Scribd Logo
Upload

Welcome to Scribd!

  • Danakusenang

    Uploaded by

    Mochammad BowLy Kurniawan
    15 views5 pages
    lalalhlalalahllahahahalha

    Original Title

    danakusenang

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    lalalhlalalahllahahahalha

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    15 views5 pages

    Danakusenang

    Uploaded by

    Mochammad BowLy Kurniawan
    lalalhlalalahllahahahalha

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    ComboFix 11-11-22.01 - TOGLENG2 23/11/2011 1:59.1.

    1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.408 [GMT 7:00]
    Running from: c:\documents and settings\TOGLENG2\My Documents\Downloads\ComboFix
    .exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    .
    C:\dfinstall.log
    c:\program files\rnamfler
    c:\program files\rnamfler\naofsvc.exe
    c:\program files\rnamfler\naomf.exe
    c:\program files\rnamfler\radprlib.dll
    c:\windows\system32\ijl11.dll
    c:\windows\taskmgr.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))
    ))))))))))))))))))))))))
    .
    .
    2011-11-22 18:55 . 2011-11-22 18:55
    -------d-----wc:\docum
    ents and settings\TOGLENG2\Application Data\OpenOffice.org
    2011-11-22 18:52 . 2011-11-22 18:53
    -------d-----wc:\progr
    am files\OpenOffice.org 3
    2011-11-22 18:51 . 2011-11-22 18:51
    -------d-----wc:\progr
    am files\Common Files\Java
    2011-11-22 18:51 . 2011-11-22 18:51
    73728 ----a-wc:\windows\syste
    m32\javacpl.cpl
    2011-11-22 18:51 . 2011-11-22 18:51
    472808 ----a-wc:\windows\syste
    m32\deployJava1.dll
    2011-11-22 18:50 . 2011-11-22 18:50
    -------d-----wc:\progr
    am files\Java
    2011-11-22 18:30 . 2011-11-22 18:30
    414368 ----a-wc:\windows\syste
    m32\FlashPlayerCPLApp.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2011-11-21 04:04 . 2011-11-22 18:10
    134104 ----a-wc:\program files
    \mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]
    "EZShield"="c:\program files\Client Shield\EZShield.exe" [2008-01-21 282624]
    "ARTAV Antivirus"="c:\program files\ARTAV Team\ARTAV Antivirus.exe" [2011-02-19
    2314240]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe


    " [2010-05-14 248552]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
    .
    c:\documents and settings\TOGLENG2\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.ex
    e [2010-12-13 1198592]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDevMgrPage"= 0 (0x0)
    "NoConfigPage"= 0 (0x0)
    "NoProfilePage"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "NoDevMgrPage"= 0 (0x0)
    "NoConfigPage"= 0 (0x0)
    "NoProfilePage"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisableRegistryTools"= 1 (0x1)
    "NoAddPrinter"= 1 (0x1)
    "NoDeletePrinter"= 1 (0x1)
    "NoSetPrinters"= 1 (0x1)
    "NoSetTaskbar"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer
    ]
    "DisableRegistryTools"= 1 (0x1)
    "NoSetPrinters"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
    \DfLogon]
    2007-03-07 10:29
    65536 ----a-wc:\windows\system32\LogonDll.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute
    REG_MULTI_SZ
    autocheck autochk /k:C *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SYSQINTP]
    @="LegacyDriver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^St
    artup^TrayMin200.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TrayMin200.
    exe.lnk
    backup=c:\windows\pss\TrayMin200.exe.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^TOGLENG2^Start Menu^Programs^Sta
    rtup^OpenOffice.org 2.3.lnk]
    path=c:\documents and settings\TOGLENG2\Start Menu\Programs\Startup\OpenOffice.o
    rg 2.3.lnk
    backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFa
    ultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a001]
    2006-08-16 07:35
    86016 ----a-wc:\windows\system32\nvmctray.dll

    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2005-05-03 10:43
    69632 -c----rc:\windows\Alcmtr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.E
    XE]
    2006-02-28 12:00
    15360 -c--a-wc:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamer
    a]
    2007-07-11 09:09
    20480 ----a-wc:\windows\FixCamera.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-08-03 18:06
    1667584 ------wc:\program files\Messenger\msmsg
    s.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2006-08-16 07:35
    1617920 -c--a-wc:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2006-12-19 03:12
    16062464
    -c----rc:\windows\RTHDCPL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
    2007-05-10 06:18
    835584 ----a-wc:\windows\vsnpstd3.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3
    ]
    2007-04-21 02:37
    270336 ----a-wc:\windows\tsnpstd3.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! P
    ager]
    2007-11-06 12:51
    3810544 ----a-wc:\program files\Yahoo!\Messenge
    r\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    "srservice"=2 (0x2)
    "mnmsrvc"=3 (0x3)
    "WZCSVC"=2 (0x2)
    "SysqintP"=2 (0x2)
    "ERSvc"=2 (0x2)
    "CiSvc"=3 (0x3)
    "BITS"=3 (0x3)
    "avg8wd"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    .
    R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [07/03/2007 17:33 130
    584]
    R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c
    :\windows\system32\Drivers\avgtdix.sys [?]
    S4 SysqintP;SysqintP;c:\program files\Client008\client008.exe --> c:\program fil
    es\Client008\client008.exe [?]
    .
    --- Other Services/Drivers In Memory --.

    *NewlyCreated* - JAVAQUICKSTARTERSERVICE
    *Deregistered* - AvgLdx86
    .
    .
    ------- Supplementary Scan ------.
    uStart Page = about:blank
    TCP: Interfaces\{3A954CDF-D685-4341-953F-9224BD0DBEF4}: NameServer = 202.134.1.1
    0,202.134.0.155
    FF - ProfilePath - c:\documents and settings\TOGLENG2\Application Data\Mozilla\F
    irefox\Profiles\lje67avd.default\
    .
    - - - - ORPHANS REMOVED - - - .
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\
    Reader\Reader_sl.exe
    MSConfigStartUp-BigDogPath - c:\windows\VM_STI.exe
    MSConfigStartUp-wrna3ls - c:\program files\rnamfler\naomf.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2011-11-23 02:03
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes --------------------.
    - - - - - - - > 'winlogon.exe'(704)
    c:\windows\system32\LogonDll.dll
    .
    Completion time: 2011-11-23 02:04:55
    ComboFix-quarantined-files.txt 2011-11-22 19:04
    .
    Pre-Run: 7.623.471.104 bytes free
    Post-Run: 7.625.654.272 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition"
    /noexecute=optin /fastdetect
    .

    - - End Of File - - 6DA309FD5C3B2819B6FB9B181182C2FC

    You might also like