COMPUTER STUFF
Home > LOEKELOE > COMPUTER STUFF > Virus Antivirus Virus Antivirus Virus Antivirus Virus Antivirus Virus Antivirus Virus
Total Views: 335458
Page 241 of 336 | ‹ First  < 236 237 238 239 240 241 242 243 244 245 246 >  Last ›

klucuk - 15/03/2012 03:01 AM
#4801

Quote:
Original Posted By L10nelmess1


gunakan norton 2012 gan :thumbup



Gan nanya dong.. Kompi anae ada icon desktop ini.. udah di delete tapi kok nongol lagi yah.. cara ngilanginnya gimana?
gandrisatria - 15/03/2012 08:41 AM
#4802
permisi mastah :D
mastah² ane numpang tanya ya
moga ga salah kamar

gini mastah, ane pake anti virus avira,
avira klo misal kan ditect virus kan bunyi yak sama ngeluarin notif..
nah gmna cara nya spaya bunyi nya ntu ilang mastah ??

soalnya flasdisk ane bnyak bner virus nya
jadi malu klo bunyi bunyi terus pas di scan
kyitno3 - 15/03/2012 11:07 AM
#4803

Spoiler for combofix

ComboFix 12-03-14.01 - fishy 15/03/2012 9:43.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1980.1385 [GMT 7:00]
Running from: c:\documents and settings\fishy\My Documents\Downloads\Programs\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\BasicScan
c:\documents and settings\All Users\Application Data\BasicScan\basicscan115.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\fishy\Application Data\IDM\idmmzcc3
c:\documents and settings\fishy\Application Data\IDM\idmmzcc3\chrome.manifest
c:\documents and settings\fishy\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\documents and settings\fishy\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
c:\documents and settings\fishy\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\documents and settings\fishy\Application Data\IDM\idmmzcc3\install.js
c:\documents and settings\fishy\Application Data\IDM\idmmzcc3\install.rdf
c:\documents and settings\fishy\Application Data\IDM\idmmzcc3\META-INF\manifest.mf
c:\documents and settings\fishy\Application Data\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\documents and settings\fishy\Application Data\IDM\idmmzcc3\META-INF\zigbert.sf
c:\documents and settings\fishy\Recent\Thumbs.db
c:\program files\BasicScan
c:\program files\BasicScan\basicscan.exe
c:\program files\BasicScan\uninstall.exe
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c878c14328e5ea4b.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\dllcache\dlimport.exe
.
ssafrizal - 15/03/2012 11:58 AM
#4804
Kaspersky PURE
Sebenarnya Kaspersky serius gak sih dengan versi yang satu ini.
Karena yang saya liat seperti tidak ada perkembangan dari 2 tahun yang lalu. Interface masih sama saja seperti KIS 2009.

Belum lagi dari scan engine selalu 1 versi lebih tua dari versi KIS terbaru (sewaktu tahun 2010) sekarang belum coba lagi). Tadi pagi coba download lagi dan ternyata tidak ada versi baru malah database bawaan dari installer masih 2010.

Kalau ada yang pakai mohon share informasi tentang PURE mulai dari versi "scan engine" dan perangkat lainnya. Nyesal juga tadi pagi unistall KIS 2011
kyitno3 - 15/03/2012 12:00 PM
#4805

setor II

Spoiler for combofix
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..
-------\Legacy_BASICSCAN_SERVICE
-------\Legacy_Mp3Tube_Toolbar_Service
-------\Service_Mp3Tube Toolbar Service..((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))..
2012-03-10 06:42 . 2012-03-10 06:42 -------- d-----w- c:\documents and settings\fishy\Local Settings\Application Data\Yahoo
2012-03-09 07:50 . 2012-03-09 07:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2012-03-06 09:36 . 2012-03-06 09:36 -------- d-----w- c:\program files\Ask.com
2012-03-06 09:36 . 2012-03-06 09:36 -------- d-----w- c:\documents and settings\fishy\Local Settings\Application Data\AskToolbar
2012-03-06 09:36 . 2012-03-06 09:36 -------- d-----w- c:\documents and settings\fishy\Local Settings\Application Data\APN
2012-03-06 09:25 . 2012-03-06 09:25 -------- d-----w- c:\documents and settings\fishy\Application Data\Avira
2012-03-06 09:25 . 2012-03-08 01:25 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-06 09:25 . 2012-03-06 09:25 -------- d-----w- c:\program files\Avira
2012-03-06 09:25 . 2011-09-16 08:55 91096 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-03-06 09:25 . 2011-09-16 08:55 111160 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-03-06 09:25 . 2011-09-15 16:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-06 09:25 . 2011-09-15 16:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-06 07:46 . 2012-03-10 02:09 -------- d-----w- c:\windows\system32\NtmsData
2012-03-06 07:20 . 2012-03-06 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-03-06 07:20 . 2012-03-06 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2012-03-06 07:20 . 2012-03-09 07:48 -------- d-----w- c:\program files\McAfee Security Scan
2012-03-06 07:19 . 2012-03-06 07:19 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-06 06:52 . 2012-03-06 06:52 -------- d--h--w- c:\windows\PIF
2012-03-06 04:22 . 2012-03-06 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-03-03 06:18 . 2012-03-03 06:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-03-03 06:18 . 2012-03-03 06:20 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-03-03 06:17 . 2012-03-06 01:45 -------- d-----w- c:\documents and settings\fishy\Application Data\DAEMON Tools Lite
2012-03-03 06:17 . 2012-03-03 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2012-03-03 00:48 . 2012-03-03 00:48 -------- d-----w- c:\documents and settings\fishy\Application Data\Yahoo!
2012-03-02 06:46 . 2012-03-02 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2012-03-02 06:46 . 2012-03-02 06:46 -------- d-----w- c:\program files\SlySoft
2012-02-24 02:21 . 2012-02-24 02:21 -------- d-sh--w- c:\documents and settings\fishy\PrivacIE
2012-02-23 00:57 . 2012-02-23 00:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-23 00:52 . 2012-02-23 00:52 -------- d-sh--w- c:\documents and settings\fishy\IETldCache
2012-02-22 10:35 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-22 10:33 . 2011-12-18 07:46 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-02-22 10:33 . 2011-12-17 19:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-22 10:33 . 2011-12-17 19:46 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-22 10:33 . 2011-12-17 19:46 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-22 10:33 . 2011-12-17 19:46 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-22 10:33 . 2011-12-17 19:46 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-02-22 10:33 . 2011-12-17 19:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-22 10:31 . 2012-02-22 10:33 -------- dc-h--w- c:\windows\ie8
2012-02-22 04:34 . 2012-02-22 04:34 -------- d-----w- C:\krishand
2012-02-22 01:53 . 2011-12-17 19:46 66560 -c----w- c:\windows\system32\dllcache\mshtmled.dll
2012-02-22 01:53 . 2011-12-17 19:46 611840 -c----w- c:\windows\system32\dllcache\mstime.dll
2012-02-22 01:53 . 2011-12-17 19:46 105984 -c----w- c:\windows\system32\dllcache\url.dll
2012-02-22 01:52 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-22 01:50 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-02-22 01:45 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-22 01:39 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-22 01:39 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-02-22 01:30 . 2009-03-07 21:33 759296 -c--a-w- c:\windows\system32\dllcache\VGX.dll
2012-02-22 01:29 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-22 01:29 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-22 01:29 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-22 01:28 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-02-20 04:32 . 2012-02-20 04:32 -------- d-----w- c:\windows\system32\XPSViewer
2012-02-20 04:32 . 2012-02-20 04:32 -------- d-----w- c:\program files\MSBuild
2012-02-20 04:32 . 2012-02-20 04:32 -------- d-----w- c:\program files\Reference Assemblies
2012-02-20 04:32 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-02-20 04:32 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-02-20 04:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-02-20 04:32 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-02-20 04:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-02-20 04:32 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-02-20 04:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-02-20 04:32 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-02-20 04:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-02-20 03:29 . 2008-04-13 22:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-02-20 03:26 . 2006-12-28 17:31 19569 ----a-w- c:\windows\002651_.tmp
2012-02-20 03:24 . 2012-02-20 03:24 -------- d-----w- c:\windows\EHome
2012-02-20 03:03 . 2012-02-20 03:03 -------- d-----w- c:\program files\Microsoft.NET
2012-02-20 01:18 . 2012-02-24 02:21 -------- d-----w- c:\program files\Google
2012-02-16 09:13 . 2010-05-15 22:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA4.DLL
2012-02-16 09:13 . 2010-05-15 22:00 277504 ----a-w- c:\windows\system32\CNMLMA4.DLL
2012-02-16 09:13 . 2010-05-15 22:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA4.DLL
2012-02-16 09:13 . 2009-09-10 02:00 179200 ----a-w- c:\windows\system32\CNMIUA4.DLL
2012-02-16 02:57 . 2012-03-06 03:54 -------- d-----w- c:\program files\Kaspersky Lab
2012-02-16 01:26 . 2012-02-16 01:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software
2012-02-16 01:09 . 2012-02-16 01:09 -------- d-----w- c:\documents and settings\fishy\Local Settings\Application Data\Sun
2012-02-16 01:06 . 2012-02-16 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
2012-02-16 01:06 . 2012-02-16 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-02-16 01:02 . 2012-03-13 01:01 -------- d-----w- c:\program files\AVG Secure Search
2012-02-15 09:11 . 2012-02-20 03:29 -------- d-----w- c:\windows\ServicePackFiles
2012-02-15 02:59 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-02-15 02:58 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-02-15 02:57 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-02-15 02:57 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-15 02:57 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-15 02:13 . 2012-02-18 01:04 924632 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2012-02-15 02:13 . 2012-02-18 01:04 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-02-15 02:13 . 2012-02-18 01:04 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-02-15 02:13 . 2012-02-08 17:13 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-15 02:13 . 2012-02-08 17:13 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-15 01:36 . 2012-02-15 01:36 -------- d-----w- c:\program files\Common Files\Java
kyitno3 - 15/03/2012 12:03 PM
#4806

setor III,
Spoiler for combofix
2012-02-15 01:36 . 2012-02-15 01:36 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-15 01:36 . 2012-02-15 01:36 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-15 01:36 . 2012-02-15 01:36 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 01:36 . 2012-02-15 01:36 -------- d-----w- c:\program files\Java
2012-02-14 03:48 . 2012-02-16 01:07 922 ----a-w- C:\user.js
2012-02-14 03:48 . 2012-02-16 01:52 -------- d-----w- c:\program files\BrowserCompanion
2012-02-14 03:48 . 2012-02-14 03:48 -------- d-----w- c:\documents and settings\fishy\AppData
2012-02-14 03:47 . 2012-02-14 03:47 -------- d-----w- c:\documents and settings\fishy\Local Settings\Application Data\Babylon
2012-02-14 03:47 . 2012-02-14 03:47 -------- d-----w- c:\documents and settings\fishy\Application Data\Babylon
2012-02-14 03:47 . 2012-02-14 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-02-16 09:24 . 2012-02-03 06:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-09 13:13 . 2012-02-13 01:12 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-09 13:13 . 2012-02-13 01:16 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-08 01:13 . 2012-01-26 13:42 104456 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2012-02-07 18:00 . 2012-02-09 01:51 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2011-12-21 18:14 . 2012-02-09 01:51 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-12-17 19:46 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2009-07-15 00:03 . 2009-07-15 00:03 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-15 00:03 . 2009-07-15 00:03 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-18 01:04 . 2012-02-15 02:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
..*Note* empty entries & legit default entries are not shown
REGEDIT4
.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 01:01 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 13:20 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\I DM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-05-26 3220912]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-25 18789408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-08 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-08 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-08 142872]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\s ystem32\CTFMON.EXE" [2008-04-13 15360].[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
.[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001.[HKLM\~\services\sharedaccess\par ameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\ List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5444:TCP"= 5444:TCP:Classroom Spy Configuration
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/3/2012 1:18 PM 691696]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [3/6/2012 4:25 PM 111160]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3/6/2012 4:25 PM 36000]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [1/26/2012 8:42 PM 104456]
R2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [3/6/2012 4:25 PM 616400]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/6/2012 4:25 PM 86224]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [3/6/2012 4:25 PM 463824]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 NLCSAgent;NLCS Agent;c:\windows\system32\nlcspro\csagtprosvc.exe [2/3/2012 5:07 PM 1256712]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2/9/2012 8:13 PM 1529152]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/13/2012 8:01 AM 918880]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [3/6/2012 4:25 PM 91096]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10/13/2011 5:33 PM 10064]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [3/6/2012 4:25 PM 342480]
S2 gupdate;Layanan Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2012 8:18 AM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/1/2012 4:15 PM 1691480]
S3 gupdatem;Layanan Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2012 8:18 AM 136176]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys >-- c:\windows\system32\drivers\massfilter.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 PM 227232]
S3 PROLiNKusbdiag;PROLiNK DataCard Diagnostic Port;c:\windows\system32\DRIVERS\PROLiNKusbdiag.sys >-- c:\windows\system32\DRIVERS\PROLiNKusbdiag.sys [?]
S3 PROLiNKusbmodem;PROLiNK DataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\PROLiNKusbmodem.sys >-- c:\windows\system32\DRIVERS\PROLiNKusbmodem.sys [?]
S3 PROLiNKusbnmea;PROLiNK DataCard NMEA Port;c:\windows\system32\DRIVERS\PROLiNKusbnmea.sys >-- c:\windows\system32\DRIVERS\PROLiNKusbnmea.sys [?].
kyitno3 - 15/03/2012 12:06 PM
#4807

setor IV
Spoiler for combofix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp.Contents of the 'Scheduled Tasks' folder
.2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-20 01:18]
.2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-20 01:18]
.2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1004336348-839522115-1004Core.job
- c:\documents and settings\fishy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 04:50]
.2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1004336348-839522115-1004UA.job
- c:\documents and settings\fishy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 04:50]
.2012-03-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-04 13:20]
..------- Supplementary Scan -------
.uStart Page = hxxp://mystart.incredibar.com/mb119?a=6R8k3GQYCR&i=26
uInternet Connection Wizard,ShellNext = hxxp://conn.skype.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{B6F25858-6D32-49D6-86E8-85B7B0A2B05D}: NameServer = 203.130.196.10,203.130.196.155
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\fishy\Application Data\Mozilla\Firefox\Profiles\b3oku0xx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb119?a=6R8k3GQYCR&i=26
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3749bc5e-fe93-462b-b552-f65ec74f2e64%7D&mid=cd66dc0a403747d184ed e9293184365b-8779c931c78a83507d91f72a4f5733152ed326f4&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-02-16%20 08%3A02%3A59&sap=ku&q=
FF - user.js: extensions.BabylonToolbar_i.id - 98409ebd00000000000038607760dfa8
FF - user.js: extensions.BabylonToolbar_i.hardId - 98409ebd00000000000038607760dfa8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15384
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:26
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101240
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8k3GQYCR&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 98409ebd00000000000038607760dfa8
FF - user.js: extensions.incredibar_i.hardId - 98409ebd00000000000038607760dfa8
FF - user.js: extensions.incredibar_i.instlDay - 15386
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.278:07
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8k3GQYCR
FF - user.js: extensions.incredibar_i.upn2n - 92823857176772857
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 5
.- - - - ORPHANS REMOVED - - - -.Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-BasicScan - c:\program files\BasicScan\uninstall.exe
AddRemove-RavenBleuSA - c:\documents and settings\fishy\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0\RavenBleuUninstaller.exe
...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 09:47
Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ...
.scanning hidden autostart entries ...
.scanning hidden files ...
.scan completed successfullyhidden files:
0 .**************************************************************************.
--------------------- LOCKED REGISTRY KEYS ---------------------
.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):40,dd,08,58,86,ae,13,31,7b,97,be,19,db,1e,87,17,eb,bb,85,d1,96,
91,f5,50,92,37,82,49,f7,a6,3e,c6,19,61,91,1f,13,72,66,bf,00,00,00,00,00,00,\
.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b556ef00-53b5-4f58-b97e-2c019277021d}]
@Denied: (Full) (Everyone)
"Model"=dword:00000033
"Therad"=dword:00000014
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1228)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(3372)
c:\windows\system32\WININET.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\ieframe.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\nlcspro\csagtpro.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Smadav\SMc:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2012-03-15 09:50:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-15 02:50
.
Pre-Run: 34.697.560.064 bytes free
Post-Run: 34.690.211.840 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C3A0DB6A4CBCB3768B7D400759ACC047
matar - 16/03/2012 12:01 AM
#4808

Permisi agan2, ane mau tanya. Sebelumnya ane mohon maaf mungkin pertanyaannya sudah dijawab d halaman depan, tapi ane kurang paham dengan penjelasan didepan. Jadi HDD ext ane kena virus worm, sudah berhasil dihapus oleh antivirus (kecuali trojan buat crack yang tidak menimbulkan masalah). Worm ini sepertinya membuat folder dalam HDD ext ane lenyap, mungkin terhidden, karena pentingnya data2 dalam HD tersebut, ane tidak berani untuk melakukan format pada HD tersebut. Mohon bantuan agan untuk membantu menemukan folder yg hidden . Terima kasih sebelumnya

Berikut screenshot, mungkin dapat membantu agan2 memahami maksud ane

Spoiler for screenshot kejanggalan




Size HDD ane nih gan...



Tapi isi HDDnya begini

elfandypn - 16/03/2012 07:11 AM
#4809

Quote:
Original Posted By matar
Permisi agan2, ane mau tanya. Sebelumnya ane mohon maaf mungkin pertanyaannya sudah dijawab d halaman depan, tapi ane kurang paham dengan penjelasan didepan. Jadi HDD ext ane kena virus worm, sudah berhasil dihapus oleh antivirus (kecuali trojan buat krack yang tidak menimbulkan masalah). Worm ini sepertinya membuat folder dalam HDD ext ane lenyap, mungkin terhidden, karena pentingnya data2 dalam HD tersebut, ane tidak berani untuk melakukan format pada HD tersebut. Mohon bantuan agan untuk membantu menemukan folder yg hidden . Terima kasih sebelumnya

Berikut screenshot, mungkin dapat membantu agan2 memahami maksud ane

Spoiler for screenshot kejanggalan




Size HDD ane nih gan...



Tapi isi HDDnya begini



terhidden sama virus itu , coba scan pake anvir indonesia seperti smadav insyaallah ketemu

CMIIW mungkin bawah ane bisa bantu
Whitehaze - 16/03/2012 10:26 AM
#4810

siang mastah...ane mau minta tolong di cek in log hijack ane..
sebelum"nya kompi client kantor fine" saja...nah admin kantor colok usb mau numpang buka file..nah dari situ..pas sesudah buka file excel..kompinya client lgs eror..kompinya ga mau buka internet...klo di restart bisa lagi..tapi hanya bertahan 1 jam..sesudah itu ngadat lagi..
saya sudah cek pake smadav,ccleaner,avira.. tidak terdetect virus
mohon bantuan nya..terima kasih

Spoiler for log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:36:56, on 16/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\sadrive32.exe
C:\Program Files\CuteReminder\CuteReminder.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
c:\wamp\mysql\bin\mysqld-nt.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\VRE System Client S\Mkios\Mkios 9\Dial_Mkios.exe
E:\VRE System Client S\Mkios\Mkios 10\Dial_Mkios.exe
C:\Documents and Settings\personal\Application Data\24.tmp
C:\WINDOWS\system32\wuauclt.exe
E:\VRE System Client S\Mkios\Mkios 14\Dial_Mkios.exe
E:\VRE System Client S\Mkios\Mkios 13\Dial_Mkios.exe
E:\VRE System Client S\Mkios\Mkios 8\Dial_Mkios.exe
E:\VRE System Client S\Mkios\Mkios 11\Dial_Mkios.exe
E:\VRE System Client S\Mkios\Mkios 17\Dial_Mkios.exe
E:\VRE System Client S\Modem_MTronik 2.0\MTronik_Ok 5\MTronik_Ok\MTronik.exe
E:\VRE System Client S\Modem_MTronik 2.0\MTronik_Ok 6\MTronik_Ok\MTronik.exe
E:\VRE System Client S\SMS APP\sms app\SmsApp.exe
E:\VRE System Client S\SMS APP\Center 29\SmsApp.exe
E:\VRE System Client S\SMS APP\Sender 3\SmsApp.exe
E:\VRE System Client S\SMS APP\Center 4\SmsApp.exe
E:\VRE System Client S\SMS APP\Center 7\SmsApp.exe
E:\VRE System Client S\SMS APP\Center 9\SmsApp.exe
E:\VRE System Client S\SMS APP\Center 10\SmsApp.exe
E:\VRE System Client S\SMS APP\Sender 6\SmsApp.exe
E:\VRE System Client S\SMS APP\Sender 8\SmsApp.exe
E:\VRE System Client S\SMS APP\Sender XL 10\SmsApp.exe
E:\VRE System Client S\SMS APP\Sender XL 9\SmsApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Babylon-EnglishBB Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\prxtbBab0.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Babylon-EnglishBB - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\prxtbBab0.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Babylon-EnglishBB Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\prxtbBab0.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\sadrive32.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [CuteReminder] C:\Program Files\CuteReminder\CuteReminder.exe
O4 - HKCU\..\Run: [zaber0] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\sadrive32.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport; to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end; to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{859880EC-DD05-4BD3-803B-CF60847C4EC6}: NameServer = 192.168.1.1,202.134.0.155
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: PT Bank Central Asia, Tbk. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\VPN Client\cvpnd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


barusan sudah ane pake malwarebytes..kaya nya mempan
cm lom tau nie hasil nya..sampe saat ini client ane lancar lagi
bagasqara - 16/03/2012 02:11 PM
#4811

ok gan
chuenzzz_08 - 16/03/2012 02:30 PM
#4812

kenapa yak diwin7 kalau buka folder langsung muncul move to rycle bin???
wichak - 16/03/2012 03:55 PM
#4813

gan numpang nanya kok komputer ane setiap abis masuk windows langsung kebuka my document di folder adek ane ya gan ? komputer ane windows xp gan
matar - 16/03/2012 06:13 PM
#4814

Quote:
Original Posted By elfandypn
terhidden sama virus itu , coba scan pake anvir indonesia seperti smadav insyaallah ketemu

CMIIW mungkin bawah ane bisa bantu


Thanks berat gan, solusi agan top BGT dah... mungkin saran agan bisa ditambahkan agar dipakai di halaman depan. Thanks sekali lagi gan
sollami - 16/03/2012 07:28 PM
#4815

makasih banget gan nih sangat membantu masalah ane selama ini ane hadapi di comuter ane....
buat TS bener banyak² terima kasih dari ane
rheza prasetya - 17/03/2012 06:50 AM
#4816

gan minta saran dong
kompi ane kok kadang suka hang,, ato gak kadang suka error di start up semenjak ane masukin flashdisk temen ane yah
tadi ane scan pake OTL, ini hasilnya:
[CODE]OTL logfile created on: 3/17/2012 6:35:19 AM - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\Rheza\Downloads\Compressed
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.11% Memory free
8.00 Gb Paging File | 6.68 Gb Available in Paging File | 83.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172.69 Gb Total Space | 77.43 Gb Free Space | 44.84% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 126.55 Gb Free Space | 64.79% Space Free | Partition Type: NTFS
Drive F: | 97.66 Gb Total Space | 32.93 Gb Free Space | 33.72% Space Free | Partition Type: NTFS

Computer Name: RHEZA-PC | User Name: Rheza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rheza\Downloads\Compressed\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\XWidget\xwidget.exe (xwidget.com)
PRC - D:\Software\Winamp60714\Winamp60714\winamp.exe (Tonec Inc.)
PRC - C:\Program Files\Lock My PC 4\lockpc.exe (FSPro Labs)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
PRC - D:\Software\Winamp60714\Winamp60714\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\Lock My PC 4\LmpcServ.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\zlib.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\CrashRpt.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\DockShellHook.dll ()
MOD - C:\Program Files (x86)\XWidget\Res\Lib\lib.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (SwOffWeb) -- C:\Program Files\Airytec\Switch Off\swoff.exe (Airytec)
SRV:64bit: - (SwOffScheduler) -- C:\Program Files\Airytec\Switch Off\swoff.exe (Airytec)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (LmpcService) -- C:\Program Files\Lock My PC 4\LmpcServ.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (REN2CAP_DRIVER) -- C:\Windows\SysNative\drivers\ren2cap.sys ()
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1039unic.sys (MCCI Corporation)
DRV:64bit: - (s1039obex) -- C:\Windows\SysNative\drivers\s1039obex.sys (MCCI Corporation)
DRV:64bit: - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1039nd5.sys (MCCI Corporation)
DRV:64bit: - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1039mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1039mdm) -- C:\Windows\SysNative\drivers\s1039mdm.sys (MCCI Corporation)
DRV:64bit: - (s1039mdfl) -- C:\Windows\SysNative\drivers\s1039mdfl.sys (MCCI Corporation)
DRV:64bit: - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\Windows\SysNative\drivers\s1039bus.sys (MCCI Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LMPC4) -- C:\Windows\SysNative\drivers\lmpc4.sys (FSPro Labs)
DRV - (KernelMemory) -- C:\Windows\SysWOW64\drivers\KernelMemory.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (VBoxDrv) -- C:\Program Files (x86)\YouWave_Android\vb\VBoxDrv.sys (Oracle Corporation)
DRV - (cpuz134) -- C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys (Windows (R) Win 7 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hugoio64) -- C:\Program Files (x86)\i-Menu\hugoio64.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[/CODE]
rheza prasetya - 17/03/2012 06:51 AM
#4817

lanjutan 1
[CODE]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://plasa.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 9C 5B 15 DC C6 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" =
0
========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rheza\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rheza\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/31 09:22:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/03 08:43:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Rheza\AppData\Roaming\IDM\idmmzcc5 [2011/12/30 20:55:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Rheza\AppData\Roaming\IDM\idmmzcc5 [2011/12/30 20:55:57 | 000,000,000 | ---D | M]

[2011/12/30 18:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rheza\AppData\Roaming\Mozilla\Extensions
[2012/02/12 14:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rheza\AppData\Roaming\Mozilla\Firefox\Profiles\stboqkgr.default\extensions
[2012/02/10 05:08:47 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Rheza\AppData\Roaming\Mozilla\Firefox\Profiles\stboqkgr.default\extensions\firefox@tvunetwor ks.com
[2012/02/03 13:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/03 08:43:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/03 13:36:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\RHEZA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\STBOQKGR.DEFAULT\EXTENSIONS\{DDC359D1-844A-42 A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\RHEZA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\STBOQKGR.DEFAULT\EXTENSIONS\{E968FC70-8F95-4A B9-9E79-304DE2A71EE1}.XPI
[2012/01/29 22:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 20:36:35 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2012/01/29 20:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 20:36:35 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2012/01/29 20:36:35 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012/01/29 20:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/01/29 20:36:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2012/01/29 20:36:35 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}s ourceid=chrome&ie;={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParamet er}client=chrome&hl;={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rheza\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rheza\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rheza\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rheza\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.119 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rheza\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: KASKUS Cendol-Bata Viewer = C:\Users\Rheza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajfcfcknbooaghmccbffjcemleokleil\0.4_0\
CHR - Extension: Kaskus Fixed Text Info Menu = C:\Users\Rheza\AppData\Local\Google\Chrome\User Data\Default\Extensions\akeaggogjonaolinnbpcpaapkgneoiim\1.7_1\
CHR - Extension: Angry Birds = C:\Users\Rheza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
[/CODE]
rheza prasetya - 17/03/2012 06:55 AM
#4818

lanjutan 2
[CODE]CHR - Extension: Kaskus Enhanced Reply-Post = C:\Users\Rheza\AppData\Local\Google\Chrome\User Data\Default\Extensions\baafiljbfnfmjnpiblcdmgiebnfombcc\2.27_0\
CHR - Extension: YouTube = C:\Users\Rheza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Rheza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Tampermonkey = C:\Users\Rheza\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.4.2691_0\
CHR - Extension: Kaskus De-Obfuscator = C:\Users\Rheza\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmfihgkegakegkjmggofpcmjhcjanjo\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\Rheza\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Kaskus Quick Reply = C:\Users\Rheza\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikajhboajmgeoppliaiegpgplgjpphj\3.2.7_0\
CHR - Extension: De-Adf.ly = C:\Users\Rheza\AppData\Local\Google\Chrome\User Data\Default\Extensions\leldakonelpehbipnfkpnheheblknehi\1.0_0\
CHR - Extension: Falling Sand = C:\Users\Rheza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggaepdghiamdelgbgolfggheakmdgon\2.2.1_0\
CHR - Extension: Gmail = C:\Users\Rheza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 04:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Show Naturalreader Bar) - {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} - C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [IDMan] D:\Software\Winamp60714\Winamp60714\winamp.exe (Tonec Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [XWidget] C:\Program Files (x86)\XWidget\xwidget.exe (xwidget.com)
O4 - Startup: C:\Users\Rheza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O4 - Startup: C:\Users\Rheza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VDownloader.lnk = C:\Program Files (x86)\VDownloader\VDownloader.exe (Vitzo)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn =
0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle =
0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures =
0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername =
0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption =
0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken =
0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8[/CODE]
rheza prasetya - 17/03/2012 06:56 AM
#4819

lanjutan
[CODE]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all links with IDM - D:\Software\Winamp60714\Winamp60714\IEGetAll.htm File not found
O8:64bit: - Extra context menu item: Download with IDM - D:\Software\Winamp60714\Winamp60714\IEExt.htm File not found
O8:64bit: - Extra context menu item: E&xport; to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Download all links with IDM - D:\Software\Winamp60714\Winamp60714\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - D:\Software\Winamp60714\Winamp60714\IEExt.htm File not found
O8 - Extra context menu item: E&xport; to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end; to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF6E03B5-FD79-4DC6-BAA1-C6F805B651E1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF6E03B5-FD79-4DC6-BAA1-C6F805B651E1}: NameServer = 125.160.2.34,180.131.144.144
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found[/CODE]
rheza prasetya - 17/03/2012 06:58 AM
#4820

lanjutan
[CODE]
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
[/CODE]
Page 241 of 336 | ‹ First  < 236 237 238 239 240 241 242 243 244 245 246 >  Last ›
Home > LOEKELOE > COMPUTER STUFF > Virus Antivirus Virus Antivirus Virus Antivirus Virus Antivirus Virus Antivirus Virus