Forum Sementara Putera.com

Bersama kita perkemaskan forum ini sementara forum asal dalam pemulihan.

Forum putera dah kembali. Masalah sudah berjaya diselesaikan. Sila lawati http://forum.putera.com/tanya


    xbleh update n masuk website av

    Share

    mitutoyo
    Ahli Baharu
    Ahli Baharu

    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    xbleh update n masuk website av

    Post by mitutoyo on Sun Mar 01, 2009 8:10 pm

    Assalamualikum,dh lama aku cuba masuk putera,bru ptg nh dpt,1st nk ucapkan tahniah pd yg setia pd putera n admin,
    My prob,knp pc xbleh masuk website av and update database?kene kido?ke ape?setakat scan dgn database malwarebytes delete sikit2 tu ada la,tp still prob xbleh update n masuk website av,website len ok ja

    Log hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:26:48 PM, on 1/28/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\CAPRPCSK.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE
    C:\PROGRA~1\AVG\AVG8\avgscanx.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    F:\utiliti\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Farstone Webflt1 - {F0CABD54-804C-452A-AAA0-C8264997FC6D} - C:\Program Files\Farstone\VirtualClass\webflt.dll (file missing)
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
    O4 - HKLM\..\Run: [VirtualClass] C:\Program Files\Farstone\VirtualClass\VCClient.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [PAVAgent] C:\Program Files\Data0.Net Software\Portable Antivirus\portableav16b.exe /silent
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
    O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE
    O4 - Global Startup: Canon LBP-800 ª¬ºAµøµ¡.LNK = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{11C1D88A-6A69-45AC-99DF-AA80A1286BEB}: NameServer = 202.188.0.133,202.188.1.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{11C1D88A-6A69-45AC-99DF-AA80A1286BEB}: NameServer = 202.188.0.133,202.188.1.5
    O17 - HKLM\System\CS2\Services\Tcpip\..\{11C1D88A-6A69-45AC-99DF-AA80A1286BEB}: NameServer = 202.188.0.133,202.188.1.5
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 7722 bytes

    e_sentinel
    Ahli Baharu
    Ahli Baharu

    Number of posts : 479
    Registration date : 02/03/2009

    Re: xbleh update n masuk website av

    Post by e_sentinel on Mon Mar 02, 2009 11:38 am

    mitutoyo .. rujuk sini

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    mitutoyo
    Ahli Baharu
    Ahli Baharu

    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Re: xbleh update n masuk website av

    Post by mitutoyo on Mon Mar 02, 2009 1:01 pm

    ok,tq e_sentinel,saya fhmkn dgn jelas dlu then wat k

    e_sentinel
    Ahli Baharu
    Ahli Baharu

    Number of posts : 479
    Registration date : 02/03/2009

    Re: xbleh update n masuk website av

    Post by e_sentinel on Mon Mar 02, 2009 3:56 pm

    PC awak dijangkiti Spyware.W32.SurfSidekick
    Ini dari log HJT awak:
    Code:
    O4 - HKLM\..\Run: [VirtualClass] C:\Program Files\Farstone\VirtualClass\VCClient.exe
    vcclient.exe ni kerja dia curi segala maklumat dalam PC,pastikan ComboFix delete benda ni, jika tidak,awak perlu disable vcclient.exe pada startup kemudian re-run Combofix

    mitutoyo
    Ahli Baharu
    Ahli Baharu

    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Re: xbleh update n masuk website av

    Post by mitutoyo on Mon Mar 02, 2009 9:37 pm

    e_sentinel wrote:PC awak dijangkiti Spyware.W32.SurfSidekick
    Ini dari log HJT awak:
    Code:
    O4 - HKLM\..\Run: [VirtualClass] C:\Program Files\Farstone\VirtualClass\VCClient.exe
    vcclient.exe ni kerja dia curi segala maklumat dalam PC,pastikan ComboFix delete benda ni, jika tidak,awak perlu disable vcclient.exe pada startup kemudian re-run Combofix

    end prosess pada task manager?
    then re run combofif?e_sesntinel nk tanya apa eh function combofix?saya budak baru.,.,hehhe.,.tlg jelaskan

    e_sentinel
    Ahli Baharu
    Ahli Baharu

    Number of posts : 479
    Registration date : 02/03/2009

    Re: xbleh update n masuk website av

    Post by e_sentinel on Mon Mar 02, 2009 9:45 pm

    Combofix seperti juga Malware Removal Tool yang lain tapi ia lebih efisyen jika system32 dijangkiti dan tahap keberkesanannya adalah amat bagus ...

    Disable pada startup, maksudnya disable dalam msconfig pada startup tab ..

    Masih ada langkah2 yang perlu dibuat, jadi ... bila nak mula ni?

    mitutoyo
    Ahli Baharu
    Ahli Baharu

    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Re: xbleh update n masuk website av

    Post by mitutoyo on Mon Mar 02, 2009 9:52 pm

    besok k,pc saya guna kat kelas,bleh kamu bg complete tutorial

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: xbleh update n masuk website av

    Post by baok on Mon Mar 02, 2009 10:22 pm

    jika tidak,awak perlu disable vcclient.exe pada startup kemudian re-run Combofix

    Don't do that yet.. Carik log ComboFix pada C:\combofix.txt dan post kat sini.. This time make sure you give feedback to me.. Jangan menghilang tanpa bagi feedback...


    e-sentinel...

    O4 - HKLM\..\Run: [VirtualClass] C:\Program Files\Farstone\VirtualClass\VCClient.exe

    Jangan sekadar tgk pada SystemLookUp.. Google dulu yang kaler merah, then tanya user, dia ada atau tidak install software tersebut pada komputer..

    mitutoyo
    Ahli Baharu
    Ahli Baharu

    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Re: xbleh update n masuk website av

    Post by mitutoyo on Mon Mar 02, 2009 10:35 pm

    so apa pendapat bro baok?xpasti la,sebab pc tu sblmnh ada org len guna,budak senior,so sem nh saya guna

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: xbleh update n masuk website av

    Post by baok on Mon Mar 02, 2009 10:38 pm

    kamu install Farstone/VirtualClass software atau tidak?.. Kalau ye, just biarkan.. Kalau tak, uninstall...


    Dan postkan Log ComboFix kat sini.. Carik kat C:\combofix.txt

    mitutoyo
    Ahli Baharu
    Ahli Baharu

    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Re: xbleh update n masuk website av

    Post by mitutoyo on Mon Mar 02, 2009 10:43 pm

    baok wrote:kamu install Farstone/VirtualClass software atau tidak?.. Kalau ye, just biarkan.. Kalau tak, uninstall...


    Dan postkan Log ComboFix kat sini.. Carik kat C:\combofix.txt

    log dia ada simpan kat situ eh

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: xbleh update n masuk website av

    Post by baok on Mon Mar 02, 2009 10:44 pm

    yup..

    mitutoyo
    Ahli Baharu
    Ahli Baharu

    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Re: xbleh update n masuk website av

    Post by mitutoyo on Tue Mar 03, 2009 12:55 am

    bro bleh bg full tutorial?

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: xbleh update n masuk website av

    Post by baok on Tue Mar 03, 2009 12:57 am

    mitutoyo wrote:bro bleh bg full tutorial?

    what tutorial?

    mitutoyo
    Ahli Baharu
    Ahli Baharu

    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Re: xbleh update n masuk website av

    Post by mitutoyo on Tue Mar 03, 2009 1:01 am

    Setelkan masalah nh,.besok baru nk buat tp tgk kalo betul-betul free.Kat sana xda tenet,

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: xbleh update n masuk website av

    Post by baok on Tue Mar 03, 2009 1:09 am

    1. Tanya owner PC tu, dia ada tak install software Farstone/VirtualClass kat komputer tu.. Kalau ada biarkan saje.. Kalau takde, uninstall..


    2. Dah run ComboFix kat komputer tu atau belum?.. Itu komputer siapa?.. Kamu punye ke atau orang lain punya?


    3. Aku tak boleh bagi sebarang tutorial.. Aku hanya boleh menolong sekiranya aku ada kat depan pc tu, atau ada log dari program tertentu yang perlu aku diagnosis..

    Kalau belum run ComboFix, pergi kat website yang e-sentinel bagi.. Baca dan fahamkan betul2 arahan sebelum run ComboFix.. Lepas run, post kan log dia kat sini.. Carik log dia kat C:\combofix.txt

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    mitutoyo
    Ahli Baharu
    Ahli Baharu

    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Re: xbleh update n masuk website av

    Post by mitutoyo on Tue Mar 03, 2009 3:49 am

    Pc tu dlu org len guna,skrg saya plak guna,ok esok saya run and bg log dia k

    mitutoyo
    Ahli Baharu
    Ahli Baharu

    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Re: xbleh update n masuk website av

    Post by mitutoyo on Tue Mar 03, 2009 11:46 am

    ini pendrive saya yang cocok dlm pc tu KIS detect
    ini pula log combofix

    ComboFix 09-03-02.01 - PC1 2009-03-03 9:50:22.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.66 [GMT 8:00]
    Running from: c:\documents and settings\PC1\Desktop\ComboFix.exe
    AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\windows\IE4 Error Log.txt
    c:\windows\rvhost.exe
    c:\windows\start.exe
    c:\windows\system32\rvhost.exe
    c:\windows\system32\setting.ini
    c:\windows\Tasks\At1.job
    c:\windows\Web\default.htt
    c:\windows\winhelp.ini

    .
    ((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
    .

    2009-03-03 09:48 . 2009-03-02 04:46 <DIR> d-------- C:\32788R22FWJFW
    2009-02-17 11:50 . 2009-02-17 11:50 <DIR> d--hs---- C:\FOUND.007
    2009-02-12 15:57 . 2009-02-12 15:57 <DIR> d--hs---- C:\FOUND.006
    2009-02-03 15:53 . 2009-02-03 15:53 <DIR> d--h----- C:\$AVG8.VAULT$

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-02 06:59 4,096 ----a-w c:\windows\SYSTEM32\01.tmp
    2009-01-28 07:37 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
    2009-01-28 07:37 10,520 ----a-w c:\windows\SYSTEM32\avgrsstx.dll
    2009-01-28 07:36 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2009-01-28 07:36 --------- d-----w c:\documents and settings\PC1\Application Data\AVGTOOLBAR
    2009-01-22 03:06 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-01-22 03:06 --------- d-----w c:\documents and settings\PC1\Application Data\Malwarebytes
    2009-01-22 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-16 00:57 --------- d-----w c:\program files\GVR
    2009-01-14 08:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-14 08:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-01-06 02:09 --------- d-----w c:\program files\AskSearch
    2009-01-06 02:09 --------- d-----w c:\program files\AskBarDis
    2005-07-13 08:20 266 --sh--w c:\program files\desktop.ini
    2005-07-13 08:20 11,079 ---h--w c:\program files\folder.htt
    2007-04-16 15:52 171,376 --sh--r c:\windows\SYSTEM32\veppv.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-08-06 15:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
    @="{7D688A77-C613-11D0-999B-00C04FD655E1}"
    [HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
    2007-10-26 11:36 8454656 --a------ c:\windows\SYSTEM32\SHELL32.DLL

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-08-19 3084288]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "CAPON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2000-04-21 22528]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-18 185896]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-28 1261336]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Printing Migration"="c:\windows\system32\spool\migrate.dll" [2004-08-04 30208]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Canon LBP-800 Status Window.LNK - c:\windows\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE [2005-12-14 111104]
    Canon LBP-800 ¦ª§Aæoæ­.LNK - c:\windows\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE [2005-12-14 111104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.VDOM"= vdowave.drv

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "HpMmKbd"="c:\program files\Hewlett-Packard\Extended Keyboard\HpMmKbd.exe"
    "SMARTAlerts"=c:\program files\HP\SMART\SMARTAlerts.exe
    "hpjsiroute169.254.106.180"=hpjsira.exe -i 169.254.106.180 -g 192.168.80.82
    "HP Network Registry Agent"=c:\windows\SYSTEM32\hpnra.exe
    "HP Status"=c:\windows\SYSTEM32\hpstatus.exe
    "StatusClient 2.6"=c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
    "TomcatStartup 2.5"=c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
    "HPLJ Config"=c:\program files\Hewlett-Packard\hp color LaserJet 2550 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp color LaserJet 2550 PCL6" -n 1 -l 1033 -sl 120000
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    "CAPON"=c:\windows\SYSTEM\CAPON.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
    "SoundFusion"=RunDll32 cwcprops.cpl,CrystalControlWnd
    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
    "HP Port Resolver"=c:\windows\SYSTEM\hpbpro.exe
    "HP Status Server"=c:\windows\SYSTEM\hpboid.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9834:TCP"= 9834:TCP:xkunxp

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2009-01-28 97928]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-28 875288]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-28 231704]
    R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2009-01-28 76040]
    R2 MarxDev1;MarxDev1;c:\windows\SYSTEM32\DRIVERS\marxdev1.sys [2006-01-05 11296]
    R2 MarxDev2;MarxDev2;c:\windows\SYSTEM32\DRIVERS\marxdev2.sys [2006-01-05 11296]
    R2 MarxDev3;MarxDev3;c:\windows\SYSTEM32\DRIVERS\marxdev3.sys [2006-01-05 11296]
    R2 RapidPort;RapidPort;c:\windows\SYSTEM32\DRIVERS\CAPLPTN.SYS [2005-12-14 23008]
    R3 G200;G200;c:\windows\SYSTEM32\DRIVERS\G200m.sys [1998-01-05 320384]
    S2 aqdvfswd;Update Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
    S2 umsko;Boot Monitor;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
    S3 dupvuc;dupvuc;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
    S3 MemStPCI;Sony Memory Stick controller (PCI);c:\windows\SYSTEM32\DRIVERS\MemStPCI.SYS [2007-08-14 26112]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    umsko
    aqdvfswd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{159fdcf0-c4b5-11dc-b8e3-0010b5523c15}]
    \Shell\AutoRun\command - k6wkwon2.exe
    \Shell\explore\Command - k6wkwon2.exe
    \Shell\open\Command - k6wkwon2.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15d9b810-10cb-11dd-b929-0010b5523c15}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15d9b811-10cb-11dd-b929-0010b5523c15}]
    \Shell\AutoRun\command - wscript.exe .\.vbs
    \Shell\open\command - wscript.exe .\.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{624a10b0-35c1-11dc-b85d-0010b5523c15}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81aa0e94-4d06-11db-b777-0010b5523c15}]
    \Shell\AutoRun\command - F:\ntdelect.com
    \Shell\explore\Command - F:\ntdelect.com
    \Shell\open\Command - F:\ntdelect.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a07045d0-2abc-11dd-b941-0010b5523c15}]
    \Shell\AutoRun\command - F:\ve.exe
    \Shell\open\Command - F:\ve.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa5e3c30-5e13-11dd-b980-0010b5523c15}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1504660-3b4a-11dc-b865-0010b5523c15}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5571d90-585b-11dd-b979-0010b5523c15}]
    \Shell\AutoRun\command - i0.cmd
    \Shell\explore\Command - i0.cmd
    \Shell\open\Command - i0.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da15f500-5441-11db-b780-0010b5523c15}]
    \Shell\AutoRun\command - RavMon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e488c170-5242-11dd-b971-0010b5523c15}]
    \Shell\AutoRun\command - CD_Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e488c171-5242-11dd-b971-0010b5523c15}]
    \Shell\AutoRun\command - CD_Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eac925a0-4ecc-11db-b77a-0010b5523c15}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NTDETECT.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser]
    RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
    rundll32.exeadvpack.dll
    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-PAVAgent - c:\program files\Data0.Net
    HKLM-Run-VirtualClass - c:\program files\Farstone\VirtualClass\VCClient.exe
    HKU-Default-Run-Yahoo Messengger - c:\windows\system32\RVHOST.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SYSTEM\blank.htm
    mStart Page = hxxp://www.microsoft.com
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    TCP: {11C1D88A-6A69-45AC-99DF-AA80A1286BEB} = 202.188.0.133,202.188.1.5
    DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
    DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-03 09:55:03
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dupvuc]
    "ImagePath"="\??\c:\windows\system32\02.tmp"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aqdvfswd]
    "ServiceDll"="c:\windows\system32\veppv.dll"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\umsko]
    "ServiceDll"="c:\windows\system32\veppv.dll"
    .
    Completion time: 2009-03-03 9:58:37
    ComboFix-quarantined-files.txt 2009-03-03 01:58:32

    Pre-Run: 11,721,342,976 bytes free
    Post-Run: 11,707,613,184 bytes free

    215 --- E O F --- 2007-11-15 01:02:21

    mitutoyo
    Ahli Baharu
    Ahli Baharu

    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Re: xbleh update n masuk website av

    Post by mitutoyo on Tue Mar 03, 2009 11:47 am

    dan ini pula results KIS 8.0 saya detect dr pendrive yg dicocok dlm PC tu
    Virus Scan: completed 3/3/2009 11:33:10 AM (events: 7, objects: 652, time: 00:00:17)
    3/1/2009 8:02:07 PM Task completed
    3/1/2009 8:01:03 PM Task started
    Virus Scan: completed 3/3/2009 11:33:10 AM (events: 7, objects: 652, time: 00:00:17)
    3/1/2009 8:16:04 PM Task completed
    3/1/2009 8:05:50 PM Task started
    Virus Scan: completed 3/3/2009 11:33:10 AM (events: 7, objects: 652, time: 00:00:17)
    3/1/2009 10:47:48 PM Task completed
    3/1/2009 10:45:20 PM Task started
    Virus Scan: completed 3/3/2009 11:33:10 AM (events: 7, objects: 652, time: 00:00:17)
    3/3/2009 12:45:31 AM Task completed
    3/3/2009 12:44:48 AM Task started
    Virus Scan: completed 3/3/2009 11:33:10 AM (events: 7, objects: 652, time: 00:00:17)
    3/3/2009 3:48:43 AM Task completed
    3/3/2009 3:45:32 AM Task started
    Virus Scan: completed 3/3/2009 11:33:10 AM (events: 7, objects: 652, time: 00:00:17)
    3/3/2009 6:27:20 AM Task completed
    3/3/2009 6:25:20 AM Task started
    Virus Scan: completed 3/3/2009 11:33:10 AM (events: 7, objects: 652, time: 00:00:17)
    3/3/2009 11:32:53 AM Task started
    3/3/2009 11:33:01 AM Detected: Net-Worm.Win32.Kido.ih F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
    3/3/2009 11:33:01 AM Untreated: Net-Worm.Win32.Kido.ih F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Postponed
    3/3/2009 11:33:09 AM Detected: Net-Worm.Win32.Kido.ih F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
    3/3/2009 11:33:09 AM Untreated: Net-Worm.Win32.Kido.ih F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Cannot be disinfected
    3/3/2009 11:33:10 AM Deleted: Net-Worm.Win32.Kido.ih F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
    3/3/2009 11:33:10 AM Task completed
    Virus Scan: completed 3/3/2009 11:33:10 AM (events: 7, objects: 652, time: 00:00:17)
    3/3/2009 11:36:18 AM Task started
    3/3/2009 11:36:26 AM Task completed

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: xbleh update n masuk website av

    Post by baok on Tue Mar 03, 2009 12:01 pm

    AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

    Kamu ada 2 antivirus.. Uninstall salah satu.. Dan uninstall Ask Toolbar kalau tak pakai..



    1. Please open Notepad
    • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter


    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    KillAll::

    NetSvc::
    aqdvfswd
    umsko

    Driver::
    aqdvfswd
    umsko
    dupvuc

    Rootkit::
    c:\windows\system32\02.tmp

    File::
    c:\windows\SYSTEM32\01.tmp
    c:\windows\SYSTEM32\veppv.dll
    F:\ntdelect.com
    F:\ve.exe
    c:\windows\system32\02.tmp

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9834:TCP"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{159fdcf0-c4b5-11dc-b8e3-0010b5523c15}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15d9b810-10cb-11dd-b929-0010b5523c15}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15d9b811-10cb-11dd-b929-0010b5523c15}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{624a10b0-35c1-11dc-b85d-0010b5523c15}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81aa0e94-4d06-11db-b777-0010b5523c15}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a07045d0-2abc-11dd-b941-0010b5523c15}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa5e3c30-5e13-11dd-b980-0010b5523c15}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1504660-3b4a-11dc-b865-0010b5523c15}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5571d90-585b-11dd-b979-0010b5523c15}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da15f500-5441-11db-b780-0010b5523c15}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e488c170-5242-11dd-b971-0010b5523c15}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e488c171-5242-11dd-b971-0010b5523c15}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eac925a0-4ecc-11db-b77a-0010b5523c15}]
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dupvuc]
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aqdvfswd]
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\umsko]

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

    • Combofix.txt
    • A new HijackThis log.


    Last edited by baok on Tue Mar 03, 2009 12:09 pm; edited 1 time in total (Reason for editing : edit CFScript)

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: xbleh update n masuk website av

    Post by baok on Tue Mar 03, 2009 12:09 pm

    take notes saya baru edit script di atas

    buat step tu dan postkan log ComboFix dan HijackThis di sini..

    mitutoyo
    Ahli Baharu
    Ahli Baharu

    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Re: xbleh update n masuk website av

    Post by mitutoyo on Tue Mar 03, 2009 1:27 pm

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:


    * Combofix.txt
    * A new HijackThis log.

    maksudnya lepas drag CFScript.txt tu run combofic cm biasa?

    postkan new log combofix dan hijackthis kat cnh?
    Btol pemahaman saya?

    mitutoyo
    Ahli Baharu
    Ahli Baharu

    Number of posts : 430
    Location : Bandaraya Anggerik
    Job/hobbies : MemBZ kn diri
    Registration date : 01/03/2009

    Re: xbleh update n masuk website av

    Post by mitutoyo on Tue Mar 03, 2009 1:30 pm

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:


    * Combofix.txt
    * A new HijackThis log.

    maksudnya lepas drag CFScript.txt tu run combofic cm biasa?

    postkan new log combofix dan hijackthis kat cnh?
    Btol pemahaman saya?

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: xbleh update n masuk website av

    Post by baok on Tue Mar 03, 2009 1:34 pm

    bahasa mudah..

    1. Copy/paste script kat atas ke dalam Notepad

    2. Savekan kat Desktop sebagai CFScript

    3. Drag CFScript kat icon ComboFix seperti gambar di atas

    4. Just biarkan ComboFix berjalan macam biasa

    5. Post log ComboFix kat sini


    Still tak faham?

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: xbleh update n masuk website av

    Post by baok on Tue Mar 03, 2009 1:41 pm

    Lagi satu...

    Running from: c:\documents and settings\PC1\Desktop\ComboFix.exe

    Pastikan step ini hanya dijalankan pada PC1 sahaja.. Jangan buat step ini pada PC lain.. Kalau buat jugak, you're on your own..

    Sponsored content

    Re: xbleh update n masuk website av

    Post by Sponsored content Today at 7:10 am


      Current date/time is Sat Dec 10, 2016 7:10 am