task manager dah bleh bukak n devive manager dah bleh bukak.....
sblum nie partion C xleh bukak dengan double klik...
skang dah bleh bukak dengan double klik...
sblum nie bukak partion D task manager akan di disable...
skang dah xdi disable dah....
theme pc ak dah bertukar pada yg asal.....
nampak dah cam kembali OK
nie log untk hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:20 PM, on 11/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21020)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\ComboFix\hidec.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\mbr.cfxxe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8181
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 10905 bytes
nie log untk combofix
ComboFix 09-11-18.06 - Administrator 11/18/2009 21:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3325.2541 [GMT 8:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 091118-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\{5F229C11-5039-40E4-8537-6950BB1C9ECC}
C:\autorun.inf
C:\desktop.ini
c:\docume~1\ADMINI~1\LOCALS~1\Temp\svchost.com
c:\documents and settings\Administrator\Start Menu\Programs\Startup\sndvol32.exe
c:\documents and settings\Administrator\Templates\cache
c:\documents and settings\Administrator\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\desktop.ini
c:\documents and settings\Administrator\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\temp.db
c:\documents and settings\Administrator\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\tmp.db
c:\documents and settings\Administrator\Templates\cache\desktop.ini
c:\documents and settings\Administrator\Templates\cache\SFCsrvc.pif
c:\documents and settings\All Users\Start Menu\Programs\Startup\sndvol32.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\logs
d:\$recycle.bin\{5F229C11-5039-40E4-8537-6950BB1C9ECC}
D:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.
2009-11-18 11:59 . 2009-08-11 13:06 283023 --sha-r- c:\windows\system32\fdisk.com
2009-11-17 03:27 . 2009-11-17 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-17 03:27 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-17 03:27 . 2009-11-17 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-17 03:27 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-17 03:27 . 2009-11-17 03:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 07:16 . 2004-08-03 16:56 53760 ----a-w- c:\windows\system32\drivers\vfwwdm32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 13:24 . 2009-06-14 02:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-11-18 13:10 . 2009-04-17 03:17 -------- d-----w- c:\program files\CometBird
2009-11-18 11:48 . 2009-04-17 03:16 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2009-11-17 15:59 . 2008-08-31 11:24 118 ----a-w- c:\windows\popcinfo.dat
2009-11-14 05:12 . 2009-01-07 01:00 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-13 12:38 . 2008-11-22 04:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Wildfire
2009-11-07 09:06 . 2009-01-28 17:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-09-25 14:13 . 2009-02-26 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-09-21 09:44 . 2008-12-13 11:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NFS Underground
2009-09-21 04:29 . 2009-09-21 04:29 -------- d-----w- c:\program files\Alwil Software
2009-09-20 02:28 . 2009-06-14 02:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2009-09-18 15:53 . 2009-09-18 15:53 781435 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r1wssp0v.default\extensions\firedownload@mozilla.org\Download.dll
2009-09-18 15:53 . 2009-09-18 15:53 22528 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r1wssp0v.default\extensions\firedownload@mozilla.org\components\firedownload.dll
2009-09-06 08:24 . 2009-09-06 08:24 488968 ----a-w- c:\documents and settings\Administrator\Application Data\Real\Update\temp\~Upg0\setup.exe
2009-08-11 13:06 . 2009-11-18 11:59 283023 --sha-r- c:\windows\system32\fdisk.com
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 02:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-09-25 2799024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-16 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-16 137752]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-16 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-16 81920]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-21 270336]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-05 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-01-16 16384512]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-11-16 1622016]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 15:34 24576 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Insteller Game\\PES\\PES 2009\\pes2009.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Valve\\Condition Zero\\hl.exe"=
"c:\\Program Files\\Codemasters\\codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\My Pictures\\@DEEN#\\rupi hecker\\bitcomet\\BitComet\\BitComet.exe"=
"d:\\Program Files\\game file\\Warcraft\\Warcraft III.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"7949:TCP"= 7949:TCP:BitComet 7949 TCP
"7949:UDP"= 7949:UDP:BitComet 7949 UDP
"11076:TCP"= 11076:TCP:BitComet 11076 TCP
"11076:UDP"= 11076:UDP:BitComet 11076 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/21/2009 12:29 PM 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/21/2009 12:29 PM 20560]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [3/5/2009 7:52 AM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [3/5/2009 7:53 AM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [3/5/2009 7:53 AM 120744]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [4/21/2009 7:36 PM 99112]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [4/21/2009 7:36 PM 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [4/21/2009 7:36 PM 97704]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [11/2/2007 10:47 AM 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [11/2/2007 10:47 AM 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [11/2/2007 10:47 AM 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [4/21/2009 7:33 PM 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [4/21/2009 7:36 PM 100008]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r1wssp0v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r1wssp0v.default\extensions\firedownload@mozilla.org\components\firedownload.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-winmgmt - c:\windows\system32\wmiprvse.exe
HKLM-Run-winmgmt - c:\windows\system32\wmiprvse.exe
AddRemove-eMusic Promotion - c:\program files\Winamp\eMusic\Uninst-eMusic-promotion.exe
AddRemove-Need for Speed Most Wanted_is1 - c:\program files\EA GAMES\Need for Speed Most Wanted\unins000.exe
AddRemove-Vodei Multimedia Processor - c:\program files\Vodei\uninst.exe
AddRemove-{909F8EBC-EC7F-48FF-0085-475D818F0F31} - c:\program files\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
winmgmt = c:\windows\system32\wmiprvse.exe????,??????|x???????<???????????[??|_??|,??????|?????e??<???????#???????????,???!??|??????A~????D? ?x???d???8e??'?@? ?????A~?@??x????????e??????????????x???(?@???????? ?????]??????????l??????????|x??????????|0e??D???Q??|h???m??|
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
winmgmt = c:\windows\system32\wmiprvse.exe????,??????|x???????<???????????[??|_??|,??????|?????e??<???????#???????????,???!??|??????A~????D? ?x???d???8e??'?@? ?????A~?@??x????????e??????????????x???(?@???????? ?????]??????????l??????????|x??????????|0e??D???Q??|h???m??|
Messenger (Yahoo!) = "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet??g?e
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1409082233-583907252-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-1409082233-583907252-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*„%ê*a"]
@Class="Shell"
[HKEY_USERS\S-1-5-21-1409082233-583907252-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*„%ê*a"\OpenWithList]
@Class="Shell"
"a"="PhotoSnapViewer.exe"
"MRUList"="ab"
"b"="mplayerc.exe"
[HKEY_USERS\S-1-5-21-1409082233-583907252-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*„%ê*a"\OpenWithProgids]
"_ê=_auto_file"=hex(0):
[HKEY_USERS\S-1-5-21-1409082233-583907252-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:7c,ce,31,8d,f0,9d,31,ca,7e,4f,5a,35,fe,e0,7a,d1,c5,be,b4,85,48,
88,96,63,79,46,10,19,6c,66,ac,6e,df,cb,6a,ae,43,f0,4e,28,03,8b,3a,56,2d,0c,\
"rkeysecu"=hex:de,99,01,af,ea,99,d6,ef,27,22,b9,0a,c9,ab,17,4c
[HKEY_LOCAL_MACHINE\software\Classes\.*„%ê*a"]
@="_ê=_auto_file"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{17de06a1-485a-44e5-9800-96e98424fc69}]
@Denied: (Full) (Everyone)
"Model"=dword:000000e9
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,88,34,2b,54,2f,6f,c9,7f,3e,ef,61,df,6a,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a4,dc,18,7d,71,ed,99,e2,13,35,9e,f8,ef,67,22,bc,d5,0c,12,67,48,
e9,15,92,c4,07,92,b0,7e,2a,9a,8d,4d,df,c0,70,ea,93,78,b9,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d9,c0,73,6d,96,35,51,b8,74,7d,26,83,67,84,dd,da,1f,86,05,55,31,
07,14,56,09,76,dd,9e,6f,2f,7a,52,2e,2e,57,5f,91,31,4f,96,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d5d3fff5-a79c-466b-846e-6db60a0f1c18}]
@Denied: (Full) (Everyone)
"Model"=dword:000000c1
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\„%ê*a"_*a*u*t*o*_*f*i*l*e*\shell]
@="open"
[HKEY_LOCAL_MACHINE\software\Classes\„%ê*a"_*a*u*t*o*_*f*i*l*e*\shell\open]
@="&Open"
"FriendlyAppName"="Nero PhotoSnap Viewer Essentials"
[HKEY_LOCAL_MACHINE\software\Classes\„%ê*a"_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="\"c:\\Program Files\\Nero\\Nero 7\\Nero PhotoSnap\\PhotoSnapViewer.exe\" \"%1\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(736)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\idmmbc.dll
.
Completion time: 2009-11-18 21:26
ComboFix-quarantined-files.txt 2009-11-18 13:25
Pre-Run: 11,498,065,920 bytes free
Post-Run: 12,159,479,808 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 2EB43E5ACE7232EA157D8CBF22F87364
ape langkah seterusnyaa....
Home
