cần người tìm giúp virus

[SEOss]

Logfile of HijackThis v1.99.1

Scan saved at 9[IMG]http://www.*******************/img/smile/23.gif[/IMG]41 PM, on 2/28/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Spyware Doctor\pctsAuxs.exe

F:\Program Files\Spyware Doctor\pctsSvc.exe

F:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\System32\alg.exe

F:\Program Files\Internet Download Manager\IDMan.exe

F:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

F:\Program Files\Spyware Doctor\pctsGui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\hijackthis\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=031208 serial=DR12WEX-1504397-KTY lang=EN

O4 - HKLM\..\Run: [AVP] "F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe"

O4 - HKLM\..\Run: [ISTray] "F:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [IDMan] F:\Program Files\Internet Download Manager\IDMan.exe /onboot

O8 - Extra context menu item: Download All Links with IDM - F:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - F:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - F:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\SCIEPlgn.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O20 - AppInit_DLLs: F:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe" -r (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\pctsSvc.exe









đó là log hijack ghi lại

em bị dính con bat_site j j đó

nó cươp trình duyệt web

spyware5.5 thịt nó xong thì 15p sau nó quay lại hê lô em

theo 1 so người thì còn 1 con víu # sót lai va làm nv gọi lại con vr này

các bro nhìn log kia xem cái con sot lại no năm ở đâu nhé

thanks

[teenddeem]

Mã:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com

Vấn đề có lẽ ở khu này thôi. Các cái kia đều ko có gì đáng nghi cả.

Chúc bạn thành công!

[IMG]http://www.*******************/dd/public/style_emoticons/<#EMO_DIR#>/yociexp100.gif[/IMG] [IMG]http://www.*******************/dd/public/style_emoticons/<#EMO_DIR#>/yociexp100.gif[/IMG] [IMG]http://www.*******************/dd/public/style_emoticons/<#EMO_DIR#>/yociexp100.gif[/IMG] [IMG]http://www.*******************/dd/public/style_emoticons/<#EMO_DIR#>/yociexp100.gif[/IMG] [IMG]http://www.*******************/dd/public/style_emoticons/<#EMO_DIR#>/yociexp100.gif[/IMG]

[Menbro102026]

theo bro thì trong mấy cái kia cái nào khả nghi nhất

cái nào xác suất xảy ra cao nhất

trả lời cho em thêm tự tin fix bừa nào ^^!

[vunguyen.vstar]

theo bro thì trong mấy cái kia cái nào khả nghi nhất

cái nào xác suất xảy ra cao nhất

trả lời cho em thêm tự tin fix bừa nào ^^!

Tất cả đều làm thay đổi Internet Explorer. Fix tất tần tật [IMG]http://www.*******************/dd/public/style_emoticons/<#EMO_DIR#>/smile.gif[/IMG]

Chúc bạn thành công!

[IMG]http://www.*******************/dd/public/style_emoticons/<#EMO_DIR#>/yociexp100.gif[/IMG] [IMG]http://www.*******************/dd/public/style_emoticons/<#EMO_DIR#>/yociexp100.gif[/IMG] [IMG]http://www.*******************/dd/public/style_emoticons/<#EMO_DIR#>/yociexp100.gif[/IMG] [IMG]http://www.*******************/dd/public/style_emoticons/<#EMO_DIR#>/yociexp100.gif[/IMG] [IMG]http://www.*******************/dd/public/style_emoticons/<#EMO_DIR#>/yociexp100.gif[/IMG]

[phukiensamsung]

hụ hụ

vừa đọc thấy bác nào đó kêu cứ có vẻ giống mình

1 bro khuyên nen dùng ad_ware

mình thử thì thấy bắt được 54 chú

nhiều ko

an thua j

hôm tuần trươc spyware ăn dc 313 chú mà vẫn xót con này nên bây giờ ko tin là nó đã chêt

ngày mai sẽ biết ^^