Taas HJT logi

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by BladeX, Jun 11, 2008.

  1. BladeX

    BladeX Member

    Joined:
    Jun 11, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    Viittiskös joku asian osaava kattoa onko tuossa jotain huolenaihetta? On ilmaantunut ongelmia. Kuten windowsin automaattipäivitysten jumiutuminen, koneen yleinen hidastuminen. Enkä ole syytä löytänyt.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:31:21, on 11.6.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\csrss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Norman\Npm\bin\ELOGSVC.EXE
    H:\Norman\Npm\Bin\Zanda.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    H:\WINDOWS\SOUNDMAN.EXE
    H:\WINDOWS\system32\RunDLL32.exe
    H:\Norman\Npm\bin\ZLH.EXE
    H:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    H:\Program Files\MSI\Live Update 3\LMonitor.exe
    H:\WINDOWS\system32\LVCOMSX.EXE
    H:\Program Files\Logitech\Video\LogiTray.exe
    H:\WINDOWS\wt\wcmdmgr.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    H:\Norman\Nvc\BIN\NIP.EXE
    H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    H:\Norman\Npf\BIN\npfmsg2.exe
    H:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Common\Bin\WinCinemaMgr.exe
    H:\Norman\Npf\BIN\NPFSVICE.EXE
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    H:\WINDOWS\System32\nvsvc32.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    H:\Norman\Npm\bin\NJEEVES.EXE
    H:\Norman\Nvc\BIN\NVCSCHED.EXE
    H:\WINDOWS\system32\wscntfy.exe
    H:\Norman\Nvc\bin\nvcoas.exe
    H:\Program Files\iPod\bin\iPodService.exe
    H:\Norman\Nvc\bin\cclaw.exe
    H:\WINDOWS\System32\alg.exe
    H:\Program Files\MSN Messenger\usnsvc.exe
    H:\WINDOWS\system32\rundll32.exe
    H:\Program Files\MSN Messenger\msnmsgr.exe
    H:\WINDOWS\System32\wbem\wmiprvse.exe
    H:\WINDOWS\Explorer.EXE
    H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    H:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [nTrayFw] H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NVIDIA nTune] "H:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] H:\WINDOWS\System32\sw20.exe
    O4 - HKLM\..\Run: [SW24] H:\WINDOWS\System32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Norman ZANDA] H:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LiveMonitor] H:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [wcmdmgr] H:\WINDOWS\wt\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPGServiceTool] H:\PROGRA~1\WinTV\EPGSER~1\System\EPGCLI~1.EXE /Minimize
    O4 - HKLM\..\Run: [InCD] H:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKLM\..\Policies\Explorer\Run: [rare] H:\Program Files\Image ActiveX Access\imsmain.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = H:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O22 - SharedTaskScheduler: equiparant - {25b7d2fd-4f71-46d1-801a-7de323e4ec82} - (no file)
    O23 - Service: Convar task manager (ctm) - Convar Deutschland GmbH - H:\Program Files\Convar\TaskManager\ctm.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - H:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - H:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norman NJeeves - Unknown owner - H:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman Type-R - Unknown owner - H:\Norman\Npf\BIN\NPFSVICE.EXE
    O23 - Service: Norman ZANDA - Norman ASA - H:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - H:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - H:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - H:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - H:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - H:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 10502 bytes
     
    BladeX, Jun 11, 2008
    #1
  2. Hujo

    Hujo Guest

    Lataa SmitfraudFix (c) S!Ri
    Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

    Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita ponnahtava rapport – muistion sisältö viestiketjuusi.
    Löytyy myös C:\rapport.txt

    Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat
    (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja.
    A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä,
    silloin ne saattavat varoittaa käyttäjää.
     
    Hujo, Jun 11, 2008
    #2
  3. BladeX

    BladeX Member

    Joined:
    Jun 11, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    Tässä olisi se ilmaantunut raportti..

    SmitFraudFix v2.323

    Scan done at 16:29:18,50, to 12.06.2008
    Run from H:\Documents and Settings\User\Ty”p”yt„\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\csrss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\Norman\Npm\bin\ELOGSVC.EXE
    H:\Norman\Npm\Bin\Zanda.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    H:\WINDOWS\SOUNDMAN.EXE
    H:\WINDOWS\system32\RunDLL32.exe
    H:\Norman\Npm\bin\ZLH.EXE
    H:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Winamp\winampa.exe
    H:\Program Files\MSI\Live Update 3\LMonitor.exe
    H:\WINDOWS\wt\wcmdmgr.exe
    H:\WINDOWS\system32\LVCOMSX.EXE
    H:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\Logitech\Video\FxSvr2.exe
    H:\Norman\Npf\BIN\npfmsg2.exe
    H:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common\Bin\WinCinemaMgr.exe
    H:\Norman\Nvc\BIN\NIP.EXE
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    H:\Norman\Npf\BIN\NPFSVICE.EXE
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    H:\WINDOWS\System32\nvsvc32.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    H:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    H:\Norman\Npm\bin\NJEEVES.EXE
    H:\Norman\Nvc\BIN\NVCSCHED.EXE
    H:\Norman\Nvc\bin\nvcoas.exe
    H:\Program Files\iPod\bin\iPodService.exe
    H:\WINDOWS\System32\alg.exe
    H:\Norman\Nvc\bin\cclaw.exe
    H:\Program Files\MSN Messenger\usnsvc.exe
    H:\WINDOWS\system32\wscntfy.exe
    H:\Program Files\Internet Explorer\iexplore.exe
    H:\WINDOWS\system32\cmd.exe
    H:\WINDOWS\System32\wbem\wmiprvse.exe
    H:\WINDOWS\System32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» H:\


    »»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» H:\Documents and Settings\User


    »»»»»»»»»»»»»»»»»»»»»»»» H:\Documents and Settings\User\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» H:\DOCUME~1\User\Suosikit


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» H:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Nykyinen kotisivu"


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="H:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Paketinajoituksen miniportti
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B4B2258A-18CF-4F3A-A441-23210516E43C}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{B4B2258A-18CF-4F3A-A441-23210516E43C}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{B4B2258A-18CF-4F3A-A441-23210516E43C}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    BladeX, Jun 12, 2008
    #3

Share This Page