khairulnisa 2 Report post Posted January 16, 2010 hijakcthis pon xberapa leh buka..malwarebyte langsung la xleh..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:45:29 AM, on 1/16/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Acer\OrbiCam\CameraAssistant.exeC:\WINDOWS\system32\ElkCtrl.exeC:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exeC:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXEC:\Program Files\Panasonic\Ncr3\ncrcore3.exeC:\Documents and Settings\User\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Panasonic\Ncr3\Ncrwd.exeC:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Mobile Partner\Mobile Partner.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.10.253/O1 - Hosts: 74.125.53.106 msnfix.changelog.frO1 - Hosts: 74.125.53.106 www.incodesolutions.comO1 - Hosts: 74.125.53.106 virusinfo.prevx.comO1 - Hosts: 74.125.53.106 download.bleepingcomputer.comO1 - Hosts: 74.125.53.106 www.dazhizhu.cnO1 - Hosts: 74.125.53.106 foro.noticias3d.comO1 - Hosts: 74.125.53.106 www.spybotupdates.comO1 - Hosts: 74.125.53.106 club.myce.comO1 - Hosts: 74.125.53.106 www.k7computing.comO1 - Hosts: 74.125.53.106 www.nabble.comO1 - Hosts: 74.125.53.106 lurker.clamav.netO1 - Hosts: 74.125.53.106 lexikon.ikarus.atO1 - Hosts: 74.125.53.106 research.sunbelt-software.comO1 - Hosts: 74.125.53.106 www.virusdoctor.jpO1 - Hosts: 74.125.53.106 www.elitepvpers.deO1 - Hosts: 74.125.53.106 guru.avg.comO1 - Hosts: 74.125.53.106 downloads.sophos.comO1 - Hosts: 74.125.53.106 share.skype.comO1 - Hosts: 74.125.53.106 myantispyware.comO1 - Hosts: 74.125.53.106 www.superuser.co.krO1 - Hosts: 74.125.53.106 ntfaq.co.krO1 - Hosts: 74.125.53.106 v.dreamwiz.comO1 - Hosts: 74.125.53.106 cit.kookmin.ac.krO1 - Hosts: 74.125.53.106 forums.whatthetech.comO1 - Hosts: 74.125.53.106 forum.hijackthis.deO1 - Hosts: 74.125.53.106 avg.vo.llnwd.netO1 - Hosts: 74.125.53.106 ftp.drweb.comO1 - Hosts: 74.125.53.106 www.zonealarm.comO1 - Hosts: 74.125.53.106 smadaver.comO1 - Hosts: 74.125.53.106 support.emsisoft.comO1 - Hosts: 74.125.53.106 www.huaifai.go.thO1 - Hosts: 74.125.53.106 www.mostz.comO1 - Hosts: 74.125.53.106 www.krupunmai.comO1 - Hosts: 74.125.53.106 www.cddchiangmai.netO1 - Hosts: 74.125.53.106 forum.malekal.comO1 - Hosts: 74.125.53.106 tech.pantip.comO1 - Hosts: 74.125.53.106 sapcupgrades.comO1 - Hosts: 74.125.53.106 www.elguruinformatico.comO1 - Hosts: 74.125.53.106 forums.avg.comO1 - Hosts: 74.125.53.106 zastita.comO1 - Hosts: 74.125.53.106 support.kaspersky.comO1 - Hosts: 74.125.53.106 www.247fixes.comO1 - Hosts: 74.125.53.106 forum.sysinternals.comO1 - Hosts: 74.125.53.106 forum.telecharger.01net.comO1 - Hosts: 74.125.53.106 sophos.comO1 - Hosts: 74.125.53.106 foros.softonic.comO1 - Hosts: 74.125.53.106 avast-home.uptodown.comO1 - Hosts: 74.125.53.106 dr-web-cureit.softonic.comO1 - Hosts: 74.125.53.106 heavenward.ruO1 - Hosts: 74.125.53.106 forum.smadav.netO1 - Hosts: 74.125.53.106 www.forum.kaspersky.comO1 - Hosts: 74.125.53.106 www.f-secure.comO1 - Hosts: 74.125.53.106 www.chkrootkit.orgO1 - Hosts: 74.125.53.106 diamondcs.com.auO1 - Hosts: 74.125.53.106 www.rootkit.nlO1 - Hosts: 74.125.53.106 www.sysinternals.comO1 - Hosts: 74.125.53.106 z-oleg.comO1 - Hosts: 74.125.53.106 espanol.dir.groups.yahoo.comO1 - Hosts: 74.125.53.106 ftp01net.telechargement.frO1 - Hosts: 74.125.53.106 modelayu.comO1 - Hosts: 74.125.53.106 vaksin.comO1 - Hosts: 74.125.53.106 bbs.kaspersky.com.cnO1 - Hosts: 74.125.53.106 www.castlecrops.comO1 - Hosts: 74.125.53.106 www.misec.netO1 - Hosts: 74.125.53.106 safecomputing.umn.eduO1 - Hosts: 74.125.53.106 www.antirootkit.comO1 - Hosts: 74.125.53.106 www.greatis.comO1 - Hosts: 74.125.53.106 ar.answers.yahoo.comO1 - Hosts: 74.125.53.106 www.elhacker.orgO1 - Hosts: 74.125.53.106 research.pandasecurity.comO1 - Hosts: 74.125.53.106 www.tpu.roO1 - Hosts: 74.125.53.106 www.pinoyden.comO1 - Hosts: 74.125.53.106 www.rootkit.comO1 - Hosts: 74.125.53.106 www.pctools.comO1 - Hosts: 74.125.53.106 www.pcsupportadvisor.comO1 - Hosts: 74.125.53.106 www.resplendence.comO1 - Hosts: 74.125.53.106 www.personal.psu.eduO1 - Hosts: 74.125.53.106 foro.ethek.comO1 - Hosts: 74.125.53.106 foro.elhacker.netO1 - Hosts: 74.125.53.106 download.zonealarm.comO1 - Hosts: 74.125.53.106 spywarehammer.comO1 - Hosts: 74.125.53.106 www.codelain.comO1 - Hosts: 74.125.53.106 vil.nail.comO1 - Hosts: 74.125.53.106 search.mcafee.comO1 - Hosts: 74.125.53.106 wwww.mcafee.comO1 - Hosts: 74.125.53.106 download.nai.comO1 - Hosts: 74.125.53.106 wwww.experts-exchange.comO1 - Hosts: 74.125.53.106 www.bakunos.comO1 - Hosts: 74.125.53.106 www.darkclockers.comO1 - Hosts: 74.125.53.106 www2.gmer.netO1 - Hosts: 74.125.53.106 ariefew.comO1 - Hosts: 74.125.53.106 www.emsisoft.comO1 - Hosts: 74.125.53.106 forum.romeonet.roO1 - Hosts: 74.125.53.106 www.Merijn.orgO1 - Hosts: 74.125.53.106 www.spywareinfo.comO1 - Hosts: 74.125.53.106 www.spybot.infoO1 - Hosts: 74.125.53.106 www.viruslist.comO1 - Hosts: 74.125.53.106 www.hijackthis.deO1 - Hosts: 74.125.53.106 ftp.f-secure.comO1 - Hosts: 74.125.53.106 forum.kaspersky.comO1 - Hosts: 74.125.53.106 es.trendmicro-europe.comO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [SkyTel] SkyTel.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exeO4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspectO4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automationO4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exeO4 - HKLM\..\Run: [MS Virtual CLS] C:\WINDOWS\system32\wmipxty.exeO4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [Ncr3] C:\Program Files\Panasonic\Ncr3\ncrcore3.exeO4 - HKCU\..\Run: [Meebo Notifier] "C:\Documents and Settings\User\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe" /startupO4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\User\wpvq.exe \uO4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'Default user')O4 - Global Startup: Bluetooth.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://192.168.10.253/JpegInst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.67 203.82.64.41O17 - HKLM\System\CS1\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.67 203.82.64.41O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exeO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exeO23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exeO23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe--End of file - 11470 bytes Quote Share this post Link to post Share on other sites
test0123 1 Report post Posted January 16, 2010 C:\Program Files\SunbeltSoftware\CounterSpy\SBAMTray.exeC:\Program Files\Panasonic\Ncr3\ncrcore3.exeC:\Documents and Settings\User\LocalSettings\Application Data\Meebo\MeeboNotifier\MeeboNotifier.exeC:\Program Files\Panasonic\Ncr3\Ncrwd.exeC:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exeC:\Program Files\SunbeltSoftware\CounterSpy\SBAMSvc.exeC:\Program Files\Mobile Partner\Mobile Partner.exeR1 - HKCU\Software\Microsoft\Internet ConnectionWizard,ShellNext = http://192.168.10.253/O1 - Hosts: 74.125.53.106 msnfix.changelog.frO1 - Hosts: 74.125.53.106 www.incodesolutions.comO1 - Hosts: 74.125.53.106 virusinfo.prevx.comO1 - Hosts: 74.125.53.106 download.bleepingcomputer.comO1 - Hosts: 74.125.53.106 www.dazhizhu.cnO1 - Hosts: 74.125.53.106 foro.noticias3d.comO1 - Hosts: 74.125.53.106 www.spybotupdates.comO1 - Hosts: 74.125.53.106 club.myce.comO1 - Hosts: 74.125.53.106 www.k7computing.comO1 - Hosts: 74.125.53.106 www.nabble.comO1 - Hosts: 74.125.53.106 lurker.clamav.netO1 - Hosts: 74.125.53.106 lexikon.ikarus.atO1 - Hosts: 74.125.53.106 research.sunbelt-software.comO1 - Hosts: 74.125.53.106 www.virusdoctor.jpO1 - Hosts: 74.125.53.106 www.elitepvpers.deO1 - Hosts: 74.125.53.106 guru.avg.comO1 - Hosts: 74.125.53.106 downloads.sophos.comO1 - Hosts: 74.125.53.106 share.skype.comO1 - Hosts: 74.125.53.106 myantispyware.comO1 - Hosts: 74.125.53.106 www.superuser.co.krO1 - Hosts: 74.125.53.106 ntfaq.co.krO1 - Hosts: 74.125.53.106 v.dreamwiz.comO1 - Hosts: 74.125.53.106 cit.kookmin.ac.krO1 - Hosts: 74.125.53.106 forums.whatthetech.comO1 - Hosts: 74.125.53.106 forum.hijackthis.deO1 - Hosts: 74.125.53.106 avg.vo.llnwd.netO1 - Hosts: 74.125.53.106 ftp.drweb.comO1 - Hosts: 74.125.53.106 www.zonealarm.comO1 - Hosts: 74.125.53.106 smadaver.comO1 - Hosts: 74.125.53.106 support.emsisoft.comO1 - Hosts: 74.125.53.106 www.huaifai.go.thO1 - Hosts: 74.125.53.106 www.mostz.comO1 - Hosts: 74.125.53.106 www.krupunmai.comO1 - Hosts: 74.125.53.106 www.cddchiangmai.netO1 - Hosts: 74.125.53.106 forum.malekal.comO1 - Hosts: 74.125.53.106 tech.pantip.comO1 - Hosts: 74.125.53.106 sapcupgrades.comO1 - Hosts: 74.125.53.106 www.elguruinformatico.comO1 - Hosts: 74.125.53.106 forums.avg.comO1 - Hosts: 74.125.53.106 zastita.comO1 - Hosts: 74.125.53.106 support.kaspersky.comO1 - Hosts: 74.125.53.106 www.247fixes.comO1 - Hosts: 74.125.53.106 forum.sysinternals.comO1 - Hosts: 74.125.53.106 forum.telecharger.01net.comO1 - Hosts: 74.125.53.106 sophos.comO1 - Hosts: 74.125.53.106 foros.softonic.comO1 - Hosts: 74.125.53.106 avast-home.uptodown.comO1 - Hosts: 74.125.53.106 dr-web-cureit.softonic.comO1 - Hosts: 74.125.53.106 heavenward.ruO1 - Hosts: 74.125.53.106 forum.smadav.netO1 - Hosts: 74.125.53.106 www.forum.kaspersky.comO1 - Hosts: 74.125.53.106 www.f-secure.comO1 - Hosts: 74.125.53.106 www.chkrootkit.orgO1 - Hosts: 74.125.53.106 diamondcs.com.auO1 - Hosts: 74.125.53.106 www.rootkit.nlO1 - Hosts: 74.125.53.106 www.sysinternals.comO1 - Hosts: 74.125.53.106 z-oleg.comO1 - Hosts: 74.125.53.106 espanol.dir.groups.yahoo.comO1 - Hosts: 74.125.53.106 ftp01net.telechargement.frO1 - Hosts: 74.125.53.106 modelayu.comO1 - Hosts: 74.125.53.106 vaksin.comO1 - Hosts: 74.125.53.106 bbs.kaspersky.com.cnO1 - Hosts: 74.125.53.106 www.castlecrops.comO1 - Hosts: 74.125.53.106 www.misec.netO1 - Hosts: 74.125.53.106 safecomputing.umn.eduO1 - Hosts: 74.125.53.106 www.antirootkit.comO1 - Hosts: 74.125.53.106 www.greatis.comO1 - Hosts: 74.125.53.106 ar.answers.yahoo.comO1 - Hosts: 74.125.53.106 www.elhacker.orgO1 - Hosts: 74.125.53.106 research.pandasecurity.comO1 - Hosts: 74.125.53.106 www.tpu.roO1 - Hosts: 74.125.53.106 www.pinoyden.comO1 - Hosts: 74.125.53.106 www.rootkit.comO1 - Hosts: 74.125.53.106 www.pctools.comO1 - Hosts: 74.125.53.106 www.pcsupportadvisor.comO1 - Hosts: 74.125.53.106 www.resplendence.comO1 - Hosts: 74.125.53.106 www.personal.psu.eduO1 - Hosts: 74.125.53.106 foro.ethek.comO1 - Hosts: 74.125.53.106 foro.elhacker.netO1 - Hosts: 74.125.53.106 download.zonealarm.comO1 - Hosts: 74.125.53.106 spywarehammer.comO1 - Hosts: 74.125.53.106 www.codelain.comO1 - Hosts: 74.125.53.106 vil.nail.comO1 - Hosts: 74.125.53.106 search.mcafee.comO1 - Hosts: 74.125.53.106 wwww.mcafee.comO1 - Hosts: 74.125.53.106 download.nai.comO1 - Hosts: 74.125.53.106 wwww.experts-exchange.comO1 - Hosts: 74.125.53.106 www.bakunos.comO1 - Hosts: 74.125.53.106 www.darkclockers.comO1 - Hosts: 74.125.53.106 www2.gmer.netO1 - Hosts: 74.125.53.106 ariefew.comO1 - Hosts: 74.125.53.106 www.emsisoft.comO1 - Hosts: 74.125.53.106 forum.romeonet.roO1 - Hosts: 74.125.53.106 www.Merijn.orgO1 - Hosts: 74.125.53.106 www.spywareinfo.comO1 - Hosts: 74.125.53.106 www.spybot.infoO1 - Hosts: 74.125.53.106 www.viruslist.comO1 - Hosts: 74.125.53.106 www.hijackthis.deO1 - Hosts: 74.125.53.106 ftp.f-secure.comO1 - Hosts: 74.125.53.106 forum.kaspersky.comO1 - Hosts: 74.125.53.106 es.trendmicro-europe.comO4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exeO4 - HKLM\..\Run: [MS Virtual CLS]C:\WINDOWS\system32\wmipxty.exeO4 - HKLM\..\Run: [SBAMTray] C:\ProgramFiles\Sunbelt Software\CounterSpy\SBAMTray.exeO4 - HKCU\..\Run: [Messenger (Yahoo!)]"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [Ncr3] C:\ProgramFiles\Panasonic\Ncr3\ncrcore3.exeO4 - HKCU\..\Run: [Meebo Notifier] "C:\Documentsand Settings\User\Local Settings\ApplicationData\Meebo\Meebo Notifier\MeeboNotifier.exe"/startupO4 - HKCU\..\Run: [MSConfig] C:\Documents andSettings\User\wpvq.exe \uO4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documentsand Settings\NetworkService\loi.exe \u (User'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [MSConfig] C:\Documentsand Settings\NetworkService\loi.exe \u (User'DefaultO16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423}(pmjpegaudio Class) -http://192.168.10.253/JpegInst.cab user')O17 -HKLM\System\CCS\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.67203.82.64.41O17 -HKLM\System\CS1\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.67203.82.64.41O23 - Service: Remote Packet Capture Protocol v.0(experimental) (rpcapd) - CACE Technologies, Inc.- C:\Program Files\WinPcap\rpcapd.exeO23 - Service: CounterSpy Antispyware (SBAMSvc) -Sunbelt Software - C:\Program Files\SunbeltSoftware\CounterSpy\SBAMSvc.exeO23 - Service: wampapache - Apache SoftwareFoundation -c:\wamp\bin\apache\apache2.2.11\bin\httpd.exeO23 - Service: wampmysqld - Unknown owner -c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exeFix semua ni Quote Share this post Link to post Share on other sites
hampeh 21 Report post Posted January 16, 2010 banyak betul host file kena fixed.... Quote Share this post Link to post Share on other sites
B@zShâ„¢ 1 Report post Posted January 17, 2010 TS x cuba scan dalam safe mode ker yg cakap MBAM xleh bukak tu? Quote Share this post Link to post Share on other sites
khairulnisa 2 Report post Posted January 18, 2010 nk wat camne?br je format ari tu..xkn nk gi format blk kot..tension tol..dh la tgh siapkan fyp.. Quote Share this post Link to post Share on other sites
khairulnisa 2 Report post Posted January 19, 2010 dh ok dah sket..bley tlg cek dh clean blom?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:32:45 AM, on 1/19/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Acer\OrbiCam\CameraAssistant.exeC:\WINDOWS\system32\ElkCtrl.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.uthm.edu.my:8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; 127.0.0.1; *.uthm.edu.my; 10.*.*.*;<local>O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [SkyTel] SkyTel.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exeO4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspectO4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automationO4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostartO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'Default user')O4 - Global Startup: Bluetooth.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://192.168.10.253/JpegInst.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe--End of file - 6159 bytes Quote Share this post Link to post Share on other sites
test0123 1 Report post Posted January 19, 2010 C:\Program Files\Google\Update\GoogleUpdate.exeC:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exeR1 -HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =proxy.uthm.edu.my:8080R1 -HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1; *.uthm.edu.my; 10.*.*.*;O4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documentsand Settings\NetworkService\loi.exe \u (User'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [MSConfig] C:\Documentsand Settings\NetworkService\loi.exe \u (User'Default user')O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423}(pmjpegaudio Class) -http://192.168.10.253/JpegInst.cabO23 - Service: Google Update Service (gupdate)(gupdate) - Google Inc. - C:\ProgramFiles\Google\Update\GoogleUpdate.exeO23 - Service: Remote Packet Capture Protocol v.0(experimental) (rpcapd) - CACE Technologies, Inc.- C:\Program Files\WinPcap\rpcapd.exeFix semua ni..reboot pasti ..win awk dah ok.. Quote Share this post Link to post Share on other sites
khairulnisa 2 Report post Posted January 20, 2010 C:\Program Files\Google\Update\GoogleUpdate.exeC:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.execamne nk fixed yg ni? Quote Share this post Link to post Share on other sites
test0123 1 Report post Posted January 20, 2010 semasa awk scan hijack ..akan kuar logfile kan..fix kat situ ler..just tick and fix it Quote Share this post Link to post Share on other sites
khairulnisa 2 Report post Posted January 21, 2010 yela..yg dua tu xde pon time nk tick tu..apsal lepas fix google talk xley guna ek? Quote Share this post Link to post Share on other sites
test0123 1 Report post Posted January 23, 2010 sbb original file tu dah infected..uninstall google talk tu guna revo..reboot ..then install semula..siap.. Quote Share this post Link to post Share on other sites