tlg cek hijackthis

hijakcthis pon xberapa leh buka..
malwarebyte langsung la xleh..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:29 AM, on 1/16/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Panasonic\Ncr3\ncrcore3.exe
C:\Documents and Settings\User\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Panasonic\Ncr3\Ncrwd.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.10.253/
O1 - Hosts: 74.125.53.106 msnfix.changelog.fr
O1 - Hosts: 74.125.53.106 www.incodesolutions.com
O1 - Hosts: 74.125.53.106 virusinfo.prevx.com
O1 - Hosts: 74.125.53.106 download.bleepingcomputer.com
O1 - Hosts: 74.125.53.106 www.dazhizhu.cn
O1 - Hosts: 74.125.53.106 foro.noticias3d.com
O1 - Hosts: 74.125.53.106 www.spybotupdates.com
O1 - Hosts: 74.125.53.106 club.myce.com
O1 - Hosts: 74.125.53.106 www.k7computing.com
O1 - Hosts: 74.125.53.106 www.nabble.com
O1 - Hosts: 74.125.53.106 lurker.clamav.net
O1 - Hosts: 74.125.53.106 lexikon.ikarus.at
O1 - Hosts: 74.125.53.106 research.sunbelt-software.com
O1 - Hosts: 74.125.53.106 www.virusdoctor.jp
O1 - Hosts: 74.125.53.106 www.elitepvpers.de
O1 - Hosts: 74.125.53.106 guru.avg.com
O1 - Hosts: 74.125.53.106 downloads.sophos.com
O1 - Hosts: 74.125.53.106 share.skype.com
O1 - Hosts: 74.125.53.106 myantispyware.com
O1 - Hosts: 74.125.53.106 www.superuser.co.kr
O1 - Hosts: 74.125.53.106 ntfaq.co.kr
O1 - Hosts: 74.125.53.106 v.dreamwiz.com
O1 - Hosts: 74.125.53.106 cit.kookmin.ac.kr
O1 - Hosts: 74.125.53.106 forums.whatthetech.com
O1 - Hosts: 74.125.53.106 forum.hijackthis.de
O1 - Hosts: 74.125.53.106 avg.vo.llnwd.net
O1 - Hosts: 74.125.53.106 ftp.drweb.com
O1 - Hosts: 74.125.53.106 www.zonealarm.com
O1 - Hosts: 74.125.53.106 smadaver.com
O1 - Hosts: 74.125.53.106 support.emsisoft.com
O1 - Hosts: 74.125.53.106 www.huaifai.go.th
O1 - Hosts: 74.125.53.106 www.mostz.com
O1 - Hosts: 74.125.53.106 www.krupunmai.com
O1 - Hosts: 74.125.53.106 www.cddchiangmai.net
O1 - Hosts: 74.125.53.106 forum.malekal.com
O1 - Hosts: 74.125.53.106 tech.pantip.com
O1 - Hosts: 74.125.53.106 sapcupgrades.com
O1 - Hosts: 74.125.53.106 www.elguruinformatico.com
O1 - Hosts: 74.125.53.106 forums.avg.com
O1 - Hosts: 74.125.53.106 zastita.com
O1 - Hosts: 74.125.53.106 support.kaspersky.com
O1 - Hosts: 74.125.53.106 www.247fixes.com
O1 - Hosts: 74.125.53.106 forum.sysinternals.com
O1 - Hosts: 74.125.53.106 forum.telecharger.01net.com
O1 - Hosts: 74.125.53.106 sophos.com
O1 - Hosts: 74.125.53.106 foros.softonic.com
O1 - Hosts: 74.125.53.106 avast-home.uptodown.com
O1 - Hosts: 74.125.53.106 dr-web-cureit.softonic.com
O1 - Hosts: 74.125.53.106 heavenward.ru
O1 - Hosts: 74.125.53.106 forum.smadav.net
O1 - Hosts: 74.125.53.106 www.forum.kaspersky.com
O1 - Hosts: 74.125.53.106 www.f-secure.com
O1 - Hosts: 74.125.53.106 www.chkrootkit.org
O1 - Hosts: 74.125.53.106 diamondcs.com.au
O1 - Hosts: 74.125.53.106 www.rootkit.nl
O1 - Hosts: 74.125.53.106 www.sysinternals.com
O1 - Hosts: 74.125.53.106 z-oleg.com
O1 - Hosts: 74.125.53.106 espanol.dir.groups.yahoo.com
O1 - Hosts: 74.125.53.106 ftp01net.telechargement.fr
O1 - Hosts: 74.125.53.106 modelayu.com
O1 - Hosts: 74.125.53.106 vaksin.com
O1 - Hosts: 74.125.53.106 bbs.kaspersky.com.cn
O1 - Hosts: 74.125.53.106 www.castlecrops.com
O1 - Hosts: 74.125.53.106 www.misec.net
O1 - Hosts: 74.125.53.106 safecomputing.umn.edu
O1 - Hosts: 74.125.53.106 www.antirootkit.com
O1 - Hosts: 74.125.53.106 www.greatis.com
O1 - Hosts: 74.125.53.106 ar.answers.yahoo.com
O1 - Hosts: 74.125.53.106 www.elhacker.org
O1 - Hosts: 74.125.53.106 research.pandasecurity.com
O1 - Hosts: 74.125.53.106 www.tpu.ro
O1 - Hosts: 74.125.53.106 www.pinoyden.com
O1 - Hosts: 74.125.53.106 www.rootkit.com
O1 - Hosts: 74.125.53.106 www.pctools.com
O1 - Hosts: 74.125.53.106 www.pcsupportadvisor.com
O1 - Hosts: 74.125.53.106 www.resplendence.com
O1 - Hosts: 74.125.53.106 www.personal.psu.edu
O1 - Hosts: 74.125.53.106 foro.ethek.com
O1 - Hosts: 74.125.53.106 foro.elhacker.net
O1 - Hosts: 74.125.53.106 download.zonealarm.com
O1 - Hosts: 74.125.53.106 spywarehammer.com
O1 - Hosts: 74.125.53.106 www.codelain.com
O1 - Hosts: 74.125.53.106 vil.nail.com
O1 - Hosts: 74.125.53.106 search.mcafee.com
O1 - Hosts: 74.125.53.106 wwww.mcafee.com
O1 - Hosts: 74.125.53.106 download.nai.com
O1 - Hosts: 74.125.53.106 wwww.experts-exchange.com
O1 - Hosts: 74.125.53.106 www.bakunos.com
O1 - Hosts: 74.125.53.106 www.darkclockers.com
O1 - Hosts: 74.125.53.106 www2.gmer.net
O1 - Hosts: 74.125.53.106 ariefew.com
O1 - Hosts: 74.125.53.106 www.emsisoft.com
O1 - Hosts: 74.125.53.106 forum.romeonet.ro
O1 - Hosts: 74.125.53.106 www.Merijn.org
O1 - Hosts: 74.125.53.106 www.spywareinfo.com
O1 - Hosts: 74.125.53.106 www.spybot.info
O1 - Hosts: 74.125.53.106 www.viruslist.com
O1 - Hosts: 74.125.53.106 www.hijackthis.de
O1 - Hosts: 74.125.53.106 ftp.f-secure.com
O1 - Hosts: 74.125.53.106 forum.kaspersky.com
O1 - Hosts: 74.125.53.106 es.trendmicro-europe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [MS Virtual CLS] C:\WINDOWS\system32\wmipxty.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Ncr3] C:\Program Files\Panasonic\Ncr3\ncrcore3.exe
O4 - HKCU\..\Run: [Meebo Notifier] "C:\Documents and Settings\User\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\User\wpvq.exe \u
O4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://192.168.10.253/JpegInst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.67 203.82.64.41
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.67 203.82.64.41
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 11470 bytes

C:\Program Files\SunbeltSoftware\CounterSpy\SBAMTray.exe
C:\Program Files\Panasonic\Ncr3\ncrcore3.exe
C:\Documents and Settings\User\LocalSettings\Application Data\Meebo\MeeboNotifier\MeeboNotifier.exe
C:\Program Files\Panasonic\Ncr3\Ncrwd.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\SunbeltSoftware\CounterSpy\SBAMSvc.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
R1 - HKCU\Software\Microsoft\Internet ConnectionWizard,ShellNext = http://192.168.10.253/
O1 - Hosts: 74.125.53.106 msnfix.changelog.fr
O1 - Hosts: 74.125.53.106 www.incodesolutions.com
O1 - Hosts: 74.125.53.106 virusinfo.prevx.com
O1 - Hosts: 74.125.53.106 download.bleepingcomputer.com
O1 - Hosts: 74.125.53.106 www.dazhizhu.cn
O1 - Hosts: 74.125.53.106 foro.noticias3d.com
O1 - Hosts: 74.125.53.106 www.spybotupdates.com
O1 - Hosts: 74.125.53.106 club.myce.com
O1 - Hosts: 74.125.53.106 www.k7computing.com
O1 - Hosts: 74.125.53.106 www.nabble.com
O1 - Hosts: 74.125.53.106 lurker.clamav.net
O1 - Hosts: 74.125.53.106 lexikon.ikarus.at
O1 - Hosts: 74.125.53.106 research.sunbelt-software.com
O1 - Hosts: 74.125.53.106 www.virusdoctor.jp
O1 - Hosts: 74.125.53.106 www.elitepvpers.de
O1 - Hosts: 74.125.53.106 guru.avg.com
O1 - Hosts: 74.125.53.106 downloads.sophos.com
O1 - Hosts: 74.125.53.106 share.skype.com
O1 - Hosts: 74.125.53.106 myantispyware.com
O1 - Hosts: 74.125.53.106 www.superuser.co.kr
O1 - Hosts: 74.125.53.106 ntfaq.co.kr
O1 - Hosts: 74.125.53.106 v.dreamwiz.com
O1 - Hosts: 74.125.53.106 cit.kookmin.ac.kr
O1 - Hosts: 74.125.53.106 forums.whatthetech.com
O1 - Hosts: 74.125.53.106 forum.hijackthis.de
O1 - Hosts: 74.125.53.106 avg.vo.llnwd.net
O1 - Hosts: 74.125.53.106 ftp.drweb.com
O1 - Hosts: 74.125.53.106 www.zonealarm.com
O1 - Hosts: 74.125.53.106 smadaver.com
O1 - Hosts: 74.125.53.106 support.emsisoft.com
O1 - Hosts: 74.125.53.106 www.huaifai.go.th
O1 - Hosts: 74.125.53.106 www.mostz.com
O1 - Hosts: 74.125.53.106 www.krupunmai.com
O1 - Hosts: 74.125.53.106 www.cddchiangmai.net
O1 - Hosts: 74.125.53.106 forum.malekal.com
O1 - Hosts: 74.125.53.106 tech.pantip.com
O1 - Hosts: 74.125.53.106 sapcupgrades.com
O1 - Hosts: 74.125.53.106 www.elguruinformatico.com
O1 - Hosts: 74.125.53.106 forums.avg.com
O1 - Hosts: 74.125.53.106 zastita.com
O1 - Hosts: 74.125.53.106 support.kaspersky.com
O1 - Hosts: 74.125.53.106 www.247fixes.com
O1 - Hosts: 74.125.53.106 forum.sysinternals.com
O1 - Hosts: 74.125.53.106 forum.telecharger.01net.com
O1 - Hosts: 74.125.53.106 sophos.com
O1 - Hosts: 74.125.53.106 foros.softonic.com
O1 - Hosts: 74.125.53.106 avast-home.uptodown.com
O1 - Hosts: 74.125.53.106 dr-web-cureit.softonic.com
O1 - Hosts: 74.125.53.106 heavenward.ru
O1 - Hosts: 74.125.53.106 forum.smadav.net
O1 - Hosts: 74.125.53.106 www.forum.kaspersky.com
O1 - Hosts: 74.125.53.106 www.f-secure.com
O1 - Hosts: 74.125.53.106 www.chkrootkit.org
O1 - Hosts: 74.125.53.106 diamondcs.com.au
O1 - Hosts: 74.125.53.106 www.rootkit.nl
O1 - Hosts: 74.125.53.106 www.sysinternals.com
O1 - Hosts: 74.125.53.106 z-oleg.com
O1 - Hosts: 74.125.53.106 espanol.dir.groups.yahoo.com
O1 - Hosts: 74.125.53.106 ftp01net.telechargement.fr
O1 - Hosts: 74.125.53.106 modelayu.com
O1 - Hosts: 74.125.53.106 vaksin.com
O1 - Hosts: 74.125.53.106 bbs.kaspersky.com.cn
O1 - Hosts: 74.125.53.106 www.castlecrops.com
O1 - Hosts: 74.125.53.106 www.misec.net
O1 - Hosts: 74.125.53.106 safecomputing.umn.edu
O1 - Hosts: 74.125.53.106 www.antirootkit.com
O1 - Hosts: 74.125.53.106 www.greatis.com
O1 - Hosts: 74.125.53.106 ar.answers.yahoo.com
O1 - Hosts: 74.125.53.106 www.elhacker.org
O1 - Hosts: 74.125.53.106 research.pandasecurity.com
O1 - Hosts: 74.125.53.106 www.tpu.ro
O1 - Hosts: 74.125.53.106 www.pinoyden.com
O1 - Hosts: 74.125.53.106 www.rootkit.com
O1 - Hosts: 74.125.53.106 www.pctools.com
O1 - Hosts: 74.125.53.106 www.pcsupportadvisor.com
O1 - Hosts: 74.125.53.106 www.resplendence.com
O1 - Hosts: 74.125.53.106 www.personal.psu.edu
O1 - Hosts: 74.125.53.106 foro.ethek.com
O1 - Hosts: 74.125.53.106 foro.elhacker.net
O1 - Hosts: 74.125.53.106 download.zonealarm.com
O1 - Hosts: 74.125.53.106 spywarehammer.com
O1 - Hosts: 74.125.53.106 www.codelain.com
O1 - Hosts: 74.125.53.106 vil.nail.com
O1 - Hosts: 74.125.53.106 search.mcafee.com
O1 - Hosts: 74.125.53.106 wwww.mcafee.com
O1 - Hosts: 74.125.53.106 download.nai.com
O1 - Hosts: 74.125.53.106 wwww.experts-exchange.com
O1 - Hosts: 74.125.53.106 www.bakunos.com
O1 - Hosts: 74.125.53.106 www.darkclockers.com
O1 - Hosts: 74.125.53.106 www2.gmer.net
O1 - Hosts: 74.125.53.106 ariefew.com
O1 - Hosts: 74.125.53.106 www.emsisoft.com
O1 - Hosts: 74.125.53.106 forum.romeonet.ro
O1 - Hosts: 74.125.53.106 www.Merijn.org
O1 - Hosts: 74.125.53.106 www.spywareinfo.com
O1 - Hosts: 74.125.53.106 www.spybot.info
O1 - Hosts: 74.125.53.106 www.viruslist.com
O1 - Hosts: 74.125.53.106 www.hijackthis.de
O1 - Hosts: 74.125.53.106 ftp.f-secure.com
O1 - Hosts: 74.125.53.106 forum.kaspersky.com
O1 - Hosts: 74.125.53.106 es.trendmicro-europe.com
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [MS Virtual CLS]C:\WINDOWS\system32\wmipxty.exe
O4 - HKLM\..\Run: [SBAMTray] C:\ProgramFiles\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)]"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Ncr3] C:\ProgramFiles\Panasonic\Ncr3\ncrcore3.exe
O4 - HKCU\..\Run: [Meebo Notifier] "C:\Documentsand Settings\User\Local Settings\ApplicationData\Meebo\Meebo Notifier\MeeboNotifier.exe"/startup
O4 - HKCU\..\Run: [MSConfig] C:\Documents andSettings\User\wpvq.exe \u
O4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documentsand Settings\NetworkService\loi.exe \u (User'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSConfig] C:\Documentsand Settings\NetworkService\loi.exe \u (User'DefaultO16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423}(pmjpegaudio Class) -http://192.168.10.253/JpegInst.cab
user')
O17 -HKLM\System\CCS\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.67203.82.64.41
O17 -HKLM\System\CS1\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.67203.82.64.41
O23 - Service: Remote Packet Capture Protocol v.0(experimental) (rpcapd) - CACE Technologies, Inc.- C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) -Sunbelt Software - C:\Program Files\SunbeltSoftware\CounterSpy\SBAMSvc.exe
O23 - Service: wampapache - Apache SoftwareFoundation -c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner -c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

Fix semua ni

banyak betul host file kena fixed....

TS x cuba scan dalam safe mode ker yg cakap MBAM xleh bukak tu?

nk wat camne?
br je format ari tu..
xkn nk gi format blk kot..
tension tol..
dh la tgh siapkan fyp..

dh ok dah sket..
bley tlg cek dh clean blom?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:45 AM, on 1/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.uthm.edu.my:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; 127.0.0.1; *.uthm.edu.my; 10.*.*.*;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://192.168.10.253/JpegInst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6159 bytes

C:\Program Files\Google\Update\GoogleUpdate.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
R1 -HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =proxy.uthm.edu.my:8080
R1 -HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1; *.uthm.edu.my; 10.*.*.*;
O4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documentsand Settings\NetworkService\loi.exe \u (User'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSConfig] C:\Documentsand Settings\NetworkService\loi.exe \u (User'Default user')
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423}(pmjpegaudio Class) -http://192.168.10.253/JpegInst.cab
O23 - Service: Google Update Service (gupdate)(gupdate) - Google Inc. - C:\ProgramFiles\Google\Update\GoogleUpdate.exe
O23 - Service: Remote Packet Capture Protocol v.0(experimental) (rpcapd) - CACE Technologies, Inc.- C:\Program Files\WinPcap\rpcapd.exe

Fix semua ni..reboot pasti ..win awk dah ok..

C:\Program Files\Google\Update\GoogleUpdate.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe

camne nk fixed yg ni?

semasa awk scan hijack ..akan kuar logfile kan..fix kat situ ler..just tick and fix it

yela..yg dua tu xde pon time nk tick tu..
apsal lepas fix google talk xley guna ek?

sbb original file tu dah infected..uninstall google talk tu guna revo..reboot ..then install semula..siap..