Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:47:17 PM, on 9/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\system.exe C:\WINDOWS\System32\system.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM303_STI.EXE D:\Program Files\cfosspeed\cFosSpeed.exe C:\Program Files\UniKey4.0\UniKey.exe D:\Program Files\cfosspeed\spd.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe D:\Program Files\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\system.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [cFosSpeed] D:\Program Files\cfosspeed\cFosSpeed.exe O4 - HKLM\..\Run: [Wippien] D:\Program Files\Wippien\Wippien.exe O4 - HKCU\..\Run: [UniKey] C:\Program Files\UniKey4.0\UniKey.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F9AEA524-6CC1-4930-A23D-40C12F06E497}: NameServer = 203.162.4.190,203.162.4.191 O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\Program Files\cfosspeed\spd.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 2995 bytes mọi người coi dùm tôi có vấn đề gì ko tại tội bị dính virus phimnguoilon.exe do USB thằng bạn cắm vô thank
HijackThis, đùa à :chicken: @xichhoang: Nghi ngờ 2 cái system.exe, mà cậu ko dùng chương trình av nào à Nghe đâu phimnguoilon.exe tạo 2 cái process system.exe và useruserinit.exe chạy cùng lúc cơ Sau khi scan = HijackThis nên check vào cái Mã: F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDO WS\System32\system.exe rồi chọn "Fix Checked"
Tôi xài cái này rồi ,đọc phần hướng dẫn ý ,nó có bảo up file *.log này lên 1 cái diễn đàn nào ý ,rồi Analyze . Là nó báo những chương trình nào đáng ngờ này ,bảo mật này........... Nói chung là đủ cả :wink:
