This topic is locked
Mình thấy các bạn nói rất nhiều về hịackthis .Mình cũng tải về nhưng không biết cách sử dụng mấy .Các bạn có thể chỉ rõ cách diệt viux trên phần mền này không?
Cảm ơn các bạn nhiều http://www.benhvient...tyle_emoticons/default/firefox5od9jq.gif
0
Hướng dẫn sử dụng Hijackthis. Giúp đỡ nhận biết virus = HiJackthis ^^
Started by kiwin, Apr 06 2008 02:12 PM
21 replies to this topic
#2
BAT1610
Reputation:
15
-
- Member BVTH
-
- 1,819 Bài viết:
Trung Úy
Posted 06 April 2008 - 02:22 PM
kiwin, on Apr 6 2008, 07:12 AM, said:
Mình thấy các bạn nói rất nhiều về hịackthis .Mình cũng tải về nhưng không biết cách sử dụng mấy .Các bạn có thể chỉ rõ cách diệt viux trên phần mền này không?
Cảm ơn các bạn nhiều http://www.benhvient...tyle_emoticons/default/firefox5od9jq.gif
Cảm ơn các bạn nhiều http://www.benhvient...tyle_emoticons/default/firefox5od9jq.gif
Cách dùng HijackThis
Đầu tiên, dỹ nhiên là chạy HijackThis rồi http://www.benhvient...tyle_emoticons/default/smile.gif
Sau đó thì chọn Do a system scan and save a logfile :
Sau khi scan xong sẽ dc file text, bạn sẽ xem cái nào đáng nghi ở trong đó. Nếu ko biết cách xem, bạn có thể upload file text đó lên diễn đàn, để mọi người xem giúp. :
Khi đã xác định được cái nào là virus rồi thì chọn nó, rồi click fix checked :
Chúc bạn thành công!
http://www.benhvient...tyle_emoticons/default/yociexp100.gif http://www.benhvient...tyle_emoticons/default/yociexp100.gif http://www.benhvient...tyle_emoticons/default/yociexp100.gif http://www.benhvient...tyle_emoticons/default/yociexp100.gif http://www.benhvient...tyle_emoticons/default/yociexp100.gif
Attached Images
#3
BAT1610
Reputation:
15
-
- Member BVTH
-
- 1,819 Bài viết:
Trung Úy
Posted 06 April 2008 - 04:37 PM
Tiện thể trong topic này, mình cũng nói luôn, nếu ai cần xác định virus thì vui lòng post log lên nhé (dưới 1 file text http://www.benhvient...tyle_emoticons/default/smile.gif), mọi người sẽ xem hộ và thảo luận về HiJackThis ở topic này luôn http://www.benhvient...tyle_emoticons/default/smile.gif
#4
muahang
Reputation:
0
-
- Member BVTH
-
- 11 Bài viết:
Tân Binh
Posted 06 April 2008 - 09:27 PM
Chẩn đoán bằng Hijack cũng khó lắm!
Thứ nhất là không chắc chắn đâu là Virus!
Thứ hai là các thao tác chỉnh sửa quá nguy hiểm! Không thể phục hồi!
Với các Process của virus quen tên thì làm được!
Thứ nhất là không chắc chắn đâu là Virus!
Thứ hai là các thao tác chỉnh sửa quá nguy hiểm! Không thể phục hồi!
Với các Process của virus quen tên thì làm được!
#5
kiwin
Reputation:
0
-
- Member BVTH
-
- 7 Bài viết:
Tân Binh
Posted 10 April 2008 - 04:47 PM
Cảm ơn các bạn nhiều .Nhưng mình có thể xác định những trương hợp và file của con viurut hay chạy trên mạy không
#6
taminfo
Reputation:
0
-
- Member BVTH
-
- 1 Bài viết:
Tân Binh
Posted 21 April 2008 - 06:46 PM
ai up phần mềm đó lên cho mình đi
thank you!
thank you!
#7
BAT1610
Reputation:
15
-
- Member BVTH
-
- 1,819 Bài viết:
Trung Úy
Posted 23 April 2008 - 06:25 PM
HijackThis :
Chúc bạn thành công!
http://www.benhvient...tyle_emoticons/default/yociexp100.gif http://www.benhvient...tyle_emoticons/default/yociexp100.gif http://www.benhvient...tyle_emoticons/default/yociexp100.gif http://www.benhvient...tyle_emoticons/default/yociexp100.gif http://www.benhvient...tyle_emoticons/default/yociexp100.gif
Chúc bạn thành công!
http://www.benhvient...tyle_emoticons/default/yociexp100.gif http://www.benhvient...tyle_emoticons/default/yociexp100.gif http://www.benhvient...tyle_emoticons/default/yociexp100.gif http://www.benhvient...tyle_emoticons/default/yociexp100.gif http://www.benhvient...tyle_emoticons/default/yociexp100.gif
#8
bác sĩ râu
Reputation:
18
-
- Member BVTH
-
- 682 Bài viết:
Trung Sĩ
Posted 23 April 2008 - 06:38 PM
AfterTheLoveHadGone, on Apr 6 2008, 04:37 PM, said:
Tiện thể trong topic này, mình cũng nói luôn, nếu ai cần xác định virus thì vui lòng post log lên nhé (dưới 1 file text http://www.benhvient...tyle_emoticons/default/smile.gif), mọi người sẽ xem hộ và thảo luận về HiJackThis ở topic này luôn http://www.benhvient...tyle_emoticons/default/smile.gif
Rất hay. Nên cần có chủ đề như vầy để anh em thảo luận.
#9
MinhTuan89
Reputation:
0
-
- Member BVTH
-
- 9 Bài viết:
Tân Binh
Posted 24 April 2008 - 01:45 AM
Đây là kết quả mình test thử các bạn xem giúp xem có vấn đề gì khả nghi không nhé http://www.benhvient...tyle_emoticons/default/firefox5od9jq.gif
Attached Files
-
hijackthis.rar 1.36K
159 downloads
—¤÷(`[¤* •ï¡÷¡ï•×÷•.•´¯`•)» ¶V¶r.¯¶¯µÄñ «(•´¯`•.•÷וï¡÷¡ï• *¤]´)÷¤—
#10
BAT1610
Reputation:
15
-
- Member BVTH
-
- 1,819 Bài viết:
Trung Úy
Posted 25 April 2008 - 11:24 AM
MinhTuan89, on Apr 23 2008, 07:45 PM, said:
Đây là kết quả mình test thử các bạn xem giúp xem có vấn đề gì khả nghi không nhé http://www.benhvient...tyle_emoticons/default/firefox5od9jq.gif
Đã test, theo như log đó thì máy bạn ko bị dính virus gì cả http://www.benhvient...tyle_emoticons/default/smile.gif
Post log cho mọi người cùng xem nè http://www.benhvient...tyle_emoticons/default/smile.gif
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Vinagame\Zing Chat\Zing.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Minh Tuan\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\svchost.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://forum.zing.vn/showthread.php?t=6111[/url]
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Zing Chat] C:\Program Files\Vinagame\Zing Chat\Zingme.exe /s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url]
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
#11
Devil X
Reputation:
5
-
- Member BVTH
-
- 1,159 Bài viết:
Thiếu Úy
- Gender: Bí mật
Posted 10 May 2008 - 08:59 AM
Logfile of HijackThis v1.99.1
Scan saved at 9:07:14 AM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Hornet\MntrHrnt.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\VisualTaskTips.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
F:\hack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [HornetMonitor] C:\Program Files\Common Files\Hornet\MntrHrnt.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe
O4 - HKLM\..\Run: [Visual] C:\WINDOWS\system32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\drive\vsdrv.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207927837078[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207927630437[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FCF1E8B-DBF1-49CD-BAD1-BC2C97B523C8}: NameServer = 203.113.131.1,203.113.131.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
thế này thì có con virut nào không nhỉ ???
#12
Gon91
Reputation:
0
-
- Member BVTH
-
- 3 Bài viết:
Tân Binh
Posted 11 May 2008 - 05:19 PM
Xem giùm em với
Logfile of HijackThis v1.99.1
Scan saved at 5:28:57 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dllcache\explorer.exe
C:\PROGRA~1\IEACCE~1\IEAccelerator.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\censtat.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\xdict.exe
C:\Documents and Settings\Net328\Local Settings\Temporary Internet Files\Content.IE5\CSCUS6JB\0[1].exe
C:\Documents and Settings\Net328\Local Settings\Temporary Internet Files\Content.IE5\CSCUS6JB\0[1].exe
D:\AppServ\Apache2.2\bin\httpd.exe
C:\WINDOWS\CTIServ.exe
C:\WINDOWS\SoundMan.exe
D:\AppServ\Apache2.2\bin\httpd.exe
D:\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\find.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\Microsoft\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\TDdownload\BHome1651.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\TDdownload\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://nhacso.net/
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: yxcsbhlp.dll - {25671234-7890-ABCD-CDEF-567801237652} - C:\WINDOWS\system32\yxcsbhlp.dll
O2 - BHO: mndscsrv.dll - {37FD640A-158F-48AC-FD14-1597F14A9773} - C:\WINDOWS\system32\mndscsrv.dll
O2 - BHO: (no name) - {398C9B84-4EF7-47B5-9862-DE29543B3C42} - (no file)
O2 - BHO: oohxbbyt.dll - {3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3} - C:\WINDOWS\system32\oohxbbyt.dll
O2 - BHO: mnmhcsrv.dll - {3C8D1401-A58D-A81C-CD24-A5915C4517C3} - C:\WINDOWS\system32\mnmhcsrv.dll
O2 - BHO: zptlbsys.dll - {40940F85-F015-14F1-A05F-F69858AC6D04} - C:\WINDOWS\system32\zptlbsys.dll
O2 - BHO: ypcqchlp.dll - {40AF1289-F140-A140-D012-C1458759FC04} - C:\WINDOWS\system32\ypcqchlp.dll
O2 - BHO: zywmdime.dll - {4319A1F1-9410-9654-3201-345FFA349134} - C:\WINDOWS\system32\zywmdime.dll
O2 - BHO: zxmsbwin.dll - {5A041F13-A111-12A3-B0CF-F99818AA68A5} - C:\WINDOWS\system32\zxmsbwin.dll
O2 - BHO: zyzxeime.dll - {5A59145F-315D-BC23-AC1F-145DF81A34A5} - C:\WINDOWS\system32\zyzxeime.dll
O2 - BHO: ypdjebmp.dll - {71954FAC-1023-154F-895A-1458258AD817} - C:\WINDOWS\system32\ypdjebmp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IE Accelerator] C:\PROGRA~1\IEACCE~1\IEAccelerator.exe /Auto
O4 - HKLM\..\Run: [KillPorn] D:\KillPorn\KillPorn.exe
O4 - HKLM\..\Run: [Gigaget] "D:\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [fmsiocps] C:\WINDOWS\fmsiocps.exe
O4 - HKLM\..\Run: [anistio] C:\WINDOWS\anistio.exE
O4 - HKLM\..\Run: [issms32] C:\WINDOWS\issms32.exe
O4 - HKLM\..\Run: [dionpis] C:\WINDOWS\dionpis.exe
O4 - HKLM\..\Run: [hefcndy] C:\WINDOWS\hefcndy.exe
O4 - HKLM\..\Run: [dbhlp32] C:\WINDOWS\dbhlp32.exe
O4 - HKLM\..\Run: [fmsjhif] C:\WINDOWS\fmsjhif.exe
O4 - HKLM\..\Run: [xlmdtbzw] C:\WINDOWS\ldbwibto.exe
O4 - HKLM\..\Run: [ptshell] C:\WINDOWS\ptshell.exe
O4 - HKLM\..\Run: [huifitc] C:\WINDOWS\huifitc.exe
O4 - HKLM\..\Run: [mfchlp64] C:\WINDOWS\mfchlp64.exe
O4 - HKLM\..\Run: [dndsioc] C:\WINDOWS\dndsioc.exe
O4 - HKLM\..\Run: [cinfonmc] C:\WINDOWS\cinfonmc.exe
O4 - HKLM\..\Run: [SoundMan] SoundMan.exe
O4 - HKLM\..\Run: [BkavFw] C:\Program Files\Bkav2006\Bkav2006.exe TASKBAR
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: censtat.exe
O4 - Global Startup: xdict.exe
O8 - Extra context menu item: &Download All by Gigaget - D:\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - D:\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: English<->Vietnamese - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: English<->Vietnamese - {0DC44B85-F904-0741-8EAE-A8CCC73AC982} - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm
O9 - Extra 'Tools' menuitem: English<->Vietnamese - {0DC44B85-F904-0741-8EAE-A8CCC73AC982} - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.bro.vn/com/EGamesPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{662EF261-6801-4F9F-A87B-47BBEE702739}: NameServer = 203.162.0.181,203.162.0.11
O20 - AppInit_DLLs: gfcfg.dll,drthte.dll,yjrfe.dll,uksuk.dll,thrtgth.dll,hujfgt.dll,rhdhj.dll,jmkcgt
.dll,hfther.dll,segtrgh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll
,
xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,ser
g
hjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll
,
xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.d
l
l,oqrthc.dll,gfhynrth.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,
y
dgn.dll,dbfb.dll,fjnbv.dll,rthderr.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkh
j
.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ekt
v
m.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hk
f
gh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghj
k
dr.dll,hnfgs.dll,
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Apache2.2 - Unknown owner - D:\AppServ\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: ctiserv - Centurion Technologies, Inc. - C:\WINDOWS\CTIServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\system32\interne.exe (file missing)
O23 - Service: mysql - Unknown owner - D:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 5:28:57 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dllcache\explorer.exe
C:\PROGRA~1\IEACCE~1\IEAccelerator.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\censtat.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\xdict.exe
C:\Documents and Settings\Net328\Local Settings\Temporary Internet Files\Content.IE5\CSCUS6JB\0[1].exe
C:\Documents and Settings\Net328\Local Settings\Temporary Internet Files\Content.IE5\CSCUS6JB\0[1].exe
D:\AppServ\Apache2.2\bin\httpd.exe
C:\WINDOWS\CTIServ.exe
C:\WINDOWS\SoundMan.exe
D:\AppServ\Apache2.2\bin\httpd.exe
D:\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\find.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\Microsoft\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\TDdownload\BHome1651.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\TDdownload\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://nhacso.net/
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: yxcsbhlp.dll - {25671234-7890-ABCD-CDEF-567801237652} - C:\WINDOWS\system32\yxcsbhlp.dll
O2 - BHO: mndscsrv.dll - {37FD640A-158F-48AC-FD14-1597F14A9773} - C:\WINDOWS\system32\mndscsrv.dll
O2 - BHO: (no name) - {398C9B84-4EF7-47B5-9862-DE29543B3C42} - (no file)
O2 - BHO: oohxbbyt.dll - {3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3} - C:\WINDOWS\system32\oohxbbyt.dll
O2 - BHO: mnmhcsrv.dll - {3C8D1401-A58D-A81C-CD24-A5915C4517C3} - C:\WINDOWS\system32\mnmhcsrv.dll
O2 - BHO: zptlbsys.dll - {40940F85-F015-14F1-A05F-F69858AC6D04} - C:\WINDOWS\system32\zptlbsys.dll
O2 - BHO: ypcqchlp.dll - {40AF1289-F140-A140-D012-C1458759FC04} - C:\WINDOWS\system32\ypcqchlp.dll
O2 - BHO: zywmdime.dll - {4319A1F1-9410-9654-3201-345FFA349134} - C:\WINDOWS\system32\zywmdime.dll
O2 - BHO: zxmsbwin.dll - {5A041F13-A111-12A3-B0CF-F99818AA68A5} - C:\WINDOWS\system32\zxmsbwin.dll
O2 - BHO: zyzxeime.dll - {5A59145F-315D-BC23-AC1F-145DF81A34A5} - C:\WINDOWS\system32\zyzxeime.dll
O2 - BHO: ypdjebmp.dll - {71954FAC-1023-154F-895A-1458258AD817} - C:\WINDOWS\system32\ypdjebmp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IE Accelerator] C:\PROGRA~1\IEACCE~1\IEAccelerator.exe /Auto
O4 - HKLM\..\Run: [KillPorn] D:\KillPorn\KillPorn.exe
O4 - HKLM\..\Run: [Gigaget] "D:\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [fmsiocps] C:\WINDOWS\fmsiocps.exe
O4 - HKLM\..\Run: [anistio] C:\WINDOWS\anistio.exE
O4 - HKLM\..\Run: [issms32] C:\WINDOWS\issms32.exe
O4 - HKLM\..\Run: [dionpis] C:\WINDOWS\dionpis.exe
O4 - HKLM\..\Run: [hefcndy] C:\WINDOWS\hefcndy.exe
O4 - HKLM\..\Run: [dbhlp32] C:\WINDOWS\dbhlp32.exe
O4 - HKLM\..\Run: [fmsjhif] C:\WINDOWS\fmsjhif.exe
O4 - HKLM\..\Run: [xlmdtbzw] C:\WINDOWS\ldbwibto.exe
O4 - HKLM\..\Run: [ptshell] C:\WINDOWS\ptshell.exe
O4 - HKLM\..\Run: [huifitc] C:\WINDOWS\huifitc.exe
O4 - HKLM\..\Run: [mfchlp64] C:\WINDOWS\mfchlp64.exe
O4 - HKLM\..\Run: [dndsioc] C:\WINDOWS\dndsioc.exe
O4 - HKLM\..\Run: [cinfonmc] C:\WINDOWS\cinfonmc.exe
O4 - HKLM\..\Run: [SoundMan] SoundMan.exe
O4 - HKLM\..\Run: [BkavFw] C:\Program Files\Bkav2006\Bkav2006.exe TASKBAR
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: censtat.exe
O4 - Global Startup: xdict.exe
O8 - Extra context menu item: &Download All by Gigaget - D:\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - D:\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: English<->Vietnamese - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: English<->Vietnamese - {0DC44B85-F904-0741-8EAE-A8CCC73AC982} - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm
O9 - Extra 'Tools' menuitem: English<->Vietnamese - {0DC44B85-F904-0741-8EAE-A8CCC73AC982} - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.bro.vn/com/EGamesPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{662EF261-6801-4F9F-A87B-47BBEE702739}: NameServer = 203.162.0.181,203.162.0.11
O20 - AppInit_DLLs: gfcfg.dll,drthte.dll,yjrfe.dll,uksuk.dll,thrtgth.dll,hujfgt.dll,rhdhj.dll,jmkcgt
.dll,hfther.dll,segtrgh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll
,
xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,ser
g
hjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll
,
xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.d
l
l,oqrthc.dll,gfhynrth.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,
y
dgn.dll,dbfb.dll,fjnbv.dll,rthderr.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkh
j
.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ekt
v
m.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hk
f
gh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghj
k
dr.dll,hnfgs.dll,
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Apache2.2 - Unknown owner - D:\AppServ\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: ctiserv - Centurion Technologies, Inc. - C:\WINDOWS\CTIServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\system32\interne.exe (file missing)
O23 - Service: mysql - Unknown owner - D:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
#13
Humoristvn
Reputation:
113
-
- Trưởng khoa
-
- 1,109 Bài viết:
Binh bét
- Gender: Nam
- Location Thủ đô gió ngàn
Posted 14 May 2008 - 08:27 AM
File log này đáng sợ luôn:
xdict.exe
và nhiều File khác rất đáng ngờ (Nó là virus thì phải)
BHO của bạn thì quá nhiều dll lạ mắt. bạn nên Fix check hết các BHO đó, chỉ nên để lại GigagetIEHelper, Google Toolbar nếu bạn cần.
Đây là các đối tượng hỗ trợ cho trình duyệt. BHO= Brows Help Object
Thú thực là cái hijackthis của merjin trước đây thì còn hay.
Bây giờ nó hiển thị các chức năng rất khó đoán nhận.
Đơn giản đó là Process nào là Parent của prcess nào nó cũng không cho biết.
Điều này Process Explorer làm rất tốt, nó hiển thị theo dạng cây.
Ví dụ: Để kill con Goback thì chỉ cần chọn Kill tree vào Process có tên là AutoCHL.exe, tự khắc 2 thằng con chết theo.
Tuy nhiên, hijackthis có ưu điểm là nó tạo file log để thuận tiện mang đi hỏi những người biết.
xdict.exe
và nhiều File khác rất đáng ngờ (Nó là virus thì phải)
BHO của bạn thì quá nhiều dll lạ mắt. bạn nên Fix check hết các BHO đó, chỉ nên để lại GigagetIEHelper, Google Toolbar nếu bạn cần.
Đây là các đối tượng hỗ trợ cho trình duyệt. BHO= Brows Help Object
Thú thực là cái hijackthis của merjin trước đây thì còn hay.
Bây giờ nó hiển thị các chức năng rất khó đoán nhận.
Đơn giản đó là Process nào là Parent của prcess nào nó cũng không cho biết.
Điều này Process Explorer làm rất tốt, nó hiển thị theo dạng cây.
Ví dụ: Để kill con Goback thì chỉ cần chọn Kill tree vào Process có tên là AutoCHL.exe, tự khắc 2 thằng con chết theo.
Tuy nhiên, hijackthis có ưu điểm là nó tạo file log để thuận tiện mang đi hỏi những người biết.
.. đã có không biết bao nhiêu là tình yêu giả. Cái giả mà rất thật trong đời. Sự giả trá đó lúc biết được thì làm khổ lòng nhau biết bao nhiêu mà kể. Người giả, người thật nhìn nhau lúc bấy giờ ngỡ ngàng không biết thế nào nói được. Người thật thì nằm bệnh, người giả thì nói, cười huyên thuyên. Ðời sống vốn không bất công. Người giả trong tình yêu thế nào cũng thiệt. Người thật thế nào cũng được đền bù.
#14
Tran Quang Ha
Reputation:
12
-
- Member BVTH
-
- 405 Bài viết:
Hạ Sĩ
- Gender: Bí mật
Posted 15 May 2008 - 10:45 PM
Mong moi người kiểm tra máy tính hộ mình với. Xin cảm ơn trước.
Logfile của mình đây:
Logfile of HijackThis v1.99.1
Scan saved at 10:53:19 PM, on 5/15/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Cai dat\Portable FirefoxPortable\FirefoxPortable.exe
C:\Cai dat\Portable FirefoxPortable\App\firefox\firefox.exe
C:\Cai dat\UniKey\UniKeyNT.exe
F:\Portable Antivirus\Antivirus 1\HiJack This 1.99\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Ashampoo AntiSpyWare 2 Guard] H:\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Pictures - {C7486E80-B111-4768-995E-23CF307346FC} - C:\Program Files\UnH Solutions\Flash and Pics Control\FPCButton.dll (HKCU)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Logfile của mình đây:
Logfile of HijackThis v1.99.1
Scan saved at 10:53:19 PM, on 5/15/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Cai dat\Portable FirefoxPortable\FirefoxPortable.exe
C:\Cai dat\Portable FirefoxPortable\App\firefox\firefox.exe
C:\Cai dat\UniKey\UniKeyNT.exe
F:\Portable Antivirus\Antivirus 1\HiJack This 1.99\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Ashampoo AntiSpyWare 2 Guard] H:\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Pictures - {C7486E80-B111-4768-995E-23CF307346FC} - C:\Program Files\UnH Solutions\Flash and Pics Control\FPCButton.dll (HKCU)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Do your best, the rest will come!
Destop: Windows 7 Enterpise x86 + Bkav Internet Security 2011
Laptop: Windows 7 Enterpise x64 + Kaspersky Endpoint Security 8 for Win.
#15
Humoristvn
Reputation:
113
-
- Trưởng khoa
-
- 1,109 Bài viết:
Binh bét
- Gender: Nam
- Location Thủ đô gió ngàn
Posted 16 May 2008 - 10:50 AM
Xem cả File log của bạn chỉ nghi ngờ 1 tên:
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
Và cái BHO của nó, humor không rõ nó là cái gì nhưng việc chạy nó thường xuyên với trình duyệt là không cần thiết lắm.
Bạn có thể bỏ đi!
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
Và cái BHO của nó, humor không rõ nó là cái gì nhưng việc chạy nó thường xuyên với trình duyệt là không cần thiết lắm.
Bạn có thể bỏ đi!
.. đã có không biết bao nhiêu là tình yêu giả. Cái giả mà rất thật trong đời. Sự giả trá đó lúc biết được thì làm khổ lòng nhau biết bao nhiêu mà kể. Người giả, người thật nhìn nhau lúc bấy giờ ngỡ ngàng không biết thế nào nói được. Người thật thì nằm bệnh, người giả thì nói, cười huyên thuyên. Ðời sống vốn không bất công. Người giả trong tình yêu thế nào cũng thiệt. Người thật thế nào cũng được đền bù.
#16
herokyo
Reputation:
0
-
- Member BVTH
-
- 15 Bài viết:
Tân Binh
Posted 18 May 2008 - 08:50 PM
Để biết cái nào là Virus cái nào là An toàn các bạn vào trang www.hijackthis.de
Phần còn lại bạn tự tìm hiểu.
Phần còn lại bạn tự tìm hiểu.
[img]http://http://i123.photobucket.com/albums/o316/herokyo/s_chunli.jpg[/img]
#17
Tran Quang Ha
Reputation:
12
-
- Member BVTH
-
- 405 Bài viết:
Hạ Sĩ
- Gender: Bí mật
Posted 18 May 2008 - 09:05 PM
humoristvn, on May 16 2008, 10:50 AM, said:
Xem cả File log của bạn chỉ nghi ngờ 1 tên:
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
Và cái BHO của nó, humor không rõ nó là cái gì nhưng việc chạy nó thường xuyên với trình duyệt là không cần thiết lắm.
Bạn có thể bỏ đi!
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
Và cái BHO của nó, humor không rõ nó là cái gì nhưng việc chạy nó thường xuyên với trình duyệt là không cần thiết lắm.
Bạn có thể bỏ đi!
Cảm ơn bạn!
SiteAdvisor là phần mềm kiểm tra trang Web của McAfee, Mình cài để kiểm tra một trang Web có sạch không trước khi định ghé thăm trang đó thôi mà.
Do your best, the rest will come!
Destop: Windows 7 Enterpise x86 + Bkav Internet Security 2011
Laptop: Windows 7 Enterpise x64 + Kaspersky Endpoint Security 8 for Win.
#18
quanglehuynh
Reputation:
0
-
- Member BVTH
-
- 13 Bài viết:
Tân Binh
Posted 31 May 2008 - 07:35 PM
xin coi giúp mình có virus nào không , cám ơn trước
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:06 PM, on 31-May-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\UniKey\UniKeyNT.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.internetd...om/welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer-Designed by Pham Duy Anh
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Vietkey] C:\Vietkey\vknt.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [UniKey] C:\Program Files\UniKey\UniKeyNT.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
--
End of file - 5333 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:06 PM, on 31-May-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\UniKey\UniKeyNT.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.internetd...om/welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer-Designed by Pham Duy Anh
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Vietkey] C:\Vietkey\vknt.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [UniKey] C:\Program Files\UniKey\UniKeyNT.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
--
End of file - 5333 bytes
#19
ChuNet
Reputation:
0
-
- Member BVTH
-
- 28 Bài viết:
Tân Binh
Posted 03 June 2008 - 01:50 PM
C:\Documents and Settings\CUBA\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [tciocp64] C:\WINDOWS\tciocp64.exe
O4 - HKLM\..\Run: [ngicufnt] C:\WINDOWS\gcftczzp.exe
O4 - HKLM\..\Run: [huifitc] C:\WINDOWS\huifitc.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BkavFw] C:\Program Files\Bkav2006\Bkav2006.exe TASKBAR
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB9EED4D-B728-4DC3-8147-2B1664757A57}: NameServer = 203.162.0.181
O17 - HKLM\System\CCS\Services\Tcpip\..\{E23FC4D4-1138-4F49-A711-29A6748A0D25}: NameServer = 203.162.0.181,203.162.4.190
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: msosmhfp00.dll,msosdohs00.dll,nicozftp00.dll,msoscqit00.dll,msosmnsf00.dll,msosf
msq00.dll,msosjtio00.dll,msosdrop00.dll,msosping00.dll,avgrsstx.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
--
End of file - 5420 bytes
Thế nài có bao nhiu con virut mấy bác
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [tciocp64] C:\WINDOWS\tciocp64.exe
O4 - HKLM\..\Run: [ngicufnt] C:\WINDOWS\gcftczzp.exe
O4 - HKLM\..\Run: [huifitc] C:\WINDOWS\huifitc.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BkavFw] C:\Program Files\Bkav2006\Bkav2006.exe TASKBAR
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB9EED4D-B728-4DC3-8147-2B1664757A57}: NameServer = 203.162.0.181
O17 - HKLM\System\CCS\Services\Tcpip\..\{E23FC4D4-1138-4F49-A711-29A6748A0D25}: NameServer = 203.162.0.181,203.162.4.190
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: msosmhfp00.dll,msosdohs00.dll,nicozftp00.dll,msoscqit00.dll,msosmnsf00.dll,msosf
msq00.dll,msosjtio00.dll,msosdrop00.dll,msosping00.dll,avgrsstx.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
--
End of file - 5420 bytes
Thế nài có bao nhiu con virut mấy bác
#20
Tran Quang Ha
Reputation:
12
-
- Member BVTH
-
- 405 Bài viết:
Hạ Sĩ
- Gender: Bí mật
Posted 03 June 2008 - 10:34 PM
Máy của mình bị nhiễm một tên Virus có chức năng sinh môt folder con trùng tên với Folder có sẵn trong máy nhưng có đuôi mở rộng là exe. Nó tạo processes các file:
Fun.exe,
dc.exe,
SVIQ.exe
Mình tìm thấy file gốc nằm trong
C:\ Windows\ SVIQ.exe
C:\ Windows\ dc.exe,
C:\ Windows\ system\Fun.exe
Nhưng không thể xóa đi được
Mình dùng KIS 7, Portable NOD32, Portable Avira 8, Ashampoo AntiSpyWare 2, PortableClamWin, Portable AVG spy mà không diệt được ( Tất cả các chương trình diệt Virus và SpyWare đều được cập nhật đến ngày hôm nay 2-6-08)
Đây là log do HijackThis tạo ra.
Logfile of HijackThis v1.99.1
Scan saved at 5:22:48 PM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Vietkey\vknt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\SVIQ.EXE
C:\WINDOWS\system\Fun.exe
C:\WINDOWS\dc.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Tran Quang Ha\Dong goi Portable\Portable Antivirus AIO2 (Ha).exe
C:\DOCUME~1\COMPAQ\LOCALS~1\Temp\ir_ext_temp_2\autorun.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\portable\HijackThis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\WinSit.exe
F3 - REG:win.ini: load=C:\WINDOWS\inf\Other.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\config\Win.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Vietkey] C:\Program Files\Vietkey\vknt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [USB Safely Remove] D:\Tran Quang Ha\USB S@fely Remove Port@ble_ispace.edu.vn(thoat USB)\USB S@fely Remove Port@ble_ispace.edu.vn\Appdata\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [dc2k5] C:\WINDOWS\SVIQ.EXE
O4 - HKCU\..\Run: [Fun] C:\WINDOWS\system\Fun.exe
O4 - HKCU\..\Run: [dc] C:\WINDOWS\dc.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\imon.dll' missing
O20 - AppInit_DLLs: ice_time.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVP - Unknown owner - D:\Tran Quang Ha\Cap nhat KIS\Portable kas\avp.exe" -r (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Rất mong mọi người giúp đỡ. Cảm ơn nhiều.
Fun.exe,
dc.exe,
SVIQ.exe
Mình tìm thấy file gốc nằm trong
C:\ Windows\ SVIQ.exe
C:\ Windows\ dc.exe,
C:\ Windows\ system\Fun.exe
Nhưng không thể xóa đi được
Mình dùng KIS 7, Portable NOD32, Portable Avira 8, Ashampoo AntiSpyWare 2, PortableClamWin, Portable AVG spy mà không diệt được ( Tất cả các chương trình diệt Virus và SpyWare đều được cập nhật đến ngày hôm nay 2-6-08)
Đây là log do HijackThis tạo ra.
Logfile of HijackThis v1.99.1
Scan saved at 5:22:48 PM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Vietkey\vknt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\SVIQ.EXE
C:\WINDOWS\system\Fun.exe
C:\WINDOWS\dc.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Tran Quang Ha\Dong goi Portable\Portable Antivirus AIO2 (Ha).exe
C:\DOCUME~1\COMPAQ\LOCALS~1\Temp\ir_ext_temp_2\autorun.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\portable\HijackThis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\WinSit.exe
F3 - REG:win.ini: load=C:\WINDOWS\inf\Other.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\config\Win.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Vietkey] C:\Program Files\Vietkey\vknt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [USB Safely Remove] D:\Tran Quang Ha\USB S@fely Remove Port@ble_ispace.edu.vn(thoat USB)\USB S@fely Remove Port@ble_ispace.edu.vn\Appdata\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [dc2k5] C:\WINDOWS\SVIQ.EXE
O4 - HKCU\..\Run: [Fun] C:\WINDOWS\system\Fun.exe
O4 - HKCU\..\Run: [dc] C:\WINDOWS\dc.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\imon.dll' missing
O20 - AppInit_DLLs: ice_time.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVP - Unknown owner - D:\Tran Quang Ha\Cap nhat KIS\Portable kas\avp.exe" -r (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Rất mong mọi người giúp đỡ. Cảm ơn nhiều.
Do your best, the rest will come!
Destop: Windows 7 Enterpise x86 + Bkav Internet Security 2011
Laptop: Windows 7 Enterpise x64 + Kaspersky Endpoint Security 8 for Win.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
