Forum Sementara Putera.com

Would you like to react to this message? Create an account in a few clicks or log in to continue.
Forum Sementara Putera.com

Bersama kita perkemaskan forum ini sementara forum asal dalam pemulihan.

Forum putera dah kembali. Masalah sudah berjaya diselesaikan. Sila lawati http://forum.putera.com/tanya


3 posters

    Fix Registry

    mitutoyo
    mitutoyo
    Ahli Baharu
    Ahli Baharu


    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Fix Registry Empty Fix Registry

    Post by mitutoyo Tue Apr 21, 2009 2:24 pm

    Assalamualaikum salam sejahtera,ada prom skit,hope semua dtp membantu k.

    nh log hijacthis(mmg nasty & aku xpandai fix)
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:17:59 PM, on 4/21/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel LM Server\WinNT\lservnt.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\USB Product Driver v2.27r011\shwicon.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\EdgeCAM\Cam\edgecls.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrator\Desktop\bitdefender_free_v10.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\setup.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Softwin\BitDefender10\bdwizreg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    F:\SPECIAL TOOLS\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 127.4.7.4 mcafee.com
    O1 - Hosts: 127.4.7.4 www.mcafee.com
    O1 - Hosts: 127.4.7.4 mcafeesecurity.com
    O1 - Hosts: 127.4.7.4 www.mcafeesecurity.com
    O1 - Hosts: 127.4.7.4 mcafeeb2b.com
    O1 - Hosts: 127.4.7.4 www.mcafeeb2b.com
    O1 - Hosts: 127.4.7.4 nai.com
    O1 - Hosts: 127.4.7.4 www.nai.com
    O1 - Hosts: 127.4.7.4 vil.nai.com
    O1 - Hosts: 127.4.7.4 grisoft.com
    O1 - Hosts: 127.4.7.4 www.grisoft.com
    O1 - Hosts: 127.4.7.4 kaspersky-labs.com
    O1 - Hosts: 127.4.7.4 www.kaspersky-labs.com
    O1 - Hosts: 127.4.7.4 kaspersky.com
    O1 - Hosts: 127.4.7.4 www.kaspersky.com
    O1 - Hosts: 127.4.7.4 downloads1.kaspersky-labs.com
    O1 - Hosts: 127.4.7.4 downloads2.kaspersky-labs.com
    O1 - Hosts: 127.4.7.4 downloads3.kaspersky-labs.com
    O1 - Hosts: 127.4.7.4 downloads4.kaspersky-labs.com
    O1 - Hosts: 127.4.7.4 download.mcafee.com
    O1 - Hosts: 127.4.7.4 grisoft.cz
    O1 - Hosts: 127.4.7.4 www.grisoft.cz
    O1 - Hosts: 127.4.7.4 norton.com
    O1 - Hosts: 127.4.7.4 www.norton.com
    O1 - Hosts: 127.4.7.4 symantec.com
    O1 - Hosts: 127.4.7.4 www.symantec.com
    O1 - Hosts: 127.4.7.4 liveupdate.symantecliveupdate.com
    O1 - Hosts: 127.4.7.4 liveupdate.symantec.com
    O1 - Hosts: 127.4.7.4 update.symantec.com
    O1 - Hosts: 127.4.7.4 securityresponse.symantec.com
    O1 - Hosts: 127.4.7.4 sarc.com
    O1 - Hosts: 127.4.7.4 www.sarc.com
    O1 - Hosts: 127.4.7.4 norman.com
    O1 - Hosts: 127.4.7.4 www.norman.com
    O1 - Hosts: 127.4.7.4 trendmicro.com
    O1 - Hosts: 127.4.7.4 www.trendmicro.com
    O1 - Hosts: 127.4.7.4 trendmicro.co.jp
    O1 - Hosts: 127.4.7.4 www.trendmicro.co.jp
    O1 - Hosts: 127.4.7.4 trendmicro-europe.com
    O1 - Hosts: 127.4.7.4 www.trendmicro-europe.com
    O1 - Hosts: 127.4.7.4 ae.trendmicro-europe.com
    O1 - Hosts: 127.4.7.4 it.trendmicro-europe.com
    O1 - Hosts: 127.4.7.4 secunia.com
    O1 - Hosts: 127.4.7.4 www.secunia.com
    O1 - Hosts: 127.4.7.4 winantivirus.com
    O1 - Hosts: 127.4.7.4 www.winantivirus.com
    O1 - Hosts: 127.4.7.4 pandasoftware.com
    O1 - Hosts: 127.4.7.4 www.pandasoftware.com
    O1 - Hosts: 127.4.7.4 esafe.com
    O1 - Hosts: 127.4.7.4 www.esafe.com
    O1 - Hosts: 127.4.7.4 f-secure.com
    O1 - Hosts: 127.4.7.4 www.f-secure.com
    O1 - Hosts: 127.4.7.4 europe.f-secure.com
    O1 - Hosts: 127.4.7.4 bhs.com
    O1 - Hosts: 127.4.7.4 www.bhs.com
    O1 - Hosts: 127.4.7.4 datafellows.com
    O1 - Hosts: 127.4.7.4 www.datafellows.com
    O1 - Hosts: 127.4.7.4 cheyenne.com
    O1 - Hosts: 127.4.7.4 www.cheyenne.com
    O1 - Hosts: 127.4.7.4 ontrack.com
    O1 - Hosts: 127.4.7.4 www.ontrack.com
    O1 - Hosts: 127.4.7.4 sands.com
    O1 - Hosts: 127.4.7.4 www.sands.com
    O1 - Hosts: 127.4.7.4 sophos.com
    O1 - Hosts: 127.4.7.4 www.sophos.com
    O1 - Hosts: 127.4.7.4 icubed.com
    O1 - Hosts: 127.4.7.4 www.icubed.com
    O1 - Hosts: 127.4.7.4 perantivirus.com
    O1 - Hosts: 127.4.7.4 www.perantivirus.com
    O1 - Hosts: 127.4.7.4 virusalert.nl
    O1 - Hosts: 127.4.7.4 www.virusalert.nl
    O1 - Hosts: 127.4.7.4 pagina.nl
    O1 - Hosts: 127.4.7.4 www.pagina.nl
    O1 - Hosts: 127.4.7.4 antivirus.pagina.nl
    O1 - Hosts: 127.4.7.4 castlecops.com
    O1 - Hosts: 127.4.7.4 www.castlecops.com
    O1 - Hosts: 127.4.7.4 virustotal.com
    O1 - Hosts: 127.4.7.4 www.virustotal.com
    O1 - Hosts: 127.4.7.4 vaksin.com
    O1 - Hosts: 127.4.7.4 www.vaksin.com
    O1 - Hosts: 127.4.7.4 forum.vaksin.com
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
    O4 - HKLM\..\Run: [ShowIcon_TOSHIBA_USB Product Driver v2.27r011] "C:\Program Files\USB Product Driver v2.27r011\shwicon.exe" -t"TOSHIBA\USB Product Driver v2.27r011"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    O4 - Global Startup: EdgeCLS11.00.lnk = C:\Program Files\EdgeCAM\Cam\edgecls.exe
    O4 - Global Startup: Canon LBP-800 ª¬ºAµøµ¡.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Sentinel LM - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel LM Server\WinNT\lservnt.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 10062 bytes

    then aku dh run combofix & the comidian.
    mitutoyo
    mitutoyo
    Ahli Baharu
    Ahli Baharu


    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Fix Registry Empty Re: Fix Registry

    Post by mitutoyo Tue Apr 21, 2009 4:22 pm

    Log combofix

    http://rapidshare.com/files/223889746/log2pnaza.txt.html
    rupii
    rupii
    Ahli Baharu
    Ahli Baharu


    Gender : Male Number of posts : 164
    Location : kawe anok qlate, REPEK city,
    Job/hobbies : tengok langit, bulan,bintang,n awan
    Registration date : 04/03/2009

    Fix Registry Empty Re: Fix Registry

    Post by rupii Tue Apr 21, 2009 6:29 pm

    nak tanya ape semua nie...
    xphm klu beh nak tau sangat2!!!!!
    avatar
    baok
    Ahli Baharu
    Ahli Baharu


    Number of posts : 169
    Registration date : 20/02/2009

    Fix Registry Empty Re: Fix Registry

    Post by baok Tue Apr 21, 2009 7:10 pm

    Upload c:\windows\system32\sfcfiles.dll ke VirSCAN.org FREE on-line scan service dan link kan result dia kat sini..


    Fix semua di bawah dengan HijackThis..

    O1 - Hosts: 127.4.7.4 mcafee.com
    O1 - Hosts: 127.4.7.4 www.mcafee.com
    O1 - Hosts: 127.4.7.4 mcafeesecurity.com
    O1 - Hosts: 127.4.7.4 www.mcafeesecurity.com
    O1 - Hosts: 127.4.7.4 mcafeeb2b.com
    O1 - Hosts: 127.4.7.4 www.mcafeeb2b.com
    O1 - Hosts: 127.4.7.4 nai.com
    O1 - Hosts: 127.4.7.4 www.nai.com
    O1 - Hosts: 127.4.7.4 vil.nai.com
    O1 - Hosts: 127.4.7.4 grisoft.com
    O1 - Hosts: 127.4.7.4 www.grisoft.com
    O1 - Hosts: 127.4.7.4 kaspersky-labs.com
    O1 - Hosts: 127.4.7.4 www.kaspersky-labs.com
    O1 - Hosts: 127.4.7.4 kaspersky.com
    O1 - Hosts: 127.4.7.4 www.kaspersky.com
    O1 - Hosts: 127.4.7.4 downloads1.kaspersky-labs.com
    O1 - Hosts: 127.4.7.4 downloads2.kaspersky-labs.com
    O1 - Hosts: 127.4.7.4 downloads3.kaspersky-labs.com
    O1 - Hosts: 127.4.7.4 downloads4.kaspersky-labs.com
    O1 - Hosts: 127.4.7.4 download.mcafee.com
    O1 - Hosts: 127.4.7.4 grisoft.cz
    O1 - Hosts: 127.4.7.4 www.grisoft.cz
    O1 - Hosts: 127.4.7.4 norton.com
    O1 - Hosts: 127.4.7.4 www.norton.com
    O1 - Hosts: 127.4.7.4 symantec.com
    O1 - Hosts: 127.4.7.4 www.symantec.com
    O1 - Hosts: 127.4.7.4 liveupdate.symantecliveupdate.com
    O1 - Hosts: 127.4.7.4 liveupdate.symantec.com
    O1 - Hosts: 127.4.7.4 update.symantec.com
    O1 - Hosts: 127.4.7.4 securityresponse.symantec.com
    O1 - Hosts: 127.4.7.4 sarc.com
    O1 - Hosts: 127.4.7.4 www.sarc.com
    O1 - Hosts: 127.4.7.4 norman.com
    O1 - Hosts: 127.4.7.4 www.norman.com
    O1 - Hosts: 127.4.7.4 trendmicro.com
    O1 - Hosts: 127.4.7.4 www.trendmicro.com
    O1 - Hosts: 127.4.7.4 trendmicro.co.jp
    O1 - Hosts: 127.4.7.4 www.trendmicro.co.jp
    O1 - Hosts: 127.4.7.4 trendmicro-europe.com
    O1 - Hosts: 127.4.7.4 www.trendmicro-europe.com
    O1 - Hosts: 127.4.7.4 ae.trendmicro-europe.com
    O1 - Hosts: 127.4.7.4 it.trendmicro-europe.com
    O1 - Hosts: 127.4.7.4 secunia.com
    O1 - Hosts: 127.4.7.4 www.secunia.com
    O1 - Hosts: 127.4.7.4 winantivirus.com
    O1 - Hosts: 127.4.7.4 www.winantivirus.com
    O1 - Hosts: 127.4.7.4 pandasoftware.com
    O1 - Hosts: 127.4.7.4 www.pandasoftware.com
    O1 - Hosts: 127.4.7.4 esafe.com
    O1 - Hosts: 127.4.7.4 www.esafe.com
    O1 - Hosts: 127.4.7.4 f-secure.com
    O1 - Hosts: 127.4.7.4 www.f-secure.com
    O1 - Hosts: 127.4.7.4 europe.f-secure.com
    O1 - Hosts: 127.4.7.4 bhs.com
    O1 - Hosts: 127.4.7.4 www.bhs.com
    O1 - Hosts: 127.4.7.4 datafellows.com
    O1 - Hosts: 127.4.7.4 www.datafellows.com
    O1 - Hosts: 127.4.7.4 cheyenne.com
    O1 - Hosts: 127.4.7.4 www.cheyenne.com
    O1 - Hosts: 127.4.7.4 ontrack.com
    O1 - Hosts: 127.4.7.4 www.ontrack.com
    O1 - Hosts: 127.4.7.4 sands.com
    O1 - Hosts: 127.4.7.4 www.sands.com
    O1 - Hosts: 127.4.7.4 sophos.com
    O1 - Hosts: 127.4.7.4 www.sophos.com
    O1 - Hosts: 127.4.7.4 icubed.com
    O1 - Hosts: 127.4.7.4 www.icubed.com
    O1 - Hosts: 127.4.7.4 perantivirus.com
    O1 - Hosts: 127.4.7.4 www.perantivirus.com
    O1 - Hosts: 127.4.7.4 virusalert.nl
    O1 - Hosts: 127.4.7.4 www.virusalert.nl
    O1 - Hosts: 127.4.7.4 pagina.nl
    O1 - Hosts: 127.4.7.4 www.pagina.nl
    O1 - Hosts: 127.4.7.4 antivirus.pagina.nl
    O1 - Hosts: 127.4.7.4 castlecops.com
    O1 - Hosts: 127.4.7.4 www.castlecops.com
    O1 - Hosts: 127.4.7.4 virustotal.com
    O1 - Hosts: 127.4.7.4 www.virustotal.com
    O1 - Hosts: 127.4.7.4 vaksin.com
    O1 - Hosts: 127.4.7.4 www.vaksin.com
    O1 - Hosts: 127.4.7.4 forum.vaksin.com
    O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\"


    show hidden files and folders dan buang file/folder di bawah

    c:\windows\system32\UpDateWind.exe
    c:\windows\system32\autorun.bin
    c:\windows\system32\Autorun.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP



    Kemudian buat di bawah

    Please copy and paste the following into a Notepad

    Code:
    REGEDIT4

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12ea5e20-b4db-11dc-adc7-0010b5523b6c}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a01f1a0-a6ea-11dd-ae8c-0010b5523b6c}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a1c36b0-8077-11dd-ae68-0010b5523b6c}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83e37491-b525-11dd-ae9e-0010b5523b6c}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91de85d0-3e54-11dc-ad5b-0010b5523b6c}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3df2aa0-7d7a-11dd-ae5f-0010b5523b6c}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba3ad5f0-dece-11dd-aec3-0010b5523b6c}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c852b620-c661-11dd-aeac-0010b5523b6c}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4a2d750-8e9b-11dc-ada9-0010b5523b6c}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5b34130-e01a-11dc-ade9-0010b5523b6c}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0848d00-36b5-11dd-ae26-0010b5523b6c}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4a5d8f0-f71d-11dc-adf8-0010b5523b6c}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec46d0b1-3b20-11dc-ad58-0010b5523b6c}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6520680-5a7e-11dc-ad77-0010b5523b6c}]

    Save it in desktop as Fix.reg and in Save as type: choose All Files

    A new registry file will then created on your desktop. It should look like this: Fix Registry Clipboard01reg

    Just double-click the file and choose Yes at prompt.
    mitutoyo
    mitutoyo
    Ahli Baharu
    Ahli Baharu


    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Fix Registry Empty Re: Fix Registry

    Post by mitutoyo Tue Apr 21, 2009 7:16 pm

    apa yg xfhm nya?berkenaan log?ke kenyataan aku kmu xfhm? Very Happy
    mitutoyo
    mitutoyo
    Ahli Baharu
    Ahli Baharu


    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Fix Registry Empty Re: Fix Registry

    Post by mitutoyo Tue Apr 21, 2009 7:18 pm

    selepas saya buat semua step kat atas perlukan lagi x log combofix yg baru?
    bOleh kamu cerita skit x apa sebenarnya yg berlaku & pc tu share file/connect dgn pc lain.
    Cmna dgn registry?agak teruk kn
    avatar
    baok
    Ahli Baharu
    Ahli Baharu


    Number of posts : 169
    Registration date : 20/02/2009

    Fix Registry Empty Re: Fix Registry

    Post by baok Tue Apr 21, 2009 7:45 pm

    Buat dulu semua step ikut turutan dan jangan lupa post result dari VirScan.org

    Dan scan dengan GVR
    mitutoyo
    mitutoyo
    Ahli Baharu
    Ahli Baharu


    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Fix Registry Empty Re: Fix Registry

    Post by mitutoyo Tue Apr 21, 2009 8:12 pm

    sy dh google mengenai sfcfiles.dll,is a file that contains functions used to monitor system files for validity ( dr uniblue).

    Awalnya saya scan dgn gvr 4.2 beta (no detection) bila repair registry byk la,tp ok,saya ikut step kamu.
    avatar
    baok
    Ahli Baharu
    Ahli Baharu


    Number of posts : 169
    Registration date : 20/02/2009

    Fix Registry Empty Re: Fix Registry

    Post by baok Tue Apr 21, 2009 9:11 pm

    One thing mitutoyo.. There's a reason why I asked you to upload and scan that file.. Not because it is malware, but its possibly was injected with malicious code.. I will not discuss any further details here.. Either you do it or I just walk away..
    mitutoyo
    mitutoyo
    Ahli Baharu
    Ahli Baharu


    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Fix Registry Empty Re: Fix Registry

    Post by mitutoyo Tue Apr 21, 2009 10:16 pm

    erk.,,.ok bro.Sekadar permberitahuan saja,xlebih dr tu k.Apa yg yg jumpa n i try untuk memahamkn apa sebenarnya yg berlaku,nk belajar k. Mad
    avatar
    baok
    Ahli Baharu
    Ahli Baharu


    Number of posts : 169
    Registration date : 20/02/2009

    Fix Registry Empty Re: Fix Registry

    Post by baok Wed Apr 22, 2009 1:23 am

    no problem.. kalau betul nak belajar, pergi kat salah satu forum di bawah.. kalau stakat nak perhati dan belajar sendiri lupakan saja, you'll never gonna make it.. unless if you know exactly how to analyze files and registry

    Bleeping Computer Study Hall

    Geek University

    Malware Removal University

    S.M.A.R.T Training (pm SifuMike)

    SpywareInfo BootCamp (Reply kat topic)

    SpywareHammer Training (pm Bugbatter)

    Tech Support Forum Academy (pm Reid)

    WhatTheTech Classroom


    completekan step2 di atas dan bgtau result.. post juga result dari virscan.org... I'm not gonna reply anymore without the virscan result..
    mitutoyo
    mitutoyo
    Ahli Baharu
    Ahli Baharu


    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Fix Registry Empty Re: Fix Registry

    Post by mitutoyo Wed Apr 22, 2009 9:22 am

    Saya dh scan results dia
    File Name : sfcfiles.dll
    File Size : 1580544 byte
    File Type : PE32 executable for MS Windows (DLL) (console) Intel 80386 3
    MD5 : 9103fe3967cc3446a7bde004eca0b946
    SHA1 : 1ffe5f98159f39496ca35ea33ed086a92bd67467
    Scanner results : All Scanners reported not find malware!

    http://virscan.org/report/7a89d1f6a75e0253f6f3086e1e540eee.html

    log yg kamu suro fix tu kn dh tiada,dan saya xbleh nk fixkn dgn hijackthis.
    Ini log baru :-
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:14:13 AM, on 4/22/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel LM Server\WinNT\lservnt.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\USB Product Driver v2.27r011\shwicon.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Autorun Eater\oldmcdonald.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Autorun Eater\billy.exe
    C:\Program Files\EdgeCAM\Cam\edgecls.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\Explorer.EXE
    F:\Tools\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
    O4 - HKLM\..\Run: [ShowIcon_TOSHIBA_USB Product Driver v2.27r011] "C:\Program Files\USB Product Driver v2.27r011\shwicon.exe" -t"TOSHIBA\USB Product Driver v2.27r011"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    O4 - Global Startup: EdgeCLS11.00.lnk = C:\Program Files\EdgeCAM\Cam\edgecls.exe
    O4 - Global Startup: Canon LBP-800 ª¬ºAµøµ¡.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Sentinel LM - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel LM Server\WinNT\lservnt.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 6479 bytes
    mitutoyo
    mitutoyo
    Ahli Baharu
    Ahli Baharu


    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Fix Registry Empty Re: Fix Registry

    Post by mitutoyo Wed Apr 22, 2009 9:35 am

    Semua step saya dh buat,

    File nh saja saya x jumpa utk delete
    c:\windows\system32\UpDateWind.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP.

    yg len dh buat
    avatar
    baok
    Ahli Baharu
    Ahli Baharu


    Number of posts : 169
    Registration date : 20/02/2009

    Fix Registry Empty Re: Fix Registry

    Post by baok Wed Apr 22, 2009 5:05 pm

    Great.. Show hidden files/folders dan carik file ni kalau ada.. jangan buang, just bgtau ada atau tak..

    c:\windows\system32\mssfc.dll

    Run ComboFix sekali lagi.. dan post log kat sini...
    mitutoyo
    mitutoyo
    Ahli Baharu
    Ahli Baharu


    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Fix Registry Empty Re: Fix Registry

    Post by mitutoyo Thu Apr 23, 2009 11:03 am

    saya dah cari fail nh,tp xjumpa/xada pun c:\windows\system32\mssfc.dll
    mitutoyo
    mitutoyo
    Ahli Baharu
    Ahli Baharu


    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Fix Registry Empty Re: Fix Registry

    Post by mitutoyo Thu Apr 23, 2009 11:06 am

    dan ini log combofix terbaru
    ComboFix 09-04-21.A0 - Administrator 04/23/2009 9:50.3 - FAT32x86
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\rvhost.exe
    c:\windows\system32\lsprst7.dll
    c:\windows\system32\nsprs.dll
    c:\windows\system32\prsrvk.dll
    c:\windows\system32\rvhost.exe
    c:\windows\system32\setting.ini
    c:\windows\Tasks\At1.job

    .
    ((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 )))))))))))))))))))))))))))))))
    .

    2009-04-22 00:57 . 2009-04-22 00:57 7168 ----a-w c:\windows\system32\drivers\utqxnzcw.sys
    2009-04-21 04:20 . 2009-04-23 01:53 81984 ----a-w c:\windows\system32\bdod.bin
    2009-04-21 04:19 . 2009-04-21 04:19 -------- d-----w c:\documents and settings\Administrator\Application Data\Bitdefender
    2009-04-21 04:14 . 2009-04-21 04:14 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
    2009-04-21 00:17 . 2009-04-21 00:17 -------- d-sh--w C:\FOUND.012
    2009-04-17 07:49 . 2009-03-06 14:00 284160 ------w c:\windows\system32\dllcache\pdh.dll
    2009-04-17 07:49 . 2009-02-09 10:01 401408 ------w c:\windows\system32\dllcache\rpcss.dll
    2009-04-17 07:49 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe
    2009-04-17 07:49 . 2005-07-26 04:20 60416 ------w c:\windows\system32\dllcache\colbact.dll
    2009-04-17 07:49 . 2009-02-09 10:01 473088 ------w c:\windows\system32\dllcache\fastprox.dll
    2009-04-17 07:49 . 2009-02-06 10:22 110592 ------w c:\windows\system32\dllcache\services.exe
    2009-04-17 07:49 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-17 07:49 . 2009-02-09 10:01 617984 ------w c:\windows\system32\dllcache\advapi32.dll
    2009-04-17 07:49 . 2009-02-09 10:01 715264 ------w c:\windows\system32\dllcache\ntdll.dll
    2009-04-17 03:27 . 2009-04-17 03:27 52 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\Update.10.Bron.Tok.bin
    2009-04-17 03:17 . 2009-04-17 03:17 7 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\Bron.tok.A10.em.bin
    2009-04-17 02:02 . 2009-03-27 07:09 1193414 ------w c:\windows\system32\dllcache\sysmain.sdb
    2009-04-17 02:02 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
    2009-04-14 02:21 . 2009-04-14 02:21 -------- d-sh--w C:\FOUND.011
    2009-04-06 23:57 . 2009-04-06 23:57 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Bron.tok-10-7
    2009-04-01 00:07 . 2009-04-01 00:07 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Bron.tok-10-1
    2009-03-31 09:08 . 2009-03-31 09:08 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-10-31
    2009-03-31 01:55 . 2009-03-31 01:55 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Bron.tok-10-31

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-21 04:14 . 2009-04-21 04:14 -------- d-----w c:\program files\Softwin
    2009-04-21 04:13 . 2009-04-21 04:13 -------- d-----w c:\program files\Autorun Eater
    2009-04-21 04:13 . 2009-04-21 04:13 -------- d-----w c:\program files\Common Files\Softwin
    2009-03-23 00:15 . 2009-03-23 00:15 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2009-03-21 14:18 . 2007-04-16 15:52 986112 ------w c:\windows\system32\dllcache\kernel32.dll
    2009-03-18 05:05 . 2009-03-18 05:05 -------- d-----w c:\documents and settings\Administrator\Application Data\Leadertech
    2009-03-10 14:18 . 2008-09-05 15:29 934792 ------w c:\windows\system32\dllcache\WgaTray.exe
    2009-03-10 14:18 . 2008-09-05 15:30 239496 ------w c:\windows\system32\dllcache\wgaLogon.dll
    2009-03-06 14:00 . 2004-08-03 17:26 284160 ----a-w c:\windows\system32\pdh.dll
    2009-03-03 04:31 . 2009-03-03 04:31 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
    2009-03-02 23:27 . 2008-04-21 06:56 1499136 ------w c:\windows\system32\dllcache\shdocvw.dll
    2009-02-20 21:44 . 2008-04-21 06:56 3067904 ------w c:\windows\system32\dllcache\mshtml.dll
    2009-02-19 09:50 . 2008-04-17 10:46 18432 ------w c:\windows\system32\dllcache\iedw.exe
    2009-02-19 09:21 . 2009-02-19 09:21 6752 ----a-w c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok.A10.em.bin
    2009-02-10 10:31 . 2009-02-10 10:31 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-02-09 10:20 . 2007-03-08 13:49 1847424 ------w c:\windows\system32\dllcache\win32k.sys
    2009-02-09 10:20 . 2005-11-08 15:13 1847424 ----a-w c:\windows\system32\win32k.sys
    2009-02-09 10:01 . 2007-11-07 09:50 728576 ------w c:\windows\system32\dllcache\lsasrv.dll
    2009-02-09 10:01 . 2005-10-14 09:17 728576 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-09 10:01 . 2005-10-12 09:25 401408 ----a-w c:\windows\system32\rpcss.dll
    2009-02-09 10:01 . 2004-08-03 17:26 617984 ----a-w c:\windows\system32\advapi32.dll
    2009-02-09 10:01 . 2004-08-03 17:26 715264 ----a-w c:\windows\system32\ntdll.dll
    2009-02-06 10:32 . 2007-02-28 09:55 2186112 ------w c:\windows\system32\dllcache\ntoskrnl.exe
    2009-02-06 10:32 . 2005-10-14 10:19 2186112 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-02-06 10:29 . 2007-02-28 09:53 2142720 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-02-06 10:22 . 2004-08-03 17:26 110592 ----a-w c:\windows\system32\services.exe
    2009-02-06 09:54 . 2001-08-23 09:00 35328 ----a-w c:\windows\system32\sc.exe
    2009-02-06 09:49 . 2007-02-28 09:15 2020864 ------w c:\windows\system32\dllcache\ntkrpamp.exe
    2009-02-06 09:49 . 2007-02-28 09:15 2062976 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-02-06 09:49 . 2005-09-28 10:35 2062976 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-02-03 20:08 . 2009-02-03 20:08 55808 ------w c:\windows\system32\dllcache\secur32.dll
    2009-02-03 20:08 . 2004-08-03 17:26 55808 ----a-w c:\windows\system32\secur32.dll
    2009-01-12 03:36 . 2007-06-27 01:02 64672 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2008-08-24 14:33 . 2009-03-04 02:24 11311 ------w c:\documents and settings\Administrator\Local Settings\Application Data\NetMailTmp.bin
    2007-05-23 01:2007-05-23 01:42 42:26 . c:\program files\mozilla firefox\components\jar50.dll
    2007-05-23 01:2007-05-23 01:42 42:26 . c:\program files\mozilla firefox\components\xpinstal.dll
    2007-05-23 01:2007-05-23 01:42 42:26 . c:\program files\mozilla firefox\components\jsd3250.dll
    .

    ------- Sigcheck -------

    [-] 2005-11-28 08:42 1580544 9103FE3967CC3446A7BDE004ECA0B946 c:\windows\system32\sfcfiles.dll
    [-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CAPON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2000-04-21 22528]
    "ShowIcon_TOSHIBA_USB Product Driver v2.27r011"="c:\program files\USB Product Driver v2.27r011\shwicon.exe" [2004-11-04 77824]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-10 155648]
    "Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2008-11-26 501768]
    "BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 290816]
    "BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Canon LBP-800 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2005-12-14 111104]
    EdgeCLS11.00.lnk - c:\program files\EdgeCAM\Cam\edgecls.exe [2007-6-20 633856]
    Canon LBP-800 ¦ª§Aæoæ­.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2005-12-14 111104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "DisableCAD"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel LM Server\\WinNT\\lservnt.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "16242:TCP"= 16242:TCP:NortonAV
    "15387:TCP"= 15387:TCP:NortonAV
    "16180:TCP"= 16180:TCP:NortonAV
    "16533:TCP"= 16533:TCP:NortonAV
    "13841:TCP"= 13841:TCP:NortonAV
    "16371:TCP"= 16371:TCP:NortonAV
    "13611:TCP"= 13611:TCP:NortonAV
    "15268:TCP"= 15268:TCP:NortonAV
    "14049:TCP"= 14049:TCP:NortonAV
    "15652:TCP"= 15652:TCP:NortonAV
    "12313:TCP"= 12313:TCP:NortonAV
    "13561:TCP"= 13561:TCP:NortonAV
    "18609:TCP"= 18609:TCP:NortonAV
    "18762:TCP"= 18762:TCP:NortonAV
    "15388:TCP"= 15388:TCP:NortonAV
    "17111:TCP"= 17111:TCP:NortonAV
    "17718:TCP"= 17718:TCP:NortonAV
    "13366:TCP"= 13366:TCP:NortonAV
    "16386:TCP"= 16386:TCP:NortonAV
    "12851:TCP"= 12851:TCP:NortonAV
    "12354:TCP"= 12354:TCP:NortonAV
    "15664:TCP"= 15664:TCP:NortonAV
    "15973:TCP"= 15973:TCP:NortonAV
    "13429:TCP"= 13429:TCP:NortonAV
    "12606:TCP"= 12606:TCP:NortonAV
    "13274:TCP"= 13274:TCP:NortonAV
    "18188:TCP"= 18188:TCP:NortonAV
    "16935:TCP"= 16935:TCP:NortonAV
    "18096:TCP"= 18096:TCP:NortonAV
    "12633:TCP"= 12633:TCP:NortonAV
    "12706:TCP"= 12706:TCP:NortonAV
    "14592:TCP"= 14592:TCP:NortonAV
    "14252:TCP"= 14252:TCP:NortonAV
    "18532:TCP"= 18532:TCP:NortonAV
    "17032:TCP"= 17032:TCP:NortonAV
    "17093:TCP"= 17093:TCP:NortonAV
    "13913:TCP"= 13913:TCP:NortonAV
    "12699:TCP"= 12699:TCP:NortonAV
    "12679:TCP"= 12679:TCP:NortonAV
    "15737:TCP"= 15737:TCP:NortonAV
    "13036:TCP"= 13036:TCP:NortonAV
    "14165:TCP"= 14165:TCP:NortonAV
    "16991:TCP"= 16991:TCP:NortonAV
    "13707:TCP"= 13707:TCP:NortonAV
    "12645:TCP"= 12645:TCP:NortonAV
    "17075:TCP"= 17075:TCP:NortonAV
    "17707:TCP"= 17707:TCP:NortonAV
    "18601:TCP"= 18601:TCP:NortonAV
    "13688:TCP"= 13688:TCP:NortonAV
    "12329:TCP"= 12329:TCP:NortonAV
    "13584:TCP"= 13584:TCP:NortonAV
    "12712:TCP"= 12712:TCP:NortonAV
    "17269:TCP"= 17269:TCP:NortonAV
    "15314:TCP"= 15314:TCP:NortonAV
    "15162:TCP"= 15162:TCP:NortonAV
    "17220:TCP"= 17220:TCP:NortonAV
    "18708:TCP"= 18708:TCP:NortonAV
    "15511:TCP"= 15511:TCP:NortonAV
    "13608:TCP"= 13608:TCP:NortonAV
    "12193:TCP"= 12193:TCP:NortonAV
    "17109:TCP"= 17109:TCP:NortonAV
    "17234:TCP"= 17234:TCP:NortonAV
    "15221:TCP"= 15221:TCP:NortonAV
    "15888:TCP"= 15888:TCP:NortonAV
    "15288:TCP"= 15288:TCP:NortonAV
    "15222:TCP"= 15222:TCP:NortonAV
    "15341:TCP"= 15341:TCP:NortonAV
    "17190:TCP"= 17190:TCP:NortonAV
    "18772:TCP"= 18772:TCP:NortonAV

    R3 utqxnzcw;AVZ Kernel Driver;c:\windows\system32\Drivers\utqxnzcw.sys [2009-04-22 7168]
    R3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
    R3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
    R3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
    R3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
    R3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
    S2 Sentinel LM;Sentinel LM;c:\program files\Common Files\SafeNet Sentinel\Sentinel LM Server\WinNT\lservnt.exe [2005-08-02 778240]
    S3 G200;G200;c:\windows\system32\DRIVERS\G200m.sys [2001-08-17 320384]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX3C644141}]
    c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-23 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 09:04]
    .
    - - - - ORPHANS REMOVED - - - -

    HKU-Default-Run-Yahoo Messengger - c:\windows\system32\RVHOST.exe
    mitutoyo
    mitutoyo
    Ahli Baharu
    Ahli Baharu


    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Fix Registry Empty Re: Fix Registry

    Post by mitutoyo Thu Apr 23, 2009 11:08 am

    sambungan log combofix (maaf xmuat,saya nk upload kat file hosting xbleh,block from admin)

    .
    ------- Supplementary Scan -------
    .
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Download all by Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download by Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: Download selected by Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download web site by Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qbayfo9j.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
    .
    .
    ------- File Associations -------
    .
    inffile=c:\windows\system32\NOTEPAD2.EXE %1
    inifile=c:\windows\system32\NOTEPAD2.EXE %1
    txtfile=c:\windows\system32\NOTEPAD2.EXE %1
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-23 09:54
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-04-23 9:56
    ComboFix-quarantined-files.txt 2009-04-23 01:56
    ComboFix2.txt 2009-04-21 07:08

    Pre-Run: 11,199,594,496 bytes free
    Post-Run: 11,207,589,888 bytes free

    265 --- E O F --- 2009-04-21 00:28
    mitutoyo
    mitutoyo
    Ahli Baharu
    Ahli Baharu


    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Fix Registry Empty Re: Fix Registry

    Post by mitutoyo Thu Apr 23, 2009 1:53 pm

    dan satu lagi masalah yg sana nampak,duplicate file muncul

    Berlaku dalam folder my documents,cth dlm tu ada 4 folder,bila buka macam biasa akan ada file2 dalam folder kita create tu tetapi muncul folder baru .exe seperti nama asal folder kita create tu.

    My docements > File A,File B,File C.
    Buka je File A ada a few file yg kita simpan cuma muncul fail baru dalam file yg sedia ada iaitu File A.exe. scratch

    Saya cuba buka xboleh,no feedback.Cuba Scan file .exe kat http://virscan.org/ tapi internet putus2 tadi.
    avatar
    baok
    Ahli Baharu
    Ahli Baharu


    Number of posts : 169
    Registration date : 20/02/2009

    Fix Registry Empty Re: Fix Registry

    Post by baok Thu Apr 23, 2009 4:47 pm

    Kamu run AVZ sendiri?.. Untuk file2 tu, upload kat ApoNie dan pm dia mintak tolong update database.. Kemudian update database GVR dan run.. Atau remove semua sekali file tu secara manual.. Atau pakai Unlocker..

    Unlocker: http://ccollomb.free.fr/unlocker/
    Upload file: http://www.geekzlife.net/v1/upload-sample-virus/

    Somehow, there's a flash infection on the computer.. You have to check which pendrive that caused it..
    mitutoyo
    mitutoyo
    Ahli Baharu
    Ahli Baharu


    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Fix Registry Empty Re: Fix Registry

    Post by mitutoyo Thu Apr 23, 2009 5:44 pm

    Sebab baru sedar dia muncul pg td,pelik gak,infection?erm.,.,penyebab dia pendrive eh,
    AZV?saya x run pun & xpnah pun run dlm pc tu.Knp?
    Remove manual,k saya cuba manual,xbleh juga guna unlocker,tetapi kan kekadang tu unlocker xberfungsi,saya pnah terjadi mcmnh.Knp eh?sebab file tersubut digunakan dlm process?
    k,saya akn upload pd shahrir.XSilap saya ada 6 folder .exe dalam mydocuments tu.

    Sponsored content


    Fix Registry Empty Re: Fix Registry

    Post by Sponsored content


      Current date/time is Fri Mar 29, 2024 10:21 am