Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Log

    Încărcat de

    Sugeng Hariadi
    15 vizualizări5 pagini

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    TXT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    15 vizualizări5 pagini

    Log

    Încărcat de

    Sugeng Hariadi

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 5

    ComboFix 12-04-31.03 - Sugeng Hariadi 05/01/2012 12:15:20.1.

    2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.127 [GMT 7:00]
    Running from: c:\documents and settings\Sugeng Hariadi\My Documents\Downloads\Pr
    ograms\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\chrome.ma
    nifest
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\chrome\id
    mmzcc.jar
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\component
    s\idmmzcc.dll
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\component
    s\iIDMMzCC.xpt
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\component
    s2\idmhelper.js
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\component
    s2\idmhelper2.js
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\component
    s2\idmmzcc.dll
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\component
    s2\idmmzcc64.dll
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\component
    s2\iIDMHelper.xpt
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\component
    s2\iIDMHelper2.xpt
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\component
    s2\iIDMMzCC.xpt
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\install.j
    s
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\install.r
    df
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\META-INF\
    manifest.mf
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\META-INF\
    zigbert.rsa
    c:\documents and settings\Sugeng Hariadi\Application Data\IDM\idmmzcc3\META-INF\
    zigbert.sf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))
    ))))))))))))))))))))))))
    .
    .
    2012-04-27 01:21 . 2012-04-27 01:21
    -------d-----wc:\progr
    am files\TrueRTA_3
    2012-04-26 11:49 . 2012-04-30 00:11
    -------d-----wc:\docum
    ents and settings\Sugeng Hariadi\Application Data\Skype
    2012-04-26 11:48 . 2012-04-26 11:48
    -------d-----wc:\docum
    ents and settings\Sugeng Hariadi\Local Settings\Application Data\Google
    2012-04-26 11:48 . 2012-04-26 11:49
    -------d-----wc:\progr
    am files\Google
    2012-04-26 11:48 . 2012-04-30 01:54
    -------d-----wc:\docum
    ents and settings\All Users\Application Data\Skype
    2012-04-26 07:15 . 2012-04-26 07:15
    -------d-----wc:\progr

    am files\Pas
    2012-04-26 04:37 . 2012-04-26 04:37
    -------d-----wc:\docum
    ents and settings\Sugeng Hariadi\Application Data\GRETECH
    2012-04-26 04:36 . 2012-04-26 04:36
    -------d-----wc:\progr
    am files\GRETECH
    2012-04-06 10:59 . 2012-04-06 11:07
    -------d-----wc:\docum
    ents and settings\Sugeng Hariadi\Local Settings\Application Data\AskToolbar
    2012-04-04 16:15 . 2012-04-04 16:15
    -------d-----wc:\docum
    ents and settings\Sugeng Hariadi\Local Settings\Application Data\Identities
    2012-04-02 01:14 . 2004-08-03 17:56
    21504 -c--a-wc:\windows\syste
    m32\dllcache\hidserv.dll
    2012-04-02 01:14 . 2004-08-03 17:56
    21504 ----a-wc:\windows\syste
    m32\hidserv.dll
    2012-04-02 01:14 . 2001-08-17 07:02
    9600
    -c--a-wc:\windows\syste
    m32\dllcache\hidusb.sys
    2012-04-02 01:14 . 2001-08-17 07:02
    9600
    ----a-wc:\windows\syste
    m32\drivers\hidusb.sys
    2012-04-02 01:14 . 2004-08-03 16:07
    59264 -c--a-wc:\windows\syste
    m32\dllcache\usbaudio.sys
    2012-04-02 01:14 . 2004-08-03 16:07
    59264 ----a-wc:\windows\syste
    m32\drivers\USBAUDIO.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2012-04-20 16:07 . 2012-03-13 12:37
    94208 ----a-wc:\windows\DUMP4
    844.tmp
    2012-04-05 02:22 . 2012-03-13 12:37
    94208 ----a-wc:\windows\DUMP3
    df3.tmp
    2012-03-22 07:05 . 2012-03-22 07:05
    414368 ----a-wc:\windows\syste
    m32\FlashPlayerCPLApp.cpl
    2011-03-18 17:53 . 2012-03-14 01:27
    142296 ----a-wc:\program files
    \mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
    .
    [-] 2007-07-30 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180]
    . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskTo
    olbar.dll" [2010-09-28 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D81274
    40}]
    2010-09-28 15:44
    1400712 ----a-wc:\program files\Ask.com\Generic
    AskToolbar.dll

    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskTo
    olbar.dll" [2010-09-28 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskTo
    olbar.dll" [2010-09-28 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
    overlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-04-22 13:47
    107368 ----a-wc:\program files\Internet Downlo
    ad Manager\IDMShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-04-25 32987
    12]
    "MFP and Storage Server"="c:\program files\TP-LINK\MFP and Storage Server\MFP an
    d Storage Server.exe" [2010-03-26 1925120]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFind
    er.exe [2012-3-22 335872]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^St
    artup^InterVideo WinCinema Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo
    WinCinema Manager.lnk
    backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2005-05-04 02:43
    69632 ----a-wc:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.e
    xe]
    2004-08-03 16:56
    15360 ----a-wc:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2005-10-15 01:51
    14864384
    ----a-wc:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
    .
    R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [4/25/2011 10:41 PM 1000
    80]
    R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Serv
    ice.exe [3/17/2012 4:05 PM 2886528]
    R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys
    [3/17/2012 7:01 AM 1714176]
    R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\GenBus.sys [7/
    28/2009 5:25 PM 27136]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\syste
    m32\Drivers\SSPORT.sys [?]
    S2 UDisk Monitor;UDisk Monitor;c:\program files\Modem AC2726 UI\bin\MonServiceUD
    isk.exe [3/16/2012 3:33 PM 266240]
    S3 ALSysIO;ALSysIO;\??\c:\docume~1\SUGENG~1\LOCALS~1\Temp\ALSysIO.sys --> c:\doc
    ume~1\SUGENG~1\LOCALS~1\Temp\ALSysIO.sys [?]
    S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\Common Files\Symantec
    Shared\EENGINE\EraserUtilDrvI10.sys --> c:\program files\Common Files\Symantec S
    hared\EENGINE\EraserUtilDrvI10.sys [?]
    S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [3/22/201
    2 2:38 PM 173056]
    S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_
    ZTEMT_U_USBSER.sys [3/16/2012 3:34 PM 104704]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-09-28 15:44]
    .
    .
    ------- Supplementary Scan ------.
    uStart Page = hxxp://www.ask.com?o=10148&l=dis
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEG
    etAll.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Sugeng Hariadi\Application Data\Moz
    illa\Firefox\Profiles\8ffja5dt.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&
    tb=FXTV5&o=101699&locale=en_US&apn_uid=37623D12-8BEF-45C7-AC1B-52CE5730BC79&apn_
    ptnrs=F4&apn_sauid=38857104-584C-4EC0-9443-482C99CF3AE8&apn_dtid=YYYYYYYYID&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - .
    MSConfigStartUp-Software Informer - c:\program files\Software Informer\softinfo.
    exe
    AddRemove-Free FLV Player - c:\program files\Free F

    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2012-05-01 12:20
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS --------------------.
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C
    }]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):f2,ca,16,2a,e9,76,c4,55,28,de,e5,00,d4,f9,bd,55,36,bf,88,1d,38,
    ca,6f,ba,ae,21,82,e7,16,9b,7c,16,73,1d,b4,1f,de,ce,1a,ad,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c29e3110-a4d8-4b6d-9f80-3a91981ae55c
    }]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000069
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,7c,a3,58,23,ec,af,2d,15,15,ef,a1,46,54,19,6c,0d,35,95,e0,f3,7c,6d,\
    .
    --------------------- DLLs Loaded Under Running Processes --------------------.
    - - - - - - - > 'winlogon.exe'(660)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2012-05-01 12:22:39
    ComboFix-quarantined-files.txt 2012-05-01 05:22
    .
    Pre-Run: 4,355,624,960 bytes free
    Post-Run: 4,494,139,392 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
    /noexecute=optin /fastdetect
    .
    - - End Of File - - 477C5BF4438AD4673B007AA2717AECAA

    S-ar putea să vă placă și