Forum Sementara Putera.com

Bersama kita perkemaskan forum ini sementara forum asal dalam pemulihan.

Forum putera dah kembali. Masalah sudah berjaya diselesaikan. Sila lawati http://forum.putera.com/tanya


    w.exe n vv.exe

    Share

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    w.exe n vv.exe

    Post by mael4704 on Tue Apr 07, 2009 4:53 pm

    makhluk nih dah run dalam system32 n yg aku nampak dalam task manager cume w.exe, aku dah stop proses tuh, dalam c/win/sys32 aku dah sumbat dalam .rar.
    ade sesaper bleh bg solution camner nak lebih pasti tuk system dalam lappy aku lebeh bersih, sbb yg aku dah google, w.exe nih dier curik maklumat.
    av bit defender tak dtc sbg virus,siap kabo clean agi..cm bit defender total 2009 yg masih lagi dalam trial nih mintak pelepasan same ader aku nak blok or tak program nih ke internet..
    tuh yg bleh perasan sbb pelik la pulak tengok name tuh.
    ade lg satu file yg aku tak ingt name die dalam family(w.exe) nih gak tp duk kat temp folder
    tak sempat nak perati bebetul sbb popup tuh dah terpadam
    tu yg muskill nak off lappy aku neh
    karang tak bleh nak login lak,
    sbb aku br jew format win penangan mahluk ape tak sampaikan safe mod pown takleh masuk
    bl masuk dier kuar lik
    huhuh
    ader sesaper leh toolon tak tetengokan aper yg tak kene...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:51:37, on 07/04/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe
    C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\DOCUME~1\ISMAEL\LOCALS~1\Temp\RtkBtMnt.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
    D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\system32\taskmgr.exe
    D:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gpedit.msc/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [DiskMonitor] "C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe" hide
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware workstation\vsocklib.dll
    O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware workstation\vsocklib.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

    --
    End of file - 6584 bytes

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: w.exe n vv.exe

    Post by baok on Tue Apr 07, 2009 8:32 pm

    beb... aku pening kepala baca penerangan ko.. cube terangkan dengan ringkas dan padat.. jangan pusing2 dan jangan gune banyak sangat ayat sms.. aku ni tak reti nak baca ayat sms nih..

    HijackThis shows nothing to me.. dan ko ade VMWare.. ko cube test virus tu kat VMWare ke?

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Tue Apr 07, 2009 9:01 pm

    sory bro,
    k cirite macam ni
    aku tak test pon virus tu dalam vmware dan mmg aku ada vmware work station
    virus ni bitdefen total yg jumpe..tp tak cakap pon yg w.exe tu virus
    w.exe ni nak connect internet so kebiasaan bitdefend akan keluar pop up tuk aku allow or block
    tp kat popup tu aku bc,server yg die nak pg tuh pelik plak.
    aku serch kat google w.exe tu n dapat maklumat yg w.exe tu dikatogarikan pencurik maklumat
    like keylogger etc etc.
    aku.
    jd aku cari location file tu dah zipkan die.
    sampailah aku restart lappy ni..
    semue ikon hilang bar kat bawah tu
    aku wat new task kat taskmanager pon tak boleh gak,kene browse carik ekxplore tu br bleh datang balik semua ikon.
    aku scann lagi kai bitdefender jumpe pulak hantu lain.
    quarantin lah thn aku restart semule.
    hilang lagi, kali ni lagi sakit nak masuk taskmng pon susah(ctrl+del)
    memanjang window close cakap nak elakan demage..kemudian semue newtask yg aku buat pon die tutup balik

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: w.exe n vv.exe

    Post by baok on Tue Apr 07, 2009 9:30 pm

    Apa yang Bit Defender jumpe? ade log die tak?

    pergi kat C:\Windows folder dan carik explorer.exe kalau ada.. jangan buang, just bagitau dulu ade atau tidak..

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Wed Apr 08, 2009 12:04 am

    explore.exe tu ader dan aku gunekan tu la nak bg ade balik semua icon,
    nak kesane pon pakai taskmanager(ctrl+alt+del) setelah end network proses taksilap. kalu tak end mmg tak boleh masuk langsung,klick ape skali pon akan close dan send eror report.
    lepas end svhost.exe(under network sebanyak 4 jenis)komputer akan restart dan baru bleh cari gune task manager untuk run explore.exe
    scann yg terbaru td bitdefender tak jumpe sebarang virus.

    aku dah fenin dah nih sbb ari sabtu lepas br fresh format
    prasangke buruk aku terpikir dekat external aku tu yg ade ganggun.

    e_sentinel
    Ahli Baharu
    Ahli Baharu

    Number of posts : 479
    Registration date : 02/03/2009

    Re: w.exe n vv.exe

    Post by e_sentinel on Wed Apr 08, 2009 12:27 am

    Jika ia berkenaan dengan network, try LSP-Fix - http://www.cexx.org/lspfix.htm

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: w.exe n vv.exe

    Post by baok on Wed Apr 08, 2009 12:54 am

    lepas end svhost.exe(under network sebanyak 4 jenis)komputer akan restart

    svchost.exe ke atau svhost.exe? Jom kite tgk dengan lebih dalam ape yg ada dalam pc ko tuh..

    1. Download Malwarebytes' Anti-Malware oleh Marcin Kleczynski <<<mirror>>>

    Install >> Update >> Perform Full Scan >> buang semua infection >> restart komputer..


    2. Download RSIT oleh random/random dan save ke Desktop

    - Double-click RSIT >> pastikan List files/folders created or modified in the last ditukar kepada 3 months >> tekan Continue
    - Sekiranya RSIT mahu install HijackThis >> tekan I Accept
    - Nanti akan ada dua log keluar (log.txt dan info.txt). Postkan kedua-dua log tersebut pada topik anda.

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Wed Apr 08, 2009 9:51 am

    aku dah download dan tengah wat full scann,

    simtomp pg ni lepas power onn
    >>log on
    >>wall paper with window popup>> to help protect your computer, window has
    close this program name: Run a DLL as an APP publisher:micr corp

    kuarkan icon melalui task dah bl semue dah jalan bitdefender kuar block popup
    >>> virus name: BehavesLike: win32.ExplorerHijack location: goasi.cn/ex/a.php
    bitdefender cume blok, aku rasa dier tak deleet, sbb malam td dapat ni jugak
    nak deleet manual location tak jumpe

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: w.exe n vv.exe

    Post by baok on Wed Apr 08, 2009 10:00 am

    takpe.. scan dulu, then post kat sini log Malwarebyes' dan RSIT log.txt dan info.txt... Nanti kita tgk ape yg 2 program ni jumpe Smile

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Wed Apr 08, 2009 10:44 am

    dah scann
    Malwarebytes' Anti-Malware 1.36
    Database version: 1949
    Windows 5.1.2600 Service Pack 2

    08/04/2009 9:07:41
    mbam-log-2009-04-08 (09-07-41).txt

    Scan type: Full Scan (C:\|D:\|E:\|F:\|)
    Objects scanned: 89395
    Time elapsed: 21 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpcxool64.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Wed Apr 08, 2009 10:45 am

    info RSIT

    info.txt logfile of random's system information tool 1.06 2009-04-08 09:36:26

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Active@ Hard Disk Monitor-->"C:\Program Files\InstallShield Installation Information\{CC5C266E-83E8-43B5-A387-E001E0AD1795}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
    Agere Systems HDA Modem-->agrsmdel
    Atheros for Acer Driver 5.3.0.45_Foxconn Installation Program-->C:\Program Files\InstallShield Installation Information\{F70D5D8C-C1AF-40B3-9E47-3BB5F19EEA3A}\Setup.exe -runfromtemp -l0x0009 -removeonly
    BitComet 1.10-->D:\Program Files\BitComet\uninst.exe
    BitDefender Total Security 2009-->MsiExec.exe /X{D48D8EB0-FFC6-423B-BC12-FC8090E27B52}
    CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
    Eusing Free Registry Cleaner-->D:\PROGRA~1\EUSING~1\UNWISE.EXE D:\PROGRA~1\EUSING~1\INSTALL.LOG
    ExplorerXP (remove only)-->D:\Program Files\ExplorerXP\Uninst.exe
    FlashGet 1.9.6.1073-->D:\Program Files\FlashGet\uninst.exe
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
    Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mobile Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}\setup.exe" -l0x9 -removeonly
    Mozilla Firefox (3.0.Cool-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    Revo Uninstaller 1.80-->D:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
    Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    The KMPlayer 2.9.4.1434-->D:\Program Files\The KMPlayer\uninst.exe
    Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    VMware Workstation-->MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Messenger-->D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

    =====HijackThis Backups=====

    O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f [2009-04-07]

    ======Hosts File======

    127.0.0.1 jL.chura.pl

    ======Security center information======

    AV: BitDefender Antivirus
    FW: BitDefender Firewall

    ======System event log======

    Computer Name: ACER
    Event Code: 11
    Message: The driver detected a controller error on \Device\Harddisk1\D.

    Record Number: 61
    Source Name: Disk
    Time Written: 20090406120841.000000+480
    Event Type: error
    User:

    Computer Name: ACER
    Event Code: 11
    Message: The driver detected a controller error on \Device\Harddisk1\D.

    Record Number: 60
    Source Name: Disk
    Time Written: 20090406120840.000000+480
    Event Type: error
    User:

    Computer Name: ACER
    Event Code: 11
    Message: The driver detected a controller error on \Device\Harddisk1\D.

    Record Number: 59
    Source Name: Disk
    Time Written: 20090406120838.000000+480
    Event Type: error
    User:

    Computer Name: ACER
    Event Code: 11
    Message: The driver detected a controller error on \Device\Harddisk1\D.

    Record Number: 58
    Source Name: Disk
    Time Written: 20090406120834.000000+480
    Event Type: error
    User:

    Computer Name: ACER
    Event Code: 11
    Message: The driver detected a controller error on \Device\Harddisk1\D.

    Record Number: 57
    Source Name: Disk
    Time Written: 20090406120832.000000+480
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: ACER
    Event Code: 5603
    Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

    Record Number: 18
    Source Name: WinMgmt
    Time Written: 20090406113502.000000+480
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: ACER
    Event Code: 5603
    Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

    Record Number: 17
    Source Name: WinMgmt
    Time Written: 20090406113502.000000+480
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: ACER
    Event Code: 63
    Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

    Record Number: 13
    Source Name: WinMgmt
    Time Written: 20090406113229.000000+480
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: ACER
    Event Code: 63
    Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

    Record Number: 12
    Source Name: WinMgmt
    Time Written: 20090406113229.000000+480
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: ACER
    Event Code: 63
    Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

    Record Number: 11
    Source Name: WinMgmt
    Time Written: 20090406113228.000000+480
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
    "PROCESSOR_REVISION"=6801
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Wed Apr 08, 2009 10:46 am

    log RSIT

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by ISMAEL at 2009-04-08 09:36:13
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 25 GB (81%) free of 31 GB
    Total RAM: 2302 MB (76% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:36:22, on 08/04/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\ISMAEL\Desktop\RSIT.exe
    D:\Program Files\Trend Micro\HijackThis\ISMAEL.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gpedit.msc/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [DiskMonitor] "C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe" hide
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware workstation\vsocklib.dll
    O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware workstation\vsocklib.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

    --
    End of file - 7047 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: w.exe n vv.exe

    Post by baok on Wed Apr 08, 2009 10:50 am

    RSIT log.txt tu terputus... mungkin tak cukup ruang kot..

    Anyway, Malwarebytes' jumpe backdoor, so kite scan dengan ComboFix lak tgk ape yg Malwarebytes miss...


    Sila pergi ke laman web di bawah dan fahamkan cara penggunaan ComboFix (oleh sUBs). Kemudian download ComboFix direct ke Desktop

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Pastikan anda disable semua antivirus/antispyware/firewall sebelum run ComboFix.. Sila rujuk DI SINI untuk maklumat lanjut..

    Jangan buat apa-apa pada komputer anda sehingga proses ini selesai..

    Kemudian postkan log ComboFix dan HijackThis yang baru di sini

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: w.exe n vv.exe

    Post by baok on Wed Apr 08, 2009 10:50 am

    anyway aku nk kuar pegi kerje.. jumpe lg petang ni Smile

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Wed Apr 08, 2009 11:48 am

    ComboFix 09-04-04.01 - ISMAEL 2009-04-08 10:31:02.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2302.1760 [GMT 8:00]
    Running from: c:\documents and settings\ISMAEL\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\ISMAEL\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
    FW: BitDefender Firewall *disabled*
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\Desktop_.ini

    c:\windows\system32\userinit.exe . . . is infected!!

    c:\windows\explorer.exe . . . is infected!!

    .
    ((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
    .

    2009-04-08 09:57 . 2009-04-08 09:57 <DIR> d-------- c:\program files\MSXML 4.0
    2009-04-08 09:13 . 2009-04-08 09:36 <DIR> d-------- C:\rsit
    2009-04-08 08:18 . 2009-04-08 08:18 <DIR> d-------- c:\documents and settings\ISMAEL\Application Data\Malwarebytes
    2009-04-08 08:18 . 2009-04-08 08:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-04-08 08:18 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-08 08:18 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-04-07 18:14 . 2009-04-07 19:34 1,636 --a------ c:\windows\system32\BDUpdateV1.xml
    2009-04-07 14:10 . 2009-04-07 14:10 107,658 --a------ c:\windows\system32\system32.rar
    2009-04-07 12:11 . 2009-04-08 10:01 <DIR> d-------- c:\windows\system32\CatRoot_bak
    2009-04-07 11:41 . 2009-04-07 11:41 850 --a------ c:\windows\system32\ProductTweaks.xml
    2009-04-07 11:41 . 2009-04-07 11:41 385 --a------ c:\windows\system32\user_gensett.xml
    2009-04-07 11:39 . 2009-04-07 11:39 <DIR> d-------- c:\windows\system32\logs
    2009-04-07 11:39 . 2009-04-07 11:39 <DIR> d-------- c:\documents and settings\ISMAEL\Application Data\BitDefender
    2009-04-07 11:38 . 2009-04-07 11:39 <DIR> d-------- c:\program files\BitDefender
    2009-04-07 11:38 . 2009-04-07 11:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
    2009-04-07 10:28 . 2008-08-14 17:57 2,185,984 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-04-07 10:28 . 2008-08-14 17:55 2,142,720 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-04-07 10:28 . 2008-08-14 17:18 2,062,976 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-04-07 10:28 . 2008-08-14 17:18 2,020,864 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-04-06 16:41 . 2009-04-08 10:35 <DIR> d-------- c:\documents and settings\LocalService\Application Data\VMware

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-08 02:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-04-08 02:34 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
    2009-04-08 02:33 81,984 ----a-w c:\windows\system32\bdod.bin
    2009-04-07 03:38 --------- d-----w c:\program files\Common Files\BitDefender
    2009-04-06 11:31 --------- d-----w c:\documents and settings\ISMAEL\Application Data\VMware
    2009-04-06 11:03 --------- d-----w c:\documents and settings\ISMAEL\Application Data\Skype
    2009-04-06 10:17 --------- d-----w c:\program files\Skype
    2009-04-06 10:17 --------- d-----w c:\program files\Common Files\Skype
    2009-04-06 10:17 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
    2009-04-06 08:57 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
    2009-04-06 08:56 --------- d-----w c:\program files\Yahoo!
    2009-04-06 08:45 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-04-06 08:45 --------- d-----w c:\program files\LSoft Technologies Inc
    2009-04-06 08:43 --------- d-----w c:\program files\Windows Defender
    2009-04-06 08:34 --------- d-----w c:\program files\VMware
    2009-04-06 06:37 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
    2009-04-06 04:36 --------- d-----w c:\program files\Huawei technologies
    2009-04-06 04:34 0 ---h--w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-04-06 04:34 0 ---h--w c:\windows\system32\drivers\Msft_Kernel_winbondhidcir_01005.Wdf
    2009-04-06 04:20 --------- d-----w c:\program files\Launch Manager
    2009-04-06 04:17 --------- d-----w c:\program files\Atheros
    2009-04-06 04:16 --------- d-----w c:\documents and settings\All Users\Application Data\Atheros
    2009-04-06 04:12 --------- d-----w c:\program files\Synaptics
    2009-04-06 04:12 --------- d-----w c:\program files\Common Files\InstallShield
    2009-04-06 04:10 --------- d-----w c:\program files\Realtek
    2009-04-06 04:09 335,872 ------w c:\windows\HideWin.exe
    2009-04-06 04:04 --------- d-----w c:\documents and settings\ISMAEL\Application Data\InstallShield
    2009-04-06 04:02 --------- d-----w c:\program files\Common Files\Adobe
    2009-04-06 03:36 --------- d-----w c:\program files\microsoft frontpage
    2009-02-12 08:52 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
    2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
    2009-03-05 10:08 49,664 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
    .

    ------- Sigcheck -------

    2004-08-04 18:00 1051136 ef8f9a3335a515a5440a093e32371042 c:\windows\explorer.exe
    2004-08-04 18:00 1051136 47704ef65bbd17cb0fbae1b1ef164ed4 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\explorer.exe
    2004-08-04 18:00 1051136 8ee41870378cdeed0cba804a8d95f388 c:\windows\system32\dllcache\explorer.exe

    2004-08-04 18:00 34304 84ccf1f472c899e13ba04c1ff37131cd c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\ctfmon.exe
    2004-08-04 18:00 34304 01a6e39b345748f52c3f339a3d41f1c0 c:\windows\system32\ctfmon.exe
    2004-08-04 18:00 34304 aec72dfff74b4f78ed4574008a4d991a c:\windows\system32\dllcache\ctfmon.exe

    2004-08-04 18:00 43520 2677330cc055274e2a8a72be98735b8d c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\userinit.exe
    2004-08-04 18:00 43520 c542499ab1d60d20f47073db91429130 c:\windows\system32\userinit.exe
    2004-08-04 18:00 43520 74eae0869bf1dc331a61737b84eebdcc c:\windows\system32\dllcache\userinit.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 34304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-25 8433664]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-25 81920]
    "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2007-07-20 73728]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-20 880640]
    "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-20 707344]
    "DiskMonitor"="c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe" [2008-12-08 3941880]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-07 798720]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-08 90112]
    "nwiz"="nwiz.exe" [2007-07-25 c:\windows\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-07-20 c:\windows\RTHDCPL.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="c:\windows\explorer.exe,"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --------- 2007-03-08 04:38 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    --a------ 2009-03-18 18:50 4363504 d:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-04-23 17:45 22058792 c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
    --a------ 2008-10-28 23:07 96816 d:\program files\VMware\VMware Workstation\vmware-tray.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
    "d:\\Program Files\\FlashGet\\flashget.exe"=
    "d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23173:TCP"= 23173:TCP:BitComet 23173 TCP
    "23173:UDP"= 23173:UDP:BitComet 23173 UDP
    "14432:TCP"= 14432:TCP:BitComet 14432 TCP
    "14432:UDP"= 14432:UDP:BitComet 14432 UDP

    R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
    R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-28 54960]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-02-12 104328]
    R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\drivers\hidshim.sys [2009-04-06 5632]
    R3 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\drivers\winbondhidcir.sys [2009-04-06 21504]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 192512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fca8b74-2264-11de-9698-001b24fbf0a2}]
    \Shell\AutoRun\command - G:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fca8b76-2264-11de-9698-001b24fbf0a2}]
    \Shell\AutoRun\command - G:\AutoRun.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-08 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = hxxp://gpedit.msc/
    IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: &Download All with FlashGet - d:\program files\FlashGet\jc_all.htm
    IE: &Download with FlashGet - d:\program files\FlashGet\jc_link.htm
    LSP: d:\program files\VMware\VMware Workstation\vsocklib.dll
    FF - ProfilePath - c:\documents and settings\ISMAEL\Application Data\Mozilla\Firefox\Profiles\gn0vew9r.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
    FF - component: c:\documents and settings\ISMAEL\Application Data\Mozilla\Firefox\Profiles\gn0vew9r.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-08 10:35:14
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwOpenFile

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    c:\program files\BitDefender\BitDefender 2009\vsserv.exe
    c:\windows\system32\agrsmsvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\vmnat.exe
    c:\windows\system32\vmnetdhcp.exe
    d:\program files\VMware\VMware Workstation\vmware-authd.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-04-08 10:37:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-04-08 02:37:16

    Pre-Run: 25.137.573.888 bytes free
    Post-Run: 25,155,723,264 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    199 --- E O F --- 2009-04-08 01:57:33

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Wed Apr 08, 2009 11:50 am

    silap, doble post
    sry..


    Last edited by mael4704 on Wed Apr 08, 2009 12:10 pm; edited 2 times in total

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Wed Apr 08, 2009 11:53 am

    bahagian 1
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by ISMAEL at 2009-04-08 10:40:57
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 24 GB (79%) free of 31 GB
    Total RAM: 2302 MB (82% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:41:01, on 08/04/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe
    C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\ISMAEL\Desktop\RSIT.exe
    D:\Program Files\Trend Micro\HijackThis\ISMAEL.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gpedit.msc/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe,
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [DiskMonitor] "C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe" hide
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware workstation\vsocklib.dll
    O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware workstation\vsocklib.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

    --
    End of file - 6886 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
    FGCatchUrl - D:\Program Files\FlashGet\jccatch.dll [2007-09-11 94308]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    BitComet Helper - D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll [2009-03-02 636216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
    FlashGet GetFlash Class - D:\Program Files\FlashGet\getflash.dll [2007-09-11 163840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
    {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-03-24 95536]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-07-25 8433664]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-07-25 81920]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-20 16153600]
    "AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2007-07-20 73728]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-07-20 880640]
    "LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2007-07-20 707344]
    "DiskMonitor"=C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe [2008-12-08 3941880]
    "BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-04-07 798720]
    "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-04-08 90112]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 34304]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    C:\Program Files\Skype\Phone\Skype.exe [2008-04-23 22058792]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
    D:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-10-28 96816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDrives"=

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Wed Apr 08, 2009 11:54 am

    bahagian 2

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\Program Files\VMware\VMware Workstation\vmware-authd.exe"="D:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd"
    "D:\Program Files\FlashGet\flashget.exe"="D:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
    "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fca8b74-2264-11de-9698-001b24fbf0a2}]
    shell\AutoRun\command - G:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fca8b76-2264-11de-9698-001b24fbf0a2}]
    shell\AutoRun\command - G:\AutoRun.exe


    ======List of files/folders created in the last 3 months======

    2009-04-08 10:37:23 ----A---- C:\ComboFix.txt
    2009-04-08 10:30:49 ----A---- C:\Boot.bak
    2009-04-08 10:30:44 ----RASHD---- C:\cmdcons
    2009-04-08 10:30:00 ----A---- C:\WINDOWS\zip.exe
    2009-04-08 10:30:00 ----A---- C:\WINDOWS\VFIND.exe
    2009-04-08 10:30:00 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-04-08 10:30:00 ----A---- C:\WINDOWS\SWSC.exe
    2009-04-08 10:30:00 ----A---- C:\WINDOWS\SWREG.exe
    2009-04-08 10:30:00 ----A---- C:\WINDOWS\sed.exe
    2009-04-08 10:30:00 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-04-08 10:30:00 ----A---- C:\WINDOWS\grep.exe
    2009-04-08 10:30:00 ----A---- C:\WINDOWS\fdsv.exe
    2009-04-08 10:29:52 ----D---- C:\WINDOWS\ERDNT
    2009-04-08 10:29:47 ----D---- C:\Qoobox
    2009-04-08 09:57:20 ----D---- C:\Program Files\MSXML 4.0
    2009-04-08 09:15:22 ----D---- C:\WINDOWS\ie7updates
    2009-04-08 09:13:13 ----D---- C:\rsit
    2009-04-08 08:18:11 ----D---- C:\Documents and Settings\ISMAEL\Application Data\Malwarebytes
    2009-04-08 08:18:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-04-07 18:48:08 ----D---- C:\WINDOWS\WBEM
    2009-04-07 18:48:06 ----D---- C:\WINDOWS\system32\en-US
    2009-04-07 18:46:24 ----HDC---- C:\WINDOWS\ie7
    2009-04-07 18:46:08 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
    2009-04-07 18:45:46 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
    2009-04-07 18:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
    2009-04-07 18:45:13 ----N---- C:\WINDOWS\system32\xmllite.dll
    2009-04-07 18:43:07 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
    2009-04-07 18:39:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2009-04-07 17:09:29 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-04-07 12:11:00 ----D---- C:\WINDOWS\system32\CatRoot_bak
    2009-04-07 11:39:16 ----D---- C:\WINDOWS\system32\logs
    2009-04-07 11:39:13 ----D---- C:\Documents and Settings\ISMAEL\Application Data\BitDefender
    2009-04-07 11:38:49 ----D---- C:\Program Files\BitDefender
    2009-04-07 11:38:49 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
    2009-04-07 11:35:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
    2009-04-07 11:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2009-04-06 23:21:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2009-04-06 23:21:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2009-04-06 23:21:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2009-04-06 23:21:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2009-04-06 23:20:54 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
    2009-04-06 23:20:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2009-04-06 23:20:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2009-04-06 23:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2009-04-06 23:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-04-06 23:20:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
    2009-04-06 23:20:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
    2009-04-06 23:19:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2009-04-06 23:19:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2009-04-06 23:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
    2009-04-06 23:19:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-04-06 23:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2009-04-06 23:19:15 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-04-06 23:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
    2009-04-06 23:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2009-04-06 23:18:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-04-06 23:18:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2009-04-06 23:18:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2009-04-06 23:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2009-04-06 23:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
    2009-04-06 19:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2009-04-06 19:32:00 ----A---- C:\WINDOWS\imsins.BAK
    2009-04-06 19:31:56 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
    2009-04-06 19:27:03 ----N---- C:\WINDOWS\system32\h323log.txt
    2009-04-06 19:25:12 ----RA---- C:\WINDOWS\system32\kbdintel.dll
    2009-04-06 19:25:12 ----RA---- C:\WINDOWS\system32\kbdintam.dll
    2009-04-06 19:25:12 ----RA---- C:\WINDOWS\system32\kbdinpun.dll
    2009-04-06 19:25:12 ----RA---- C:\WINDOWS\system32\kbdinmar.dll
    2009-04-06 19:25:12 ----RA---- C:\WINDOWS\system32\kbdinkan.dll
    2009-04-06 19:25:12 ----RA---- C:\WINDOWS\system32\kbdinhin.dll
    2009-04-06 19:25:12 ----RA---- C:\WINDOWS\system32\kbdinguj.dll
    2009-04-06 19:25:12 ----RA---- C:\WINDOWS\system32\kbdindev.dll
    2009-04-06 19:25:12 ----RA---- C:\WINDOWS\system32\kbdgeo.dll
    2009-04-06 19:25:12 ----RA---- C:\WINDOWS\system32\kbdarmw.dll
    2009-04-06 19:25:12 ----RA---- C:\WINDOWS\system32\kbdarme.dll
    2009-04-06 19:25:12 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
    2009-04-06 19:25:12 ----A---- C:\WINDOWS\system32\c_iscii.dll
    2009-04-06 19:25:11 ----RA---- C:\WINDOWS\system32\kbdvntc.dll
    2009-04-06 19:25:09 ----RA---- C:\WINDOWS\system32\kbdurdu.dll
    2009-04-06 19:25:09 ----RA---- C:\WINDOWS\system32\kbdsyr2.dll
    2009-04-06 19:25:09 ----RA---- C:\WINDOWS\system32\kbdsyr1.dll
    2009-04-06 19:25:09 ----RA---- C:\WINDOWS\system32\kbdfa.dll
    2009-04-06 19:25:09 ----RA---- C:\WINDOWS\system32\kbddiv2.dll
    2009-04-06 19:25:09 ----RA---- C:\WINDOWS\system32\kbddiv1.dll
    2009-04-06 19:25:09 ----RA---- C:\WINDOWS\system32\kbda3.dll
    2009-04-06 19:25:09 ----RA---- C:\WINDOWS\system32\kbda2.dll
    2009-04-06 19:25:09 ----RA---- C:\WINDOWS\system32\kbda1.dll
    2009-04-06 19:25:09 ----A---- C:\WINDOWS\system32\kbdusa.dll
    2009-04-06 19:25:07 ----RA---- C:\WINDOWS\system32\kbdheb.dll
    2009-04-06 19:25:03 ----RA---- C:\WINDOWS\system32\kbdth3.dll
    2009-04-06 19:25:03 ----RA---- C:\WINDOWS\system32\kbdth2.dll
    2009-04-06 19:25:03 ----RA---- C:\WINDOWS\system32\kbdth1.dll
    2009-04-06 19:25:03 ----RA---- C:\WINDOWS\system32\kbdth0.dll
    2009-04-06 19:25:03 ----A---- C:\WINDOWS\system32\ftlx041e.dll
    2009-04-06 19:23:14 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
    2009-04-06 19:23:14 ----A---- C:\WINDOWS\system32\ksuser.dll
    2009-04-06 19:22:05 ----A---- C:\WINDOWS\system32\usbui.dll
    2009-04-06 19:20:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-04-06 19:20:46 ----SHD---- C:\WINDOWS\Installer
    2009-04-06 19:20:46 ----N---- C:\WINDOWS\ODBCINST.INI
    2009-04-06 19:20:46 ----D---- C:\Program Files\Common Files\ODBC
    2009-04-06 19:20:42 ----RD---- C:\Program Files
    2009-04-06 19:20:42 ----D---- C:\Program Files\Common Files\SpeechEngines
    2009-04-06 19:20:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2009-04-06 19:20:42 ----D---- C:\Program Files\Common Files
    2009-04-06 19:20:40 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
    2009-04-06 19:20:40 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
    2009-04-06 19:20:40 ----RA---- C:\WINDOWS\system32\kbdazel.dll
    2009-04-06 19:20:38 ----RA---- C:\WINDOWS\system32\kbdycc.dll
    2009-04-06 19:20:38 ----RA---- C:\WINDOWS\system32\kbduzb.dll
    2009-04-06 19:20:38 ----RA---- C:\WINDOWS\system32\kbdur.dll
    2009-04-06 19:20:38 ----RA---- C:\WINDOWS\system32\kbdtat.dll
    2009-04-06 19:20:38 ----RA---- C:\WINDOWS\system32\kbdru1.dll
    2009-04-06 19:20:38 ----RA---- C:\WINDOWS\system32\kbdru.dll
    2009-04-06 19:20:38 ----RA---- C:\WINDOWS\system32\kbdmon.dll
    2009-04-06 19:20:38 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
    2009-04-06 19:20:38 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
    2009-04-06 19:20:38 ----RA---- C:\WINDOWS\system32\kbdbu.dll
    2009-04-06 19:20:38 ----RA---- C:\WINDOWS\system32\kbdblr.dll
    2009-04-06 19:20:38 ----RA---- C:\WINDOWS\system32\kbdaze.dll
    2009-04-06 19:20:36 ----RA---- C:\WINDOWS\system32\kbdhept.dll
    2009-04-06 19:20:36 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
    2009-04-06 19:20:36 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
    2009-04-06 19:20:36 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
    2009-04-06 19:20:36 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
    2009-04-06 19:20:36 ----RA---- C:\WINDOWS\system32\kbdhe.dll
    2009-04-06 19:20:36 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
    2009-04-06 19:20:34 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
    2009-04-06 19:20:34 ----RA---- C:\WINDOWS\system32\kbdlv.dll
    2009-04-06 19:20:34 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
    2009-04-06 19:20:34 ----RA---- C:\WINDOWS\system32\kbdlt.dll
    2009-04-06 19:20:34 ----RA---- C:\WINDOWS\system32\kbdest.dll
    2009-04-06 19:20:32 ----RA---- C:\WINDOWS\system32\kbdycl.dll
    2009-04-06 19:20:32 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
    2009-04-06 19:20:32 ----RA---- C:\WINDOWS\system32\kbdsl.dll
    2009-04-06 19:20:32 ----RA---- C:\WINDOWS\system32\kbdro.dll
    2009-04-06 19:20:32 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
    2009-04-06 19:20:32 ----RA---- C:\WINDOWS\system32\kbdpl.dll
    2009-04-06 19:20:32 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
    2009-04-06 19:20:32 ----RA---- C:\WINDOWS\system32\kbdhu.dll
    2009-04-06 19:20:32 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
    2009-04-06 19:20:32 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
    2009-04-06 19:20:32 ----RA---- C:\WINDOWS\system32\kbdcz.dll
    2009-04-06 19:20:32 ----RA---- C:\WINDOWS\system32\kbdcr.dll
    2009-04-06 19:20:32 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
    2009-04-06 19:20:30 ----A---- C:\WINDOWS\system32\irclass.dll
    2009-04-06 19:20:30 ----A---- C:\WINDOWS\system32\dgsetup.dll
    2009-04-06 19:20:30 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
    2009-04-06 19:20:29 ----A---- C:\WINDOWS\system32\spxcoins.dll
    2009-04-06 19:20:29 ----A---- C:\WINDOWS\system32\EqnClass.Dll
    2009-04-06 19:20:27 ----N---- C:\WINDOWS\system32\CONFIG.TMP
    2009-04-06 19:20:27 ----A---- C:\WINDOWS\TASKMAN.EXE
    2009-04-06 19:20:27 ----A---- C:\WINDOWS\system32\batt.dll
    2009-04-06 19:20:26 ----A---- C:\WINDOWS\NOTEPAD.EXE
    2009-04-06 19:20:24 ----A---- C:\WINDOWS\system32\storprop.dll
    2009-04-06 19:20:15 ----SH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
    2009-04-06 19:20:15 ----R---- C:\WINDOWS\SET2A.tmp
    2009-04-06 19:20:15 ----R---- C:\WINDOWS\SET29.tmp
    2009-04-06 19:20:12 ----R---- C:\WINDOWS\SET8.tmp
    2009-04-06 19:20:10 ----R---- C:\WINDOWS\SET4.tmp
    2009-04-06 19:20:08 ----R---- C:\WINDOWS\SET3.tmp
    2009-04-06 19:20:02 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-04-06 19:20:02 ----D---- C:\WINDOWS\system32\CatRoot
    2009-04-06 19:19:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-04-06 19:19:34 ----SHD---- C:\System Volume Information
    2009-04-06 19:19:34 ----D---- C:\Documents and Settings
    2009-04-06 19:19:02 ----RASH---- C:\boot.ini
    2009-04-06 19:17:34 ----D---- C:\Documents and Settings\ISMAEL\Application Data\VMware
    2009-04-06 19:13:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-04-06 19:13:27 ----RSD---- C:\WINDOWS\Fonts
    2009-04-06 19:13:27 ----RD---- C:\WINDOWS\Web
    2009-04-06 19:13:27 ----HD---- C:\WINDOWS\inf
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\WinSxS
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\twain_32
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\Temp

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Wed Apr 08, 2009 11:55 am

    bahagian 3

    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\wins
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\wbem
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\usmt
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\spool
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\ShellExt
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\Setup
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\ras
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\oobe
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\npp
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\mui
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\inetsrv
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\IME
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\icsxml
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\ias
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\export
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\drivers
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\dhcp
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\config
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\3com_dmi
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\3076
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\2052
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\1054
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\1042
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\1041
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\1037
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\1033
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\1031
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\1028
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32\1025
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system32
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\system
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\security
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\Resources
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\repair
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\Provisioning
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\PeerNet
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\pchealth
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\mui
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\msapps
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\msagent
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\Media
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\java
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\ime
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\Help
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\ehome
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\Driver Cache
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\dell
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\Debug
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\Cursors
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\Connection Wizard
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\Config
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\AppPatch
    2009-04-06 19:13:27 ----D---- C:\WINDOWS\addins
    2009-04-06 19:13:27 ----D---- C:\WINDOWS
    2009-04-06 19:05:56 ----D---- C:\WINDOWS\Minidump
    2009-04-06 19:03:03 ----D---- C:\Documents and Settings\ISMAEL\Application Data\Skype
    2009-04-06 18:17:15 ----D---- C:\Program Files\Skype
    2009-04-06 18:17:14 ----D---- C:\Program Files\Common Files\Skype
    2009-04-06 18:17:06 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2009-04-06 17:21:41 ----D---- C:\Downloads
    2009-04-06 16:57:53 ----D---- C:\Documents and Settings\ISMAEL\Application Data\Macromedia
    2009-04-06 16:56:49 ----D---- C:\Documents and Settings\ISMAEL\Application Data\Adobe
    2009-04-06 16:56:21 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
    2009-04-06 16:50:47 ----D---- C:\Program Files\Yahoo!
    2009-04-06 16:45:22 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-04-06 16:45:15 ----D---- C:\Program Files\LSoft Technologies Inc
    2009-04-06 16:43:33 ----D---- C:\Program Files\Windows Defender
    2009-04-06 16:42:42 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2009-04-06 16:40:35 ----RA---- C:\WINDOWS\system32\vnetinst.dll
    2009-04-06 16:40:22 ----A---- C:\WINDOWS\system32\vmnetdhcp.exe
    2009-04-06 16:40:17 ----A---- C:\WINDOWS\system32\vmnat.exe
    2009-04-06 16:40:01 ----RA---- C:\WINDOWS\system32\vmnetbridge.dll
    2009-04-06 16:39:52 ----A---- C:\WINDOWS\system32\vnetlib.dll
    2009-04-06 16:34:45 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
    2009-04-06 16:34:18 ----D---- C:\Program Files\VMware
    2009-04-06 16:22:14 ----D---- C:\Documents and Settings\ISMAEL\Application Data\WinRAR
    2009-04-06 16:22:07 ----D---- C:\Program Files\WinRAR
    2009-04-06 14:41:56 ----D---- C:\WINDOWS\pss
    2009-04-06 14:37:24 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2009-04-06 13:28:14 ----HD---- C:\WINDOWS\system32\GroupPolicy
    2009-04-06 13:18:50 ----D---- C:\WINDOWS\system32\PreInstall
    2009-04-06 13:18:48 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
    2009-04-06 13:06:18 ----D---- C:\Documents and Settings\ISMAEL\Application Data\Mozilla
    2009-04-06 13:01:32 ----A---- C:\WINDOWS\bdagent.INI
    2009-04-06 12:58:18 ----D---- C:\Program Files\Common Files\BitDefender
    2009-04-06 12:57:45 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803$
    2009-04-06 12:45:03 ----D---- C:\WINDOWS\system32\NtmsData
    2009-04-06 12:39:49 ----D---- C:\WINDOWS\system32\SoftwareDistribution
    2009-04-06 12:39:41 ----N---- C:\WINDOWS\system32\wpa.bak
    2009-04-06 12:39:05 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
    2009-04-06 12:36:46 ----D---- C:\Program Files\Huawei technologies
    2009-04-06 12:34:07 ----A---- C:\WINDOWS\system32\hidserv.dll
    2009-04-06 12:34:01 ----N---- C:\WINDOWS\system32\spmsg.dll
    2009-04-06 12:33:58 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
    2009-04-06 12:33:41 ----R---- C:\WINDOWS\system32\wdfcoinstaller01005.dll
    2009-04-06 12:30:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-04-06 12:30:02 ----D---- C:\WINDOWS\system32\Lang
    2009-04-06 12:20:31 ----D---- C:\Program Files\Launch Manager
    2009-04-06 12:18:16 ----N---- C:\WINDOWS\system32\rixdicon.dll
    2009-04-06 12:18:15 ----N---- C:\WINDOWS\system32\snymsico.dll
    2009-04-06 12:17:28 ----D---- C:\Program Files\Atheros
    2009-04-06 12:16:46 ----D---- C:\Documents and Settings\All Users\Application Data\Atheros
    2009-04-06 12:15:00 ----N---- C:\WINDOWS\system32\agrsmdel.exe
    2009-04-06 12:14:24 ----D---- C:\WINDOWS\Options
    2009-04-06 12:12:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2009-04-06 12:12:28 ----N---- C:\WINDOWS\system32\SynTPCo4.dll
    2009-04-06 12:12:28 ----N---- C:\WINDOWS\system32\SynTPAPI.dll
    2009-04-06 12:12:27 ----N---- C:\WINDOWS\system32\SynCtrl.dll
    2009-04-06 12:12:27 ----N---- C:\WINDOWS\system32\SynCOM.dll
    2009-04-06 12:12:23 ----D---- C:\Program Files\Synaptics
    2009-04-06 12:11:55 ----R---- C:\WINDOWS\agrsmdel.exe
    2009-04-06 12:11:55 ----N---- C:\WINDOWS\system32\agrscoin.dll
    2009-04-06 12:11:55 ----A---- C:\WINDOWS\system32\agrsmsvc.exe
    2009-04-06 12:11:49 ----R---- C:\WINDOWS\system32\ChCfg.exe
    2009-04-06 12:11:27 ----R---- C:\WINDOWS\system32\SRSWOW.dll
    2009-04-06 12:11:27 ----R---- C:\WINDOWS\system32\SRSTSHD.dll
    2009-04-06 12:11:27 ----R---- C:\WINDOWS\system32\SRSHP360.dll
    2009-04-06 12:11:27 ----R---- C:\WINDOWS\system32\RtkCoInst.dll
    2009-04-06 12:11:27 ----R---- C:\WINDOWS\system32\RtkApoApi.dll
    2009-04-06 12:11:26 ----R---- C:\WINDOWS\system32\SRSTSXT.dll
    2009-04-06 12:11:26 ----R---- C:\WINDOWS\system32\RtkPgExt.dll
    2009-04-06 12:11:26 ----R---- C:\WINDOWS\system32\RtkAPO.dll
    2009-04-06 12:11:22 ----R---- C:\WINDOWS\RtHDVCpl.exe
    2009-04-06 12:11:21 ----D---- C:\WINDOWS\system32\RTCOM
    2009-04-06 12:10:25 ----N---- C:\WINDOWS\system32\spupdsvc.exe
    2009-04-06 12:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
    2009-04-06 12:10:20 ----R---- C:\WINDOWS\SoundMan.exe
    2009-04-06 12:10:20 ----R---- C:\WINDOWS\SkyTel.exe
    2009-04-06 12:10:19 ----R---- C:\WINDOWS\RtlUpd.exe
    2009-04-06 12:10:17 ----R---- C:\WINDOWS\RTLCPL.exe
    2009-04-06 12:10:12 ----RA---- C:\WINDOWS\RTHDCPL.exe
    2009-04-06 12:10:11 ----R---- C:\WINDOWS\MicCal.exe
    2009-04-06 12:10:09 ----R---- C:\WINDOWS\alcwzrd.exe
    2009-04-06 12:10:09 ----R---- C:\WINDOWS\Alcmtr.exe
    2009-04-06 12:10:08 ----D---- C:\Program Files\Realtek
    2009-04-06 12:10:05 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-04-06 12:09:56 ----N---- C:\WINDOWS\HideWin.exe
    2009-04-06 12:09:55 ----R---- C:\WINDOWS\RtlExUpd.dll
    2009-04-06 12:07:20 ----D---- C:\WINDOWS\nview
    2009-04-06 12:07:19 ----N---- C:\WINDOWS\system32\nvudisp.exe
    2009-04-06 12:06:19 ----D---- C:\Program Files\Common Files\InstallShield
    2009-04-06 12:04:55 ----R---- C:\WINDOWS\system32\fdco1ins.dll
    2009-04-06 12:04:55 ----R---- C:\WINDOWS\system32\fdco1.dll
    2009-04-06 12:04:50 ----N---- C:\WINDOWS\system32\nvunrm.exe
    2009-04-06 12:04:49 ----R---- C:\WINDOWS\system32\nvconrm.dll
    2009-04-06 12:04:49 ----R---- C:\WINDOWS\system32\bdco1ins.dll
    2009-04-06 12:04:49 ----R---- C:\WINDOWS\system32\bdco1.dll
    2009-04-06 12:04:47 ----R---- C:\WINDOWS\system32\nvusmu.exe
    2009-04-06 12:04:44 ----R---- C:\WINDOWS\system32\nvusmb.exe
    2009-04-06 12:04:18 ----N---- C:\WINDOWS\system32\NVUNINST.EXE
    2009-04-06 12:04:15 ----D---- C:\Documents and Settings\ISMAEL\Application Data\InstallShield
    2009-04-06 12:02:49 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-04-06 12:02:41 ----D---- C:\Program Files\Common Files\Adobe
    2009-04-06 12:02:41 ----D---- C:\Program Files\Adobe
    2009-04-06 12:00:34 ----D---- C:\Program Files\Mozilla Firefox
    2009-04-06 11:39:29 ----D---- C:\Documents and Settings\ISMAEL\Application Data\Identities
    2009-04-06 11:39:27 ----HD---- C:\Program Files\Uninstall Information
    2009-04-06 11:39:21 ----SH---- C:\Documents and Settings\ISMAEL\Application Data\desktop.ini
    2009-04-06 11:39:21 ----SD---- C:\Documents and Settings\ISMAEL\Application Data\Microsoft
    2009-04-06 11:38:42 ----D---- C:\WINDOWS\SoftwareDistribution
    2009-04-06 11:38:39 ----D---- C:\WINDOWS\Prefetch
    2009-04-06 11:38:38 ----SD---- C:\WINDOWS\system32\Microsoft
    2009-04-06 11:38:38 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-04-06 11:36:00 ----D---- C:\WINDOWS\system32\xircom
    2009-04-06 11:36:00 ----D---- C:\Program Files\xerox
    2009-04-06 11:36:00 ----D---- C:\Program Files\microsoft frontpage
    2009-04-06 11:35:50 ----D---- C:\DELL
    2009-04-06 11:35:41 ----HD---- C:\WINDOWS\$hf_mig$
    2009-04-06 11:35:39 ----A---- C:\WINDOWS\system32\xpsp3res.dll
    2009-04-06 11:35:26 ----N---- C:\WINDOWS\control.ini
    2009-04-06 11:35:26 ----N---- C:\AUTOEXEC.BAT
    2009-04-06 11:34:19 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-04-06 11:34:19 ----RH---- C:\WINDOWS\system32\logonui.exe.manifest
    2009-04-06 11:34:19 ----RD---- C:\WINDOWS\Offline Web Pages
    2009-04-06 11:34:14 ----RH---- C:\WINDOWS\system32\cdplayer.exe.manifest
    2009-04-06 11:34:09 ----HD---- C:\Program Files\WindowsUpdate
    2009-04-06 11:33:50 ----D---- C:\WINDOWS\system32\DirectX
    2009-04-06 11:33:31 ----A---- C:\WINDOWS\system32\atrace.dll
    2009-04-06 11:33:28 ----N---- C:\WINDOWS\system32\desktop.ini
    2009-04-06 11:33:28 ----N---- C:\WINDOWS\desktop.ini
    2009-04-06 11:33:21 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
    2009-04-06 11:33:20 ----A---- C:\WINDOWS\system32\acctres.dll
    2009-04-06 11:33:19 ----D---- C:\Program Files\Common Files\Services
    2009-04-06 11:33:17 ----SD---- C:\WINDOWS\Tasks
    2009-04-06 11:33:17 ----A---- C:\WINDOWS\system32\icfgnt5.dll
    2009-04-06 11:33:16 ----D---- C:\Program Files\Common Files\MSSoap
    2009-04-06 11:33:12 ----D---- C:\WINDOWS\srchasst
    2009-04-06 11:33:11 ----D---- C:\WINDOWS\system32\Macromed
    2009-04-06 11:33:08 ----A---- C:\WINDOWS\system32\wuweb.dll
    2009-04-06 11:33:08 ----A---- C:\WINDOWS\system32\wups.dll
    2009-04-06 11:33:08 ----A---- C:\WINDOWS\system32\wucltui.dll
    2009-04-06 11:33:08 ----A---- C:\WINDOWS\system32\wuauserv.dll
    2009-04-06 11:33:08 ----A---- C:\WINDOWS\system32\wuaueng1.dll
    2009-04-06 11:33:08 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2009-04-06 11:33:08 ----A---- C:\WINDOWS\system32\wuauclt1.exe
    2009-04-06 11:33:08 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2009-04-06 11:33:07 ----A---- C:\WINDOWS\system32\wuapi.dll
    2009-04-06 11:33:07 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
    2009-04-06 11:33:07 ----A---- C:\WINDOWS\system32\qmgr.dll
    2009-04-06 11:33:07 ----A---- C:\WINDOWS\system32\bitsprx3.dll
    2009-04-06 11:33:07 ----A---- C:\WINDOWS\system32\bitsprx2.dll
    2009-04-06 11:33:03 ----D---- C:\Program Files\Movie Maker
    2009-04-06 11:32:59 ----A---- C:\WINDOWS\system32\safrslv.dll
    2009-04-06 11:32:59 ----A---- C:\WINDOWS\system32\safrdm.dll
    2009-04-06 11:32:59 ----A---- C:\WINDOWS\system32\safrcdlg.dll
    2009-04-06 11:32:59 ----A---- C:\WINDOWS\system32\racpldlg.dll
    2009-04-06 11:32:56 ----A---- C:\WINDOWS\system32\fltMc.exe
    2009-04-06 11:32:56 ----A---- C:\WINDOWS\system32\fltlib.dll
    2009-04-06 11:32:55 ----D---- C:\WINDOWS\system32\Restore
    2009-04-06 11:32:55 ----A---- C:\WINDOWS\system32\srsvc.dll
    2009-04-06 11:32:55 ----A---- C:\WINDOWS\system32\srrstr.dll
    2009-04-06 11:32:55 ----A---- C:\WINDOWS\system32\srclient.dll
    2009-04-06 11:32:54 ----A---- C:\WINDOWS\system32\nmmkcert.dll
    2009-04-06 11:32:54 ----A---- C:\WINDOWS\system32\msconf.dll
    2009-04-06 11:32:54 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
    2009-04-06 11:32:54 ----A---- C:\WINDOWS\system32\mnmdd.dll
    2009-04-06 11:32:54 ----A---- C:\WINDOWS\system32\isrdbg32.dll
    2009-04-06 11:32:54 ----A---- C:\WINDOWS\system32\ils.dll
    2009-04-06 11:32:51 ----D---- C:\Program Files\NetMeeting
    2009-04-06 11:32:51 ----A---- C:\WINDOWS\system32\msoert2.dll
    2009-04-06 11:32:51 ----A---- C:\WINDOWS\system32\msoeacct.dll
    2009-04-06 11:32:50 ----A---- C:\WINDOWS\system32\inetres.dll
    2009-04-06 11:32:49 ----A---- C:\WINDOWS\system32\inetcomm.dll
    2009-04-06 11:32:48 ----D---- C:\Program Files\Outlook Express
    2009-04-06 11:32:48 ----A---- C:\WINDOWS\system32\schedsvc.dll
    2009-04-06 11:32:47 ----A---- C:\WINDOWS\system32\mstinit.exe
    2009-04-06 11:32:47 ----A---- C:\WINDOWS\system32\mstask.dll
    2009-04-06 11:32:47 ----A---- C:\WINDOWS\system32\isign32.dll
    2009-04-06 11:32:47 ----A---- C:\WINDOWS\system32\inetcfg.dll
    2009-04-06 11:32:47 ----A---- C:\WINDOWS\system32\icwphbk.dll
    2009-04-06 11:32:47 ----A---- C:\WINDOWS\system32\icwdial.dll
    2009-04-06 11:32:41 ----D---- C:\Program Files\Common Files\System
    2009-04-06 11:32:36 ----D---- C:\Program Files\Internet Explorer
    2009-04-06 11:32:04 ----D---- C:\Program Files\ComPlus Applications
    2009-04-06 11:32:02 ----N---- C:\WINDOWS\vbaddin.ini
    2009-04-06 11:32:02 ----N---- C:\WINDOWS\vb.ini
    2009-04-06 11:31:57 ----D---- C:\WINDOWS\Registration
    2009-04-06 11:31:49 ----D---- C:\Program Files\Windows Media Player
    2009-04-06 11:31:49 ----D---- C:\Program Files\Online Services

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Wed Apr 08, 2009 11:56 am

    bahagian 4
    2009-04-06 11:31:42 ----D---- C:\Program Files\Messenger
    2009-04-06 11:31:38 ----D---- C:\Program Files\MSN Gaming Zone
    2009-04-06 11:31:38 ----A---- C:\WINDOWS\system32\write.exe
    2009-04-06 11:31:30 ----N---- C:\WINDOWS\system32\hticons.dll
    2009-04-06 11:31:30 ----A---- C:\WINDOWS\system32\sndvol32.exe
    2009-04-06 11:31:30 ----A---- C:\WINDOWS\system32\avwav.dll
    2009-04-06 11:31:30 ----A---- C:\WINDOWS\system32\avmeter.dll
    2009-04-06 11:31:29 ----A---- C:\WINDOWS\system32\winchat.exe
    2009-04-06 11:31:29 ----A---- C:\WINDOWS\system32\avtapi.dll
    2009-04-06 11:31:23 ----A---- C:\WINDOWS\system32\getuname.dll
    2009-04-06 11:31:22 ----A---- C:\WINDOWS\system32\winmine.exe
    2009-04-06 11:31:22 ----A---- C:\WINDOWS\system32\sol.exe
    2009-04-06 11:31:22 ----A---- C:\WINDOWS\system32\charmap.exe
    2009-04-06 11:31:22 ----A---- C:\WINDOWS\system32\calc.exe
    2009-04-06 11:31:21 ----N---- C:\WINDOWS\system32\usrlogon.cmd
    2009-04-06 11:31:21 ----N---- C:\WINDOWS\system32\tslabels.ini
    2009-04-06 11:31:21 ----A---- C:\WINDOWS\system32\tsshutdn.exe
    2009-04-06 11:31:21 ----A---- C:\WINDOWS\system32\tskill.exe
    2009-04-06 11:31:21 ----A---- C:\WINDOWS\system32\reset.exe
    2009-04-06 11:31:21 ----A---- C:\WINDOWS\system32\mshearts.exe
    2009-04-06 11:31:21 ----A---- C:\WINDOWS\system32\freecell.exe
    2009-04-06 11:31:20 ----A---- C:\WINDOWS\system32\tsdiscon.exe
    2009-04-06 11:31:20 ----A---- C:\WINDOWS\system32\tscon.exe
    2009-04-06 11:31:20 ----A---- C:\WINDOWS\system32\shadow.exe
    2009-04-06 11:31:20 ----A---- C:\WINDOWS\system32\rwinsta.exe
    2009-04-06 11:31:20 ----A---- C:\WINDOWS\system32\regini.exe
    2009-04-06 11:31:20 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
    2009-04-06 11:31:20 ----A---- C:\WINDOWS\system32\qwinsta.exe
    2009-04-06 11:31:20 ----A---- C:\WINDOWS\system32\qappsrv.exe
    2009-04-06 11:31:20 ----A---- C:\WINDOWS\system32\msg.exe
    2009-04-06 11:31:20 ----A---- C:\WINDOWS\system32\logoff.exe
    2009-04-06 11:31:20 ----A---- C:\WINDOWS\system32\cdmodem.dll
    2009-04-06 11:31:19 ----N---- C:\WINDOWS\system32\msdtcprf.ini
    2009-04-06 11:31:19 ----A---- C:\WINDOWS\system32\mtxlegih.dll
    2009-04-06 11:31:19 ----A---- C:\WINDOWS\system32\mtxex.dll
    2009-04-06 11:31:19 ----A---- C:\WINDOWS\system32\mtxdm.dll
    2009-04-06 11:31:19 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
    2009-04-06 11:31:18 ----A---- C:\WINDOWS\system32\stclient.dll
    2009-04-06 11:31:18 ----A---- C:\WINDOWS\system32\comsnap.dll
    2009-04-06 11:31:18 ----A---- C:\WINDOWS\system32\comrepl.dll
    2009-04-06 11:31:18 ----A---- C:\WINDOWS\system32\comaddin.dll
    2009-04-06 11:31:13 ----N---- C:\WINDOWS\system32\wmimgmt.msc
    2009-04-06 11:31:03 ----D---- C:\Program Files\MSN
    2009-04-06 11:31:02 ----A---- C:\WINDOWS\system32\sndrec32.exe
    2009-04-06 11:31:02 ----A---- C:\WINDOWS\system32\accwiz.exe
    2009-04-06 11:31:01 ----N---- C:\WINDOWS\system32\hypertrm.dll
    2009-04-06 11:31:01 ----D---- C:\Program Files\Windows NT
    2009-04-06 11:31:01 ----A---- C:\WINDOWS\system32\mspaint.exe
    2009-04-06 11:31:01 ----A---- C:\WINDOWS\system32\mplay32.exe
    2009-04-06 11:31:00 ----A---- C:\WINDOWS\system32\spider.exe
    2009-04-06 11:31:00 ----A---- C:\WINDOWS\system32\clipbrd.exe
    2009-04-06 11:30:59 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
    2009-04-06 11:30:59 ----A---- C:\WINDOWS\system32\sessmgr.exe
    2009-04-06 11:30:59 ----A---- C:\WINDOWS\system32\remotepg.dll
    2009-04-06 11:30:59 ----A---- C:\WINDOWS\system32\rdshost.exe
    2009-04-06 11:30:59 ----A---- C:\WINDOWS\system32\rdsaddin.exe
    2009-04-06 11:30:59 ----A---- C:\WINDOWS\system32\rdchost.dll
    2009-04-06 11:30:59 ----A---- C:\WINDOWS\system32\mstscax.dll
    2009-04-06 11:30:59 ----A---- C:\WINDOWS\system32\mstsc.exe
    2009-04-06 11:30:58 ----A---- C:\WINDOWS\system32\tscupgrd.exe
    2009-04-06 11:30:58 ----A---- C:\WINDOWS\system32\termsrv.dll
    2009-04-06 11:30:58 ----A---- C:\WINDOWS\system32\rdpwsx.dll
    2009-04-06 11:30:58 ----A---- C:\WINDOWS\system32\rdpsnd.dll
    2009-04-06 11:30:58 ----A---- C:\WINDOWS\system32\rdpclip.exe
    2009-04-06 11:30:58 ----A---- C:\WINDOWS\system32\qprocess.exe
    2009-04-06 11:30:58 ----A---- C:\WINDOWS\system32\icaapi.dll
    2009-04-06 11:30:58 ----A---- C:\WINDOWS\system32\cfgbkend.dll
    2009-04-06 11:30:57 ----D---- C:\WINDOWS\system32\MsDtc
    2009-04-06 11:30:57 ----A---- C:\WINDOWS\system32\mtxoci.dll
    2009-04-06 11:30:57 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
    2009-04-06 11:30:57 ----A---- C:\WINDOWS\system32\msdtctm.dll
    2009-04-06 11:30:57 ----A---- C:\WINDOWS\system32\msdtcprx.dll
    2009-04-06 11:30:56 ----A---- C:\WINDOWS\system32\xolehlp.dll
    2009-04-06 11:30:56 ----A---- C:\WINDOWS\system32\msdtclog.dll
    2009-04-06 11:30:56 ----A---- C:\WINDOWS\system32\msdtc.exe
    2009-04-06 11:30:55 ----D---- C:\WINDOWS\system32\Com
    2009-04-06 11:30:55 ----A---- C:\WINDOWS\system32\colbact.dll
    2009-04-06 11:30:55 ----A---- C:\WINDOWS\system32\clbcatex.dll
    2009-04-06 11:30:55 ----A---- C:\WINDOWS\system32\catsrvut.dll
    2009-04-06 11:30:55 ----A---- C:\WINDOWS\system32\catsrvps.dll
    2009-04-06 11:30:55 ----A---- C:\WINDOWS\system32\catsrv.dll
    2009-04-06 11:30:54 ----A---- C:\WINDOWS\system32\comuid.dll
    2009-04-06 11:30:54 ----A---- C:\WINDOWS\system32\comsvcs.dll
    2009-04-06 11:30:54 ----A---- C:\WINDOWS\system32\clbcatq.dll
    2009-04-06 11:30:46 ----A---- C:\WINDOWS\system32\servdeps.dll
    2009-04-06 11:30:46 ----A---- C:\WINDOWS\system32\mmfutil.dll
    2009-04-06 11:30:46 ----A---- C:\WINDOWS\system32\licwmi.dll
    2009-04-06 11:30:46 ----A---- C:\WINDOWS\system32\cmprops.dll

    ======List of files/folders modified in the last 3 months======

    2009-04-08 10:35:19 ----A---- C:\WINDOWS\system.ini
    2009-04-06 12:25:13 ----N---- C:\WINDOWS\win.ini

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
    R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
    R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
    R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
    R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
    R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
    R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-10-28 31280]
    R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
    R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
    R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\D:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-07-20 1163616]
    R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328]
    R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-12-10 242184]
    R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
    R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2007-07-20 16896]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 hidshim;Service for HID-KMDF Shim layer; C:\WINDOWS\system32\DRIVERS\hidshim.sys [2007-07-20 5632]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-20 4424192]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-07-25 6365984]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-07-20 46720]
    R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-07-20 19968]
    R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-07-20 12032]
    R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-07-20 208064]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
    R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
    R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
    R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-10-28 16560]
    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    R3 winbondhidcir;Winbond HID CIR Receiver; C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys [2007-07-20 21504]
    R4 catchme;catchme; \??\C:\DOCUME~1\ISMAEL\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
    S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
    S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
    S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 vmusb;VMware USB Client Driver; C:\WINDOWS\System32\Drivers\vmusb.sys [2008-10-28 31280]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-07-20 28160]
    R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-03-24 415024]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-07-25 184388]
    R2 VMAuthdService;VMware Authorization Service; D:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-10-28 113200]
    R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-10-28 326192]
    R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-10-28 399920]
    R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-03-27 1646592]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 192512]
    S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
    S3 ufad-ws60;VMware Agent Service; D:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2008-10-02 191024]

    -----------------EOF-----------------

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Wed Apr 08, 2009 12:57 pm

    k, sume dah wat n bile dah siap aku restart tp wireless tak bleh start
    aku try start Wireless Zero Configuration tp tak boleh
    eror 1068: the dependency service or group faild to start.
    skarang connect kai bb, kalu lepas nih restart bb lak tak leh pakai,
    mau hilang arah kejap, jalan terakhir tuk aku dapatkan connection ke sini mungkin
    aku kene boot dr pendrive pulak-linux-
    huhuh aku nak bkk help n support dalam window pon tak bleh dah ni.

    p/s
    lepas kai cobbofix ms nak boot ade 2 option,nak boot dr mane normal(auto) ke dr recovery
    takat ni aku boot normal je.

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: w.exe n vv.exe

    Post by baok on Wed Apr 08, 2009 2:51 pm

    Ada sedikit problem..

    c:\windows\system32\userinit.exe . . . is infected!!

    c:\windows\explorer.exe . . . is infected!!

    Ok, besar kemungkinan, pc kamu ada polymorphic file infector, samada Sality atau Virut.. Buat masa ni JANGAN taruk sebarang external drives pada komputer tersebut... JANGAN taruk pendrive/external hard disk dan ape juge laa...

    Ok, buat step ni ikut turutan..


    Pergi kat c:\windows\system32\dllcache\explorer.exe dan copy/paste file tu ke dalam folder C:\Windows.. Biar die overwrite explorer.exe

    Kemudian pergi kat c:\windows\system32\dllcache\userinit.exe dan copy/paste ke dalam folder C:\WINDOWS\System32.. Biar die overwrite userinit.exe



    Kemudian reboot komputer dan buat seperti di bawah..

    Download Dr.Web CureIt dan save kat Desktop

    1. Double-click launch.exe dan biarkan ia jalankan express scan. Tekan Yes untuk semua infection yang dijumpai
    2. Pilih Complete Scan dan tekan butang panah hijau untuk mulakan scan.
    3. Apabila scan habis, tandakan kotak Select all >> tekan Cure dan pilih Ignore >> Biarkan proses pembersihan tamat.
    4. Pergi ke menu >> click File >> pilih Save report list >> Save ke Desktop sebagai DrWeb.csv >> buka DrWeb.csv sebagai Notepad >> Post kandungan DrWeb.csv di sini

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Wed Apr 08, 2009 3:41 pm

    kejap bro
    aku dalam linux ni
    nak kene restart
    takde tenet susah aku nak masuk sini
    rsnyer kalu virus payah sket kot nak run dalam linux
    jap aku masuk window dl

    mael4704
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 125
    Registration date : 16/02/2009

    Re: w.exe n vv.exe

    Post by mael4704 on Wed Apr 08, 2009 4:03 pm

    bro,
    userinit.exe dah paste tp win kluar popup mintak masuk cd min sp2
    explore.exe takbleh copy/paste-program still run
    kedue diatas sy buat melalui explore xp,

    kalu sy carik macam biase file dllcache langsung tak nampak walau dah show hiden file n folder

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: w.exe n vv.exe

    Post by baok on Wed Apr 08, 2009 4:07 pm

    First, ko ada CD Windows tak? kita maybe kene copy file userinit.exe dan explorer.exe dari cd Windows

    Sponsored content

    Re: w.exe n vv.exe

    Post by Sponsored content Today at 4:24 am


      Current date/time is Sun Dec 11, 2016 4:24 am