xbleh update n masuk website av

ok,saya fhm,postkn sama log hijackthis (cari ini hanya utk pc itu shj,bukan pc lain)
ptg nh saya bg feedback k bro

Ok..

ok bro,tp avg dh bleh update,tp separuh jalan,pastu fail,website av still xbleh masuk.

nh log combofix yg latest
Cari avira nk uninstall xjumpa,mybe registry g kot,xpun delete dlu xhbh.

ComboFix 09-03-02.01 - PC1 2009-03-03 15:21:53.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.74 [GMT 8:00]
Running from: c:\documents and settings\PC1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PC1\Desktop\CFScript.txt
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
c:\windows\SYSTEM32\01.tmp
c:\windows\system32\02.tmp
c:\windows\SYSTEM32\veppv.dll
F:\ntdelect.com
F:\ve.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SYSTEM32\01.tmp
c:\windows\SYSTEM32\veppv.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AQDVFSWD
-------\Legacy_DUPVUC
-------\Legacy_UMSKO
-------\Service_aqdvfswd
-------\Service_umsko


((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
.

2009-02-17 11:50 . 2009-02-17 11:50 <DIR> d--hs---- C:\FOUND.007
2009-02-12 15:57 . 2009-02-12 15:57 <DIR> d--hs---- C:\FOUND.006
2009-02-03 15:53 . 2009-02-03 15:53 <DIR> d--h----- C:\$AVG8.VAULT$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 07:37 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-28 07:37 10,520 ----a-w c:\windows\SYSTEM32\avgrsstx.dll
2009-01-28 07:36 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-28 07:36 --------- d-----w c:\documents and settings\PC1\Application Data\AVGTOOLBAR
2009-01-22 03:06 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-22 03:06 --------- d-----w c:\documents and settings\PC1\Application Data\Malwarebytes
2009-01-22 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-16 00:57 --------- d-----w c:\program files\GVR
2009-01-14 08:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 08:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-06 02:09 --------- d-----w c:\program files\AskSearch
2005-07-13 08:20 266 --sh--w c:\program files\desktop.ini
2005-07-13 08:20 11,079 ---h--w c:\program files\folder.htt
.

((((((((((((((((((((((((((((( SnapShot@2009-03-03_ 9.56.14.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-03-03 01:43:36 32,768 ----a-w c:\windows\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-03 07:33:14 32,768 ----a-w c:\windows\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2007-10-26 11:36 8454656 --a------ c:\windows\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-08-19 3084288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"CAPON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2000-04-21 22528]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-18 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-28 1261336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Printing Migration"="c:\windows\system32\spool\migrate.dll" [2004-08-04 30208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Canon LBP-800 Status Window.LNK - c:\windows\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE [2005-12-14 111104]
Canon LBP-800 ¦ª§Aæoæ­.LNK - c:\windows\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE [2005-12-14 111104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-28 15:37 10520 c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HpMmKbd"="c:\program files\Hewlett-Packard\Extended Keyboard\HpMmKbd.exe"
"SMARTAlerts"=c:\program files\HP\SMART\SMARTAlerts.exe
"hpjsiroute169.254.106.180"=hpjsira.exe -i 169.254.106.180 -g 192.168.80.82
"HP Network Registry Agent"=c:\windows\SYSTEM32\hpnra.exe
"HP Status"=c:\windows\SYSTEM32\hpstatus.exe
"StatusClient 2.6"=c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
"TomcatStartup 2.5"=c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
"HPLJ Config"=c:\program files\Hewlett-Packard\hp color LaserJet 2550 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp color LaserJet 2550 PCL6" -n 1 -l 1033 -sl 120000
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"CAPON"=c:\windows\SYSTEM\CAPON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"SoundFusion"=RunDll32 cwcprops.cpl,CrystalControlWnd
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"HP Port Resolver"=c:\windows\SYSTEM\hpbpro.exe
"HP Status Server"=c:\windows\SYSTEM\hpboid.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2009-01-28 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-28 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-28 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2009-01-28 76040]
R2 MarxDev1;MarxDev1;c:\windows\SYSTEM32\DRIVERS\marxdev1.sys [2006-01-05 11296]
R2 MarxDev2;MarxDev2;c:\windows\SYSTEM32\DRIVERS\marxdev2.sys [2006-01-05 11296]
R2 MarxDev3;MarxDev3;c:\windows\SYSTEM32\DRIVERS\marxdev3.sys [2006-01-05 11296]
R2 RapidPort;RapidPort;c:\windows\SYSTEM32\DRIVERS\CAPLPTN.SYS [2005-12-14 23008]
R3 G200;G200;c:\windows\SYSTEM32\DRIVERS\G200m.sys [1998-01-05 320384]
S3 MemStPCI;Sony Memory Stick controller (PCI);c:\windows\SYSTEM32\DRIVERS\MemStPCI.SYS [2007-08-14 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser]
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exeadvpack.dll
.
Contents of the 'Scheduled Tasks' folder

2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SYSTEM\blank.htm
mStart Page = hxxp://www.microsoft.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {11C1D88A-6A69-45AC-99DF-AA80A1286BEB} = 202.188.0.133,202.188.1.5
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 15:34:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\CAPRPCSK.EXE
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\AVG\AVG8\avgupd.exe
.
**************************************************************************
.
Completion time: 2009-03-03 15:39:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-03 07:38:54
ComboFix2.txt 2009-03-03 01:58:44

Pre-Run: 11,652,481,024 bytes free
Post-Run: 11,565,645,824 bytes free

178 --- E O F --- 2007-11-15 01:02:21

dan ini log utk hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:06 PM, on 3/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AVG\AVG8\avgupd.exe
C:\WINDOWS\explorer.exe
F:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Farstone Webflt1 - {F0CABD54-804C-452A-AAA0-C8264997FC6D} - C:\Program Files\Farstone\VirtualClass\webflt.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: Canon LBP-800 ª¬ºAµøµ¡.LNK = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11C1D88A-6A69-45AC-99DF-AA80A1286BEB}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{11C1D88A-6A69-45AC-99DF-AA80A1286BEB}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{11C1D88A-6A69-45AC-99DF-AA80A1286BEB}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7481 bytes

Hello.. First sekali aku nk tanya.. Sebab tu PC1, ade tak PC2, PC3 dan seterusnya.. semua PC tu bersambung pada satu server ke?.. Semua PC tu takleh connect site AV atau PC1 sahaje yang problem?

Assalamualaikum..
Saya ada masalah dengan perisian antivirus saya ini.

ops,telupa kaborkan.,.,pc nh dia sambung dgn satu server,share fail.setakat nh pc nh ja xbleh connect

Lets do some deeper scans...


Please download RUNSCANNER to your desktop and run it.

• When the first page comes up select Beginner Mode
  
• On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  
• At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  
• It will then ask you to save two files, the .run file and the log. Save both of them in your Desktop.
  
• You will see the .run file on your desktop. Please zip the .run file and attach it in your next reply

Then upload that as an attachment in your next post.



NEXT


Download avz4.zip from HERE

• Unzip it to your desktop to a folder named avz4
  
• Double click on AVZ.exe to run it.
  
• Run an update by clicking the Auto Update button on the Right of the Log window:
  
• Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again



1. Start AVZ.
2. Choose from the menu File => Standard scripts and mark the 3. Healing/Quarantine and Advanced System Investigation check box.
3. Click on the Execute selected scripts.
4. Automatic scanning, healing and system check will be executed.
5. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
6. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
7. All applications will work properly after the system restart.

• After that, please restart AVZ again,
  
• From the "File" menu, choose "Standard Scripts"
  
• Put a check next to item 2: Advanced System Investigation
  
• Click Execute selected scripts
  
• At the next prompt, click the OK button
  
• Let the scan run and click "OK" when the completion prompt pops up
  
• Now Close out of the Standard Scripts window, and exit AVZ
  
• Navigate to the avz4 folder and locate the folder LOG
  
• Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
  
• Attach virusinfo_syscheck.htm to your next reply

Attach me these files in your next reply..

1. RunScanner .run file
2. virusinfo_syscheck.htm

bro,lepas wat semua tu saya cuba cm biasa k update databse av tu

Ok.. tapi yang RunScanner dan AVZ step tu hanya untuk diagnosis.. Sebab kat log ComboFix aku dah tak jumpa apa2 yg malicious, so aku nk tengok dengan lebih dalam lagi..

Anyway, I'm off to bed now

hehehe.,.,tp avz4 tu kn portable,update siap2 masuk dlm thumdrive,then paste kat desktop,database tetap yg latest kn

Ye betul, tapi bukan tu yang aku perlukan..

Aku perlukan report dari AVZ nak tengok hidden driver yang mungkin ada.. Sebab pc tu takleh connect laman web antivirus, so most probably ada rootkit kat pc tu..


Anyway, dah update GVR dan buat fullscan?


Dan jgn lupa baca dan fahamkan betul2 step di atas.. Dan jgn lupa attach log yang diperlukan..

saya dh print tutorail tu,.,.hehehe,.,ok bos,tghari saya bg feedback k,

Where is your feedback?... Do you want to be like below supervisor zer0Nehza? No feedback at all?.. That's kinda rude..

https://putera.forumms.net/utiliti-dan-sekuriti-f55/virus-winkido-kaspersky-alert-t22-30.htm?sid=da5f697f63f1519bae95fc8e528f9637

bro.,.,sori.,saya bz gla

nh log runscanner
Runscanner logfile

* = signed file
- = file not found

General info
------------
Computer name : ROSNAWATI
Creation time : 3/5/2009 11:29:29 AM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 6.0.2900.2180
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.8.0.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* C:\PROGRA~1\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
* C:\PROGRA~1\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
* C:\PROGRA~1\AVG\AVG8\aAvgApi.exe (AVG Technologies CZ, s.r.o.)
* C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
* C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)
C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)
C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)
C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)
C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)
C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)
* C:\WINDOWS\system32\CAPRPCSK.EXE (CANON INC.)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
* C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
* F:\RUN SCANNER\RunScanner.exe (Runscanner.net)
* F:\RUN SCANNER\RunScanner.exe (Runscanner.net)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

Unrated items
-------------
003 C:\Program Files\Yahoo!\Messenger\ypager.exe
005 C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)
005 C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)
010 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device)
010 C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service)
011 C:\WINDOWS\System32\Drivers\kbfiltr2k.sys (kbfiltr)
011 C:\WINDOWS\system32\drivers\MarxDev1.sys (MarxDev1)
011 C:\WINDOWS\system32\drivers\MarxDev2.sys (MarxDev2)
011 C:\WINDOWS\system32\drivers\MarxDev3.sys (MarxDev3)
011 C:\WINDOWS\System32\Drivers\moufiltr2k.sys (moufiltr)
031 C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
031 C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
031 C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) {E1D2BF40-A96B-11d1-9C6B-0000F875AC61}
052 * C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
052 C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll {08E74C67-99A6-45C7-94DA-A397A8FD8082}
061 c:\PROGRA~1\MICROS~1\OFFICE\OLKFSTUB.DLL (Microsoft Corporation) {0006F045-0000-0000-C000-000000000046}
061 C:\WINDOWS\SYSTEM32\THUMBVW.DLL (Microsoft Corporation) {8BEBB290-52D0-11D0-B7F4-00C04FD706EC}
061 C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {BDEADF00-C265-11d0-BCED-00A0C90AB50F}
061 C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {BDEADF00-C265-11d0-BCED-00A0C90AB50F}
100 Start Page HKCU : http://www.yahoo.com/
100 Start Page HKLM : http://www.microsoft.com
104 C:\Program Files\JavaSoft\JRE\1.3.1\bin\npjava131.dll (JavaSoft / Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
104 GUID / CLSID not found {9F1C11AA-197B-4942-BA54-47A8489BB47F}
104 C:\Program Files\JavaSoft\JRE\1.3.1\bin\npjava131.dll (JavaSoft / Sun Microsystems, Inc.) {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
104 GUID / CLSID not found Internet Explorer Classes for Java
105 &Yahoo! Search : file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
105 Yahoo! &Dictionary : file:///C:\Program Files\Yahoo!\Common/ycdict.htm
105 Yahoo! &Maps : file:///C:\Program Files\Yahoo!\Common/ycmap.htm
105 Yahoo! &SMS : file:///C:\Program Files\Yahoo!\Common/ycsms.htm
107 C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
120 NameServer {11C1D88A-6A69-45AC-99DF-AA80A1286BEB} : 202.188.0.133,202.188.1.5
173 GUID / CLSID not found
221 GUID / CLSID not found
227 GUID / CLSID not found

Missing files
-------------
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\ComboFix\catchme.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PCIIde.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
035 rundll32.exeadvpack.dll
035 RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
052 C:\Program Files\Farstone\VirtualClass\webflt.dll
061 deskpan.dll
073 walign
145 kbfiltr.sys

nh virusinfo_syscheck.htm

AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 3/5/2009 12:40:40 PM
Database loaded: signatures - 212861, NN profile(s) - 2, microprograms of healing - 56, signature database released 03.03.2009 23:06
Heuristic microprograms loaded: 372
SPV microprograms loaded: 9
Digital signatures of system files loaded: 99609
Heuristic analyzer mode: Maximum heuristics level
Healing mode: disabled
Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights
System Restore: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=082680)
Kernel ntoskrnl.exe found in memory at address 804D7000
SDT = 80559680
KiST = 804E26A8 (284)
Functions checked: 284, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking of IRP handlers
\driver\tcpip[IRP_MJ_CLOSE] = F95FA5A8 -> C:\WINDOWS\System32\Drivers\avgtdix.sys, driver recognized as trusted
\driver\tcpip[IRP_MJ_INTERNAL_DEVICE_CONTROL] = F95FB43E -> C:\WINDOWS\System32\Drivers\avgtdix.sys, driver recognized as trusted
Checking - complete
2. Scanning memory
Number of processes found: 34
Analyzer: process under analysis is 2300 C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE
[ES]:Application has no visible windows
[ES]:Located in system folder
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2308 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Located in system folder
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2320 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Located in system folder
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2328 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Located in system folder
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2352 C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Located in system folder
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2388 C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.EXE
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Located in system folder
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2476 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Located in system folder
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2824 C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
[ES]:Application has no visible windows
Number of modules loaded: 268
Scanning memory - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
>>> F:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability)
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
>> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun are allowed
>> Autorun from network drives are allowed
>> Removable media autorun are allowed
Checking - complete
Files scanned: 302, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 3/5/2009 12:42:57 PM
Time of scanning: 00:02:27
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
System Analysis in progress

Hello.. minta maaf.. mungkin terdapat sedikit salah faham.. Please upload dua file ini..

1. RunScanner .run file dari scanner tu..
2. virusinfo_syscheck.htm

Sila upload melalui samada rapidshare atau 2shared.com kemudian bagi link upload tadi kat sini..


http://www.2shared.com/

http://rapidshare.com/

baik bos

virusinfo_syscheck.htm
http://www.2shared.com/file/5008873/643faeaa/virusinfo_syscheck.html

RunScanner .run file saya x dpt upload,mybe tertinggal kat pc tu bro,sori k

hello.. for some reason aku takleh download kat 2shared.. pls upload kt rapidshare then send the link here..

sy akan ada until before jumaat... after tht sy offline smpai selasa/rabu

ini bro
[url]http://rapidshare.com/files/205833927/virusinfo_syscheck.htm.html[url]

smlm,saya update database manual avg 8,then full can,,pastu try update auto dr web boleh,mana-mana website av pun boleh selepas run scanner & avz4

ini dia virusinfo_syscheck.htm
http://rapidshare.com/files/205834754/virusinfo_syscheck.htm.html

Selepas complete run scanner & avz4,saya try update database avg8 manual dr file,then ok,u are procted,pastu try update auto ok,masuk mana-mana website av boleh dah.masuk autorun eater pun rasanya xda yg dia dh detect autorun

so cmna bro?

that's good to hear.. give me 5-10 minutes to analyze AVZ log..

ada autorun.inf kat F:\

itu thumbdrive ke?..

Kalau ye, just cucuk thumbdrive kat situ dan run Flash_Disinfector by sUBs


Kemudian buat step ni..

Please download OTCleanIt and save it to Desktop.

• Make sure you have internet connection..
  
• Double-click OTCleanIt.exe
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes

Then that computer should be good to go..



http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Lepas habis step di atas, jangan lupa patch Windows Update yang ini

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Apa yang ada dalam komputer tu adalah Winkido/Downadup..Sebab tak patch critical security patches..

Dulu time kat PUTERA lama, aku ada post kat Utiliti dan Sekuriti pasal update ni bulan Oktober tahun lepas.. Tapi takde sorg pon yg amek kisah...

thumbdrive tu dah ok,autorun eater dh mkn dia,runand install sj kn,thanks 4 ur helps