http://forum.lowyat.net/ Wed, 17 Jun 2026 13:25:39 +0800 FeedCreator 1.7.2 http://forum.lowyat.net/topic/670909 i update my virus database for nod32 still can&#39;t detect the virus...<br />the virus come from my friend thumbdrive ,<br />here the hijackthis log <br />Logfile of HijackThis v1.99.1<br />Scan saved at 5:05:15 PM, on 4/10/2008<br />Platform: Windows XP SP2 (WinNT 5.01.2600)<br />MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)<br /><br />Running processes:<br />C:&#092;WINDOWS&#092;System32&#092;smss.exe<br />C:&#092;WINDOWS&#092;system32&#092;winlogon.exe<br />C:&#092;WINDOWS&#092;system32&#092;services.exe<br />C:&#092;WINDOWS&#092;system32&#092;lsass.exe<br />C:&#092;WINDOWS&#092;system32&#092;svchost.exe<br />C:&#092;WINDOWS&#092;System32&#092;svchost.exe<br />C:&#092;WINDOWS&#092;system32&#092;spoolsv.exe<br />C:&#092;WINDOWS&#092;system32&#092;bgsvcgen.exe<br />C:&#092;Program Files&#092;WIDCOMM&#092;Bluetooth Software&#092;bin&#092;btwdins.exe<br />C:&#092;Program Files&#092;Eset&#092;nod32krn.exe<br />C:&#092;Program Files&#092;Analog Devices&#092;SoundMAX&#092;SMAgent.exe<br />C:&#092;WINDOWS&#092;Explorer.EXE<br />C:&#092;windows&#092;system32&#092;V3-Force.exe<br />C:&#092;Program Files&#092;Eset&#092;nod32kui.exe<br />C:&#092;WINDOWS&#092;system32&#092;ctfmon.exe<br />C:&#092;Program Files&#092;WIDCOMM&#092;Bluetooth Software&#092;BTTray.exe<br />C:&#092;Program Files&#092;WL230USB Wireless B+G Utility&#092;WLANUTL.exe<br />C:&#092;Program Files&#092;Rainlendar&#092;Rainlendar.exe<br />C:&#092;WINDOWS&#092;BricoPacks&#092;Vista Inspirat&#092;YzShadow&#092;YzShadow.exe<br />C:&#092;PROGRA~1&#092;WIDCOMM&#092;BLUETO~1&#092;BTSTAC~1.EXE<br />C:&#092;WINDOWS&#092;System32&#092;svchost.exe<br />C:&#092;Program Files&#092;Mozilla Firefox&#092;firefox.exe<br />C:&#092;WINDOWS&#092;system32&#092;mspaint.exe<br />C:&#092;WINDOWS&#092;system32&#092;svchost.exe<br />D:&#092;HijackThis&#092;HijackThis.exe<br /><br />O4 - HKLM&#092;..&#092;Run: [IMJPMIG8.1] &quot;C:&#092;WINDOWS&#092;IME&#092;imjp8_1&#092;IMJPMIG.EXE&quot; /Spoil /RemAdvDef /Migration32<br />O4 - HKLM&#092;..&#092;Run: [PHIME2002ASync] C:&#092;WINDOWS&#092;system32&#092;IME&#092;TINTLGNT&#092;TINTSETP.EXE /SYNC<br />O4 - HKLM&#092;..&#092;Run: [PHIME2002A] C:&#092;WINDOWS&#092;system32&#092;IME&#092;TINTLGNT&#092;TINTSETP.EXE /IMEName<br />O4 - HKLM&#092;..&#092;Run: [NvCplDaemon] RUNDLL32.EXE C:&#092;WINDOWS&#092;system32&#092;NvCpl.dll,NvStartup<br />O4 - HKLM&#092;..&#092;Run: [nwiz] nwiz.exe /install<br />O4 - HKLM&#092;..&#092;Run: [NvMediaCenter] RUNDLL32.EXE C:&#092;WINDOWS&#092;system32&#092;NvMcTray.dll,NvTaskbarInit<br />O4 - HKLM&#092;..&#092;Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd<br />O4 - HKLM&#092;..&#092;Run: [nod32kui] &quot;C:&#092;Program Files&#092;Eset&#092;nod32kui.exe&quot; /WAITSERVICE<br />O4 - HKCU&#092;..&#092;Run: [ctfmon.exe] C:&#092;WINDOWS&#092;system32&#092;ctfmon.exe<br />O4 - Startup: Shortcut to Rainlendar.lnk = C:&#092;Program Files&#092;Rainlendar&#092;Rainlendar.exe<br />O4 - Startup: Y&#39;z Shadow.lnk = C:&#092;WINDOWS&#092;BricoPacks&#092;Vista Inspirat&#092;YzShadow&#092;YzShadow.exe<br />O4 - Global Startup: Bluetooth.lnk = ?<br />O4 - Global Startup: WL230USB Wireless B+G Utility.lnk = ?<br />O7 - HKCU&#092;Software&#092;Microsoft&#092;Windows&#092;CurrentVersion&#092;Policies&#092;System, DisableRegedit=1<br />O8 - Extra context menu item: Download All by FlashGet - C:&#092;Program Files&#092;FlashGet&#092;jc_all.htm<br />O8 - Extra context menu item: Download using FlashGet - C:&#092;Program Files&#092;FlashGet&#092;jc_link.htm<br />O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:&#092;Program Files&#092;WIDCOMM&#092;Bluetooth Software&#092;btsendto_ie.htm<br />O9 - Extra &#39;Tools&#39; menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:&#092;Program Files&#092;WIDCOMM&#092;Bluetooth Software&#092;btsendto_ie.htm<br />O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:&#092;PROGRA~1&#092;FlashGet&#092;flashget.exe<br />O9 - Extra &#39;Tools&#39; menuitem: &amp;FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:&#092;PROGRA~1&#092;FlashGet&#092;flashget.exe<br />O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:&#092;Program Files&#092;Messenger&#092;msmsgs.exe<br />O9 - Extra &#39;Tools&#39; menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:&#092;Program Files&#092;Messenger&#092;msmsgs.exe<br />O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:&#092;PROGRA~1&#092;WI1F86~1&#092;MESSEN~1&#092;MSGRAP~1.DLL<br />O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:&#092;PROGRA~1&#092;WI1F86~1&#092;MESSEN~1&#092;MSGRAP~1.DLL<br />O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:&#092;WINDOWS&#092;system32&#092;WPDShServiceObj.dll<br />O23 - Service: B&#39;s Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:&#092;WINDOWS&#092;system32&#092;bgsvcgen.exe<br />O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:&#092;Program Files&#092;WIDCOMM&#092;Bluetooth Software&#092;bin&#092;btwdins.exe<br />O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:&#092;Program Files&#092;Eset&#092;nod32krn.exe<br />O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:&#092;WINDOWS&#092;system32&#092;nvsvc32.exe<br />O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:&#092;Program Files&#092;Analog Devices&#092;SoundMAX&#092;SMAgent.exe<br /><br />and the screenshot got 1 &quot;51&quot; trayicon ,double click on it will pop up mirc window(i didn&#39;t install any mirc) , comfirm its virus/trojan ,<br />now my pc can&#39;t use registry , seach , task manager ......<br />and i wonder why my hijackthis unable to see &quot;C:&#092;windows&#092;system32&#092;V3-Force.exe&quot; but able to see it with log file , and i can&#39;t disable it with hijackthis because its not in the list turk-s- Technical Support Thu, 10 Apr 2008 17:14:36 +0800