aczan 4 Report post Posted August 11, 2008 Internet kat opis aku mengalami kerosakan. Setelah dibaikpulih oleh pihak berkenaan..dan setelah mereka pulang, aku nampak ada satu software baru dia letak dalam salah satu komputer pejabat aku..Lambang warna merah..dan tertulis ComboFIx.exe...nak tahu je..apa guna software ni?? Anti virus ke? Quote Share this post Link to post Share on other sites
mfaizul89 3 Report post Posted August 11, 2008 maklumat yg saya dpt:ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a log when it is finished that contains a great deal of information that an experienced helper can use to diagnose, retrieve samples of, and remove infections that are not automatically removed. Due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer. Please note that this guide is the only authorized guide for the use of ComboFix and cannot be copied without permissions from BleepingComputer.com and sUBs. It is also understood that the use of ComboFix is done at your own risk.http://www.bleepingcomputer.com/combofix/how-to-use-combofixHarap dpt membantu. Quote Share this post Link to post Share on other sites
baok 0 Report post Posted August 11, 2008 Internet kat opis aku mengalami kerosakan. Setelah dibaikpulih oleh pihak berkenaan..dan setelah mereka pulang, aku nampak ada satu software baru dia letak dalam salah satu komputer pejabat aku..Lambang warna merah..dan tertulis ComboFIx.exe...nak tahu je..apa guna software ni?? Anti virus ke?Well, "pihak berkenaan" tu tak buat "cleaning job" dengan berkesan.. patut mereka buang ComboFix.exe setelah habis "clean" komputer tu..Carik file C:\combofix.txt atau kalau tak jumpa kat C:\ drive, carik kat folder C:\qoobox atau C:\Combofix.. kemudian post kan log tu kat sini.. baru kita tahu yang "pihak berkenaan" tu buat tugas dia dengan sempurna atau tidak..Kalau ada jumpa combofix2.txt, combofix3.txt dan sebagainya, postkan semua log tu kat sini.. Quote Share this post Link to post Share on other sites
aczan 4 Report post Posted August 11, 2008 Well, "pihak berkenaan" tu tak buat "cleaning job" dengan berkesan.. patut mereka buang ComboFix.exe setelah habis "clean" komputer tu..Carik file C:\combofix.txt atau kalau tak jumpa kat C:\ drive, carik kat folder C:\qoobox atau C:\Combofix.. kemudian post kan log tu kat sini.. baru kita tahu yang "pihak berkenaan" tu buat tugas dia dengan sempurna atau tidak..Kalau ada jumpa combofix2.txt, combofix3.txt dan sebagainya, postkan semua log tu kat sini..ComboFix 08-08-10.02 - aczan 2008-08-11 15:01:50.3 - NTFSx86Running from: C:\Documents and Settings\aczan\Desktop\ComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 ))))))))))))))))))))))))))))))).2008-07-23 15:03 . 2008-07-23 15:03 <DIR> d-------- C:\Documents and Settings\aczan\Application Data\ArcSoft2008-07-16 11:23 . 2008-07-16 11:23 <DIR> d-------- C:\Documents and Settings\aczan\Application Data\AdobeUM.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-08-11 03:55 --------- d-----w C:\Documents and Settings\aczan\Application Data\AVG72008-07-08 15:29 --------- d-----w C:\Program Files\Common Files\L&H2008-07-08 15:28 --------- d-----w C:\Program Files\Microsoft.NET2008-07-08 15:26 --------- d-----w C:\Program Files\Microsoft ActiveSync2008-07-08 15:22 --------- d-----w C:\Program Files\Microsoft Works2008-07-08 15:10 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-07-08 15:10 --------- d-----w C:\Program Files\CyberLink2008-07-08 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink2008-07-08 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-07-08 12:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared2008-07-04 12:24 --------- d-----w C:\Documents and Settings\aczan\Application Data\CyberLink2008-07-01 08:07 --------- d-----w C:\Program Files\Yahoo!2008-06-23 07:25 --------- d-----w C:\Documents and Settings\aczan\Application Data\Wildfire2008-06-19 03:48 --------- d-----w C:\Documents and Settings\aczan\Application Data\Yahoo!2008-06-19 02:10 --------- d-----w C:\Program Files\iWin.com2008-06-18 07:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia2008-06-18 00:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP2008-06-15 06:21 --------- d-----w C:\Program Files\Snail Mail2008-06-15 06:20 --------- d-----w C:\Program Files\Oberon Media2008-06-15 04:23 --------- d-----w C:\Program Files\Turtle Odyssey2008-06-15 04:02 --------- d-----w C:\Program Files\Shockwave.com2008-02-12 02:07 455,124 -c--a-w C:\Program Files\ImageComposer2.0.zip2007-11-26 07:20 31,768,752 -c--a-w C:\Program Files\avg75free_503a1205.exe2007-11-19 03:05 12,580,696 -c--a-w C:\Program Files\mm20enu.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-12-17 04:25 13824][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-08-05 09:22 579584][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-26 15:26 219136][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon StartupHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\47218448761787860927460372706460[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]C:\WINDOWS\system32\dumprep 0 -k [X]HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime TaskHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkypeHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swgHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExeHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOEHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]--a--c--- 2001-12-06 20:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]--a--c--- 2002-04-15 16:12 57344 C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2003-12-17 04:25 13824 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]-ra--c--- 2005-09-20 10:32 77824 C:\WINDOWS\system32\hkcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]-ra--c--- 2005-09-20 10:36 114688 C:\WINDOWS\system32\igfxpers.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]-ra--c--- 2005-09-20 10:35 94208 C:\WINDOWS\system32\igfxtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]--------- 2003-12-17 11:31 1598464 C:\Program Files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a--c--- 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]-ra--c--- 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]-----c--- 2007-03-03 14:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]--a------ 2003-12-17 04:31 441344 C:\WINDOWS\system32\irprops.cpl[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]DcomLaunch REG_MULTI_SZ DcomLaunchxmlprov REG_MULTI_SZ xmlprov.Contents of the 'Scheduled Tasks' folder2008-08-11 C:\WINDOWS\Tasks\Symantec NetDetect.job- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2001-07-26 12:23]..------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\aczan\Application Data\Mozilla\Firefox\Profiles\01pk7o28.default\FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-shkwav&p=FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-11 15:04:48Windows 5.1.2600 Service Pack 2, v.2055 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-08-11 15:08:16ComboFix-quarantined-files.txt 2008-08-11 07:07:52ComboFix2.txt 2008-08-11 04:10:12ComboFix3.txt 2008-08-11 03:26:57Pre-Run: 16,717,389,824 bytes freePost-Run: 16,707,485,696 bytes free121 Quote Share this post Link to post Share on other sites
baok 0 Report post Posted August 11, 2008 log ComboFix clean.. I bet the guy who use ComboFix knows what's he's doing.. go to Start >> Run >> copy/paste combofix /u >> press Enter.. You are then good to go Quote Share this post Link to post Share on other sites
aczan 4 Report post Posted August 12, 2008 log ComboFix clean.. I bet the guy who use ComboFix knows what's he's doing.. go to Start >> Run >> copy/paste combofix /u >> press Enter.. You are then good to go maksudnya...semuanya ok??? Combofix tu tak jadi masalah kalau ada kat komputer ni? Quote Share this post Link to post Share on other sites
baok 0 Report post Posted August 12, 2008 maksudnya...semuanya ok??? Combofix tu tak jadi masalah kalau ada kat komputer ni?Yup Quote Share this post Link to post Share on other sites
