Forum Sementara Putera.com

Bersama kita perkemaskan forum ini sementara forum asal dalam pemulihan.

Forum putera dah kembali. Masalah sudah berjaya diselesaikan. Sila lawati http://forum.putera.com/tanya


    [Selesai] acrotray.exe malware..

    Share

    zareight
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 128
    Age : 29
    Location : T.Intan > K.D`sara > Ipoh > J.B > Bangsar
    Registration date : 02/03/2009

    [Selesai] acrotray.exe malware..

    Post by zareight on Sun Nov 22, 2009 1:43 pm

    salam... pc aku terkene malware ni kot.. skrg ni aku tgk kat task manager kt bhagian process,die duplicate process tu..mcm pic nih..



    ni lak aku nye hijackthis.log..

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:35:40 PM, on 22/11/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18828)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Google\Google Desktop Search\googledesktop.exe
    C:\Program Files\Acer\Empowering Technology\ePower\epower_dmc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\clistart.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\arcadedeluxeagent.exe
    C:\Program Files\Google\Google Desktop Search\googledesktop.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\clmlsvc.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\arcadedeluxeagent.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\clistart.exe
    C:\Program Files\Acer\Empowering Technology\ePower\epower_dmc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Google Desktop Search\googledesktop .exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\pmvservice.exe
    C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\ssbkgdupdate.exe
    C:\Program Files\ScanSoft\OmniPageSE4\opwarese4.exe
    C:\Program Files\Microsoft Office\Office12\groovemonitor.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
    C:\Program Files\Internet Download Manager\idman.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\arcadedeluxeagent .exe
    C:\Users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
    C:\Program Files\Acer\Empowering Technology\ePower\epower_dmc .exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\Microsoft Office\Office12\groovemonitor.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Internet Download Manager\idman.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft Office\Office12\groovemonitor .exe
    C:\Program Files\Skype\Phone\skype.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
    C:\Program Files\Internet Download Manager\idman .exe
    C:\Program Files\Java\jre6\bin\jusched .exe
    C:\Program Files\Internet Download Manager\idman .exe
    C:\Program Files\SUPERAntiSpyware\superantispyware .exe
    C:\Users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
    C:\Program Files\Skype\Phone\skype .exe
    C:\Program Files\Internet Download Manager\idman .exe
    C:\Program Files\Internet Download Manager\idman .exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Download Manager\idman .exe
    C:\Program Files\ScanSoft\OmniPageSE4\opwarese4.exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\pmvservice.exe
    C:\Program Files\ScanSoft\OmniPageSE4\opwarese4 .exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\clmlsvc.exe
    C:\Program Files\Internet Download Manager\idman .exe
    C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\ssbkgdupdate.exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\pmvservice .exe
    C:\Program Files\Internet Download Manager\idman .exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\clmlsvc .exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Acer\Acer VCM\acp2HID.exe
    C:\Windows\system32\Taskmgr.exe
    C:\program files\adobe\acrotray.exe
    C:\program files\adobe\acrotray.exe
    C:\program files\adobe\acrotray .exe
    C:\program files\adobe\acrotray .exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
    C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4409&s=2&o=vp32&d=0309&m=aspire_4730z
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4409&s=2&o=vp32&d=0309&m=aspire_4730z
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4409&s=2&o=vp32&d=0309&m=aspire_4730z
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe" /runcleanupscript
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] ; "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] ; "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Windows Defender] ; %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\idman .exe /onboot
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] ; "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient .exe" -inv:bootrun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Acer VCM.lnk = ?
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9E100B67-6B93-44A5-81C5-8CBB9895EF90}: NameServer = 202.188.0.133,202.188.1.5
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    O23 - Service: DeviceManager - Unknown owner - C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

    --
    End of file - 16262 bytes

    sape2 yg ade cara, tlg bantu eh..terima kasih..


    Last edited by zareight on Wed Nov 25, 2009 11:30 pm; edited 2 times in total

    test0123
    Ahli Rajin
    Ahli Rajin

    Gender : Male Number of posts : 1002
    Age : 33
    Location : Bandar Tasek Mutiara, Penang
    Job/hobbies : Executive/ Cari Gondang
    Registration date : 20/02/2009

    Re: [Selesai] acrotray.exe malware..

    Post by test0123 on Sun Nov 22, 2009 3:36 pm

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    removed ni

    yg lain aku tgk ok jer..tak de nampak malware pon..
    acrotray.exe ni acrobat reader..mgkin awk ada buka 2,3 file ker..memang akan ada la kat task manager

    zareight
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 128
    Age : 29
    Location : T.Intan > K.D`sara > Ipoh > J.B > Bangsar
    Registration date : 02/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by zareight on Sun Nov 22, 2009 5:31 pm

    test0123 wrote:O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    removed ni

    yg lain aku tgk ok jer..tak de nampak malware pon..
    acrotray.exe ni acrobat reader..mgkin awk ada buka 2,3 file ker..memang akan ada la kat task manager

    yups..mmg ad search kt google,die ckp acrobat reader..sy xbukak 2,3files..

    yg awk ckp,sy da remove..tp still same..ni SS task manager sy..





    and kalo tgk balik kt task manager tu,cube tgk btol2.. kalo file yg asal, die dijarakkn file type..

    contoh : googledesktop .exe die ad spacing.. n di bawah google tu, ade googledesktop.exe yg lain n description die

    ade delme1**

    tu yg confius nih..

    johnburn
    Moderators
    Moderators

    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by johnburn on Sun Nov 22, 2009 7:11 pm

    Download Malwarebyte, instal, update dan scan pc.
    Pastu paste log malwarebyte sini.


    --------------------------------------------

    tahukah kamu saat kamu menangis
    adalah air mata ku yang jatuh berlinang
    tahukah kamu saat kamu tersakiti
    adalah aku yang pertama terluka
    Jangan Klik

    NazCYPHER32
    Ahli Baharu
    Ahli Baharu

    Number of posts : 373
    Age : 26
    Location : Seremban
    Job/hobbies : FSsimming,racing sim,3dmodelling
    Registration date : 04/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by NazCYPHER32 on Sun Nov 22, 2009 8:44 pm

    guna windows search..tgok mane dtg file tuh,delete sume file yg same nama yg berjarak tuh...google search la 1-1 exe file yg tengah running tuh,jgn malas,...bagi log htj baru ko amik at the same time,n kalo bole bagi screenshot ko pnye taskman tuh,bia nmpak sume list program yg bjalan,ko scroll n capture jela..tpaksa guna care old skool sket..

    zareight
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 128
    Age : 29
    Location : T.Intan > K.D`sara > Ipoh > J.B > Bangsar
    Registration date : 02/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by zareight on Sun Nov 22, 2009 9:31 pm

    NazCYPHER32 wrote:guna windows search..tgok mane dtg file tuh,delete sume file yg same nama yg berjarak tuh...google search la 1-1 exe file yg tengah running tuh,jgn malas,...bagi log htj baru ko amik at the same time,n kalo bole bagi screenshot ko pnye taskman tuh,bia nmpak sume list program yg bjalan,ko scroll n capture jela..tpaksa guna care old skool sket..

    maaf yea.. sape yg malas? da 2hari duk cari solution,sbb xdpt,bru post kt sini..kan da bgtaw kt post sblum ni yg file ni dari acrobat reader..da search da pon..harap maklum...

    johnburn..
    ni log file..btw da gune da b4 ni tuk remove.die da remove but bile restart blk,kt task manager still same..die dtg blk.. ni log file malwarebytes.



    Malwarebytes' Anti-Malware 1.41
    Database version: 3202
    Windows 6.0.6002 Service Pack 2

    22/11/2009 9:06:59 PM
    mbam-log-2009-11-22 (21-06-59).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 283132
    Time elapsed: 1 hour(s), 22 minute(s), 28 second(s)

    Memory Processes Infected: 2
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    C:\program files\Adobe\acrotray.exe (Trojan.Agent) -> Unloaded process successfully.
    C:\program files\Adobe\acrotray .exe (Trojan.Agent) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\zareight\Desktop\Documents\pendrive 4gb\IDM 5.15 Build 6\Patch 5.xx (2008-12-06).exe (Trojan.Agent) -> Not selected for removal.
    C:\Program Files\Adobe\acrotray.exe (Trojan.Agent) -> Delete on reboot.
    C:\Program Files\Adobe\acrotray .exe (Trojan.Agent) -> Delete on reboot.

    asdasd
    Ahli Baharu
    Ahli Baharu

    Number of posts : 71
    Registration date : 26/04/2009

    Re: [Selesai] acrotray.exe malware..

    Post by asdasd on Sun Nov 22, 2009 9:38 pm

    salam,

    cuba la masuk safemode & scan balik..

    zareight
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 128
    Age : 29
    Location : T.Intan > K.D`sara > Ipoh > J.B > Bangsar
    Registration date : 02/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by zareight on Sun Nov 22, 2009 9:58 pm

    wsalam..da cuba da..same jgk..isk3..~

    johnburn
    Moderators
    Moderators

    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by johnburn on Sun Nov 22, 2009 10:03 pm

    zipkan file virus tu send kt email aku
    johnburn@putera.com


    --------------------------------------------

    tahukah kamu saat kamu menangis
    adalah air mata ku yang jatuh berlinang
    tahukah kamu saat kamu tersakiti
    adalah aku yang pertama terluka
    Jangan Klik

    zareight
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 128
    Age : 29
    Location : T.Intan > K.D`sara > Ipoh > J.B > Bangsar
    Registration date : 02/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by zareight on Sun Nov 22, 2009 10:15 pm

    johnburn wrote:zipkan file virus tu send kt email aku
    johnburn@putera.com

    ok..da send da.. thanks yea..

    zareight
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 128
    Age : 29
    Location : T.Intan > K.D`sara > Ipoh > J.B > Bangsar
    Registration date : 02/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by zareight on Sun Nov 22, 2009 11:12 pm

    log terbaru

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:11:17 PM, on 22/11/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18828)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Google Desktop Search\googledesktop.exe
    C:\Program Files\Acer\Empowering Technology\ePower\epower_dmc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\clistart.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\arcadedeluxeagent.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\clmlsvc.exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\pmvservice.exe
    C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\ssbkgdupdate.exe
    C:\Program Files\ScanSoft\OmniPageSE4\opwarese4.exe
    C:\Program Files\Microsoft Office\Office12\groovemonitor.exe
    C:\Program Files\ScanSoft\OmniPageSE4\opwarese4.exe
    C:\Program Files\Acer\Empowering Technology\ePower\epower_dmc.exe
    C:\Program Files\Acer\Empowering Technology\ePower\epower_dmc .exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\arcadedeluxeagent.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\arcadedeluxeagent .exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\pmvservice.exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\pmvservice .exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\clmlsvc.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\clmlsvc .exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Google\Google Desktop Search\googledesktop.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
    C:\Program Files\Google\Google Desktop Search\googledesktop .exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\skype.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\clistart.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Microsoft Office\Office12\groovemonitor.exe
    C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\ssbkgdupdate.exe
    C:\Program Files\Skype\Phone\skype.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
    C:\Program Files\Skype\Phone\skype .exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
    C:\Program Files\Microsoft Office\Office12\groovemonitor .exe
    C:\Program Files\ScanSoft\OmniPageSE4\opwarese4 .exe
    C:\Program Files\Java\jre6\bin\jusched .exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Acer\Acer VCM\acp2HID.exe
    C:\program files\adobe\acrotray.exe
    C:\program files\adobe\acrotray.exe
    C:\program files\adobe\acrotray .exe
    C:\program files\adobe\acrotray .exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Trend Micro\HijackThis\yup.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4409&s=2&o=vp32&d=0309&m=aspire_4730z
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4409&s=2&o=vp32&d=0309&m=aspire_4730z
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4409&s=2&o=vp32&d=0309&m=aspire_4730z
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe" /runcleanupscript
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient .exe" -inv:bootrun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Acer VCM.lnk = ?
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9E100B67-6B93-44A5-81C5-8CBB9895EF90}: NameServer = 202.188.0.133,202.188.1.5
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    O23 - Service: DeviceManager - Unknown owner - C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

    --
    End of file - 13864 bytes

    johnburn
    Moderators
    Moderators

    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by johnburn on Sun Nov 22, 2009 11:48 pm

    Download combofix dan save ke desktop.
    Tutup semua windows dan browser dan jalankn combofix.
    Pas dh selesai, paste log combofix dgn log hijackthis yg baru kat sini


    --------------------------------------------

    tahukah kamu saat kamu menangis
    adalah air mata ku yang jatuh berlinang
    tahukah kamu saat kamu tersakiti
    adalah aku yang pertama terluka
    Jangan Klik

    zareight
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 128
    Age : 29
    Location : T.Intan > K.D`sara > Ipoh > J.B > Bangsar
    Registration date : 02/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by zareight on Mon Nov 23, 2009 12:12 am

    ni combofix pnye log..

    ComboFix 09-11-21.03 - zareight 22/11/2009 23:52.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.60.1033.18.3069.1938 [GMT 8:00]
    Running from: c:\users\zareight\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-2034258232-1381012302-129615555-500
    c:\windows\plfseti .exe
    c:\windows\Suyin.reg
    c:\windows\system32\rthdvcpl .exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-10-22 to 2009-11-22 )))))))))))))))))))))))))))))))
    .

    2009-11-22 16:03 . 2009-11-22 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-11-22 06:57 . 2009-11-22 09:38 8192 d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-22 06:57 . 2009-11-22 09:16 4096 d-----w- c:\programdata\Spybot - Search & Destroy
    2009-11-22 06:52 . 2009-11-22 06:52 -------- d-----w- c:\users\zareight\AppData\Roaming\Uniblue
    2009-11-22 05:35 . 2009-11-22 05:35 -------- d-----w- c:\program files\Trend Micro
    2009-11-22 05:29 . 2009-11-22 05:29 -------- d-----w- c:\program files\ESET
    2009-11-21 20:30 . 2009-11-21 20:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2009-11-21 20:29 . 2009-11-22 09:41 4096 d-----w- c:\program files\SUPERAntiSpyware
    2009-11-21 20:29 . 2009-11-21 20:29 -------- d-----w- c:\users\zareight\AppData\Roaming\SUPERAntiSpyware.com
    2009-11-21 11:22 . 2008-06-12 10:09 33088 ----a-w- c:\users\zareight\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-20 19:44 . 2009-11-20 19:44 -------- d-----w- c:\users\zareight\AppData\Roaming\Malwarebytes
    2009-11-20 19:43 . 2009-11-22 16:03 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-20 19:43 . 2009-11-20 19:43 -------- d-----w- c:\programdata\Malwarebytes
    2009-11-20 06:56 . 2009-06-08 07:33 8676883 ----a-w- c:\windows\system32\mp3Media2.dll
    2009-11-20 06:56 . 2009-11-20 06:56 -------- d-----w- c:\program files\Smallvideosoft
    2009-11-17 19:32 . 2009-11-17 19:32 -------- d-----w- c:\users\zareight\EurekaLog
    2009-11-17 15:22 . 2009-11-17 15:22 -------- d-----w- c:\program files\CCleaner
    2009-11-11 20:56 . 2009-11-11 20:56 -------- d-----w- c:\program files\Windows Portable Devices
    2009-11-11 20:01 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2009-11-11 19:51 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
    2009-11-11 19:51 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-11-11 19:50 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-11-11 19:50 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-11-11 19:06 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
    2009-11-11 19:06 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
    2009-11-08 12:48 . 2009-11-08 12:48 -------- d-----w- c:\programdata\KONAMI
    2009-11-07 16:16 . 2009-11-07 16:16 28160 ---ha-w- c:\users\zareight\btsioq.exe
    2009-11-07 16:16 . 2009-11-07 16:16 28160 ----a-w- c:\windows\system32\dkkcn.exe
    2009-11-07 10:23 . 2009-11-22 07:07 131072 d-----w- C:\Lyrics
    2009-11-07 10:23 . 2009-11-19 07:28 4096 d-----w- c:\users\zareight\AppData\Roaming\MiniLyrics
    2009-11-07 10:22 . 2009-11-22 09:48 4096 d-----w- c:\program files\Minilyrics
    2009-11-05 12:09 . 2009-11-05 12:09 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-11-05 12:09 . 2009-11-05 12:09 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-11-05 12:09 . 2009-11-05 12:09 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2009-11-05 12:09 . 2009-11-05 12:09 -------- d-----w- c:\users\zareight\AppData\Local\PunkBuster
    2009-11-03 13:24 . 2009-11-03 13:24 -------- d-----w- C:\HyppTV
    2009-11-03 11:28 . 2009-11-03 11:28 -------- d-----w- c:\users\zareight\AppData\Local\Apps
    2009-11-03 11:28 . 2009-11-03 13:23 -------- d-----w- c:\users\zareight\AppData\Local\Deployment
    2009-11-01 04:50 . 2009-07-28 09:41 396800 ----a-w- c:\users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-0907280-0-libOctoshapeClient.dll
    2009-11-01 04:50 . 2009-07-28 09:41 124184 ----a-w- c:\users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-0907280-0-apoctoshape.dll
    2009-11-01 04:50 . 2009-07-28 09:41 120088 ----a-w- c:\users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-0907280-0-npoctoshape.dll
    2009-11-01 04:50 . 2009-11-22 14:55 143674 ----a-w- c:\users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
    2009-11-01 04:50 . 2009-11-22 14:32 125018 ----a-w- c:\users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
    2009-11-01 04:50 . 2009-11-22 13:08 107186 ----a-w- c:\users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
    2009-11-01 04:50 . 2009-11-21 13:01 70078 ----a-w- c:\users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient.exe
    2009-11-01 04:50 . 2009-01-08 13:44 70936 ----a-w- c:\users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
    2009-10-29 06:30 . 2009-10-29 06:30 -------- d-----w- c:\windows\system32\Adobe
    2009-10-27 06:39 . 2009-10-27 06:39 -------- d-----w- c:\program files\Common Files\SourceTec
    2009-10-27 06:39 . 2009-10-27 06:39 -------- d-----w- c:\program files\SourceTec
    2009-10-26 13:53 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
    2009-10-26 13:53 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2009-10-26 13:53 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
    2009-10-26 13:53 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
    2009-10-26 13:53 . 2009-10-13 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2009-10-26 13:52 . 2009-10-26 13:53 4096 d-----w- c:\program files\K-Lite Codec Pack

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-22 15:14 . 2009-08-16 14:58 -------- d-----w- c:\programdata\Skype
    2009-11-22 15:14 . 2009-08-16 15:05 -------- d-----r- c:\program files\Skype
    2009-11-22 15:06 . 2009-04-11 14:57 12 ----a-w- c:\windows\bthservsdp.dat
    2009-11-22 14:52 . 2009-04-13 12:10 4096 d-----w- c:\users\zareight\AppData\Roaming\IDM
    2009-11-22 14:52 . 2009-04-13 12:10 -------- d-----w- c:\users\zareight\AppData\Roaming\DMCache
    2009-11-22 09:48 . 2009-04-12 16:24 4096 d-----w- c:\users\zareight\AppData\Roaming\Winamp
    2009-11-22 09:48 . 2009-09-15 19:27 4096 d-----w- c:\program files\Magic Music Editor
    2009-11-22 09:48 . 2009-04-12 15:59 -------- d-----w- c:\programdata\FLEXnet
    2009-11-22 07:40 . 2009-05-21 07:10 7512 ----a-w- c:\users\zareight\AppData\Local\d3d9caps.dat
    2009-11-20 20:01 . 2009-09-11 16:11 -------- d-----w- c:\users\zareight\AppData\Roaming\ESTsoft
    2009-11-19 10:51 . 2009-09-26 06:13 12288 d-----w- c:\program files\Garena
    2009-11-19 09:57 . 2009-03-16 22:39 4096 d-----w- c:\program files\Launch Manager
    2009-11-11 20:56 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-11 20:55 . 2009-11-11 20:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2009-11-11 20:54 . 2009-11-11 20:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-11 20:03 . 2009-02-13 03:38 12288 d-----w- c:\programdata\Microsoft Help
    2009-11-09 18:05 . 2009-05-22 01:59 -------- d-----w- c:\program files\Java
    2009-11-02 12:42 . 2009-10-02 17:29 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-01 04:50 . 2009-08-11 16:51 120088 ----a-w- c:\users\zareight\AppData\Roaming\Mozilla\Plugins\npoctoshape.dll
    2009-11-01 04:50 . 2009-08-11 16:51 -------- d-----w- c:\users\zareight\AppData\Roaming\Octoshape
    2009-10-26 14:45 . 2009-03-16 22:35 370112 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
    2009-10-16 19:05 . 2009-02-13 03:40 28672 d-----w- c:\program files\Microsoft Works
    2009-10-10 20:17 . 2009-05-22 01:59 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-08 21:08 . 2009-11-11 20:01 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-10-08 21:08 . 2009-11-11 20:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-10-08 21:07 . 2009-11-11 20:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-10-04 04:16 . 2009-10-04 04:16 4096 d-----w- c:\program files\Microsoft Office Outlook Connector
    2009-10-04 04:14 . 2009-02-13 04:06 4096 d-----w- c:\program files\Windows Live
    2009-10-01 01:02 . 2009-11-11 20:01 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2009-10-01 01:02 . 2009-11-11 20:01 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2009-10-01 01:02 . 2009-11-11 20:01 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2009-10-01 01:02 . 2009-11-11 20:01 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
    2009-10-01 01:01 . 2009-11-11 20:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2009-10-01 01:01 . 2009-11-11 20:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2009-10-01 01:01 . 2009-11-11 20:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2009-10-01 01:01 . 2009-11-11 20:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2009-10-01 01:01 . 2009-11-11 20:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2009-10-01 01:01 . 2009-11-11 20:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2009-10-01 01:01 . 2009-11-11 20:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2009-10-01 01:01 . 2009-11-11 20:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
    2009-10-01 01:01 . 2009-11-11 20:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll
    2009-10-01 01:01 . 2009-11-11 20:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
    2009-10-01 01:01 . 2009-11-11 20:01 33280 ----a-w- c:\windows\system32\WpdConns.dll
    2009-09-25 02:10 . 2009-11-11 20:02 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2009-09-25 02:07 . 2009-11-11 20:02 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2009-09-25 02:04 . 2009-11-11 20:02 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2009-09-25 01:49 . 2009-11-11 20:02 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2009-09-25 01:48 . 2009-11-11 20:02 351232 ----a-w- c:\windows\system32\XpsPrint.dll
    2009-09-25 01:38 . 2009-11-11 20:02 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2009-09-25 01:36 . 2009-11-11 20:02 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2009-09-25 01:35 . 2009-11-11 20:02 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2009-09-25 01:33 . 2009-11-11 20:02 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2009-09-25 01:33 . 2009-11-11 20:02 829440 ----a-w- c:\windows\system32\d3d10warp.dll
    2009-09-25 01:33 . 2009-11-11 20:02 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2009-09-25 01:32 . 2009-11-11 20:02 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2009-09-25 01:31 . 2009-11-11 20:02 519680 ----a-w- c:\windows\system32\d3d11.dll
    2009-09-25 01:31 . 2009-11-11 20:02 486912 ----a-w- c:\windows\system32\d3d10level9.dll
    2009-09-25 01:31 . 2009-11-11 20:02 161280 ----a-w- c:\windows\system32\d3d10_1.dll
    2009-09-25 01:31 . 2009-11-11 20:02 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
    2009-09-25 01:31 . 2009-11-11 20:02 1030144 ----a-w- c:\windows\system32\d3d10.dll
    2009-09-25 01:31 . 2009-11-11 20:02 828928 ----a-w- c:\windows\system32\d2d1.dll
    2009-09-25 01:30 . 2009-11-11 20:02 481792 ----a-w- c:\windows\system32\dxgi.dll
    2009-09-25 01:30 . 2009-11-11 20:02 190464 ----a-w- c:\windows\system32\d3d10core.dll
    2009-09-25 01:27 . 2009-11-11 20:02 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2009-09-25 01:27 . 2009-11-11 20:02 37888 ----a-w- c:\windows\system32\cdd.dll
    2009-09-25 01:27 . 2009-11-11 20:02 793088 ----a-w- c:\windows\system32\FntCache.dll
    2009-09-25 01:27 . 2009-11-11 20:02 1064448 ----a-w- c:\windows\system32\DWrite.dll
    2009-09-24 22:54 . 2009-11-11 20:02 258048 ----a-w- c:\windows\system32\winspool.drv
    2009-09-24 22:54 . 2009-11-11 20:02 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2009-09-24 22:54 . 2009-11-11 20:02 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2009-09-14 09:29 . 2009-10-16 13:05 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    2009-09-10 16:48 . 2009-10-16 13:24 218624 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-10 02:01 . 2009-11-11 20:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2009-09-10 02:00 . 2009-11-11 20:02 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2009-09-10 02:00 . 2009-11-11 20:02 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2009-09-04 11:41 . 2009-10-16 13:05 60928 ----a-w- c:\windows\system32\msasn1.dll
    2009-09-01 19:09 . 2009-09-01 19:09 176128 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
    2009-08-27 05:22 . 2009-10-16 13:51 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-08-27 05:17 . 2009-10-16 13:51 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-08-27 05:17 . 2009-10-16 13:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-08-27 03:42 . 2009-10-16 13:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2006-05-03 09:06 . 2009-08-18 23:45 163328 --sh--r- c:\windows\System32\flvDX.dll
    2007-02-21 10:47 . 2009-08-18 23:45 31232 --sh--r- c:\windows\System32\msfDX.dll
    2008-03-16 12:30 . 2009-08-18 23:45 216064 --sh--r- c:\windows\System32\nbDX.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2009-05-20 06:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-07-30 01:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Octoshape Streaming Services"="c:\users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient .exe -inv:bootrun" [X]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-22 186666]
    "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-11-22 217910]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-22 184486]
    "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-22 198066]
    "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-11-22 215870]
    "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-22 186122]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2009-11-22 202042]
    "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2009-11-22 204746]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-11-22 215998]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-22 188610]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam .exe" [2009-11-22 180658]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-17 1216512]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-24 727592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Users^zareight^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
    path=c:\users\zareight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
    backup=c:\windows\pss\Orion.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):66,7b,b7,9b,d7,1b,ca,01

    R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [17/3/2009 6:44 AM 69632]
    R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [13/2/2009 11:48 AM 24576]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [24/9/2008 6:11 AM 144632]
    R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [17/3/2009 6:45 AM 233472]
    R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/3/2009 4:28 PM 1533808]
    R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [13/2/2009 9:51 AM 93968]
    R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [3/8/2009 1:54 PM 569856]
    S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start --> c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start [?]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/1/2008 10:23 AM 21504]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [4/10/2009 12:14 PM 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/8/2009 10:48 PM 704864]
    S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\googledesktop.exe [13/2/2009 11:50 AM 186666]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [24/9/2008 6:11 AM 50424]
    S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\System32\drivers\qcusbser.sys [10/5/2009 10:42 PM 103552]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-22 c:\windows\Tasks\At1.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At10.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At11.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At12.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At13.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At14.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At15.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At16.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At17.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At18.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At19.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At2.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At20.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At21.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At22.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At23.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At24.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At3.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At4.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At5.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At6.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At7.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At8.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]

    2009-11-22 c:\windows\Tasks\At9.job
    - c:\program files\adobe\acrotray.exe [2009-11-22 15:09]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=4409&s=2&o=vp32&d=0309&m=aspire_4730z
    uInternet Settings,ProxyOverride = local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    TCP: {9E100B67-6B93-44A5-81C5-8CBB9895EF90} = 202.188.0.133,202.188.1.5
    FF - ProfilePath - c:\users\zareight\AppData\Roaming\Mozilla\Firefox\Profiles\oh4jqh9b.default\
    FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\zareight\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
    FF - plugin: c:\users\zareight\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
    HKCU-Run-Messenger (Yahoo!) - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    HKLM-Run-eRecoveryService - (no file)
    AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-23 00:04
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
    "ImagePath"="\??\c:\users\zareight\AppData\Local\Temp\KPD5522.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2009-11-23 00:07
    ComboFix-quarantined-files.txt 2009-11-22 16:07

    Pre-Run: 16,263,409,664 bytes free
    Post-Run: 16,206,540,800 bytes free

    - - End Of File - - 7D60B2DB1DBE1E4D8A89D10F28E169C9

    zareight
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 128
    Age : 29
    Location : T.Intan > K.D`sara > Ipoh > J.B > Bangsar
    Registration date : 02/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by zareight on Mon Nov 23, 2009 12:15 am

    ni hijackthis log plak...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:14:39 AM, on 23/11/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18828)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Acer\Empowering Technology\ePower\epower_dmc .exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\arcadedeluxeagent .exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\pmvservice .exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\clmlsvc .exe
    C:\Program Files\Google\Google Desktop Search\googledesktop .exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\skype.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Skype\Phone\skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Microsoft Office\Office12\groovemonitor .exe
    C:\Program Files\ScanSoft\OmniPageSE4\opwarese4 .exe
    C:\Program Files\Java\jre6\bin\jusched .exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Acer\Acer VCM\acp2HID.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\explorer.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Trend Micro\HijackThis\yup.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4409&s=2&o=vp32&d=0309&m=aspire_4730z
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe" /runcleanupscript
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\zareight\AppData\Roaming\Octoshape\Octoshape Streaming Services\octoshapeclient .exe" -inv:bootrun
    O4 - Global Startup: Acer VCM.lnk = ?
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9E100B67-6B93-44A5-81C5-8CBB9895EF90}: NameServer = 202.188.0.133,202.188.1.5
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    O23 - Service: DeviceManager - Unknown owner - C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

    --
    End of file - 11092 bytes

    johnburn
    Moderators
    Moderators

    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by johnburn on Mon Nov 23, 2009 12:45 am

    Ok, skang cube bt online scan kat ESET OnlineScan
    Pas dh siap scan, click , pastu click , dan save ke destop.
    Paste file tu dan log hijackthis yg baru.
    p/s: kl ko pkai internet explorer untuk scan ni, ko kne run ie tu sebagai admin. Right click icon ie dari Start Menu, pilih Run as Administrator


    --------------------------------------------

    tahukah kamu saat kamu menangis
    adalah air mata ku yang jatuh berlinang
    tahukah kamu saat kamu tersakiti
    adalah aku yang pertama terluka
    Jangan Klik

    zareight
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 128
    Age : 29
    Location : T.Intan > K.D`sara > Ipoh > J.B > Bangsar
    Registration date : 02/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by zareight on Wed Nov 25, 2009 10:05 pm

    johnburn..rsenye da ok kot..td try check hijack log..hehe!

    hope ko leh check lg skali utk konpemkn..takut tgl anak2 die..

    johnburn
    Moderators
    Moderators

    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by johnburn on Wed Nov 25, 2009 11:04 pm

    Dr latest log2 yg ko email kt aku, aku rase sume dh ok.
    last, kite bt cleanup skit. Tandakan entri berikut pada hijackthis dan tkan Fix checked
    Code:

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


    --------------------------------------------

    tahukah kamu saat kamu menangis
    adalah air mata ku yang jatuh berlinang
    tahukah kamu saat kamu tersakiti
    adalah aku yang pertama terluka
    Jangan Klik

    zareight
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 128
    Age : 29
    Location : T.Intan > K.D`sara > Ipoh > J.B > Bangsar
    Registration date : 02/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by zareight on Wed Nov 25, 2009 11:07 pm

    johnburn wrote:Dr latest log2 yg ko email kt aku, aku rase sume dh ok.
    last, kite bt cleanup skit. Tandakan entri berikut pada hijackthis dan tkan Fix checked
    Code:

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    orait..da fix dah..thanx bro..sbb susahkn ko 3-4hari ni..duk buzz ko je..huhu~

    ok da blk laptop aku ni..thank again... Smile

    johnburn
    Moderators
    Moderators

    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    Re: [Selesai] acrotray.exe malware..

    Post by johnburn on Wed Nov 25, 2009 11:13 pm

    okeh, no prob. ko dh bleh close topic ni.
    kl ade pe2 lg, leh tnye kt forum ni lg Very Happy


    --------------------------------------------

    tahukah kamu saat kamu menangis
    adalah air mata ku yang jatuh berlinang
    tahukah kamu saat kamu tersakiti
    adalah aku yang pertama terluka
    Jangan Klik

    Sponsored content

    Re: [Selesai] acrotray.exe malware..

    Post by Sponsored content Today at 11:00 am


      Current date/time is Sat Dec 10, 2016 11:00 am