetectorApp.exe" [2005/10/20 102400]
"ISUSPM Startup" = "c: \ progra ~ 1 \ UMUM ~ 1 \ instal ~ 1 \ UPDATE ~ 1 \ ISUSPM.exe" [2004-07-27 221.184]
"ISUSScheduler" = "c: \ program files \ Common Files \ InstallShield \ updateservice \ issch.exe" [2004-07-27 81920]
"Vade Retro Outlook Express" = "c: \ progra ~ 1 \ GOTOSO ~ 1 \ VADERE ~ 1 \ Vaderetro_oe.exe" [2004/10/04 310.272]
"Avgnt" = "c: \ program files \ Avira \ AntiVir Desktop \ avgnt.exe" [2010-08-02 281.768]
"SunJavaUpdateSched" = "c: \ program files \ Common Files \ Java \ Java Pembaruan \ jusched.exe" [2011/06/09 254.696]
.
[HKEY_USERS \ DEFAULT \ Software \ Microsoft. \ Windows \ CurrentVersion \ Run]
"Ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008/04/14 15360]
.
[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Semua Pengguna Start Menu ^ ^ Program Startup ^ Adobe Reader Kecepatan Launch.lnk]
path = c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Reader Kecepatan Launch.lnk
cadangan = c: \ windows \ PSS \ Adobe Reader Kecepatan Launch.lnkCommon Startup
.
[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Dan Start Menu ^ ^ Program Startup ^ EvernoteClipper.lnk]
path = c: \ Documents and Settings \ Dan \ Start Menu \ Programs \ Startup \ EvernoteClipper.lnk
cadangan = c: \ windows \ PSS \ EvernoteClipper.lnkStartup
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ Messenger (Yahoo!)]
2009-05-26 20:06 4.351.216 ---- aw-c: \ program files \ Yahoo! \ Messenger \ yahoomessenger.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ QuickTime Task]
2010-11-29 17:38 421.888 ---- aw-c: \ program files \ QuickTime \ QTTask.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ RealTray]
2006/08/27 20:28 26112-c - aw-c: \ program files \ Estat \ RealPlayer \ realplay.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ Recguard]
2002/09/13 20:42 212992-c - aw-c: \ windows \ SMINST \ Recguard.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ RIMBBLaunchAgent.exe]
2011-02-18 10:47 79192-c - aw-c: \ program files \ Common Files \ Research In Motion \ USB Driver \ RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ Yahoo! Pager]
2009-05-26 20:06 4.351.216 ---- aw-c: \ program files \ Yahoo! \ Messenger \ yahoomessenger.exe
.
[HKLM \ ~ \ jasa \ sharedaccess \ parameters \ firewallpolicy \ standardprofile \ AuthorizedApplications \ Daftar]
"% Windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ APPS \ \ PowerCinema \ \ PowerCinema.exe" =
"C: \ \ APPS \ \ PowerCinema \ \ PCMService.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ yahoomessenger.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"% Windir% \ \ Jaringan Diagnostik \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ wlcsdk.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Bonjour \ \ EXE" =
"C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" =
"C: \ \ Program Files \ \ Research In Motion \ \ BlackBerry Desktop \ \ Rim.Desktop.exe" =
.
[HKLM \ ~ \ jasa \ sharedaccess \ parameters \ firewallpolicy \ standardprofile \ GloballyOpenPorts \ Daftar]
"5985: TCP" = 5985: TCP: *: diaktifkan: Windows Remote Management
.
R2 AntiVirSchedulerService; Avira AntiVir Penjadwal c: \ program files \ Avira \ AntiVir Desktop \ sched.exe [2011/04/27 136.360]
R2 clr_optimization_v4.0.30319_32; Microsoft NET Framework NGEN v4.0.30319_X86 c:. \ Windows \ Microsoft.NET \ Framework \ v4.0.30319 \ mscorsvw.exe [2010-03-18 130.384]
R3 Lavasoft Kernexplorer; Lavasoft sopir pembantu; c: \ program files \ Lavasoft \ Ad-Aware \ KernExplorer.sys [x]
R3 WPFFontCache_v0400; Windows Presentation Foundation Cache font 4.0.0.0 c: \ windows \ Microsoft.NET \ Framework \ v4.0.30319 \ WPF \ WPFFontCache_v0400.exe [2010-03-18 753.504]
.
.
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ svchost]
WinRM REG_MULTI_SZ WinRM
.
Isi folder 'Scheduled Tasks'
.
2011/11/12 c: \ windows \ Tasks \ AppleSoftwareUpdate.job
- C: \ program files \ Apple Software Update \ SoftwareUpdate.exe [2009-10-22 11:50]
.
.
Pindai Tambahan ------- -------
.
uStart Halaman = sekitar : Kosong
mStart Halaman = hxxp :/ / www.yahoo.com/?ilc=8
Pengaturan uInternet, ProxyOverride = *. lokal
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c: \ Documents and Settings \ Dan \ Application Data \ Mozilla \ Firefox \ Profiles \ 2cqiyjwl.default \
FF - prefs.js: browser.startup.homepage - sekitar : Kosong
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c: \ program files \ Mozilla Firefox \ extensions \ {972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: pdf download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} -%% profil \ extensions \ {37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} -%% profil \ extensions \ {3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: NoScript: {73a6fe31-595d-460b-A920-fcc0f8843232} -%% profil \ extensions \ {73a6fe31-595d-460b-A920-fcc0f8843232}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} -%% profil \ extensions \ {b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - profil%% \ extensions \ {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -%% profil \ extensions \ {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Pixlr Grabber: {d47a9f51-8281-43fa-f450-f28ef8735e9a} -%% profil \ extensions \ {d47a9f51-8281-43fa-f450-f28ef8735e9a}
FF - Ext: Microsoft Kerangka Asisten NET: {20a82645-c095-46ed-80e3-08825760534b} - c:. \ Windows \ Microsoft.NET \ Framework \ v3.5 \ Windows Presentation Foundation \ DotNetAssistantExtension
FF - Ext: Jawa Cepat Starter: jqs@sun.com - c: \ program files \ Java \ jre6 \ lib \ menyebarkan \ jqs \ ff
.
ANAK YATIM ---- DIHAPUS ----
.
SafeBoot-Wdf01000.sys
MSConfigStartUp-BlackBerryAutoUpdate - c: \ program files \ Common Files \ Research In Motion \ Auto Update \ RIMAutoUpdate.exe
MSConfigStartUp-iTunesHelper - c: \ program files \ iTunes \ iTunesHelper.exe
MSConfigStartUp-MsnMsgr - c: \ program files \ MSN Messenger \ msnmsgr.exe
AddRemove-{D6B25B8D-0566-42B1-A23D-7576138435D6} - c: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ applic ~ 1 \ TARMAI ~ 1 \ {D6B25 ~ 1 \ Setup.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit / siluman detektor malware dengan GMER, GMER - Rootkit Detector dan Remover
Rootkit Scan 2011/11/14 18:33
Jendela 5.1.2600 Service Pack 3 NTFS
.
scanning proses tersembunyi ...
.
pemindaian entri autostart tersembunyi ...
.
pemindaian file yang tersembunyi ...
.
memindai selesai dengan sukses
hidden file: 0
.
************************************************** ************************
.
--------------------- DLL Loaded Dalam Menjalankan Proses ---------------------
.
-------> 'Winlogon.exe' (696)
c: \ windows \ system32 \ Ati2evxx.dll
.
Penyelesaian waktu: 2011/11/14 18:44:27
ComboFix-dikarantina-files.txt 2011/11/14 18:44
.
Pra-Run: 58004619264 bytes bebas
Pasca-Run: 57957384192 bytes bebas
.
WindowsXP-KB310994-SP2-Home-bootdisk-ENU.exe
[Boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partisi (1) \ WINDOWS
[Sistem operasi]
c: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
UnsupportedDebug = "tidak memilih ini" / debug
multi (0) disk (0) rdisk (0) partisi (1) \ WINDOWS = "Microsoft Windows XP Home Edition" / noexecute = optin / fastdetect
.
- End Of File - 8E5BF5531544B503427E1838A315DE5A

__________________

Re: Trojan / Virus Script HTML (Windows XP)

Halo lagi, HertsMan123.

Menonaktifkan antivirus dan aplikasi antispyware, biasanya cukup klik kanan pada ikon System Tray. Mereka dinyatakan dapat mengganggu ComboFix.

Buka Notepad dan copy / paste semua teks dalam codebox bawah pada Notepad:

Kode:

 Folder ::
 c: \ program files \ Lavasoft

 ClearJavaCache ::

 Registry ::
 [HKLM \ ~ \ jasa \ sharedaccess \ parameters \ firewallpolicy \ standardprofile \ GloballyOpenPorts \ Daftar]
 "5985: TCP" = -
 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ svchost]
 "WinRM" = -

 Sopir ::
 Lavasoft Kernexplorer

Simpan file Notepad sebagai CFScript.txt ke Desktop dan kemudian tutup file.

Mengacu pada gambar di atas, tarik CFScript ke ComboFix

Jika Anda diminta untuk memperbarui ComboFix, silakan pilih Ya

Desktop Anda mungkin kosong. Hal ini normal. Ini akan kembali ketika ComboFix selesai. ComboFix mungkin reboot komputer Anda. Hal ini normal.

Setelah selesai, itu akan menghasilkan log untuk Anda. Silahkan posting bahwa log, C: \ ComboFix.txt, in reply berikutnya.

Silahkan mengaktifkan kembali antivirus anda sebelum posting log ComboFix.txt.

-------------------------------------------------- ----

Re: Trojan / Virus Script HTML (Windows XP)

Setelah menjalankan ComboFix, PC saya reboot tapi butuh 40 menit sampai aku bisa login kembali.

ComboFix Log:

ComboFix 11-11-14.03 - Dan 15/11/2011 10:39:27.2.1 - x86
Menjalankan dari: c: \ Documents and Settings \ Dan \ Desktop \ ComboFix.exe
Perintah switch digunakan :: c: \ Documents and Settings \ Dan \ Desktop \ CFScript.txt
AV: AntiVir Desktop * Cacat / Diperbarui * {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((Penghapusan lain))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((Driver / Jasa)))))))) )))))))))))))))))))))))))))))))))))))))))
.
.
------- \ Legacy_LAVASOFT_KERNEXPLORER
------- \ Service_Lavasoft Kernexplorer
.
.
(((((((((((((((((((((((((File Dibuat dari 2011/10/15 ke 2011-11-15))))))))))) ))))))))))))))))))))
.
.
2011/11/14 16:24. 2011/11/14 18:30 -------- d ----- w-c: \ Documents and Settings \ Administrator
2011/11/4 19:57. 2011/11/04 19:58 -------- d ----- w-c: \ program files \ Realtek AC97
2011/11/04 16:17. 2011/11/04 16:17 -------- d ----- w-c: \ Documents and Settings \ New Folder
.
.
.
((((((((((((((((((((((((((((((((((((((((Find3M Laporan)))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2011/11/13 09:10. 2011/08/28 16:11 414.368 ---- aw-c: \ windows \ system32 \ FlashPlayerCPLApp.cpl
2011/10/10 14:22. 2006/08/27 19:30 692.736 ---- aw-c: \ windows \ system32 \ inetcomm.dll
2011/10/03 04:06. 2010-11-02 22:19 472.808 ---- aw-c: \ windows \ system32 \ deployJava1.dll
2011/10/03 01:37. 2011/07/01 19:00 73728 ---- aw-c: \ windows \ system32 \ javacpl.cpl
2011/09/28 07:06. 2006/09/05 14:50 599.040 ---- aw-c: \ windows \ system32 \ crypt32.dll
2011/09/26 10:41. 2008-07-29 19:59 611.328 ---- aw-c: \ windows \ system32 \ uiautomationcore.dll
2011/9/26 10:41. 2006/09/05 14:56 220.160 ---- aw-c: \ windows \ system32 \ oleacc.dll
2011/09/26 10:41. 2006/09/05 14:56 20.480 ---- aw-c: \ windows \ system32 \ oleaccrc.dll
2011/09/22 10:36. 2011/03/17 09:50 101.720 ---- aw-c: \ windows \ system32 \ drivers \ SBREDrv.sys
2011/09/06 13:20. 2006-08-28 03:19 1.858.944 ---- aw-c: \ windows \ system32 \ win32k.sys
2011/08/31 16:00. 2010-11-03 21:33 22216 ---- aw-c: \ windows \ system32 \ drivers \ mbam.sys
2011/08/22 23:48. 2006-08-28 03:19 916.480 ---- aw-c: \ windows \ system32 \ wininet.dll
2011/08/22 23:48. 2006/09/05 14:54 43.520 ------ w-c: \ windows \ system32 \ licmgr10.dll
2011/08/22 23:48. 2006/09/05 14:52 1.469.440 ------ w-c: \ windows \ system32 \ inetcpl.cpl
2011/08/22 11:56. 2006/09/05 14:52 385.024 ---- aw-c: \ windows \ system32 \ html.iec
2011/08/17 13:49. 2006/09/05 14:49 138.496 ---- aw-c: \ windows \ system32 \ drivers \ afd.sys
.
.
(((((((((((((((((((((((((((((SnapShot@2011-11-14_18.33.38)))))))))))) )))))))))))))))))))))))))))))
.
+ 2011/11/15 11:13. 2011/11/15 11:13 16384 c: \ windows \ Temp \ Perflib_Perfdata_450.dat
.
(((((((((((((((((((((((((((((((((((((Reg Poin Memuat)))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Catatan * entri kosong & entri standar legit tidak ditampilkan
REGEDIT4
.
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]
"CCleaner" = "c: \ program files \ CCleaner \ CCleaner.exe" [2011/07/25 2585408]
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]
"Penata suara" = "SOUNDMAN.EXE" [2007/4/16 577.536]
"PCMService" = "c: \ aplikasi \ PowerCinema \ PCMService.exe" [2006/02/23 147.456]
"DetectorApp" = "c: \ program files \ Sonic \ DigitalMedia LE v7 \ MyDVD LE \ DetectorApp.exe" [2005/10/20 102400]
"ISUSPM Startup" = "c: \ progra ~ 1 \ UMUM ~ 1 \ instal ~ 1 \ UPDATE ~ 1 \ ISUSPM.exe" [2004-07-27 221.184]
"ISUSScheduler" = "c: \ program files \ Common Files \ InstallShield \ updateservice \ issch.exe" [2004-07-27 81920]
"Vade Retro Outlook Express" = "c: \ progra ~ 1 \ GOTOSO ~ 1 \ VADERE ~ 1 \ Vaderetro_oe.exe" [2004/10/04 310.272]
"Avgnt" = "c: \ program files \ Avira \ AntiVir Desktop \ avgnt.exe" [2010-08-02 281.768]
"SunJavaUpdateSched" = "c: \ program files \ Common Files \ Java \ Java Pembaruan \ jusched.exe" [2011/06/09 254.696]
.
[HKEY_USERS \ DEFAULT \ Software \ Microsoft. \ Windows \ CurrentVersion \ Run]
"Ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008/04/14 15360]
.
[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Semua Pengguna Start Menu ^ ^ Program Startup ^ Adobe Reader Kecepatan Launch.lnk]
path = c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Reader Kecepatan Launch.lnk
cadangan = c: \ windows \ PSS \ Adobe Reader Kecepatan Launch.lnkCommon Startup
.
[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Dan Start Menu ^ ^ Program Startup ^ EvernoteClipper.lnk]
path = c: \ Documents and Settings \ Dan \ Start Menu \ Programs \ Startup \ EvernoteClipper.lnk
cadangan = c: \ windows \ PSS \ EvernoteClipper.lnkStartup
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ Messenger (Yahoo!)]
2009-05-26 20:06 4.351.216 ---- aw-c: \ program files \ Yahoo! \ Messenger \ yahoomessenger.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ QuickTime Task]
2010-11-29 17:38 421.888 ---- aw-c: \ program files \ QuickTime \ QTTask.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ RealTray]
2006/08/27 20:28 26112-c - aw-c: \ program files \ Estat \ RealPlayer \ realplay.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ Recguard]
2002/09/13 20:42 212992-c - aw-c: \ windows \ SMINST \ Recguard.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ RIMBBLaunchAgent.exe]
2011-02-18 10:47 79192-c - aw-c: \ program files \ Common Files \ Research In Motion \ USB Driver \ RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ startupreg \ Yahoo! Pager]
2009-05-26 20:06 4.351.216 ---- aw-c: \ program files \ Yahoo! \ Messenger \ yahoomessenger.exe
.
[HKLM \ ~ \ jasa \ sharedaccess \ parameters \ firewallpolicy \ standardprofile \ AuthorizedApplications \ Daftar]
"% Windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ APPS \ \ PowerCinema \ \ PowerCinema.exe" =
"C: \ \ APPS \ \ PowerCinema \ \ PCMService.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ yahoomessenger.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"% Windir% \ \ Jaringan Diagnostik \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ wlcsdk.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Bonjour \ \ EXE" =
"C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" =
"C: \ \ Program Files \ \ Research In Motion \ \ BlackBerry Desktop \ \ Rim.Desktop.exe" =
.
.
Isi folder 'Scheduled Tasks'
.
2011/11/12 c: \ windows \ Tasks \ AppleSoftwareUpdate.job
- C: \ program files \ Apple Software Update \ SoftwareUpdate.exe [2009-10-22 11:50]
.
.
Pindai Tambahan ------- -------
.
uStart Halaman = sekitar : Kosong
mStart Halaman = hxxp :/ / www.yahoo.com/?ilc=8
Pengaturan uInternet, ProxyOverride = *. lokal
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c: \ Documents and Settings \ Dan \ Application Data \ Mozilla \ Firefox \ Profiles \ 2cqiyjwl.default \
FF - prefs.js: browser.startup.homepage - sekitar : Kosong
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c: \ program files \ Mozilla Firefox \ extensions \ {972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c: \ program files \ Mozilla Firefox \ extensions \ {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: pdf download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} -%% profil \ extensions \ {37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} -%% profil \ extensions \ {3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: NoScript: {73a6fe31-595d-460b-A920-fcc0f8843232} -%% profil \ extensions \ {73a6fe31-595d-460b-A920-fcc0f8843232}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} -%% profil \ extensions \ {b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - profil%% \ extensions \ {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -%% profil \ extensions \ {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Pixlr Grabber: {d47a9f51-8281-43fa-f450-f28ef8735e9a} -%% profil \ extensions \ {d47a9f51-8281-43fa-f450-f28ef8735e9a}
FF - Ext: Microsoft Kerangka Asisten NET: {20a82645-c095-46ed-80e3-08825760534b} - c:. \ Windows \ Microsoft.NET \ Framework \ v3.5 \ Windows Presentation Foundation \ DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-15 11:17
Jendela 5.1.2600 Service Pack 3 NTFS
.
scanning proses tersembunyi ...
.
pemindaian entri autostart tersembunyi ...
.
pemindaian file yang tersembunyi ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- DLL Loaded Dalam Menjalankan Proses ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c: \ windows \ system32 \ Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2324)
c:\windows\system32\WININET.dll
c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c: \ windows \ system32 \ ieframe.dll
c: \ windows \ system32 \ webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c: \ windows \ system32 \ PortableDeviceTypes.dll
c: \ windows \ system32 \ PortableDeviceApi.dll
.
------------------------ Menjalankan Proses lain ----------------------- -
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\Ati2evxx.exe
c: \ program files \ Common Files \ Apple \ Dukungan Mobile Device \ AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c: \ program files \ Bonjour \ EXE
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c: \ program files \ Java \ jre6 \ bin \ jqs.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\windows\SOUNDMAN.EXE
.
************************************************** ************************
.
Completion time: 2011-11-15 11:43:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-15 11:42
ComboFix2.txt 2011-11-14 18:44
.
Pre-Run: 57,885,630,464 bytes free
Post-Run: 57,749,598,208 bytes free
.
- - End Of File - - AADA09C2AF0A8505ACED65A344ED4C8F

Animasi n Sahring

Ads 468x60px

Link List

Giusto odio dignissimos

Omnis dolor repellendus

Olimpedit quo minus

Itaque earum rerum

Epudiandae sint molestiae

Sahut aut reiciendis

Kamis, 29 Maret 2012

Trojan / HTML Script Virus (Windows XP)

Tidak ada komentar:

Posting Komentar

Widgeo

Pemutar Musik

Translator

Informasi Masukan(Sampingan)

Mengenai Saya

Kalender islami

Visit

Khend Link

garuda merah putih

tangga lagu

Follow Now.....!

Popular Posts

Blog Archive

Followers