về HiJackThis tôi muốn mọi ng tham khảo

xichhoang

xichhoang

Mario & Luigi
Tham gia ngày
2/8/07
Bài viết
885
Reaction score
3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:17 PM, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\system.exe
C:\WINDOWS\System32\system.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
D:\Program Files\cfosspeed\cFosSpeed.exe
C:\Program Files\UniKey4.0\UniKey.exe
D:\Program Files\cfosspeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\system.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [cFosSpeed] D:\Program Files\cfosspeed\cFosSpeed.exe
O4 - HKLM\..\Run: [Wippien] D:\Program Files\Wippien\Wippien.exe
O4 - HKCU\..\Run: [UniKey] C:\Program Files\UniKey4.0\UniKey.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9AEA524-6CC1-4930-A23D-40C12F06E497}: NameServer = 203.162.4.190,203.162.4.191
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\Program Files\cfosspeed\spd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2995 bytes

mọi người coi dùm tôi có vấn đề gì ko
tại tội bị dính virus phimnguoilon.exe do USB thằng bạn cắm vô thank
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:17 PM, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\system.exe
C:\WINDOWS\System32\system.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
D:\Program Files\cfosspeed\cFosSpeed.exe
C:\Program Files\UniKey4.0\UniKey.exe
D:\Program Files\cfosspeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDO WS\System32\system.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [cFosSpeed] D:\Program Files\cfosspeed\cFosSpeed.exe
O4 - HKLM\..\Run: [Wippien] D:\Program Files\Wippien\Wippien.exe
O4 - HKCU\..\Run: [UniKey] C:\Program Files\UniKey4.0\UniKey.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9AEA524-6CC1-4930-A23D-40C12F06E497}: NameServer = 203.162.4.190,203.162.4.191
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\Program Files\cfosspeed\spd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2995 bytes
Click to expand...
Cái đống này lôi đâu ra thế 8-}
 
Cái đống này lôi đâu ra thế
Click to expand...
HijackThis, đùa à :chicken:

@xichhoang: Nghi ngờ 2 cái system.exe, mà cậu ko dùng chương trình av nào à :|

Nghe đâu phimnguoilon.exe tạo 2 cái process system.exe và useruserinit.exe chạy cùng lúc cơ :-@

Sau khi scan = HijackThis nên check vào cái
Mã: 
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDO WS\System32\system.exe
rồi chọn "Fix Checked"
 
ok thank bạn để tôi thử nha.. Cho tôi hỏi khi tôi "Fix Checked" ròi tôi thử scan lại thì nó vẫn còn
 
userinit.exe... tởm nhất con này, kill khó bà cố :|. Mỗi lần kill đc coi như là khỏi vô lun :|
 
Tôi xài cái này rồi ,đọc phần hướng dẫn ý ,nó có bảo up file *.log này lên 1 cái diễn đàn nào ý ,rồi Analyze .
Là nó báo những chương trình nào đáng ngờ này ,bảo mật này...........
Nói chung là đủ cả :wink:
 
You must log in or register to reply here.
Back
Top