Hướng dẫn sử dụng Hijackthis. Giúp đỡ nhận biết virus = HiJackthis ^^

**nguyenuyen** · 05-11-2008, 12:19 PM

Xem giùm em với

Logfile of HijackThis v1.99.1

Scan saved at 5[IMG]http://www.*******************/img/smile/28.gif[/IMG]57 PM, on 5/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\dllcache\explorer.exe

C:\PROGRA~1\IEACCE~1\IEAccelerator.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\censtat.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\xdict.exe

C:\Documents and Settings\Net328\Local Settings\Temporary Internet Files\Content.IE5\CSCUS6JB\0[1].exe

C:\Documents and Settings\Net328\Local Settings\Temporary Internet Files\Content.IE5\CSCUS6JB\0[1].exe

D:\AppServ\Apache2.2\bin\httpd.exe

C:\WINDOWS\CTIServ.exe

C:\WINDOWS\SoundMan.exe

D:\AppServ\Apache2.2\bin\httpd.exe

D:\AppServ\MySQL\bin\mysqld-nt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\find.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\Microsoft\svchost.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32
et.exe

C:\WINDOWS\system32
et1.exe

C:\TDdownload\BHome1651.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32
et.exe

C:\WINDOWS\system32
et1.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\ping.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\TDdownload\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://nhacso.net/

F2 - REG:system.ini: UserInit=Userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll

O2 - BHO: yxcsbhlp.dll - {25671234-7890-ABCD-CDEF-567801237652} - C:\WINDOWS\system32\yxcsbhlp.dll

O2 - BHO: mndscsrv.dll - {37FD640A-158F-48AC-FD14-1597F14A9773} - C:\WINDOWS\system32\mndscsrv.dll

O2 - BHO: (no name) - {398C9B84-4EF7-47B5-9862-DE29543B3C42} - (no file)

O2 - BHO: oohxbbyt.dll - {3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3} - C:\WINDOWS\system32\oohxbbyt.dll

O2 - BHO: mnmhcsrv.dll - {3C8D1401-A58D-A81C-CD24-A5915C4517C3} - C:\WINDOWS\system32\mnmhcsrv.dll

O2 - BHO: zptlbsys.dll - {40940F85-F015-14F1-A05F-F69858AC6D04} - C:\WINDOWS\system32\zptlbsys.dll

O2 - BHO: ypcqchlp.dll - {40AF1289-F140-A140-D012-C1458759FC04} - C:\WINDOWS\system32\ypcqchlp.dll

O2 - BHO: zywmdime.dll - {4319A1F1-9410-9654-3201-345FFA349134} - C:\WINDOWS\system32\zywmdime.dll

O2 - BHO: zxmsbwin.dll - {5A041F13-A111-12A3-B0CF-F99818AA68A5} - C:\WINDOWS\system32\zxmsbwin.dll

O2 - BHO: zyzxeime.dll - {5A59145F-315D-BC23-AC1F-145DF81A34A5} - C:\WINDOWS\system32\zyzxeime.dll

O2 - BHO: ypdjebmp.dll - {71954FAC-1023-154F-895A-1458258AD817} - C:\WINDOWS\system32\ypdjebmp.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [IE Accelerator] C:\PROGRA~1\IEACCE~1\IEAccelerator.exe /Auto

O4 - HKLM\..\Run: [KillPorn] D:\KillPorn\KillPorn.exe

O4 - HKLM\..\Run: [Gigaget] "D:\Giganology\Gigaget\GigagetShell.exe" /s

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [fmsiocps] C:\WINDOWS\fmsiocps.exe

O4 - HKLM\..\Run: [anistio] C:\WINDOWS\anistio.exE

O4 - HKLM\..\Run: [issms32] C:\WINDOWS\issms32.exe

O4 - HKLM\..\Run: [dionpis] C:\WINDOWS\dionpis.exe

O4 - HKLM\..\Run: [hefcndy] C:\WINDOWS\hefcndy.exe

O4 - HKLM\..\Run: [dbhlp32] C:\WINDOWS\dbhlp32.exe

O4 - HKLM\..\Run: [fmsjhif] C:\WINDOWS\fmsjhif.exe

O4 - HKLM\..\Run: [xlmdtbzw] C:\WINDOWS\ldbwibto.exe

O4 - HKLM\..\Run: [ptshell] C:\WINDOWS\ptshell.exe

O4 - HKLM\..\Run: [huifitc] C:\WINDOWS\huifitc.exe

O4 - HKLM\..\Run: [mfchlp64] C:\WINDOWS\mfchlp64.exe

O4 - HKLM\..\Run: [dndsioc] C:\WINDOWS\dndsioc.exe

O4 - HKLM\..\Run: [cinfonmc] C:\WINDOWS\cinfonmc.exe

O4 - HKLM\..\Run: [SoundMan] SoundMan.exe

O4 - HKLM\..\Run: [BkavFw] C:\Program Files\Bkav2006\Bkav2006.exe TASKBAR

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Global Startup: censtat.exe

O4 - Global Startup: xdict.exe

O8 - Extra context menu item: &Download All by Gigaget - D:\Giganology\Gigaget\getallurl.htm

O8 - Extra context menu item: &Download by Gigaget - D:\Giganology\Gigaget\geturl.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: English<->Vietnamese - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dll

O9 - Extra button: English<->Vietnamese - {0DC44B85-F904-0741-8EAE-A8CCC73AC982} - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm

O9 - Extra 'Tools' menuitem: English<->Vietnamese - {0DC44B85-F904-0741-8EAE-A8CCC73AC982} - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Vietnamese) for Windows\Plugins\IE.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.bro.vn/com/EGamesPlugin.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{662EF261-6801-4F9F-A87B-47BBEE702739}: NameServer = 203.162.0.181,203.162.0.11

O20 - AppInit_DLLs: gfcfg.dll,drthte.dll,yjrfe.dll,uksuk.dll,thrtgth.d ll,hujfgt.dll,rhdhj.dll,jmkcgt

.dll,hfther.dll,segtrgh.dll,frntrn.dll,qrhhb.dll,d rghszd.dll,fngn.dll,gnfctt.dll

,

xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnf x.dll,jzijj.dll,xfgnfx.dll,ser

g

hjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll, xdfntt.dll,hgfhk.dll,dnteh.dll

,

xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.d ll,hfjg.dll,thurh.dll,mgmgmm.d

l

l,oqrthc.dll,gfhynrth.dll,jyjlt.dll,ijatnaw.dll,se hhter.dll,fhjfg.dll,zdbdb.dll,

y

dgn.dll,dbfb.dll,fjnbv.dll,rthderr.dll,setrhes.dll ,cdxbfxdb.dll,xfgnxfn.dll,gjkh

j

.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyj y.dll,fxnfnh.dll,bjrvm.dll,ekt

v

m.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lari ytrz.dll,hjaiq.dll,kduy.dll,hk

f

gh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,stht h.dll,wfhyt.dll,rgghjj.dll,ghj

k

dr.dll,hnfgs.dll,

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: Apache2.2 - Unknown owner - D:\AppServ\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe

O23 - Service: ctiserv - Centurion Technologies, Inc. - C:\WINDOWS\CTIServ.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\system32\interne.exe (file missing)

O23 - Service: mysql - Unknown owner - D:\AppServ\MySQL\bin\mysqld-nt.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

**tuannguyenshoes49** · 05-14-2008, 03:27 PM

File log này đáng sợ luôn:

xdict.exe

và nhiều File khác rất đáng ngờ (Nó là virus thì phải)

BHO của bạn thì quá nhiều dll lạ mắt. bạn nên Fix check hết các BHO đó, chỉ nên để lại GigagetIEHelper, Google Toolbar nếu bạn cần.

Đây là các đối tượng hỗ trợ cho trình duyệt. BHO= Brows Help Object

Thú thực là cái hijackthis của merjin trước đây thì còn hay.

Bây giờ nó hiển thị các chức năng rất khó đoán nhận.

Đơn giản đó là Process nào là Parent của prcess nào nó cũng không cho biết.

Điều này Process Explorer làm rất tốt, nó hiển thị theo dạng cây.

Ví dụ: Để kill con Goback thì chỉ cần chọn Kill tree vào Process có tên là AutoCHL.exe, tự khắc 2 thằng con chết theo.

Tuy nhiên, hijackthis có ưu điểm là nó tạo file log để thuận tiện mang đi hỏi những người biết.

**hiennhan12** · 05-15-2008, 05:45 PM

Mong moi người kiểm tra máy tính hộ mình với. Xin cảm ơn trước.

Logfile của mình đây:

Logfile of HijackThis v1.99.1

Scan saved at 10[IMG]http://www.*******************/img/smile/53.gif[/IMG]19 PM, on 5/15/2008

Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\WINDOWS\system32
tvdm.exe

C:\Program Files\SiteAdvisor\6253\SAService.exe

C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\WINDOWS\System32\svchost.exe

C:\Cai dat\Portable FirefoxPortable\FirefoxPortable.exe

C:\Cai dat\Portable FirefoxPortable\App\firefox\firefox.exe

C:\Cai dat\UniKey\UniKeyNT.exe

F:\Portable Antivirus\Antivirus 1\HiJack This 1.99\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.ht m

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.ht m

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Ashampoo AntiSpyWare 2 Guard] H:\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE

O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Pictures - {C7486E80-B111-4768-995E-23CF307346FC} - C:\Program Files\UnH Solutions\Flash and Pics Control\FPCButton.dll (HKCU)

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

**giangkinhdo0** · 05-16-2008, 05:50 PM

Xem cả File log của bạn chỉ nghi ngờ 1 tên:

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

Và cái BHO của nó, humor không rõ nó là cái gì nhưng việc chạy nó thường xuyên với trình duyệt là không cần thiết lắm.

Bạn có thể bỏ đi!

**phukotler4** · 05-18-2008, 03:50 PM

Để biết cái nào là Virus cái nào là An toàn các bạn vào trang www.hijackthis.de

Phần còn lại bạn tự tìm hiểu.

**viettopcare1** · 05-18-2008, 04:05 PM

Gửi bởi humoristvn

Xem cả File log của bạn chỉ nghi ngờ 1 tên:

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

Và cái BHO của nó, humor không rõ nó là cái gì nhưng việc chạy nó thường xuyên với trình duyệt là không cần thiết lắm.

Bạn có thể bỏ đi!

Cảm ơn bạn!

SiteAdvisor là phần mềm kiểm tra trang Web của McAfee, Mình cài để kiểm tra một trang Web có sạch không trước khi định ghé thăm trang đó thôi mà.

**dangnguyencctv** · 05-31-2008, 02:35 PM

xin coi giúp mình có virus nào không , cám ơn trước

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7[IMG]http://www.*******************/img/smile/43.gif[/IMG]06 PM, on 31-May-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\FlashGet\FlashGet.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\UniKey\UniKeyNT.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.internetdownloadmanager.com/welcome.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer-Designed by Pham Duy Anh

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Vietkey] C:\Vietkey\vknt.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [UniKey] C:\Program Files\UniKey\UniKeyNT.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe

O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

--

End of file - 5333 bytes

**banthe247** · 06-03-2008, 05:34 PM

Máy của mình bị nhiễm một tên Virus có chức năng sinh môt folder con trùng tên với Folder có sẵn trong máy nhưng có đuôi mở rộng là exe. Nó tạo processes các file:

Fun.exe,

dc.exe,

SVIQ.exe

Mình tìm thấy file gốc nằm trong

C:\ Windows\ SVIQ.exe

C:\ Windows\ dc.exe,

C:\ Windows\ system\Fun.exe

Nhưng không thể xóa đi được

Mình dùng KIS 7, Portable NOD32, Portable Avira 8, Ashampoo AntiSpyWare 2, PortableClamWin, Portable AVG spy mà không diệt được ( Tất cả các chương trình diệt Virus và SpyWare đều được cập nhật đến ngày hôm nay 2-6-08)

Đây là log do HijackThis tạo ra.

Logfile of HijackThis v1.99.1

Scan saved at 5[IMG]http://www.*******************/img/smile/22.gif[/IMG]48 PM, on 6/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Vietkey\vknt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\WINDOWS\SVIQ.EXE

C:\WINDOWS\system\Fun.exe

C:\WINDOWS\dc.exe

C:\WINDOWS\system32\CNAB4RPK.EXE

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32
vsvc32.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

D:\Tran Quang Ha\Dong goi Portable\Portable Antivirus AIO2 (Ha).exe

C:\DOCUME~1\COMPAQ\LOCALS~1\Temp\ir_ext_temp_2\aut orun.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\portable\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.ht m

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.ht m

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\WinSit.exe

F3 - REG:win.ini: load=C:\WINDOWS\inf\Other.exe

F3 - REG:win.ini: run=C:\WINDOWS\system32\config\Win.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Vietkey] C:\Program Files\Vietkey\vknt.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [USB Safely Remove] D:\Tran Quang Ha\USB S@fely Remove Port@ble_ispace.edu.vn(thoat USB)\USB S@fely Remove Port@ble_ispace.edu.vn\Appdata\USBSafelyRemove.exe /startup

O4 - HKCU\..\Run: [dc2k5] C:\WINDOWS\SVIQ.EXE

O4 - HKCU\..\Run: [Fun] C:\WINDOWS\system\Fun.exe

O4 - HKCU\..\Run: [dc] C:\WINDOWS\dc.exe

O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\imon.dll' missing

O20 - AppInit_DLLs: ice_time.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVP - Unknown owner - D:\Tran Quang Ha\Cap nhat KIS\Portable kas\avp.exe" -r (file missing)

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Rất mong mọi người giúp đỡ. Cảm ơn nhiều.

**kevin51** · 06-03-2008, 05:40 PM

Máy của mình bị nhiễm một tên Virus có chức năng sinh môt folder con trùng tên với Folder có sẵn trong máy nhưng có đuôi mở rộng là exe. Nó tạo processes các file:

Fun.exe,

dc.exe,

SVIQ.exe

Mình tìm thấy file gốc nằm trong

C:\ Windows\ SVIQ.exe

C:\ Windows\ dc.exe,

C:\ Windows\ system\Fun.exe

Nhưng không thể xóa đi được

Mình dùng KIS 7, Portable NOD32, Portable Avira 8, Ashampoo AntiSpyWare 2, PortableClamWin, Portable AVG spy mà không diệt được ( Tất cả các chương trình diệt Virus và SpyWare đều được cập nhật đến ngày hôm nay 2-6-08)

Đây là mẫu của nó:

Pass: 123

**shopnmm** · 06-07-2008, 03:32 PM

Không ai chịu giúp đỡ đành phải tự mình tìm cách khắc phục vậy: Sau hồi tìm hiểu thì phát hiện ra

Hóa ra con này không đến lỗi khó diệt: ngoài 3 file run processes

C:\ Windows\ SVIQ.exe

C:\ Windows\ dc.exe,

C:\ Windows\ system\Fun.exe

nó còn có 4 file nữa đó là:

C:\ Windows\ hepl\other.exe

C:\ Windows\ inf\other.exe

C:\ Windows\ system32\config\win.exe

C:\ Windows\ system32\winsit.exe

có thể dùng Portable Kingsoft AV diệt được.

Chủ đề: Hướng dẫn sử dụng Hijackthis. Giúp đỡ nhận biết virus = HiJackthis ^^

Công cụ Chủ đề

Hiển thị

Quyền viết bài

Làm thế nào chơi game không bị...

Tiêu đề bài: Các mẹo dân gian chữa...

Top những phim Việt đề tài [gia...

Mách bạn các đặc điểm chính và...

Cơ sở cắt mí uy tín tại Quảng Ngãi