hijakcthis pon xberapa leh buka..
malwarebyte langsung la xleh..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:29 AM, on 1/16/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Panasonic\Ncr3\ncrcore3.exe
C:\Documents and Settings\User\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Panasonic\Ncr3\Ncrwd.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.10.253/
O1 - Hosts: 74.125.53.106 msnfix.changelog.fr
O1 - Hosts: 74.125.53.106 www.incodesolutions.com
O1 - Hosts: 74.125.53.106 virusinfo.prevx.com
O1 - Hosts: 74.125.53.106 download.bleepingcomputer.com
O1 - Hosts: 74.125.53.106 www.dazhizhu.cn
O1 - Hosts: 74.125.53.106 foro.noticias3d.com
O1 - Hosts: 74.125.53.106 www.spybotupdates.com
O1 - Hosts: 74.125.53.106 club.myce.com
O1 - Hosts: 74.125.53.106 www.k7computing.com
O1 - Hosts: 74.125.53.106 www.nabble.com
O1 - Hosts: 74.125.53.106 lurker.clamav.net
O1 - Hosts: 74.125.53.106 lexikon.ikarus.at
O1 - Hosts: 74.125.53.106 research.sunbelt-software.com
O1 - Hosts: 74.125.53.106 www.virusdoctor.jp
O1 - Hosts: 74.125.53.106 www.elitepvpers.de
O1 - Hosts: 74.125.53.106 guru.avg.com
O1 - Hosts: 74.125.53.106 downloads.sophos.com
O1 - Hosts: 74.125.53.106 share.skype.com
O1 - Hosts: 74.125.53.106 myantispyware.com
O1 - Hosts: 74.125.53.106 www.superuser.co.kr
O1 - Hosts: 74.125.53.106 ntfaq.co.kr
O1 - Hosts: 74.125.53.106 v.dreamwiz.com
O1 - Hosts: 74.125.53.106 cit.kookmin.ac.kr
O1 - Hosts: 74.125.53.106 forums.whatthetech.com
O1 - Hosts: 74.125.53.106 forum.hijackthis.de
O1 - Hosts: 74.125.53.106 avg.vo.llnwd.net
O1 - Hosts: 74.125.53.106 ftp.drweb.com
O1 - Hosts: 74.125.53.106 www.zonealarm.com
O1 - Hosts: 74.125.53.106 smadaver.com
O1 - Hosts: 74.125.53.106 support.emsisoft.com
O1 - Hosts: 74.125.53.106 www.huaifai.go.th
O1 - Hosts: 74.125.53.106 www.mostz.com
O1 - Hosts: 74.125.53.106 www.krupunmai.com
O1 - Hosts: 74.125.53.106 www.cddchiangmai.net
O1 - Hosts: 74.125.53.106 forum.malekal.com
O1 - Hosts: 74.125.53.106 tech.pantip.com
O1 - Hosts: 74.125.53.106 sapcupgrades.com
O1 - Hosts: 74.125.53.106 www.elguruinformatico.com
O1 - Hosts: 74.125.53.106 forums.avg.com
O1 - Hosts: 74.125.53.106 zastita.com
O1 - Hosts: 74.125.53.106 support.kaspersky.com
O1 - Hosts: 74.125.53.106 www.247fixes.com
O1 - Hosts: 74.125.53.106 forum.sysinternals.com
O1 - Hosts: 74.125.53.106 forum.telecharger.01net.com
O1 - Hosts: 74.125.53.106 sophos.com
O1 - Hosts: 74.125.53.106 foros.softonic.com
O1 - Hosts: 74.125.53.106 avast-home.uptodown.com
O1 - Hosts: 74.125.53.106 dr-web-cureit.softonic.com
O1 - Hosts: 74.125.53.106 heavenward.ru
O1 - Hosts: 74.125.53.106 forum.smadav.net
O1 - Hosts: 74.125.53.106 www.forum.kaspersky.com
O1 - Hosts: 74.125.53.106 www.f-secure.com
O1 - Hosts: 74.125.53.106 www.chkrootkit.org
O1 - Hosts: 74.125.53.106 diamondcs.com.au
O1 - Hosts: 74.125.53.106 www.rootkit.nl
O1 - Hosts: 74.125.53.106 www.sysinternals.com
O1 - Hosts: 74.125.53.106 z-oleg.com
O1 - Hosts: 74.125.53.106 espanol.dir.groups.yahoo.com
O1 - Hosts: 74.125.53.106 ftp01net.telechargement.fr
O1 - Hosts: 74.125.53.106 modelayu.com
O1 - Hosts: 74.125.53.106 vaksin.com
O1 - Hosts: 74.125.53.106 bbs.kaspersky.com.cn
O1 - Hosts: 74.125.53.106 www.castlecrops.com
O1 - Hosts: 74.125.53.106 www.misec.net
O1 - Hosts: 74.125.53.106 safecomputing.umn.edu
O1 - Hosts: 74.125.53.106 www.antirootkit.com
O1 - Hosts: 74.125.53.106 www.greatis.com
O1 - Hosts: 74.125.53.106 ar.answers.yahoo.com
O1 - Hosts: 74.125.53.106 www.elhacker.org
O1 - Hosts: 74.125.53.106 research.pandasecurity.com
O1 - Hosts: 74.125.53.106 www.tpu.ro
O1 - Hosts: 74.125.53.106 www.pinoyden.com
O1 - Hosts: 74.125.53.106 www.rootkit.com
O1 - Hosts: 74.125.53.106 www.pctools.com
O1 - Hosts: 74.125.53.106 www.pcsupportadvisor.com
O1 - Hosts: 74.125.53.106 www.resplendence.com
O1 - Hosts: 74.125.53.106 www.personal.psu.edu
O1 - Hosts: 74.125.53.106 foro.ethek.com
O1 - Hosts: 74.125.53.106 foro.elhacker.net
O1 - Hosts: 74.125.53.106 download.zonealarm.com
O1 - Hosts: 74.125.53.106 spywarehammer.com
O1 - Hosts: 74.125.53.106 www.codelain.com
O1 - Hosts: 74.125.53.106 vil.nail.com
O1 - Hosts: 74.125.53.106 search.mcafee.com
O1 - Hosts: 74.125.53.106 wwww.mcafee.com
O1 - Hosts: 74.125.53.106 download.nai.com
O1 - Hosts: 74.125.53.106 wwww.experts-exchange.com
O1 - Hosts: 74.125.53.106 www.bakunos.com
O1 - Hosts: 74.125.53.106 www.darkclockers.com
O1 - Hosts: 74.125.53.106 www2.gmer.net
O1 - Hosts: 74.125.53.106 ariefew.com
O1 - Hosts: 74.125.53.106 www.emsisoft.com
O1 - Hosts: 74.125.53.106 forum.romeonet.ro
O1 - Hosts: 74.125.53.106 www.Merijn.org
O1 - Hosts: 74.125.53.106 www.spywareinfo.com
O1 - Hosts: 74.125.53.106 www.spybot.info
O1 - Hosts: 74.125.53.106 www.viruslist.com
O1 - Hosts: 74.125.53.106 www.hijackthis.de
O1 - Hosts: 74.125.53.106 ftp.f-secure.com
O1 - Hosts: 74.125.53.106 forum.kaspersky.com
O1 - Hosts: 74.125.53.106 es.trendmicro-europe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [MS Virtual CLS] C:\WINDOWS\system32\wmipxty.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Ncr3] C:\Program Files\Panasonic\Ncr3\ncrcore3.exe
O4 - HKCU\..\Run: [Meebo Notifier] "C:\Documents and Settings\User\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\User\wpvq.exe \u
O4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://192.168.10.253/JpegInst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.67 203.82.64.41
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.67 203.82.64.41
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
--
End of file - 11470 bytes
malwarebyte langsung la xleh..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:29 AM, on 1/16/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Panasonic\Ncr3\ncrcore3.exe
C:\Documents and Settings\User\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Panasonic\Ncr3\Ncrwd.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.10.253/
O1 - Hosts: 74.125.53.106 msnfix.changelog.fr
O1 - Hosts: 74.125.53.106 www.incodesolutions.com
O1 - Hosts: 74.125.53.106 virusinfo.prevx.com
O1 - Hosts: 74.125.53.106 download.bleepingcomputer.com
O1 - Hosts: 74.125.53.106 www.dazhizhu.cn
O1 - Hosts: 74.125.53.106 foro.noticias3d.com
O1 - Hosts: 74.125.53.106 www.spybotupdates.com
O1 - Hosts: 74.125.53.106 club.myce.com
O1 - Hosts: 74.125.53.106 www.k7computing.com
O1 - Hosts: 74.125.53.106 www.nabble.com
O1 - Hosts: 74.125.53.106 lurker.clamav.net
O1 - Hosts: 74.125.53.106 lexikon.ikarus.at
O1 - Hosts: 74.125.53.106 research.sunbelt-software.com
O1 - Hosts: 74.125.53.106 www.virusdoctor.jp
O1 - Hosts: 74.125.53.106 www.elitepvpers.de
O1 - Hosts: 74.125.53.106 guru.avg.com
O1 - Hosts: 74.125.53.106 downloads.sophos.com
O1 - Hosts: 74.125.53.106 share.skype.com
O1 - Hosts: 74.125.53.106 myantispyware.com
O1 - Hosts: 74.125.53.106 www.superuser.co.kr
O1 - Hosts: 74.125.53.106 ntfaq.co.kr
O1 - Hosts: 74.125.53.106 v.dreamwiz.com
O1 - Hosts: 74.125.53.106 cit.kookmin.ac.kr
O1 - Hosts: 74.125.53.106 forums.whatthetech.com
O1 - Hosts: 74.125.53.106 forum.hijackthis.de
O1 - Hosts: 74.125.53.106 avg.vo.llnwd.net
O1 - Hosts: 74.125.53.106 ftp.drweb.com
O1 - Hosts: 74.125.53.106 www.zonealarm.com
O1 - Hosts: 74.125.53.106 smadaver.com
O1 - Hosts: 74.125.53.106 support.emsisoft.com
O1 - Hosts: 74.125.53.106 www.huaifai.go.th
O1 - Hosts: 74.125.53.106 www.mostz.com
O1 - Hosts: 74.125.53.106 www.krupunmai.com
O1 - Hosts: 74.125.53.106 www.cddchiangmai.net
O1 - Hosts: 74.125.53.106 forum.malekal.com
O1 - Hosts: 74.125.53.106 tech.pantip.com
O1 - Hosts: 74.125.53.106 sapcupgrades.com
O1 - Hosts: 74.125.53.106 www.elguruinformatico.com
O1 - Hosts: 74.125.53.106 forums.avg.com
O1 - Hosts: 74.125.53.106 zastita.com
O1 - Hosts: 74.125.53.106 support.kaspersky.com
O1 - Hosts: 74.125.53.106 www.247fixes.com
O1 - Hosts: 74.125.53.106 forum.sysinternals.com
O1 - Hosts: 74.125.53.106 forum.telecharger.01net.com
O1 - Hosts: 74.125.53.106 sophos.com
O1 - Hosts: 74.125.53.106 foros.softonic.com
O1 - Hosts: 74.125.53.106 avast-home.uptodown.com
O1 - Hosts: 74.125.53.106 dr-web-cureit.softonic.com
O1 - Hosts: 74.125.53.106 heavenward.ru
O1 - Hosts: 74.125.53.106 forum.smadav.net
O1 - Hosts: 74.125.53.106 www.forum.kaspersky.com
O1 - Hosts: 74.125.53.106 www.f-secure.com
O1 - Hosts: 74.125.53.106 www.chkrootkit.org
O1 - Hosts: 74.125.53.106 diamondcs.com.au
O1 - Hosts: 74.125.53.106 www.rootkit.nl
O1 - Hosts: 74.125.53.106 www.sysinternals.com
O1 - Hosts: 74.125.53.106 z-oleg.com
O1 - Hosts: 74.125.53.106 espanol.dir.groups.yahoo.com
O1 - Hosts: 74.125.53.106 ftp01net.telechargement.fr
O1 - Hosts: 74.125.53.106 modelayu.com
O1 - Hosts: 74.125.53.106 vaksin.com
O1 - Hosts: 74.125.53.106 bbs.kaspersky.com.cn
O1 - Hosts: 74.125.53.106 www.castlecrops.com
O1 - Hosts: 74.125.53.106 www.misec.net
O1 - Hosts: 74.125.53.106 safecomputing.umn.edu
O1 - Hosts: 74.125.53.106 www.antirootkit.com
O1 - Hosts: 74.125.53.106 www.greatis.com
O1 - Hosts: 74.125.53.106 ar.answers.yahoo.com
O1 - Hosts: 74.125.53.106 www.elhacker.org
O1 - Hosts: 74.125.53.106 research.pandasecurity.com
O1 - Hosts: 74.125.53.106 www.tpu.ro
O1 - Hosts: 74.125.53.106 www.pinoyden.com
O1 - Hosts: 74.125.53.106 www.rootkit.com
O1 - Hosts: 74.125.53.106 www.pctools.com
O1 - Hosts: 74.125.53.106 www.pcsupportadvisor.com
O1 - Hosts: 74.125.53.106 www.resplendence.com
O1 - Hosts: 74.125.53.106 www.personal.psu.edu
O1 - Hosts: 74.125.53.106 foro.ethek.com
O1 - Hosts: 74.125.53.106 foro.elhacker.net
O1 - Hosts: 74.125.53.106 download.zonealarm.com
O1 - Hosts: 74.125.53.106 spywarehammer.com
O1 - Hosts: 74.125.53.106 www.codelain.com
O1 - Hosts: 74.125.53.106 vil.nail.com
O1 - Hosts: 74.125.53.106 search.mcafee.com
O1 - Hosts: 74.125.53.106 wwww.mcafee.com
O1 - Hosts: 74.125.53.106 download.nai.com
O1 - Hosts: 74.125.53.106 wwww.experts-exchange.com
O1 - Hosts: 74.125.53.106 www.bakunos.com
O1 - Hosts: 74.125.53.106 www.darkclockers.com
O1 - Hosts: 74.125.53.106 www2.gmer.net
O1 - Hosts: 74.125.53.106 ariefew.com
O1 - Hosts: 74.125.53.106 www.emsisoft.com
O1 - Hosts: 74.125.53.106 forum.romeonet.ro
O1 - Hosts: 74.125.53.106 www.Merijn.org
O1 - Hosts: 74.125.53.106 www.spywareinfo.com
O1 - Hosts: 74.125.53.106 www.spybot.info
O1 - Hosts: 74.125.53.106 www.viruslist.com
O1 - Hosts: 74.125.53.106 www.hijackthis.de
O1 - Hosts: 74.125.53.106 ftp.f-secure.com
O1 - Hosts: 74.125.53.106 forum.kaspersky.com
O1 - Hosts: 74.125.53.106 es.trendmicro-europe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [MS Virtual CLS] C:\WINDOWS\system32\wmipxty.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Ncr3] C:\Program Files\Panasonic\Ncr3\ncrcore3.exe
O4 - HKCU\..\Run: [Meebo Notifier] "C:\Documents and Settings\User\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\User\wpvq.exe \u
O4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\loi.exe \u (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://192.168.10.253/JpegInst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.67 203.82.64.41
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A8CF71D-EDB8-405B-AC6C-0FC6B96DED59}: NameServer = 203.82.64.67 203.82.64.41
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
--
End of file - 11470 bytes