|
RE: HELP ME WITH MSN VIRUS.. I GOT THE HIJACKTHIS LOG!
according to hijackthis.de the following things are nasty:
F2 - REG(Smilie)ystem.ini: Shell=Explorer.exe RVHOST.exe
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
following links should be fixed if you dont know the IP adres:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.196 85.255.112.67
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.196 85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.196 85.255.112.67
unknown:
C:\Program Files\PPStream\ppsap.exe
C:\WINDOWS\msn.com
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
Unknown
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
so you might want to check thoose yourself...
| 
/ 
