COMPUTER STUFF
Home > LOEKELOE > COMPUTER STUFF > Kaskus Virus Klinik - Part 2
Total Views: 458663
Page 469 of 500 | ‹ First  < 464 465 466 467 468 469 470 471 472 473 474 >  Last ›

AndreFitness - 18/06/2011 12:55 AM
#9361

aduuuh komp gw banyak virus T_T
tigoragustinuss - 18/06/2011 07:40 AM
#9362

Quote:
Original Posted By AndreFitness
aduuuh komp gw banyak virus T_T



virus apaan tuh gan, dan agan pake antivirus apaan sih????
moonmark - 18/06/2011 09:56 AM
#9363

pagi mastah2
jadi tadi malam lappie ane kena trojan, kebanyakan file di system32 udah terinfeksi. ane pakek avira, tapi dia gak bisa repair trojan s. rencananya mau ngetes update aviranya hari ini, kali aja bisa... sekalian mau tes kaspersky, katanya membabat segala virus..
jadi, apakah yang salah ane atau avira ya gan? salah ane gak apdet avira atau emang avira kurang mampu repair trojan? terakhir ane apdet bulan 3 kemaren..
makasih gan..
Syncerror27 - 18/06/2011 10:11 AM
#9364

pagi para mastah kompi , ane mau curhat nih
waktu itu kan ane install avira di kompi ane , terus ane uninstall AV lama ane . setelah ane restart , mendadak kompi ane jadi lemot abis . mau loading windows aja bs sampe 5 menitan , padahal dulu bentar banget . terus pas startup jd lama banget . akhirnya ane uinstall tuh avira , tapi kompi ane tetep lemot sampe sekarang bahkan mau buka GC aja sampe lag" ga jelas padahal dulu sebelom install avira lancar abis . kira" kenapa yah gan ?

terus masalah kedua , tiap mau shutdown kompi ane keluar rundll32.exe mulu gan . udah beberapa kali ane scan pake Malwarebytes' Anti-Malware dan berhasil . tp cm bertahan beberapa hari doang , terus muncul lagi tuh rundll32.exe nya . cara ilangin permanennya gimana gan? (selain inul yah gan kalo bisa, soalnya cd drive ane ga tau napa ga bs baca CD , katanya sih in CDnya error )

ini log nya ane gan , tolong di bantu dong kalo misalnya ad yg ngaco"
Spoiler for log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:29 AM, on 6/18/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Michael\My Documents\Downloads\Programs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-21-1547161642-1614895754-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1547161642-1614895754-725345543-1003\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (User '?')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Download with Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?129325179970 3
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ECFC82A-8400-454E-A7A9-D484D893A680}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{1ECFC82A-8400-454E-A7A9-D484D893A680}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{1ECFC82A-8400-454E-A7A9-D484D893A680}: NameServer = 8.8.8.8,8.8.4.4
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6967 bytes


trims
embroullier - 18/06/2011 10:41 AM
#9365

Ass. selamat pagi, misi gan, tolong dibantu

Kompi ane kena spyware 'Win 7 Anti Virus 2012' nih,
minta pertolongannya agan2, ane udah scan pake malwarebytes, yg kedetect malah spyware/malware lain, bukan nya si 'Win 7 Anti Virus 2012' ini,
trus regedit juga udah ane hapus2 (sesuai petunjuk google),
ane pengen coba pake Spydoctor tp pas ane install langsung minta update
Oya ane sendiri ngeliat di google banyak petunjuk dan cara bwt ngilanginnya, tp caranya macem2, jd bingung harus ngikutin yg mana

Thankyou gan,
Ass.
donienie - 18/06/2011 12:09 PM
#9366

gan program mendadak hilang/ga bisa terbuka
Spoiler for log hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:44, on 18/06/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\FlexiNet\Aide.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\FlexiNet\FlexiNet.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\SONY\Documents\PCMAV52\PCMAV.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\SONY\Downloads\Programs\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skip-search.com/?cfg=2-82-0-0&engine_id=2&provider_id=2&product_id=82&country=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Aide] "C:\Program Files\FlexiNet\Aide.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{043B9ED0-210D-4C2E-9D17-539793BB92D5}: NameServer = 180.131.144.144 180.131.145.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{043B9ED0-210D-4C2E-9D17-539793BB92D5}: NameServer = 180.131.144.144 180.131.145.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PCMAV RealTime Protector Service (PCMAVRTPService) - Unknown owner - C:\Windows\system32\RTPSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe

--
End of file - 6308 bytes
SeaVooD - 18/06/2011 02:29 PM
#9367

Spoiler for spoiler


gan, kok komp ane tiap startup keluar dialog gini.
berulang2 gan

apa kena virus ya?
chuenzzz_08 - 18/06/2011 02:41 PM
#9368

agan2 tolong donk..
regedit gak maw kebuka task manager gak ada jg..
aye make os win7 tade uda download fixresgistry di page 1 tetep gak ada perubahan...
tolong donk apa mesti make AV ia?? soalnya selama ini baru make smadav doank..
tolong agan2
detoong - 18/06/2011 05:32 PM
#9369

Soalnya kayak gitu setelah kena virus._. kalo gitu untuk menekan defragmentnya gimana? Soalnya size-nya gede. Fragmentnya sampe ribuan.

Terus supaya komputer ga lambat buka program gimana ya?

Soalnya abis kena virus itu jadi lambatbgt._. buka photoscape kadang beberapa menit kemudian baru muncul, kira-kira 5 menitan
detoong - 18/06/2011 05:35 PM
#9370

Quote:
Original Posted By AndreFitness
aduuuh komp gw banyak virus T_T


Buset, curhat? Virusnya ada gajelas apaan -_-
otakash.jr - 18/06/2011 09:44 PM
#9371

Quote:
Original Posted By dr.web
Trend Micro mendeteksi gam0.exe Sebagai MAL_HPGN-1 atau nama lain Malware Hufigon
Spoiler for

sampel pertama kali di temukan trend micro Oct. 11, 2007
Tingkat Kerusakan yang di akibatkan : normal
Kode MD5 Untuk GAM0.EXE = 1F6538A549457D5333C3FF7B7BDD5520
dan file induk GAM0.EXE berukuran :83456 bytes.
file induk dari virus tersebut bersembunyi
[spoiler=file induk]
%APPDATA%\GAM0.EXE
atau bisa juga
111.exe
111.exe


efek yang paling berbahaya adalah sang virus mendownload virus baru dari alamat website jadi atur firewall agan agar sang virus tidak mendownload rekan-rekannya yg lain
Spoiler for update website

proxim.ircgalaxy.pl dengan menggunakan port : 65520

dan trend micro sdh mendeteksi teman-teman virus tersebut
Spoiler for virus baru yang akan di download

BKDR_HUPIGON
BKDR_GRAYBIRD
BKDR_FEUTEL
BKDR_AWQ



setelah berhasil menginfeksi komputer agan maka akan menambahkan beberapa registry virus
Spoiler for registry virus

%WINDIR%\CFTNOM.EXE
%APPDATA%\CONIMA.EXE
%APPDATA%\GAM0.EXE
%APPDATA%\INLOG
%APPDATA%\INPUT.BAT
%APPDATA%\LOCALACCOUNTAUTHORITY.BAT
%APPDATA%\LSSAS.EXE
%APPDATA%\MANAGER.EXE
%APPDATA%\MLOG
%APPDATA%\MOUSEDRIVER.BAT
%APPDATA%\PLUG.BAT
%APPDATA%\RCL6399.LOG
%APPDATA%\YLOG
%WINDIR%\CFTNOM.BAT
%FONTSDIR%\SERVICES.EXE
%SYSTEM%\NWCWKS.DLL
%SYSTEM%\NWSAPAGENTS.DLL
%SYSTEM%\USER.INI
%WINDIR%\TEMP\X1JKFDSAL.INF
%FontsDir%\fonts.exe
%FontsDir%\tskmgr.exe
%System%\dllcache\default.exe
%System%\dllcache\global.exe
%System%\dllcache\svchost.exe
%System%\dllcache\sxch0st.exe
%System%\dllcache\wintcps.exe
%System%\drivers\drivers.cab.exe
%System%\regedit.exe
%Windir%\pchealth\global.exe
%Windir%\pchealth\helpctr\binaries\helphost.com
%Windir%\system\keyboard.exe
c:\ms-dos.com


kalau agan mau saya bisa bantu buat anti virusnya
coba kirim sampel GAM0.EXE nya
ke sini

kalau agan perlu cepat silahkan hapus saja file induknya

cara membersihkannya :
Spoiler for file induk

%APPDATA%\GAM0.EXE
atau bisa juga
111.exe
111.exe


dan registry yang sudah di buatnya
Spoiler for registry virus

%WINDIR%\CFTNOM.EXE
%APPDATA%\CONIMA.EXE
%APPDATA%\GAM0.EXE
%APPDATA%\INLOG
%APPDATA%\INPUT.BAT
%APPDATA%\LOCALACCOUNTAUTHORITY.BAT
%APPDATA%\LSSAS.EXE
%APPDATA%\MANAGER.EXE
%APPDATA%\MLOG
%APPDATA%\MOUSEDRIVER.BAT
%APPDATA%\PLUG.BAT
%APPDATA%\RCL6399.LOG
%APPDATA%\YLOG
%WINDIR%\CFTNOM.BAT
%FONTSDIR%\SERVICES.EXE
%SYSTEM%\NWCWKS.DLL
%SYSTEM%\NWSAPAGENTS.DLL
%SYSTEM%\USER.INI
%WINDIR%\TEMP\X1JKFDSAL.INF
%FontsDir%\fonts.exe
%FontsDir%\tskmgr.exe
%System%\dllcache\default.exe
%System%\dllcache\global.exe
%System%\dllcache\svchost.exe
%System%\dllcache\sxch0st.exe
%System%\dllcache\wintcps.exe
%System%\drivers\drivers.cab.exe
%System%\regedit.exe
%Windir%\pchealth\global.exe
%Windir%\pchealth\helpctr\binaries\helphost.com
%Windir%\system\keyboard.exe
c:\ms-dos.com

[/spoiler]
selamat Berkerja dan Tetap semangat


gam0.exe sekarang sudah hilang gan, tapi sekarang gak tau kenapa lagi tapi komputer masih hang terus...
tolong di cek gan dari log dibawah...
pusing banget ngurusin ni virus...

Spoiler for log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:38:08, on 18/06/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Smadav\SM?RTP.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Deky\Downloads\Programs\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\common files\microsoft\watermark.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 5187 bytes

tigoragustinuss - 18/06/2011 10:17 PM
#9372
Mohon ikuti petunjuknya...
Quote:
Original Posted By otakash.jr
gam0.exe sekarang sudah hilang gan, tapi sekarang gak tau kenapa lagi tapi komputer masih hang terus...
tolong di cek gan dari log dibawah...
pusing banget ngurusin ni virus...

Spoiler for log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:38:08, on 18/06/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Smadav\SM?RTP.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Deky\Downloads\Programs\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\common files\microsoft\watermark.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 5187 bytes




Untuk semua agan-agan diatas, coba diperiksa terlebih dahulu program agan sekalian dengan memakai program process hacker yang dapat didownload disini....

Program ini adalah pengganti task manager dan lebih lengkap untuk analisa sebuah process dalam file. Kalau belum mengerti juga tolong di upload save filenya yang terdiri dari:

Menu Hacker tekan tombol kombinasi ctrl+s kemudian save.
dari menu process hackers tekan tombol kombinasi yaitu ctrl+L kemudian save
dari menu process hackers pilih menu >tools- hidden process kemudian pilih brute force tekan tombol scan dan save lognya...
kemudian pilih lagi CSR handler tekan scan kemudian save lognya
Setelah itu upload dalam bentuk file terkompresi di indowebster / yang lainnya di server lokal
kemudian share linknya dimari gan, biar dianalisa....

Terimakasih....
tigoragustinuss - 18/06/2011 10:19 PM
#9373

Quote:
Original Posted By detoong
Soalnya kayak gitu setelah kena virus._. kalo gitu untuk menekan defragmentnya gimana? Soalnya size-nya gede. Fragmentnya sampe ribuan.

Terus supaya komputer ga lambat buka program gimana ya?

Soalnya abis kena virus itu jadi lambatbgt._. buka photoscape kadang beberapa menit kemudian baru muncul, kira-kira 5 menitan


Quote:
Original Posted By chuenzzz_08
agan2 tolong donk..
regedit gak maw kebuka task manager gak ada jg..
aye make os win7 tade uda download fixresgistry di page 1 tetep gak ada perubahan...
tolong donk apa mesti make AV ia?? soalnya selama ini baru make smadav doank..
tolong agan2


Quote:
Original Posted By SeaVooD
Spoiler for spoiler


gan, kok komp ane tiap startup keluar dialog gini.
berulang2 gan

apa kena virus ya?


Quote:
Original Posted By donienie
gan program mendadak hilang/ga bisa terbuka
Spoiler for log hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:44, on 18/06/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\FlexiNet\Aide.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\FlexiNet\FlexiNet.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\SONY\Documents\PCMAV52\PCMAV.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\SONY\Downloads\Programs\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skip-search.com/?cfg=2-82-0-0&engine_id=2&provider_id=2&product_id=82&country=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Aide] "C:\Program Files\FlexiNet\Aide.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{043B9ED0-210D-4C2E-9D17-539793BB92D5}: NameServer = 180.131.144.144 180.131.145.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{043B9ED0-210D-4C2E-9D17-539793BB92D5}: NameServer = 180.131.144.144 180.131.145.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PCMAV RealTime Protector Service (PCMAVRTPService) - Unknown owner - C:\Windows\system32\RTPSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe

--
End of file - 6308 bytes


Untuk semua agan-agan diatas, coba diperiksa terlebih dahulu program agan sekalian dengan memakai program process hacker yang dapat didownload disini....

Program ini adalah pengganti task manager dan lebih lengkap untuk analisa sebuah process dalam file. Kalau belum mengerti juga tolong di upload save filenya yang terdiri dari:

Menu Hacker tekan tombol kombinasi ctrl+s kemudian save.
dari menu process hackers tekan tombol kombinasi yaitu ctrl+L kemudian save
dari menu process hackers pilih menu >tools- hidden process kemudian pilih brute force tekan tombol scan dan save lognya...
kemudian pilih lagi CSR handler tekan scan kemudian save lognya
Setelah itu upload dalam bentuk file terkompresi di indowebster / yang lainnya di server lokal
kemudian share linknya dimari gan, biar dianalisa....

Terimakasih....
tigoragustinuss - 18/06/2011 10:23 PM
#9374

Quote:
Original Posted By embroullier
Ass. selamat pagi, misi gan, tolong dibantu

Kompi ane kena spyware 'Win 7 Anti Virus 2012' nih,
minta pertolongannya agan2, ane udah scan pake malwarebytes, yg kedetect malah spyware/malware lain, bukan nya si 'Win 7 Anti Virus 2012' ini,
trus regedit juga udah ane hapus2 (sesuai petunjuk google),
ane pengen coba pake Spydoctor tp pas ane install langsung minta update
Oya ane sendiri ngeliat di google banyak petunjuk dan cara bwt ngilanginnya, tp caranya macem2, jd bingung harus ngikutin yg mana

Thankyou gan,
Ass.


Quote:
Original Posted By Syncerror27
pagi para mastah kompi , ane mau curhat nih
waktu itu kan ane install avira di kompi ane , terus ane uninstall AV lama ane . setelah ane restart , mendadak kompi ane jadi lemot abis . mau loading windows aja bs sampe 5 menitan , padahal dulu bentar banget . terus pas startup jd lama banget . akhirnya ane uinstall tuh avira , tapi kompi ane tetep lemot sampe sekarang bahkan mau buka GC aja sampe lag" ga jelas padahal dulu sebelom install avira lancar abis . kira" kenapa yah gan ?

terus masalah kedua , tiap mau shutdown kompi ane keluar rundll32.exe mulu gan . udah beberapa kali ane scan pake Malwarebytes' Anti-Malware dan berhasil . tp cm bertahan beberapa hari doang , terus muncul lagi tuh rundll32.exe nya . cara ilangin permanennya gimana gan? (selain inul yah gan kalo bisa, soalnya cd drive ane ga tau napa ga bs baca CD , katanya sih in CDnya error )

ini log nya ane gan , tolong di bantu dong kalo misalnya ad yg ngaco"
Spoiler for log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:29 AM, on 6/18/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Michael\My Documents\Downloads\Programs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-21-1547161642-1614895754-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1547161642-1614895754-725345543-1003\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (User '?')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Download with Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?129325179970 3
ane sunat dulu sebab melebihi batas...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6967 bytes


trims


Quote:
Original Posted By moonmark
pagi mastah2
jadi tadi malam lappie ane kena trojan, kebanyakan file di system32 udah terinfeksi. ane pakek avira, tapi dia gak bisa repair trojan s. rencananya mau ngetes update aviranya hari ini, kali aja bisa... sekalian mau tes kaspersky, katanya membabat segala virus..
jadi, apakah yang salah ane atau avira ya gan? salah ane gak apdet avira atau emang avira kurang mampu repair trojan? terakhir ane apdet bulan 3 kemaren..
makasih gan..


Untuk semua agan-agan diatas, coba diperiksa terlebih dahulu program agan sekalian dengan memakai program process hacker yang dapat didownload disini....

Program ini adalah pengganti task manager dan lebih lengkap untuk analisa sebuah process dalam file. Kalau belum mengerti juga tolong di upload save filenya yang terdiri dari:

Menu Hacker tekan tombol kombinasi ctrl+s kemudian save.
dari menu process hackers tekan tombol kombinasi yaitu ctrl+L kemudian save
dari menu process hackers pilih menu >tools- hidden process kemudian pilih brute force tekan tombol scan dan save lognya...
kemudian pilih lagi CSR handler tekan scan kemudian save lognya
Setelah itu upload dalam bentuk file terkompresi di indowebster / yang lainnya di server lokal
kemudian share linknya dimari gan, biar dianalisa....

Terimakasih....
SeoulKuto - 18/06/2011 11:08 PM
#9375

bneran amankan gan jangan" nambah virus
boi.wahyupray - 19/06/2011 12:28 AM
#9376

gan, smadav ane detect virus namanya rcy.exe, rc0.exe, rcw.exe. kaya gt lah..
uda didelet berkali2 tapi tetep muncul terus..

ane pake avira jg, selalu update..
ada yang tau gak ini jenis virus apa??
gangguannya sama kaya virus shortcut, bikin shortcut di FD, di recycler ada file f4448e25.exe
mau ane perlakukan kaya virus shortcut, tapi gak ada semua file2 yang di my document yg dicurigain, kalo kebanyakan di tutor2 kan ngomon, cari file database.md, thumb.db gak ada semua..
tapi ada photothumb.db

ini virus apa ya gan??
btoa - 19/06/2011 10:01 AM
#9377

Nid help...

di startup di msconfig, ada 1 hal yg namanya Widgi Toolbar, pas saya googling , ternyata top 10 webpagenya adalah how to remove widgi toolbar, dan semua saranin untuk download mereka punya spyware removal (yg mana saya ga pecaya), dan cara manualnya adalah find registry,

namun ga ada yg berhasil karena registrynya itu smua ga ketemu...

ini cara removalnya :
HKEY_CLASSES_ROOT\CLSID\{C089D5FC-CFE2-4BCD-A522-2981448227CE}
HKEY_CLASSES_ROOT\Interface\{C3ABD5A3-E699-4B9F-97FF-25B121A41276 “(Default)” = “IWidgiBHO”
HKEY_CLASSES_ROOT\Interface\{2DC9C611-D7C2-42A3-9312-BFF512812022} “(Default)” = “IWidgiToolbarHost”

tapi find value ga ketemu2..
esberg - 19/06/2011 01:41 PM
#9378

gan, komp ane browsernya crash melulu(mozilla ama chrome), terus setiap kali ane klik link dr google search, ga ke website yg dituju, lari ke website laen.. malah sering ada peringatan ada malware di website itu, pdhl yg ane klik facebook atau website2 yg aman

ini log nya gan.. thx

[CODE]http://www.mediafire.com/?jh9di44g39p56lq[/CODE]
chuenzzz_08 - 19/06/2011 01:57 PM
#9379
help me gan komputer ane
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:08 PM, on 6/19/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Modem AC2726 UI\bin\MonServiceUDisk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Modem AC2726 UI\bin\App.exe
C:\Windows\System32\svchost.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\chuen\Downloads\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:Blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\prog ram files\microsoft\watermark.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B867A1F4-DCCB-43CE-9E7D-1B22809AFEFC}: NameServer = 10.17.3.244 10.17.3.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{B867A1F4-DCCB-43CE-9E7D-1B22809AFEFC}: NameServer = 10.17.3.244 10.17.3.252
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\Modem AC2726 UI\bin\MonServiceUDisk.exe

--
End of file - 3528 bytes
jastro.boys - 19/06/2011 03:29 PM
#9380

gan,, ane mau tanya2 nih..
maap ane kurang menyimak dari awal..

ane udah menggunakan hijackthis itu, dan sudah di log, kemudian saya nyari2 apa itu smss, winlogon, service, dst.
nah.. ane mau tanya kalo difinisinya seperti ini
Spoiler for smss
Jika smss.exe terletak di dalam subfolder dari C:\Windows\System32 maka peringkat keamanannya adalah 77% berbahaya. Ukuran file 9,525 bytes (18% dari semua kemunculan), 223,232 bytes, 76,800 bytes, 9,497 bytes, 238,179 bytes, 10,752 bytes, 561,177 bytes, 11,264 bytes, 227,328 bytes.


itu arti kata "berbahaya" dari tingkat keamanannya gimn gan..??
apakah file itu harus di hapus atau gmn nih gan..??

btw, ane mau ngecheck laptop ane, soalnya nih laptop suka restart sendiri.
mohon bantuannya ya gan.
Spoiler for hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:42 PM, on 6/19/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://freeonlineradioplayerrecorder.ourtoolbar.com/SetupFinish
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pembantu Masuk Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BroadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6351E5E-7927-45F1-868E-9747B1A6A00C}: NameServer = 202.155.0.10 202.155.0.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6076 bytes

Page 469 of 500 | ‹ First  < 464 465 466 467 468 469 470 471 472 473 474 >  Last ›
Home > LOEKELOE > COMPUTER STUFF > Kaskus Virus Klinik - Part 2