Forum Sementara Putera.com

Bersama kita perkemaskan forum ini sementara forum asal dalam pemulihan.

Forum putera dah kembali. Masalah sudah berjaya diselesaikan. Sila lawati http://forum.putera.com/tanya


    Keyboard.exe

    Share

    anakin
    Ahli Baharu
    Ahli Baharu

    Number of posts : 27
    Registration date : 05/03/2009

    Keyboard.exe

    Post by anakin on Wed Aug 19, 2009 6:00 pm

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:47:57 PM, on 8/19/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
    C:\WINDOWS\Fonts\Fonts.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\HBCD\WinTools\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
    O4 - HKLM\..\Run: [] C:\WINDOWS\system\KEYBOARD.exe
    O4 - HKLM\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe
    O4 - HKLM\..\Policies\Explorer\Run: [sys] C:\WINDOWS\Fonts\Fonts.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Bluetooth.lnk = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FreshDownload - {D618FA0B-EE57-4759-84EF-BEBA856154AF} - F:\Fresh_Download\FreshDownload\fd.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{58F76935-1AD9-4801-A851-50A43B60D4E7}: NameServer = 192.168.6.230,10.46.0.70
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SWEEP for Windows NT Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
    O23 - Service: SWEEP for Windows NT (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 6397 bytes


    Assalamualaikum..
    Aku ada problem virus ni Keyboard.exe
    Banyak PC kat ofis aku dah kena virus ni..
    Setakt ni solution yang aku ada ialah FORMAT..

    -Virus ni akan mematikan anti virus.. Tak kiralah apa jenis antivirus sekalipun..
    -Akan disable kan regedit n taskmanager..
    -Semua PC yang kena virus ni, x blh masuk safemode..
    -Aku cuba buang kat startup (msconfig), tapi bila restart ada balik Keyboard.exe ni..
    -File ni berada kat C:\WINDOWS\system\Keyboard.exe, bila aku cuba attrib, dia x boleh show..

    Tolong bro-bro semua..

    ayoi
    Moderators
    Moderators

    Gender : Male Number of posts : 1090
    Age : 86
    Registration date : 04/03/2009

    Re: Keyboard.exe

    Post by ayoi on Wed Aug 19, 2009 6:48 pm

    huhu virus jelmaan sality ..hehehe

    amik ni http://www.avg.com/virus-removal.ndi-67769 or sini http://www.ziddu.com/download/4592701/sality_off.rar.html

    atau memana remover antivirus lain ngan nama sally or sality


    atau leh cuba yang ni punya anti virus http://morphians.wordpress.com/
    indo punya


    --------------------------------------------
    ku mencuba survey
    Don't break my heart

    anakin
    Ahli Baharu
    Ahli Baharu

    Number of posts : 27
    Registration date : 05/03/2009

    Re: Keyboard.exe

    Post by anakin on Thu Aug 20, 2009 7:05 pm

    ayoi wrote:huhu virus jelmaan sality ..hehehe

    amik ni http://www.avg.com/virus-removal.ndi-67769 or sini http://www.ziddu.com/download/4592701/sality_off.rar.html

    atau memana remover antivirus lain ngan nama sally or sality


    atau leh cuba yang ni punya anti virus http://morphians.wordpress.com/
    indo punya

    Bro..
    Avg tu x detect la bro..
    Morphost tu pulak dia detect, tapi x leh delete virus2 tu..
    So, ada cara lain x?

    ayoi
    Moderators
    Moderators

    Gender : Male Number of posts : 1090
    Age : 86
    Registration date : 04/03/2009

    Re: Keyboard.exe

    Post by ayoi on Thu Aug 20, 2009 7:27 pm

    apa nama virus tu


    --------------------------------------------
    ku mencuba survey
    Don't break my heart

    anakin
    Ahli Baharu
    Ahli Baharu

    Number of posts : 27
    Registration date : 05/03/2009

    Re: Keyboard.exe

    Post by anakin on Thu Aug 20, 2009 7:47 pm

    ayoi wrote:apa nama virus tu

    Macam macam nama ada..

    Yang pentingnya keyboard.exe tu la..
    Yang lain seperti global.exe, font.exe dan banyak lagi lah..

    e_sentinel
    Ahli Baharu
    Ahli Baharu

    Number of posts : 479
    Registration date : 02/03/2009

    Re: Keyboard.exe

    Post by e_sentinel on Thu Aug 20, 2009 8:33 pm

    PC awak dah teruk kena jangkitan, ni antara list dia:

    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
    C:\WINDOWS\Fonts\Fonts.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
    O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
    O4 - HKLM\..\Run: [] C:\WINDOWS\system\KEYBOARD.exe
    O4 - HKLM\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe
    O4 - HKLM\..\Policies\Explorer\Run: [sys] C:\WINDOWS\Fonts\Fonts.exe
    O4 - HKCU\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: FreshDownload - {D618FA0B-EE57-4759-84EF-BEBA856154AF} - F:\Fresh_Download\FreshDownload\fd.exe (file missing)

    Aku nie x pandai, jadi aku boleh suggest ajer la .. cuba run ComboFix, pastu run Malwarebytes' AntiMalware ... jika kedua-dua tool ni x leh jalan, run dulu Sality_Off, then kasi run 2 2 tool diatas .... jika semua x leh run, buat dulu online scanning guna Kaspersky ke, ESET ke, etc ..

    test0123
    Ahli Rajin
    Ahli Rajin

    Gender : Male Number of posts : 1002
    Age : 33
    Location : Bandar Tasek Mutiara, Penang
    Job/hobbies : Executive/ Cari Gondang
    Registration date : 20/02/2009

    Re: Keyboard.exe

    Post by test0123 on Fri Aug 21, 2009 1:06 am

    tak bleh fix..reformat.. Basketball

    Sponsored content

    Re: Keyboard.exe

    Post by Sponsored content Today at 5:52 am


      Current date/time is Wed Dec 07, 2016 5:52 am