COMPUTER STUFF
Home > LOEKELOE > COMPUTER STUFF > Virus Antivirus Virus Antivirus Virus Antivirus Virus Antivirus Virus Antivirus Virus
Total Views: 335458
Page 242 of 336 | ‹ First  < 237 238 239 240 241 242 243 244 245 246 247 >  Last ›

rheza prasetya - 17/03/2012 07:00 AM
#4821

lanjutan
[CODE]O27:64bit: - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\pccompanion.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\pccompanion.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{44b91663-32dc-11e1-9005-50e5496b3269}\Shell - "" = AutoRun
O33 - MountPoints2\{44b91663-32dc-11e1-9005-50e5496b3269}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{ed9449f0-3760-11e1-802b-50e5496b3269}\Shell - "" = AutoRun
O33 - MountPoints2\{ed9449f0-3760-11e1-802b-50e5496b3269}\Shell\AutoRun\command - "" =
0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/15 14:25:28 | 000,000,000 | ---D | C] -- C:\Users\Rheza\Documents\Cropper Captures
[2012/03/15 14:24:34 | 000,000,000 | ---D | C] -- C:\Users\Rheza\AppData\Roaming\Cropper
[2012/03/15 14:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fusion8Design
[2012/03/15 14:21:42 | 000,000,000 | ---D | C] -- C:\Users\Rheza\Desktop\New Folder
[2012/03/15 14:13:24 | 000,000,000 | ---D | C] -- C:\Users\Rheza\AppData\Local\Wisdom-soft
[2012/03/15 14:13:09 | 000,000,000 | ---D | C] -- C:\Users\Rheza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2012/03/15 14:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2012/03/15 14:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free
[2012/03/06 19:05:53 | 000,000,000 | ---D | C] -- C:\Users\Rheza\Documents\Comic Life
[2012/03/06 19:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\plasq
[2012/03/04 21:25:47 | 000,000,000 | ---D | C] -- C:\Users\Rheza\Documents\MAGIX downloads
[2012/03/04 21:25:47 | 000,000,000 | ---D | C] -- C:\Users\Rheza\Documents\MAGIX
[2012/03/04 21:24:54 | 000,000,000 | ---D | C] -- C:\Users\Rheza\Documents\MAGIX_MusicEditor
[2012/03/04 21:24:54 | 000,000,000 | ---D | C] -- C:\Users\Rheza\AppData\Local\MAGIX
[2012/03/04 21:24:53 | 000,000,000 | ---D | C] -- C:\Users\Rheza\AppData\Local\Xara
[2012/03/04 21:24:51 | 000,000,000 | ---D | C] -- C:\Users\Rheza\AppData\Roaming\MAGIX
[2012/03/04 21:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2012/03/04 21:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012/03/04 21:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2012/03/04 21:23:44 | 000,000,000 | ---D | C] --
[/CODE]
rheza prasetya - 17/03/2012 07:01 AM
#4822

lanjutan
[CODE]C:\ProgramData\MAGIX
[2012/03/04 21:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2012/03/01 06:45:34 | 000,000,000 | ---D | C] -- C:\Users\Rheza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thread Eye
[2012/03/01 06:45:06 | 000,000,000 | ---D | C] -- C:\Users\Rheza\AppData\Local\Deployment
[2012/03/01 06:45:06 | 000,000,000 | ---D | C] -- C:\Users\Rheza\AppData\Local\Apps
[2012/03/01 06:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/03/01 06:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/02/23 18:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/02/23 18:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/02/21 15:55:00 | 000,000,000 | ---D | C] -- C:\Users\Rheza\AppData\Roaming\Thunderbird
[2012/02/21 15:55:00 | 000,000,000 | ---D | C] -- C:\Users\Rheza\AppData\Local\Thunderbird
[2012/02/20 15:47:22 | 000,000,000 | ---D | C] -- C:\Users\Rheza\Documents\Eidos
[2012/02/20 15:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/02/20 15:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012/02/20 15:47:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2012/02/20 15:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/02/20 15:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2012/02/20 15:45:55 | 000,000,000 | ---D | C] -- C:\Users\Rheza\AppData\Local\Downloaded Installations
[2012/02/20 15:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
[2012/02/20 15:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eidos
[2012/02/18 22:52:41 | 000,000,000 | ---D | C] -- C:\Users\Rheza\Documents\JoWooD
[2012/02/18 22:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cinemaware Marquee
[2012/02/18 22:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cinemaware Marquee
[2012/02/18 20:21:53 | 000,000,000 | ---D | C] -- C:\Users\Rheza\Documents\MosaicProject
[2012/02/18 20:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Mosaic V8 Pro
[2012/02/18 20:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Mosaic V8 Pro

========== Files - Modified Within 30 Days ==========

[2012/03/17 06:30:35 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/17 06:30:35 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/17 06:25:36 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/03/17 06:24:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/17 06:24:51 | 3220,017,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/16 23:18:10 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2235543536-2016087024-1822912052-1000UA.job
[2012/03/15 22:25:14 | 000,011,301 | ---- | M] () -- C:\Users\Rheza\Desktop\ScreenHunter_04 Mar. 15 22.25.jpg
[2012/03/15 21:43:49 | 000,197,212 | ---- | M] () -- C:\Users\Rheza\Desktop\3340430_460s_v1.jpg
[2012/03/15 21:09:44 | 001,235,229 | ---- | M] () -- C:\Users\Rheza\Desktop\c8563a01fa42db0982792e79dbe3b33f.jpg
[2012/03/15 21:08:18 | 000,167,840 | ---- | M] () -- C:\Users\Rheza\Desktop\ScreenHunter_04 Mar. 15 21.08.jpg
[2012/03/15 21:08:07 | 000,167,886 | ---- | M] () -- C:\Users\Rheza\Desktop\ScreenHunter_03 Mar. 15 21.08.jpg
[2012/03/15 21:05:13 | 000,161,910 | ---- | M] () -- C:\Users\Rheza\Desktop\peta_dufan.jpg
[2012/03/12 00:38:14 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/12 00:38:14 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/12 00:38:14 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/10 08:18:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2235543536-2016087024-1822912052-1000Core.job
[2012/03/06 19:05:53 | 000,000,004 | RHS- | M] () -- C:\ProgramData\sysqcl0.dat
[2012/03/05 18:08:44 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job
[2012/03/04 22:56:05 | 000,489,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/22 18:08:09 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012/02/19 10:00:41 | 000,000,008 | RHS- | M] () -- C:\Users\Rheza\ntuser.pol
[2012/02/19 09:59:47 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol

========== Files Created - No Company Name ==========

[2012/03/15 22:25:14 | 000,011,301 | ---- | C] () -- C:\Users\Rheza\Desktop\ScreenHunter_04 Mar. 15 22.25.jpg
[2012/03/15 21:43:51 | 000,197,212 | ---- | C] () -- C:\Users\Rheza\Desktop\3340430_460s_v1.jpg
[2012/03/15 21:09:46 | 001,235,229 | ---- | C] () -- C:\Users\Rheza\Desktop\c8563a01fa42db0982792e79dbe3b33f.jpg
[2012/03/15 21:08:18 | 000,167,840 | ---- | C] () -- C:\Users\Rheza\Desktop\ScreenHunter_04 Mar. 15 21.08.jpg
[2012/03/15 21:08:07 | 000,167,886 | ---- | C] () -- C:\Users\Rheza\Desktop\ScreenHunter_03 Mar. 15 21.08.jpg
[2012/03/15 21:05:21 | 000,161,910 | ---- | C] () -- C:\Users\Rheza\Desktop\peta_dufan.jpg
[2012/03/15 14:23:06 | 000,003,011 | ---- | C] () -- C:\Users\Rheza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cropper.lnk
[2012/03/06 19:05:53 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl0.dat
[2012/02/14 21:32:24 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/29 22:36:17 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ArmAccess.dll
[2012/01/29 22:35:42 | 001,425,816 | ---- | C] () -- C:\Windows\SysWow64\OfficeTabFunction_2.dll
[2012/01/29 22:35:42 | 001,425,816 | ---- | C] () -- C:\Windows\SysWow64\OfficeTabFunction.dll
[2012/01/29 09:28:12 | 000,008,704 | ---- | C] () -- C:\Users\Rheza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/05 14:16:33 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/01/05 14:16:31 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/01/03 19:45:16 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/12/31 23:12:29 | 000,676,224 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll
[2011/12/31 11:40:36 | 000,002,432 | ---- | C] () -- C:\Windows\SysWow64\drivers\KernelMemory.sys
[2011/12/30 21:16:02 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011/12/30 19:58:48 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
[2011/12/30 18:07:22 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/30 18:07:21 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/30 18:07:21 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/30 18:07:21 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/30 16:56:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/30 16:54:45 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/11/10 09:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/10 09:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/13 06:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[/CODE]
rheza prasetya - 17/03/2012 07:02 AM
#4823

lanjutan
[CODE]========== LOP Check ==========

[2012/01/14 10:26:58 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\Acapela Group
[2012/01/02 12:09:06 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\Ace
[2012/01/01 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\Airytec
[2012/01/21 17:02:29 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\com.w3i.FlipToast
[2012/03/15 14:24:35 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\Cropper
[2012/01/05 13:32:17 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\DAEMON Tools Lite
[2012/01/04 18:06:05 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\dll-files.com
[2012/03/17 00:04:37 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\DMCache
[2012/02/11 15:31:39 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\FrimaStudio
[2012/01/26 09:27:04 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\GlarySoft
[2012/02/07 22:54:20 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\gtk-2.0
[2012/03/09 18:49:01 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\Hear
[2012/01/02 11:46:40 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\IDM
[2012/03/04 21:25:48 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\MAGIX
[2012/02/05 21:25:22 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\MyPhoneExplorer
[2012/01/15 09:09:33 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\OpenCandy
[2011/12/30 17:47:25 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\PDF Reader
[2012/01/05 14:16:30 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\PunkBuster
[2011/12/31 11:56:16 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\Rovio
[2012/02/04 12:32:08 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\Software Informer
[2011/12/30 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\Stardock
[2012/03/16 18:41:55 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\TeraCopy
[2011/12/31 10:00:06 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\Thinstall
[2012/01/01 00:44:13 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\thriXXX
[2012/02/21 15:55:00 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\Thunderbird
[2011/12/30 17:52:30 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\TuneUp Software
[2012/01/02 12:09:41 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\UP
[2012/01/07 15:51:56 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\VDownloader
[2012/02/04 12:41:48 | 000,000,000 | ---D | M] -- C:\Users\Rheza\AppData\Roaming\Xilisoft
[2012/03/05 18:08:44 | 000,000,272 | ---- | M] () -- C:\Windows\Tasks\DLL-files.com Fixer_MONTHLY.job
[2012/02/22 18:08:09 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job
[2012/03/17 06:25:36 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/03/12 00:32:17 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes >- C:\ProgramData\TEMP:58A5270D

< End of report >[/CODE]

buseeet, pegel juga gan
mohon bimbingannya
r31ns - 17/03/2012 01:07 PM
#4824

bisa tolong di bantu jika di check ini virus namanya nex heur.level 9
dia menjinjeksi pada saat booting awal2



udah wa stop semua, trus masuk regedit untuk mendelete



tapi pas restart dia balik lagi begini terus. malah ganti2 nama dari pertama b menjadi a sekarang.

ada yg bisa bantu?? terima kasih


Spoiler for log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.17.03

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
r31n :: R31N-PC [administrator]

3/17/2012 13:10:20
mbam-log-2012-03-17 (13-10-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 179975
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Detected:
0 (No malicious items detected)

Memory Modules Detected:
0 (No malicious items detected)

Registry Keys Detected:
0 (No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.FakeMS) >- Data: C:\Users\r31n\AppData\Local\dplaysvr.exe >- Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{58C5CE6F-1109-AD7F-B1BD-AC61802D8F7C} (Trojan.ZbotR.Gen) >- Data: C:\Users\r31n\AppData\Roaming\Ezka\agko.exe >- Quarantined and deleted successfully.

Registry Data Items Detected:
0 (No malicious items detected)

Folders Detected:
0 (No malicious items detected)

Files Detected: 6
C:\Users\r31n\AppData\Local\dplaysvr.exe (Trojan.FakeMS) >- Quarantined and deleted successfully.
C:\Users\r31n\AppData\Roaming\Ewhchg.exe (Trojan.Inject) >- Quarantined and deleted successfully.
C:\Users\r31n\AppData\Local\Temp\~!#9159.tmp (Trojan.Agent) >- Quarantined and deleted successfully.
C:\Users\r31n\Local Settings\Application Data\dplaysvr.exe (Trojan.FakeMS) >- Quarantined and deleted successfully.
C:\Users\r31n\AppData\Local\Temp\0.6890914805428668.exe (Exploit.Drop.2) >- Quarantined and deleted successfully.
C:\Users\r31n\AppData\Roaming\Ezka\agko.exe (Trojan.ZbotR.Gen) >- Quarantined and deleted successfully.

(end)

[/QUOTE]
elfandypn - 17/03/2012 01:40 PM
#4825

Quote:
Original Posted By matar


Thanks berat gan, solusi agan top BGT dah... mungkin saran agan bisa ditambahkan agar dipakai di halaman depan. Thanks sekali lagi gan


Sama - sama gan ane juga masih nubi hehe
itu juga sama kayak pengalaman ane jadi sharing aja lah hehe

ayubaza - 17/03/2012 02:36 PM
#4826

om sepuh penguna esetnod32
kalo ada yg punya user name and paswordnya tlong share dong ane butuh nih
Ichigo.MC - 17/03/2012 04:10 PM
#4827

Ty infonya gan
elfandypn - 17/03/2012 04:57 PM
#4828

Quote:
Original Posted By ayubaza
om sepuh penguna esetnod32
kalo ada yg punya user name and paswordnya tlong share dong ane butuh nih


Coba ini gan :
Username: EAV-60918148
Password: bfmaabs4t6

Username: EAV-61334899
Password: vj723b2mme

ane liat di blog orang , coba di cek gan hehe :
Spoiler for blog esetnod32
http://n*d32sky1.bl*gsp*t.c*m/

* diganti dengan o
INPAG - 17/03/2012 05:46 PM
#4829

Quote:
Original Posted By r31ns
bisa tolong di bantu jika di check ini virus namanya nex heur.level 9
dia menjinjeksi pada saat booting awal2



udah wa stop semua, trus masuk regedit untuk mendelete



tapi pas restart dia balik lagi begini terus. malah ganti2 nama dari pertama b menjadi a sekarang.

ada yg bisa bantu?? terima kasih


Spoiler for "log"
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.17.03

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
r31n :: R31N-PC [administrator]

3/17/2012 13:10:20
mbam-log-2012-03-17 (13-10-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 179975
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Detected:
0 (No malicious items detected)

Memory Modules Detected:
0 (No malicious items detected)

Registry Keys Detected:
0 (No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |dplaysvr (Trojan.FakeMS) >- Data: C:\Users\r31n\AppData\Local\dplaysvr.exe >- Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |{58C5CE6F-1109-AD7F-B1BD-AC61802D8F7C} (Trojan.ZbotR.Gen) >- Data: C:\Users\r31n\AppData\Roaming\Ezka\agko.exe >- Quarantined and deleted successfully.

Registry Data Items Detected:
0 (No malicious items detected)

Folders Detected:
0 (No malicious items detected)

Files Detected: 6
C:\Users\r31n\AppData\Local\dplaysvr.exe (Trojan.FakeMS) >- Quarantined and deleted successfully.
C:\Users\r31n\AppData\Roaming\Ewhchg.exe (Trojan.Inject) >- Quarantined and deleted successfully.
C:\Users\r31n\AppData\Local\Temp\~!#9159.tmp (Trojan.Agent) >- Quarantined and deleted successfully.
C:\Users\r31n\Local Settings\Application Data\dplaysvr.exe (Trojan.FakeMS) >- Quarantined and deleted successfully.
C:\Users\r31n\AppData\Local\Temp\0.689091480542866 8.exe (Exploit.Drop.2) >- Quarantined and deleted successfully.
C:\Users\r31n\AppData\Roaming\Ezka\agko.exe (Trojan.ZbotR.Gen) >- Quarantined and deleted successfully.

(end)
[/QUOTE]

gunakan kaspersky gan :thumbup
ayubaza - 17/03/2012 07:24 PM
#4830

Quote:
Original Posted By elfandypn


Coba ini gan :
Username: EAV-60918148
Password: bfmaabs4t6

Username: EAV-61334899
Password: vj723b2mme

ane liat di blog orang , coba di cek gan hehe :
Spoiler for blog esetnod32
http://n*d32sky1.bl*gsp*t.c*m/

* diganti dengan o


trimakasih sepuuhh
kurosaki354 - 17/03/2012 09:31 PM
#4831

update an terbaaru avg ada gag gan????
r31ns - 17/03/2012 10:16 PM
#4832

Quote:
Original Posted By INPAG


gunakan kaspersky gan :thumbup[/QUOTE]

kok gw instal kaspersky dah 20 menit mpe yg removing incompetible progam dah ga lanjut2 lagi ya??
elfandypn - 17/03/2012 10:18 PM
#4833

Quote:
Original Posted By ayubaza


trimakasih sepuuhh


sama - sama gan , itu juga dari sumber dari blog orang
bagi ijo dong gan hehe

Quote:
Original Posted By kurosaki354
update an terbaaru avg ada gag gan????


coba gan diliat di :
Spoiler for AVG comunity


elfandypn - 17/03/2012 10:22 PM
#4834

Quote:
Original Posted By r31ns

kok gw instal kaspersky dah 20 menit mpe yg removing incompetible progam dah ga lanjut2 lagi ya??


ente instal kaspersky apa kalo boleh tau ?
sama disediakan SS nya biar para sepuh bisa bantu

funghaifeng - 18/03/2012 01:07 AM
#4835
koneksi internet suka terpakai untuk hal tidak jelas
ini LOG nya :
[CODE]
dari OTL.TXT

OTL logfile created on: 3/18/2012 12:59:22 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alvin\Downloads\Programs
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 54.64% Memory free
3.87 Gb Paging File | 2.93 Gb Available in Paging File | 75.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31.86 Gb Total Space | 9.42 Gb Free Space | 29.56% Space Free | Partition Type: NTFS
Drive E: | 58.59 Gb Total Space | 50.66 Gb Free Space | 86.46% Space Free | Partition Type: exFAT
Drive F: | 58.59 Gb Total Space | 45.39 Gb Free Space | 77.48% Space Free | Partition Type: exFAT

Computer Name: ALVIN-PC | User Name: Alvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alvin\Downloads\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\chrome-win32\chrome.exe (The Chromium Authors)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\ViakaraokeSrv.exe (VIA Technologies, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - F:\Warcraft 3\WarKey 6.2\WarKey.exe (YuLv.Net)
PRC - C:\Program Files\Modem AC2726i UI\bin\App.exe (ZTEMT)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Modem AC2726i UI\bin\MonServiceUDisk.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\chrome-win32\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files\chrome-win32\avcodec-53.dll ()
MOD - C:\Program Files\chrome-win32\avformat-53.dll ()
MOD - C:\Program Files\chrome-win32\avutil-51.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\skin.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Program Files\Modem AC2726i UI\bin\Setting.dll ()
MOD - C:\Program Files\Modem AC2726i UI\bin\RasWrapper.dll ()
MOD - C:\Program Files\Modem AC2726i UI\bin\System.Docking.dll ()
MOD - C:\Program Files\Modem AC2726i UI\bin\XProgress.dll ()
MOD - C:\Program Files\Modem AC2726i UI\bin\DM.dll ()
MOD - C:\Program Files\Modem AC2726i UI\bin\Log.dll ()
MOD - C:\Program Files\RocketDock\RocketDock.exe ()
MOD - C:\Program Files\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV - (VIAKaraokeService) -- C:\Windows\System32\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (UDisk Monitor) -- C:\Program Files\Modem AC2726i UI\bin\MonServiceUDisk.exe ()
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (MpKsl684f6baa) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6098A9C6-0705-4DB3-AB7E-08E6C7578744}\MpKsl684f6baa.sys (Microsoft Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (ztemtusbser) -- C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys (ZTEMT Incorporated)
DRV - (VSPerfDrv100) -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=110141&babsrc=HP_ss&mntrId=544fddec000000000000000000000000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://plasa.msn.com/?rd=1&ucc=ID&dcc=ID&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 48 02 72 01 F3 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" =
0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Alvin\AppData\Roaming\IDM\idmmzcc5 [2012/02/21 15:49:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Alvin\AppData\Roaming\IDM\idmmzcc5 [2012/02/21 15:49:49 | 000,000,000 | ---D | M]


[/CODE]
funghaifeng - 18/03/2012 01:09 AM
#4836
lanjutan
[CODE]

O1 HOSTS File: ([2009/06/11 04:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle =
0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures =
0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername =
0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption =
0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken =
0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

[/CODE]
funghaifeng - 18/03/2012 01:16 AM
#4837
jut
[CODE]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B6D0044-0839-4A4E-B529-34C23CB077A1}: NameServer = 10.17.3.252 10.17.3.246
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) -C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bf3aabd6-5ce0-11e1-9577-e9d90eeef7bb}\Shell - "" = AutoRun
O33 - MountPoints2\{bf3aabd6-5ce0-11e1-9577-e9d90eeef7bb}\Shell\AutoRun\command - "" = H:\Setup.exe /Auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[/CODE]
funghaifeng - 18/03/2012 01:18 AM
#4838
masi panjang
[CODE]
========== Files/Folders - Created Within 30 Days ==========

[2012/03/17 17:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/03/17 12:40:37 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/03/17 12:40:22 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/03/16 22:45:00 | 000,000,000 | ---D | C] -- C:\Users\Alvin\AppData\Local\Diagnostics
[2012/03/16 22:05:34 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/03/16 22:05:34 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/03/16 22:05:34 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/03/16 22:05:34 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/03/16 22:05:34 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/03/16 22:05:34 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/03/16 22:05:33 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/03/16 22:05:33 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/03/16 22:05:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/03/16 22:05:33 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/03/16 22:05:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/03/16 22:05:33 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/03/16 21:44:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/03/16 15:51:22 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2012/03/16 15:51:22 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012/03/16 15:51:22 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012/03/16 15:33:38 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/03/16 15:33:38 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/03/16 15:30:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012/03/16 15:30:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012/03/16 15:12:01 | 002,341,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/16 15:11:48 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/16 15:11:47 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2012/03/16 15:11:47 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/16 15:11:47 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/16 15:11:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/16 15:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetScream
[2012/03/16 14:58:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/03/16 14:56:11 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2012/03/16 14:56:11 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012/03/16 14:55:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/03/16 14:55:52 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/03/16 14:55:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012/03/16 14:55:52 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/03/16 14:55:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/03/16 14:55:52 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/03/16 14:55:15 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012/03/16 14:55:15 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/03/16 14:55:15 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/03/16 14:55:14 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2012/03/16 14:51:25 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012/03/16 14:50:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/03/16 13:54:35 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2012/03/16 13:54:33 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/03/16 13:54:32 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/03/16 13:54:22 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/03/16 13:54:19 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/03/16 13:54:18 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2012/03/16 13:54:17 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/03/16 13:54:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/03/16 13:54:03 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/03/16 13:54:02 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/03/16 13:51:23 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/03/16 13:51:23 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/03/16 13:51:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/03/16 13:51:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/16 13:51:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/03/16 13:51:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/03/16 13:51:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/16 13:51:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/16 13:51:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/16 13:51:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/03/16 13:51:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/03/16 13:51:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/16 13:51:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/03/16 13:51:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/03/16 13:51:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/16 13:51:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/16 13:51:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/16 13:51:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/03/16 13:51:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/16 13:51:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/03/16 13:51:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/16 13:51:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/03/16 13:51:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/03/16 13:51:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/03/16 13:51:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/16 13:51:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/16 13:51:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/16 13:51:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/03/16 13:51:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/16 13:51:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) --
[/CODE]
funghaifeng - 18/03/2012 01:19 AM
#4839

[CODE]
C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/03/16 13:51:08 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/03/16 13:51:07 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/03/16 13:50:59 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2012/03/16 13:50:59 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012/03/16 13:50:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2012/03/16 13:50:58 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll

[2012/03/16 13:50:58 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2012/03/16 13:48:44 | 003,957,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/03/16 13:48:44 | 003,901,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/03/16 13:47:56 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012/03/16 13:47:54 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012/03/16 13:45:15 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/03/16 13:45:14 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/03/16 13:39:02 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012/03/16 13:06:13 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/03/16 13:06:03 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/03/16 13:06:03 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/03/16 13:06:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/03/12 21:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/12 21:34:00 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/03/11 21:29:37 | 000,000,000 | -HSD | C] -- C:\[Smad-Cage]
[2012/03/11 21:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\NetScream
[2012/03/10 19:38:06 | 000,000,000 | ---D | C] -- C:\Users\Alvin\AppData\Roaming\MozillaControl
[2012/03/10 19:38:06 | 000,000,000 | ---D | C] -- C:\Users\Alvin\AppData\Roaming\Mozilla
[2012/03/08 15:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio
[2012/03/07 10:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\intype
[2012/02/29 13:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/02/29 13:52:59 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2012/02/29 13:52:58 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2012/02/29 13:52:58 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2012/02/29 13:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/02/27 14:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/02/27 14:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[/CODE]
funghaifeng - 18/03/2012 01:21 AM
#4840

[CODE]

[2012/02/27 08:37:14 | 000,000,000 | ---D | C] -- C:\Users\Alvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2012/02/27 08:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2012/02/27 08:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Intelore
[2012/02/27 08:29:36 | 000,000,000 | ---D | C] -- C:\Users\Alvin\AppData\Local\Babylon
[2012/02/27 08:29:35 | 000,000,000 | ---D | C] -- C:\Users\Alvin\AppData\Roaming\Babylon
[2012/02/27 08:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/02/27 08:28:31 | 000,000,000 | ---D | C] -- C:\Users\Alvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
[2012/02/27 08:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Cracker
[2012/02/26 19:22:12 | 000,000,000 | ---D | C] -- C:\Users\Alvin\AppData\Roaming\Notepad++
[2012/02/26 19:21:50 | 000,000,000 | ---D | C] -- C:\Users\Alvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/02/26 19:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/02/26 19:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2012/02/26 19:02:36 | 000,000,000 | ---D | C] -- C:\xampp
[2012/02/24 09:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2012/02/24 09:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP1800 series
[2012/02/24 09:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Notes for Windows Vista
[2012/02/24 09:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP1800 series Manual
[2012/02/24 09:37:46 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2012/02/24 09:31:10 | 000,198,656 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM8O.DLL
[2012/02/24 09:28:39 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/02/24 09:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/02/24 09:27:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/02/23 22:54:14 | 000,000,000 | ---D | C] -- C:\Users\Alvin\AppData\Local\Microsoft_Corporation
[2012/02/23 22:17:14 | 000,000,000 | ---D | C] -- C:\Users\Alvin\Documents\Integration Services Script Component
[2012/02/23 22:16:16 | 000,000,000 | ---D | C] -- C:\Users\Alvin\Documents\Integration Services Script Task
[2012/02/23 22:15:59 | 000,000,000 | ---D | C] -- C:\Users\Alvin\Documents\SQL Server Management Studio
[2012/02/23 21:43:32 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2012/02/23 21:43:24 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2012/02/23 21:42:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\RsFx
[2012/02/23 21:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2012/02/23 21:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/02/23 21:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
[2012/02/23 21:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/02/23 21:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/02/23 21:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/02/23 21:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2012/02/23 21:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/02/23 21:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2012/02/23 21:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2012/02/23 21:26:29 | 000,000,000 | ---D | C] -- C:\Users\Alvin\Documents\Visual Studio 2008
[2012/02/23 21:25:25 | 000,000,000 | ---D | C] -- C:\Users\Alvin\Documents\Visual Studio 2010
[2012/02/23 21:21:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2012/02/23 21:20:59 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2012/02/23 21:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft F#
[2012/02/23 21:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2012/02/23 21:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
[2012/02/23 21:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2012/02/23 21:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2012/02/23 21:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012/02/23 21:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2012/02/23 21:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2012/02/23 21:13:49 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/02/23 21:13:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/02/23 21:13:49 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/02/22 21:28:58 | 000,000,000 | ---D | C] -- C:\Users\Alvin\Documents\Updater5
[2012/02/22 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Alvin\AppData\Roaming\Macromedia
[2012/02/22 20:47:21 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/22 20:47:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/02/22 12:12:49 | 000,000,000 | ---D | C] -- C:\Users\Alvin\AppData\Roaming\Rovio
[2012/02/22 11:57:06 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/22 11:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012/02/22 11:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012/02/22 11:38:13 | 000,000,000 | ---D | C] -- C:\Users\Alvin\AppData\Roaming\Winamp
[2012/02/22 11:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2012/02/22 11:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2012/02/22 11:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2012/02/22 11:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2012/02/22 11:05:31 | 000,000,000 | ---D | C] -- C:\Users\Alvin\Documents\hj
[2012/02/22 11:04:44 | 000,000,000 | ---D | C] -- C:\Users\Alvin\Documents\Angry Birds www.remo-xp.com
[2012/02/22 11:04:41 | 000,000,000 | ---D | C] -- C:\Users\Alvin\Documents\a
[2012/02/22 11:04:29 | 000,000,000 | ---D | C] -- C:\Users\Alvin\Documents\1NDS
[2012/02/22 11:00:30 | 044,099,520 | ---- | C] (I Sioux B.V. ) -- C:\Users\Alvin\Documents\GovernorofPoker.exe
[/CODE]
Page 242 of 336 | ‹ First  < 237 238 239 240 241 242 243 244 245 246 247 >  Last ›
Home > LOEKELOE > COMPUTER STUFF > Virus Antivirus Virus Antivirus Virus Antivirus Virus Antivirus Virus Antivirus Virus