Không biết là hiện nay máy em bị con virus gì mà khi vô mail hoặc các trang đòi nhập pass thì dưới thanh status báo là đang hỏi trang dt.tongji.yahoo.com. Ngoài ra thì processXP không thấy có cái gì lạ. Đây là log snapshot mong mọi người xem giùm
Code:
; [FireLion] System SnapShot 1.0
; Scan time at 12/07/2008 3:27:55 PM
[System Information]
Microsoft Windows: XP Professional Service Pack 3 Build 2600 (5.1.2600)
Product Name: Microsoft Windows XP 2600.xpsp.080413-2111
Computer Name: FLASHER
Language: English (United States)
User Name: Anh Tuan
Boot Mode: Normal Mode
UpTime: 0 Days 6 Hours 29 Minutes 15 Seconds
CPU: GenuineIntel 2x3001.19 MHz
RAM Total: 2048 MB
RAM Free: 1247 MB
Windows Folder: C:\WINDOWS\
System32 Folder: C:\WINDOWS\system32\
LocalIP: 192.168.80.1
DNS: 192.168.1.1
Microsoft Internet Explorer: 7.0.5730.11
[MD5 = Running Processes]
5f816c1f539266d2d4c78694239da0b5 = C:\WINDOWS\System32\smss.exe
44f275c64738ea2056e3d9580c23b60f = C:\WINDOWS\system32\csrss.exe
ed0ef0a136dec83df69f04118870003e = C:\WINDOWS\system32\winlogon.exe
0e776ed5f7cc9f94299e70461b7b8185 = C:\WINDOWS\system32\services.exe
bf2466b3e18e970d8a976fb95fc1ca85 = C:\WINDOWS\system32\lsass.exe
27c6d03bcdb8cfeb96b716f3d8be3e18 = C:\WINDOWS\system32\svchost.exe
27c6d03bcdb8cfeb96b716f3d8be3e18 = C:\WINDOWS\system32\svchost.exe
27c6d03bcdb8cfeb96b716f3d8be3e18 = C:\WINDOWS\System32\svchost.exe
27c6d03bcdb8cfeb96b716f3d8be3e18 = C:\WINDOWS\system32\svchost.exe
27c6d03bcdb8cfeb96b716f3d8be3e18 = C:\WINDOWS\system32\svchost.exe
d8e14a61acc1d4a6cd0d38aebac7fa3b = C:\WINDOWS\system32\spoolsv.exe
2162c0b90039a8ce787b10ae8f2720b8 = C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
fd2c83a58feab0751e723b1676bdbf46 = C:\WINDOWS\ATKKBService.exe
ead65493edba0ebea2192d46b938298e = C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
f43c8fcc7fdb984fd06fe29baa741947 = C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
73686fe0b2e0469f89fd2075be724704 = C:\Program Files\Bonjour\mDNSResponder.exe
921734b3947b4ae7068a587aa1a553f3 = C:\Program Files\FireLion Softwares\FastHelper\ResidentShield.exe
db3c22745c0da4666f3be31f1af36b2f = C:\WINDOWS\system32\inetsrv\inetinfo.exe
98d884adc0b8c0febcc9d7bee6d86f90 = C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12896823fb95bfb3dc9b46bcaedc9923 = C:\WINDOWS\Explorer.EXE
ba1ce056ce1466ca28ce118585ea86c4 = C:\PROGRA~1\AVG\AVG8\avgrsx.exe
aa0c4a2c33ce075df2c272d678734991 = C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
14d7a3545cc1de3e3ec6dc900b96add2 = C:\WINDOWS\RTHDCPL.EXE
7faa14b56d5797d5aaf9bd55728a5e5c = C:\Program Files\FireLion Softwares\FastHelper\FastHelper.exe
348a781aef0870a56549f53bb37a233a = C:\PROGRA~1\AVG\AVG8\avgtray.exe
8692155c3cc033ea10d7bcc57c0b54cd = C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
7d58c9bdf9c0a3955bdcde7387ad12ac = C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
5f1d5f88303d4a4dbc8e5f97ba967cc3 = C:\WINDOWS\system32\ctfmon.exe
383cdff5f844cd19a1d682139f9d70e0 = C:\Program Files\UniKey\UniKey.exe
e16e53a875b5794cda0cb0c563f8d064 = c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
7a424e40495c01b61c6dd61e38d99024 = C:\WINDOWS\system32\nvsvc32.exe
54902536aad0e9b99bc65f89c0caf93f = c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d2c615d21d4c69459ef2306980ff3e39 = C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
e72dca96ff461bd94cb432eb1aab24e5 = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
7becf16932abbcd71627c500e31a8be6 = C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
e5d4417659a2cb305a5f6a47ade9da3b = C:\WINDOWS\system32\vmnat.exe
b50a9bf5d713f4c7712e683ed13c5734 = C:\WINDOWS\system32\vmnetdhcp.exe
8c515081584a38aa007909cd02020b3d = C:\WINDOWS\System32\alg.exe
edbdf840b8d770f4b7d57270de5aabbd = C:\Program Files\Skype\Phone\Skype.exe
27c6d03bcdb8cfeb96b716f3d8be3e18 = C:\WINDOWS\system32\svchost.exe
d3d5f1b5afc85b7ee35dd5f46f1d2cdb = C:\Program Files\Mozilla Firefox\firefox.exe
09be29fb66fb2a81f72567ef0274f172 = C:\Program Files\Internet Download Manager\IDMan.exe
52b3f695edc908f3575a6834311e2968 = C:\Program Files\Internet Download Manager\IEMonitor.exe
6623cf8d9478f51ac701ec70ce0bc358 = C:\Program Files\AVG\AVG8\avgscanx.exe
cd7e737f64add1bb650b50710db4d536 = C:\Program Files\AVG\AVG8\avgui.exe
62408944f08d5af53f6eb303c1bcfae6 = C:\Documents and Settings\Anh Tuan\Desktop\autoruns.exe
01b4c50fb23888e91d098f2259922477 = C:\Documents and Settings\Anh Tuan\Desktop\SystemSnapShot.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
RTHDCPL = RTHDCPL.EXE
Alcmtr = ALCMTR.EXE
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
FastHelper = "C:\Program Files\FireLion Softwares\FastHelper\FastHelper.exe" /startup
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
vmware-tray = C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
UniKey = C:\Program Files\UniKey\UniKey.exe
IDMan = C:\Program Files\Internet Download Manager\IDMan.exe /onboot
[Services]
ACPI = system32\DRIVERS\ACPI.sys
AcuWVSScheduler = C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
Adobe LM Service = "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
aec = system32\drivers\aec.sys
AFD = \SystemRoot\System32\drivers\afd.sys
Alerter = %SystemRoot%\system32\svchost.exe -k LocalService
ALG = %SystemRoot%\System32\alg.exe
AppMgmt = %SystemRoot%\system32\svchost.exe -k netsvcs
aspnet_state = %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
asuskbnt = system32\drivers\atkkbnt.sys
AsyncMac = system32\DRIVERS\asyncmac.sys
atapi = system32\DRIVERS\atapi.sys
AtcL001 = system32\DRIVERS\l151x86.sys
ATKKeyboardService = C:\WINDOWS\ATKKBService.exe
Atmarpc = system32\DRIVERS\atmarpc.sys
AudioSrv = %SystemRoot%\System32\svchost.exe -k netsvcs
audstub = system32\DRIVERS\audstub.sys
Autodesk Licensing Service = "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
avg8wd = C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
AvgLdx86 = \SystemRoot\System32\Drivers\avgldx86.sys
AvgMfx86 = \SystemRoot\System32\Drivers\avgmfx86.sys
BITS = %SystemRoot%\system32\svchost.exe -k netsvcs
Bonjour Service = "C:\Program Files\Bonjour\mDNSResponder.exe"
Browser = %SystemRoot%\system32\svchost.exe -k netsvcs
Cdrom = system32\DRIVERS\cdrom.sys
CiSvc = %SystemRoot%\system32\cisvc.exe
ClipSrv = %SystemRoot%\system32\clipsrv.exe
clr_optimization_v2.0.50727_32 = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COMSysApp = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp = %SystemRoot%\system32\svchost.exe -k netsvcs
Disk = system32\DRIVERS\disk.sys
dmadmin = %SystemRoot%\System32\dmadmin.exe /com
dmboot = System32\drivers\dmboot.sys
dmio = System32\drivers\dmio.sys
dmload = System32\drivers\dmload.sys
dmserver = %SystemRoot%\System32\svchost.exe -k netsvcs
DMusic = system32\drivers\DMusic.sys
Dnscache = %SystemRoot%\system32\svchost.exe -k NetworkService
Dot3svc = %SystemRoot%\System32\svchost.exe -k dot3svc
drmkaud = system32\drivers\drmkaud.sys
EapHost = %SystemRoot%\System32\svchost.exe -k eapsvcs
EIO = \??\C:\WINDOWS\system32\drivers\EIO.sys
ERSvc = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog = %SystemRoot%\system32\services.exe
EventSystem = C:\WINDOWS\system32\svchost.exe -k netsvcs
FastHelper = C:\Program Files\FireLion Softwares\FastHelper\ResidentShield.exe
FastUserSwitchingCompatibility = %SystemRoot%\System32\svchost.exe -k netsvcs
Fdc = system32\DRIVERS\fdc.sys
FLEXnet Licensing Service = "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
Flpydisk = system32\DRIVERS\flpydisk.sys
FltMgr = system32\drivers\fltmgr.sys
FontCache3.0.0.0 = C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Ftdisk = system32\DRIVERS\ftdisk.sys
giveio = \??\C:\WINDOWS\system32\giveio.sys
Gpc = system32\DRIVERS\msgpc.sys
hcmon = \??\C:\WINDOWS\system32\Drivers\hcmon.sys
HDAudBus = system32\DRIVERS\HDAudBus.sys
helpsvc = %SystemRoot%\System32\svchost.exe -k netsvcs
HidServ = %SystemRoot%\System32\svchost.exe -k netsvcs
hidusb = system32\DRIVERS\hidusb.sys
hkmsvc = %SystemRoot%\System32\svchost.exe -k netsvcs
HTTP = System32\Drivers\HTTP.sys
HTTPFilter = %SystemRoot%\System32\svchost.exe -k HTTPFilter
i8042prt = system32\DRIVERS\i8042prt.sys
idsvc = "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
IISADMIN = C:\WINDOWS\system32\inetsrv\inetinfo.exe
Imapi = system32\DRIVERS\imapi.sys
ImapiService = C:\WINDOWS\system32\imapi.exe
IntcAzAudAddService = system32\drivers\RtkHDAud.sys
intelppm = system32\DRIVERS\intelppm.sys
Ip6Fw = system32\drivers\ip6fw.sys
IpFilterDriver = system32\DRIVERS\ipfltdrv.sys
IpInIp = system32\DRIVERS\ipinip.sys
IpNat = system32\DRIVERS\ipnat.sys
IPSec = system32\DRIVERS\ipsec.sys
IRENUM = system32\DRIVERS\irenum.sys
isapnp = system32\DRIVERS\isapnp.sys
Kbdclass = system32\DRIVERS\kbdclass.sys
kbdhid = system32\DRIVERS\kbdhid.sys
kmixer = system32\drivers\kmixer.sys
lanmanserver = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation = %SystemRoot%\system32\svchost.exe -k netsvcs
LightScribeService = "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
LmHosts = %SystemRoot%\system32\svchost.exe -k LocalService
Messenger = %SystemRoot%\system32\svchost.exe -k netsvcs
mi-raysat_3dsMax2009_32 = "C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe"
mnmsrvc = C:\WINDOWS\system32\mnmsrvc.exe
Mouclass = system32\DRIVERS\mouclass.sys
mouhid = system32\DRIVERS\mouhid.sys
MRxDAV = system32\DRIVERS\mrxdav.sys
MRxSmb = system32\DRIVERS\mrxsmb.sys
MSDTC = C:\WINDOWS\system32\msdtc.exe
MSFtpsvc = %SystemRoot%\system32\inetsrv\inetinfo.exe
MSIServer = C:\WINDOWS\system32\msiexec.exe /V
MSKSSRV = system32\drivers\MSKSSRV.sys
MSPCLOCK = system32\drivers\MSPCLOCK.sys
MSPQM = system32\drivers\MSPQM.sys
mssmbios = system32\DRIVERS\mssmbios.sys
MSSQL$SQLEXPRESS = "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
MSSQLServerADHelper = "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe"
MTsensor = system32\DRIVERS\ASACPI.sys
napagent = %SystemRoot%\System32\svchost.exe -k netsvcs
NdisTapi = system32\DRIVERS\ndistapi.sys
Ndisuio = system32\DRIVERS\ndisuio.sys
NdisWan = system32\DRIVERS\ndiswan.sys
NetBIOS = system32\DRIVERS\netbios.sys
NetBT = system32\DRIVERS\netbt.sys
NetDDE = %SystemRoot%\system32\netdde.exe
NetDDEdsdm = %SystemRoot%\system32\netdde.exe
Netlogon = %SystemRoot%\system32\lsass.exe
Netman = %SystemRoot%\System32\svchost.exe -k netsvcs
NetTcpPortSharing = "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Nla = %SystemRoot%\system32\svchost.exe -k netsvcs
nm = system32\DRIVERS\NMnt.sys
NMIndexingService = "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
NPF = system32\drivers\npf.sys
NtLmSsp = %SystemRoot%\system32\lsass.exe
NtmsSvc = %SystemRoot%\system32\svchost.exe -k netsvcs
nv = system32\DRIVERS\nv4_mini.sys
NVSvc = %SystemRoot%\system32\nvsvc32.exe
NwlnkFlt = system32\DRIVERS\nwlnkflt.sys
NwlnkFwd = system32\DRIVERS\nwlnkfwd.sys
ose = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Parport = system32\DRIVERS\parport.sys
PCI = system32\DRIVERS\pci.sys
PCIIde = system32\DRIVERS\pciide.sys
pcouffin = System32\Drivers\pcouffin.sys
PlugPlay = %SystemRoot%\system32\services.exe
PolicyAgent = %SystemRoot%\system32\lsass.exe
PptpMiniport = system32\DRIVERS\raspptp.sys
ProtectedStorage = %SystemRoot%\system32\lsass.exe
PSched = system32\DRIVERS\psched.sys
Ptilink = system32\DRIVERS\ptilink.sys
RasAcd = system32\DRIVERS\rasacd.sys
RasAuto = %SystemRoot%\system32\svchost.exe -k netsvcs
Rasl2tp = system32\DRIVERS\rasl2tp.sys
RasMan = %SystemRoot%\system32\svchost.exe -k netsvcs
RasPppoe = system32\DRIVERS\raspppoe.sys
Raspti = system32\DRIVERS\raspti.sys
Rdbss = system32\DRIVERS\rdbss.sys
RDPCDD = System32\DRIVERS\RDPCDD.sys
rdpdr = system32\DRIVERS\rdpdr.sys
RDSessMgr = C:\WINDOWS\system32\sessmgr.exe
redbook = system32\DRIVERS\redbook.sys
RemoteAccess = %SystemRoot%\system32\svchost.exe -k netsvcs
RemoteRegistry = %SystemRoot%\system32\svchost.exe -k LocalService
rpcapd = "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
RpcLocator = %SystemRoot%\system32\locator.exe
RpcSs = %SystemRoot%\system32\svchost -k rpcss
rspndr = system32\DRIVERS\rspndr.sys
RSVP = %SystemRoot%\system32\rsvp.exe
SamSs = %SystemRoot%\system32\lsass.exe
SCardSvr = %SystemRoot%\System32\SCardSvr.exe
Schedule = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort = %SystemRoot%\system32\drivers\scsiport.sys
Secdrv = system32\DRIVERS\secdrv.sys
seclogon = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS = %SystemRoot%\system32\svchost.exe -k netsvcs
serenum = system32\DRIVERS\serenum.sys
Serial = system32\DRIVERS\serial.sys
SharedAccess = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection = %SystemRoot%\System32\svchost.exe -k netsvcs
SMTPSVC = C:\WINDOWS\system32\inetsrv\inetinfo.exe
SONYPVU1 = system32\DRIVERS\SONYPVU1.SYS
splitter = system32\drivers\splitter.sys
Spooler = %SystemRoot%\system32\spoolsv.exe
SQLBrowser = "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
SQLWriter = "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
sr = system32\DRIVERS\sr.sys
srservice = %SystemRoot%\system32\svchost.exe -k netsvcs
Srv = system32\DRIVERS\srv.sys
SSDPSRV = %SystemRoot%\system32\svchost.exe -k LocalService
stisvc = %SystemRoot%\system32\svchost.exe -k imgsvc
swenum = system32\DRIVERS\swenum.sys
swmidi = system32\drivers\swmidi.sys
SwPrv = C:\WINDOWS\system32\dllhost.exe /Processid:{49A5E47D-BA56-4E59-AFDF-F72C1CF340FC}
sysaudio = system32\drivers\sysaudio.sys
SysmonLog = %SystemRoot%\system32\smlogsvc.exe
TapiSrv = %SystemRoot%\System32\svchost.exe -k netsvcs
Tcpip = system32\DRIVERS\tcpip.sys
TermDD = system32\DRIVERS\termdd.sys
TermService = %SystemRoot%\System32\svchost -k DComLaunch
Themes = %SystemRoot%\System32\svchost.exe -k netsvcs
TlntSvr = C:\WINDOWS\system32\tlntsvr.exe
TrkWks = %SystemRoot%\system32\svchost.exe -k netsvcs
ufad-ws60 = "C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml
Update = system32\DRIVERS\update.sys
upnphost = %SystemRoot%\system32\svchost.exe -k LocalService
UPS = %SystemRoot%\System32\ups.exe
usbccgp = system32\DRIVERS\usbccgp.sys
usbehci = system32\DRIVERS\usbehci.sys
usbhub = system32\DRIVERS\usbhub.sys
usbprint = system32\DRIVERS\usbprint.sys
USBSTOR = system32\DRIVERS\USBSTOR.SYS
usbuhci = system32\DRIVERS\usbuhci.sys
VgaSave = \SystemRoot\System32\drivers\vga.sys
Visual Studio Analyzer RPC bridge = C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
VMAuthdService = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
vmkbd = \??\C:\WINDOWS\system32\drivers\VMkbd.sys
VMnetAdapter = system32\DRIVERS\vmnetadapter.sys
VMnetBridge = system32\DRIVERS\vmnetbridge.sys
VMnetDHCP = C:\WINDOWS\system32\vmnetdhcp.exe
VMnetuserif = \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys
vmount2 = "C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"
VMparport = \??\C:\WINDOWS\system32\Drivers\VMparport.sys
vmusb = System32\Drivers\vmusb.sys
VMware NAT Service = C:\WINDOWS\system32\vmnat.exe
vmx86 = \??\C:\WINDOWS\system32\Drivers\vmx86.sys
VSS = %SystemRoot%\System32\vssvc.exe
vstor2 = \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
vstor2-ws60 = \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
W32Time = %SystemRoot%\System32\svchost.exe -k netsvcs
W3SVC = %SystemRoot%\system32\inetsrv\inetinfo.exe
Wanarp = system32\DRIVERS\wanarp.sys
wdmaud = system32\drivers\wdmaud.sys
WebClient = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt = %systemroot%\system32\svchost.exe -k netsvcs
WmdmPmSN = %SystemRoot%\System32\svchost.exe -k netsvcs
Wmi = %SystemRoot%\System32\svchost.exe -k netsvcs
WmiApSrv = C:\WINDOWS\system32\wbem\wmiapsrv.exe
WMPNetworkSvc = "C:\Program Files\Windows Media Player\WMPNetwk.exe"
wscsvc = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv = %systemroot%\system32\svchost.exe -k netsvcs
WudfPf = system32\DRIVERS\WudfPf.sys
WudfRd = system32\DRIVERS\wudfrd.sys
WudfSvc = %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
WZCSVC = %SystemRoot%\System32\svchost.exe -k netsvcs
xmlprov = %SystemRoot%\System32\svchost.exe -k netsvcs
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Start Page = google.com
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = explorer.exe
Userinit = C:\Windows\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
StartupPrograms = rdpclip
CfgDll = RDPCFGEX.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} = %SystemRoot%\system32\browseui.dll
{8C7461EF-2B13-11d2-BE35-3078302C2030} = %SystemRoot%\system32\browseui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects]
{0055C089-8582-441B-A0BF-17B458C2A3A8} = C:\Program Files\Internet Download Manager\IDMIECC.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} = C:\Program Files\AVG\AVG8\avgssie.dll
{A057A204-BACC-4D26-9990-79A187E2698E} = C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\WINDOWS\system32\ieframe.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} = C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
{0561EC90-CE54-4f0c-9C55-E226110A740C} =
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll
{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll
{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll
{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute = autocheck autochk *
HKEY_CURRENT_USER\Control Panel\Desktop
SCRNSAVE.EXE = C:\WINDOWS\system32\FANTAS~1.SCR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
crypt32chain = crypt32.dll
cryptnet = cryptnet.dll
cscdll = cscdll.dll
dimsntfy = %SystemRoot%\System32\dimsntfy.dll
ScCertProp = wlnotify.dll
Schedule = wlnotify.dll
sclgntfy = sclgntfy.dll
SensLogn = WlNotify.dll
termsrv = wlnotify.dll
WgaLogon = WgaLogon.dll
wlballoon = wlnotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
000000000001 = C:\WINDOWS\system32\mswsock.dll
000000000002 = C:\WINDOWS\system32\mswsock.dll
000000000003 = C:\WINDOWS\system32\mswsock.dll
000000000004 = C:\WINDOWS\system32\rsvpsp.dll
000000000005 = C:\WINDOWS\system32\rsvpsp.dll
000000000006 = C:\WINDOWS\system32\mswsock.dll
000000000007 = C:\WINDOWS\system32\mswsock.dll
000000000008 = C:\WINDOWS\system32\mswsock.dll
000000000009 = C:\WINDOWS\system32\mswsock.dll
000000000010 = C:\WINDOWS\system32\mswsock.dll
000000000011 = C:\WINDOWS\system32\mswsock.dll
000000000012 = C:\WINDOWS\system32\mswsock.dll
000000000013 = C:\WINDOWS\system32\mswsock.dll
000000000014 = C:\WINDOWS\system32\mswsock.dll
000000000015 = C:\WINDOWS\system32\mswsock.dll
000000000016 = C:\WINDOWS\system32\mswsock.dll
000000000017 = C:\WINDOWS\system32\mswsock.dll
[Hosts]
127.0.0.1 localhost
208.254.26.132 localhost
Nếu có ai biết đây là malware gì hoặc tool nào để diệt xin chỉ giùm.
Rất cảm ơn
![[Rule]](/hvaonline/templates/viet/images/icon_mini_rule.gif "[Rule]"){kind=icon}
![[Home]](/hvaonline/templates/viet/images/icon_mini_groups.gif "[Home]"){kind=icon}
![[Portal]](/hvaonline/templates/viet/images/icon_mini_portal.gif "[Portal]"){kind=icon}
![[Members]](/hvaonline/templates/viet/images/icon_mini_members.gif "[Members]"){kind=icon}
![[Statistics]](/hvaonline/templates/viet/images/icon_mini_stats.gif "[Statistics]"){kind=icon}
![[Search]](/hvaonline/templates/viet/images/icon_mini_search.gif "[Search]"){kind=icon}
![[Reading Room]](/hvaonline/templates/viet/images/icon_mini_book.gif "[Reading Room]"){kind=icon}
![[Register]](/hvaonline/templates/viet/images/icon_mini_register.gif "[Register]"){kind=icon}
Register![[Login]](/hvaonline/templates/viet/images/icon_mini_login.gif "[Login]"){kind=icon}
Login [
Thảo luận virus, trojan, spyware, worm...
![[Minus]](/hvaonline/templates/viet/images/minus.gif "[Minus]")
![[Plus]](/hvaonline/templates/viet/images/plus.gif "[Plus]")
![[Profile]](/hvaonline/templates/viet/images/en_US/icon_profile.gif "[Profile]"){kind=icon}
![[PM]](/hvaonline/templates/viet/images/en_US/icon_pm.gif "[PM]"){kind=icon}
![[Up]](/hvaonline/templates/viet/images/en_US/icon_up.gif "[Up]"){kind=icon}
![[Print Copy]](/hvaonline/templates/viet/images/en_US/icon_print.gif "[Print Copy]"){kind=icon}
![[Avatar]](/hvaonline/images/avatar/7ba3e85f50742b496089e833bfa28f7e.jpg "[Avatar]")
![[Avatar]](/hvaonline/images/avatar/76f16cec258171f5d266adf5579ea584.jpg "[Avatar]")
![[WWW]](/hvaonline/templates/viet/images/icon_www.gif "[www]"){kind=icon}
![[digg]](/hvaonline/templates/viet/images/digg.gif "[digg]")
![[delicious]](/hvaonline/templates/viet/images/delicious.gif "[delicious]")
![[google]](/hvaonline/templates/viet/images/google.gif "[google]")
![[yahoo]](/hvaonline/templates/viet/images/yahoo.gif "[yahoo]")
![[technorati]](/hvaonline/templates/viet/images/technorati.gif "[technorati]")
![[reddit]](/hvaonline/templates/viet/images/reddit.gif "[reddit]")
![[stumbleupon]](/hvaonline/templates/viet/images/stumbleupon.gif "[stumbleupon]")