|
| |||||||
 |
 |
| | Thread Tools |
|
#1
21 oktober 2008, 10:48
| |||
| |||
| Inficeret med Heur.trojan.generic venligst Hjælp min computer på arbejdet hasn't havde et godt anti virus, og efter jeg har installeret kaspersky det konstateret, at min lsass.exe \ qoMghecb.dll filer er inficeret med heur.trojan.generic virus. Der er ingen info om det på de fleste hjemmesider om den virus, eller hvordan man kan fjerne det. Can someone please hjælp mig ud? |
|
#2
21 oktober 2008, 10:49
| ||||||||||||
| ||||||||||||
| Inficeret med Heur.trojan.generic venligst Hjælp http://www.computer-juice.com/forums...-posting-7476/
__________________
Følg vejledningen, skal du installere gratis software og efter log-filerne. Derefter malware hold kan se, hvad der er galt med dit system. Mit system: Hybr! D
|
|
#3
27 oktober 2008, 08:58
| |||
| |||
| Inficeret med Heur.trojan.generic venligst Hjælp ok her er de scanninger fra hijack dette, super spyware og malware henholdsvis Logfile af Trend Micro HijackThis v2.0.2 Scan gemt kl 11:48:36, den 10/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Kørende processer: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ Lsass.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Programmer \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ Explorer.EXE C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ ACS \ AOLacsd.exe C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Programmer \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ Programmer \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe C: \ WINDOWS \ system32 \ wscntfy.exe C: \ Programmer \ Western Union \ Universal-Release \ Translink.exe C: \ Programmer \ Internet Explorer \ iexplore.exe C: \ Programmer \ Mozilla Firefox \ firefox.exe C: \ Programmer \ Trend Micro \ HijackThis \ sniper.exe.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dell.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025 O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.5.0_09 \ bin \ ssv.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programmer \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll O2 - BHO: CBrowserHelperObject Object - (CA6319C0-31B7-401E-A518-A07C3DB8F777) - C: \ Programmer \ BAE \ BAE.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [AVP] "C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O8 - Extra sammenhæng menupunkt: Føj til Bannerannonce Blocker - C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office11 \ EXCEL.EXE/3000 O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Ekstra knap: webtrafik beskyttelse statistik - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office11 \ REFIEBAR.DLL O9 - Ekstra knap: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe O16 - DPF: (05D44720-58E3-49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: (3BB54395-5982-4788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Inviter) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: (3C1F44A9-D1FD-4AA5-BC66-69816B58680C) (Printer Class) -- https: / / webcenter.ipponline.com / ippo...iptPrinter.cab O16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: (6B0228D7-D6D5-4B97-82E7-79557E4314D0) (ScannerDll.CheckScanner) -- https: / / webcenter.ipponline.com / ippo...ScannerDll.CAB O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab O16 - DPF: (F773E7B2-62A9-4524-9109-87D2F0BEFAA4) (ChessControl klasse) -- http://zone.msn.com/bingame/zpagames...p.cab56961.cab O18 - Filter hijack: text / html - (59610584-cc18-436f-b031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll O20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd3.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPE R ~ 1 \ adialhk.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ kloe hk.dll dwolhm.dll O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: AOL Tilslutningsmuligheder Service (AOL ACS) - America Online, Inc. - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ ACS \ AOLacsd.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programmer \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe -- End of file - 6163 bytes |
|
#4
27 oktober 2008, 08:58
| |||
| |||
| Inficeret med Heur.trojan.generic venligst Hjælp SUPERAntiSpyware Scan Log http://www.superantispyware.com Genereret 10/23/2008 kl 11:31 Application Version: 4.21.1004 Core Rules Database Version: 3606 Trace Rules Database Version: 1592 Scan type: Complete Scan Total Scan Time: 00:36:11 Memory poster skannet: 460 Memory trusler opdaget: 3 Elementer i registreringsdatabasen skannet: 5.191 Registry trusler opdaget: 385 File poster skannet: 37.221 File trusler opdaget: 260 Trojan.Downloader-NewJuan/VM C: \ WINDOWS \ SYSTEM32 \ SZNQNJ.DLL C: \ WINDOWS \ SYSTEM32 \ SZNQNJ.DLL Trojan.Vundo-Variant/Small-GEN C: \ WINDOWS \ SYSTEM32 \ RQRIJAST.DLL C: \ WINDOWS \ SYSTEM32 \ RQRIJAST.DLL Adware.Vundo Variant / Resident C: \ WINDOWS \ SYSTEM32 \ QOMGHECB.DLL C: \ WINDOWS \ SYSTEM32 \ QOMGHECB.DLL Trojan.Vundo-Variant/NextGen HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (14F3A19A-1552-46C1-A1C8-A2179A397038) HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) \ InprocServer32 HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) \ InprocServer32 # ThreadingModel HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) \ InprocServer32 HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) \ InprocServer32 # ThreadingModel HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ shellexecutehooks # (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) Software \ Microsoft \ Windows NT \ CurrentVersion \ WinLogon \ Notify \ rqRiJAst Trojan.Vundo-Variant/NextGen-Six HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (f904655c-8a31-4df9-be6d-8b5cb123d208) HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) \ InprocServer32 HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) \ InprocServer32 # ThreadingModel C: \ WINDOWS \ SYSTEM32 \ PNSWWF.DLL Trojan.Smitfraud Variant / IE Anti-Spyware HKLM \ Software \ Microsoft \ Internet Explorer \ Extensions \ (9034A523-D068-4BE8-A284-9DF278BE776E) Adware.Tracking Cookie C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@dynamic.media.a drevolver [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ html [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ reklame [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Pus [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@server.iad.live person [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ linksynergy [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ questionmarket [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@trvlnet.adburea u [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@statse.webtrend Slive [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ fastclick [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ specificclick [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@iacas.adbureau [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.adocean [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@citi.bridgetrac k [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@banners.andomed ia [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ tjener-sys [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ trafficmp [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.addynamix [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Zedo [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.pointroll [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@glb.adtechus [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ interclick [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-hyundaiusa.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.ntsserve [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.shopica [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 60960915 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@bs.serving-sys [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Bluestreak [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ roiservice [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ superrewards [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ atdmt [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ trackalyzer [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Tacoda [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@sparknetworks.1 12.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ kollektiv-medier [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ atwola [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 35668663 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@web4.realtracke r [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ checkingsaccoun tsfree [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@track.bestbuy [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.as4x.tmcs [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Adbrite [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-spyderactivesportinc.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ media6degrees [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ doubleclick [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@edge.ru4 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ casalemedia [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ indtægter [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@homeaway.112.2o 7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ insightexpressa i [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adserver.adreac tor [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.mtvnservi ces [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ adinterax [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tremor.adbureau [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@optimize.indiec slikke [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ ValueClick [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 44153975 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.travelcount ry [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.adrevolve r [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@hearstugo.112.2 O7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ husk [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-hollywoodmedia.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ waterfrontmedia .112.2 O7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@anat.tacoda [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@snapfish.112.2o 7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.cnn [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.bridgetrack [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ nextag [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@data.coremetric s [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ burstnet [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ azjmp [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 247realmedia [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ TradeDoubler [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ cgi-bin [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-dig.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adopt.euroclick [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ adrevolver [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@anad.tacoda [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ pro-market [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viavh1com.112.2 O7 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ adrevolver [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ RealMedia [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viavh1comdev.11 2.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@e-2dj6wdl4umcjogo.stats.esomniture [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adopt.specificc slikke [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ statcounter [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@rm.yieldmanager [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ overture [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ revsci [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 27467505 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@extrovert.122.2 O7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.keywor Dmax [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ tribalfusion [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@208.122.40 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Mediaplex [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@richmedia.yahoo [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ apmebf [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@at.atwola [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.calorie-count [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1071868927 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ gadget [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.mynetfinder [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ adlegend [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Kontera [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ backcountry [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ SPD0478 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ my-kalorie-counter [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.polygonelit e [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@mlarmani.122.2o 7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.o2 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@aerlingus.122.2 O7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.widgetbucks [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@prospect.adbure au [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@wunderloop.zano x [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.fathom seo [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ valeantpharmace uticals.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1072676049 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@pai.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@shopping.112.2o 7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.cheapflight s [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@stampscom.112.2 O7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 27814325 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ordie.adbureau [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry stikkontakt [3]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry stikkontakt [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 60960915 [3]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.mediamayhem corp [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@counter.surfcou nters [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@msnportal.112.2 O7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.associatedco ntent [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@hit.stat [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@e-2dj6wjnyekc5ogo.stats.esomniture [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ ShowIt [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 41586732 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.foundr y42 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.scribefire [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1070515056 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Mine [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-homesandland.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@homestore.122.2 O7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@te.kontera [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@perf.overture [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@redirect.clicks hield [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ hypertracker [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1069204868 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1070848910 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ joyforouryouth. 112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@sales.liveperso n [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Adtech [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1070932382 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@warnerbros.112. 2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@zbox.zanox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1068787440 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-officeworld.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-warnerbrothers.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ directtrack [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ microsoftwindow s.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ qnsr [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ media303 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ LPneimanmarcus [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-foxsports.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ kalorie-count [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@bridge.admarket sted [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adserver.adtech os [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viacom.adbureau [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@healthgrades.11 2.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ford.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ partner2profit [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ backcountryoutl et [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viator.122.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.burstnet [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@blackstone.122. 2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ssm.directtrack [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ yadro [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ yieldmanager [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yoyo [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ mediapromoter [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ rotator [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ angleinteractiv e.directtrack [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@amazonbebe.122. 2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ clickbooth [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ sharewellgroup. 112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-guess.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.quixsurf [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1068951109 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ cgi-bin [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ socialmedia [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ adtrafficdriver [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ pcvirusremover2 008 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@login.tracking1 01 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.burstbeacon [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ efashionsolutio ns.122.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ polygonelite [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.penis.com [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@stat.dealtime [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ clicktorrent [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 56294818 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@sixapart.adbure au [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad1.clickhype [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@kaboose.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-groupernetworks.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@afe.specificcli ck [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ styrke [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@videoegg.adbure au [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@208.122.40 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ EyeWonder [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ hornymatches [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ adserver [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adserver.easyad [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 33069911 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ specificmedia [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ ma-medier [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@test.coremetric s [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@counter.hitslin k [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.zanox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.monster [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ husk [3]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.findgift [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ pricesexposed [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ shopica [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ wmvmedialease [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1052094474 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ watchmyclicks [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.ovguide [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ sprutte [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-advertisementbv.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ hurtig-scanner [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1066497271 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@clickz.lonelych eatingwives [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 76226072 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.novem [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viamtvcom.112.2 O7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.findit-quick [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ regnskaber [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.adocean [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yieldmanager [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.licenseac quisition [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ tjener-sys [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ webstats [1]. Txt C: \ Documents and Settings \ LocalService \ Cookies \ system @ 2o7 [1]. Txt CommonName Toolbar / Browser Helper Object HKCR \ CLSID \ (00000000-0000-0000-0000-000000000000) Trojan.MalwareWipe HKCR \ AppID \ (70F17C8C-1744-41B6-9D07-575DB448DCC5) Malware.AntiVirusGolden HKCR \ Cerberus.EngineListener HKCR \ Cerberus.EngineListener \ CLSID HKCR \ Cerberus.EngineListener \ CurVer HKCR \ Cerberus.EngineListener.1 HKCR \ Cerberus.EngineListener.1 \ CLSID HKCR \ Cerberus.Scanner HKCR \ Cerberus.Scanner \ CLSID HKCR \ Cerberus.Scanner \ CurVer HKCR \ Cerberus.Scanner.1 HKCR \ Cerberus.Scanner.1 \ CLSID HKCR \ Cerberus.ThreatCollection HKCR \ Cerberus.ThreatCollection \ CLSID HKCR \ Cerberus.ThreatCollection \ CurVer HKCR \ Cerberus.ThreatCollection.1 HKCR \ Cerberus.ThreatCollection.1 \ CLSID HKCR \ Engine.Backup HKCR \ Engine.Backup \ CLSID HKCR \ Engine.Backup \ CurVer HKCR \ Engine.Backup.1 HKCR \ Engine.Backup.1 \ CLSID HKCR \ Engine.IgnoreList HKCR \ Engine.IgnoreList \ CLSID HKCR \ Engine.IgnoreList \ CurVer HKCR \ Engine.IgnoreList.1 HKCR \ Engine.IgnoreList.1 \ CLSID HKCR \ Engine.Log HKCR \ Engine.Log \ CLSID HKCR \ Engine.Log \ CurVer HKCR \ Engine.Log.1 HKCR \ Engine.Log.1 \ CLSID HKCR \ Engine.LogRecord HKCR \ Engine.LogRecord \ CLSID HKCR \ Engine.LogRecord \ CurVer HKCR \ Engine.LogRecord.1 HKCR \ Engine.LogRecord.1 \ CLSID HKCR \ Engine.Paths HKCR \ Engine.Paths \ CLSID HKCR \ Engine.Paths \ CurVer HKCR \ Engine.Paths.1 HKCR \ Engine.Paths.1 \ CLSID HKCR \ Engine.Quarantine HKCR \ Engine.Quarantine \ CLSID HKCR \ Engine.Quarantine \ CurVer HKCR \ Engine.Quarantine.1 HKCR \ Engine.Quarantine.1 \ CLSID HKCR \ Engine.RunAs HKCR \ Engine.RunAs \ CLSID HKCR \ Engine.RunAs \ CurVer HKCR \ Engine.RunAs.1 HKCR \ Engine.RunAs.1 \ CLSID HKCR \ Engine.SearchItem HKCR \ Engine.SearchItem \ CLSID HKCR \ Engine.SearchItem \ CurVer HKCR \ Engine.SearchItem.1 HKCR \ Engine.SearchItem.1 \ CLSID HKCR \ Engine.Threat HKCR \ Engine.Threat \ CLSID HKCR \ Engine.Threat \ CurVer HKCR \ Engine.Threat.1 HKCR \ Engine.Threat.1 \ CLSID HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) # AppID HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ LocalServer32 HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ ProgID HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ Programmable HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ TypeLib HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ VersionIndependentProgID HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) # AppID HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ LocalServer32 HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ ProgID HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ Programmable HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ TypeLib HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ VersionIndependentProgID HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) # AppID HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ LocalServer32 HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ ProgID HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ Programmable HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ TypeLib HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ VersionIndependentProgID HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) # AppID HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ LocalServer32 HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ ProgID HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ TypeLib HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ VersionIndependentProgID HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) # AppID HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ LocalServer32 HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ ProgID HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ TypeLib HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ VersionIndependentProgID HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) # AppID HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ LocalServer32 HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ ProgID HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ TypeLib HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ VersionIndependentProgID HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) # AppID HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ LocalServer32 HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ ProgID HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ TypeLib HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ VersionIndependentProgID HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) # AppID HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ LocalServer32 HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ ProgID HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ TypeLib HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ VersionIndependentProgID HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) # AppID HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ LocalServer32 HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ ProgID HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ Programmable HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ TypeLib HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ VersionIndependentProgID HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) # AppID HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ LocalServer32 HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ ProgID HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ TypeLib HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ VersionIndependentProgID HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) # AppID HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ LocalServer32 HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ ProgID HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ Programmable HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ TypeLib HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ VersionIndependentProgID HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) # AppID HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ LocalServer32 HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ ProgID HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ TypeLib HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ VersionIndependentProgID HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ 0 HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ 0 \ win32 HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ FLAGS HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ HELPDIR HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ ProxyStubClsid HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ ProxyStubClsid32 HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ TypeLib HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ TypeLib # Version HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ ProxyStubClsid HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ ProxyStubClsid32 HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ TypeLib HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ TypeLib # Version HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ ProxyStubClsid HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ ProxyStubClsid32 HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ TypeLib HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ TypeLib # Version HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ ProxyStubClsid HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ ProxyStubClsid32 HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ TypeLib HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ TypeLib # Version HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ ProxyStubClsid HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ ProxyStubClsid32 HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ TypeLib HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ TypeLib # Version HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ ProxyStubClsid HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ ProxyStubClsid32 HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ TypeLib HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ TypeLib # Version HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ ProxyStubClsid HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ ProxyStubClsid32 HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ TypeLib HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ TypeLib # Version HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ ProxyStubClsid HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ ProxyStubClsid32 HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ TypeLib HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ TypeLib # Version HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ ProxyStubClsid HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ ProxyStubClsid32 HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ TypeLib HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ TypeLib # Version HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ ProxyStubClsid HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ ProxyStubClsid32 HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ TypeLib HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ TypeLib # Version HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ ProxyStubClsid HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ ProxyStubClsid32 HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ TypeLib HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ TypeLib # Version HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ ProxyStubClsid HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ ProxyStubClsid32 HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ TypeLib HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ TypeLib # Version HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ ProxyStubClsid HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ ProxyStubClsid32 HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ TypeLib HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ TypeLib # Version HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ ProxyStubClsid HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ ProxyStubClsid32 HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ TypeLib HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ TypeLib # Version HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ ProxyStubClsid HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ ProxyStubClsid32 HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ TypeLib HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ TypeLib # Version HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ ProxyStubClsid HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ ProxyStubClsid32 HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ TypeLib HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ TypeLib # Version HKCR \ AppID \ Cerberus.EXE HKCR \ AppID \ Cerberus.EXE # AppID Trojan.Media-Codec C: \ Documents and Settings \ Lifeline \ Foretrukne \ Online Security Test.url Adware.180solutions/Seekmo HKU \ S-1-5-21-4234981574-39719586-4263454222-1007 \ Software \ seekmo HKLM \ Software \ seekmo HKLM \ Software \ seekmo # CVF HKLM \ Software \ seekmo # install_embedded HKLM \ Software \ seekmo # umt HKLM \ Software \ seekmo # duid HKLM \ Software \ seekmo # partner_id HKLM \ Software \ seekmo # product_id C: \ Programmer \ Seekmo \ seekmoau.dat C: \ Programmer \ Seekmo \ seekmo_gdf.dat C: \ Programmer \ Seekmo \ seekmo_kyf.dat C: \ Programmer \ Seekmo C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Seekmo Search Assistant \ Seekmo Kunde Support.url C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Seekmo Search Assistant \ Seekmo.com.url C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Seekmo Search Assistant \ Uninstall Seekmo Instructions.lnk C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Seekmo Search Assistant Trojan.DNSChanger-Codec HKCR \ CLSID \ E404.e404mgr HKCR \ CLSID \ E404.e404mgr # UserId Trojan.Media-Codec/V4 HKCR \ videoPl.chl HKCR \ videoPl.chl \ CLSID HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstallér \ MultiMedia Software HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstallér \ MultiMedia Software # ProductionEnvironment HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstallér \ MultiMedia Software # DisplayName HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstallér \ MultiMedia Software # UninstallString HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstallér \ MultiMedia Software # DisplayIcon HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstallér \ MultiMedia Software # DisplayVersion HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstallér \ MultiMedia Software # Publisher Rogue.AntiSpyKit HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ cnreqoyLmwnuv HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ crrmlfrwzfxhg HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ gizbuobfa HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ InprocServer32 HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ KIcbv HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ nfjRol HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ rDkSqA Rogue.VirusHeat HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ hwuhrcdfh HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ hxgfzhjfHrx HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ InprocServer32 HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ InprocServer32 # ThreadingModel HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ iTzlTI HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ nMnkE HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ OufPqTb HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ sBnix HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ uAEeiihPke HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ 0 HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ 0 \ win32 HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ FLAGS HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ HELPDIR HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ ProxyStubClsid HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ ProxyStubClsid32 HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ TypeLib HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ TypeLib # Version HKCR \ Interface \ (1A74C41C-0837-4fbe-ba50-621EB70F01CE) HKCR \ Interface \ (1A74C41C-0837-4fbe-ba50-621EB70F01CE) \ ProxyStubClsid HKCR \ Interface \ (1A74C41C-0837-4fbe-ba50-621EB70F01CE) \ ProxyStubClsid32 HKCR \ Interface \ (1A74C41C-0837-4fbe-ba50-621EB70F01CE) \ TypeLib HKCR \ Interface \ (1A74C41C-0837-4fbe-ba50-621EB70F01CE) \ TypeLib # Version HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ ProxyStubClsid HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ ProxyStubClsid32 HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ TypeLib HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ TypeLib # Version HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ ProxyStubClsid HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ ProxyStubClsid32 HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ TypeLib HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ TypeLib # Version HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ ProxyStubClsid HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ ProxyStubClsid32 HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ TypeLib HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ TypeLib # Version HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ ProxyStubClsid HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ ProxyStubClsid32 HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ TypeLib HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ TypeLib # Version HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ ProxyStubClsid HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ ProxyStubClsid32 HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ TypeLib HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ TypeLib # Version HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ ProxyStubClsid HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ ProxyStubClsid32 HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ TypeLib HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ TypeLib # Version HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ ProxyStubClsid HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ ProxyStubClsid32 HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ TypeLib HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ TypeLib # Version HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ ProxyStubClsid HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ ProxyStubClsid32 HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ TypeLib HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ TypeLib # Version HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ ProxyStubClsid HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ ProxyStubClsid32 HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ TypeLib HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ TypeLib # Version HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ ProxyStubClsid HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ ProxyStubClsid32 HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ TypeLib HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ TypeLib # Version HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ ProxyStubClsid HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ ProxyStubClsid32 HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ TypeLib HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ TypeLib # Version HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ ProxyStubClsid HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ ProxyStubClsid32 HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ TypeLib HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ TypeLib # Version HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ ProxyStubClsid HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ ProxyStubClsid32 HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ TypeLib HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ TypeLib # Version HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ ProxyStubClsid HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ ProxyStubClsid32 HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ TypeLib HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ TypeLib # Version Trojan.Media-Codec/V5 HKU \ S-1-5-21-4234981574-39719586-4263454222-1007 \ Software \ NetProject HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service # DisplayName HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service # UninstallString HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing # DisplayName HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing # UninstallString Adware.Vundo Variant / Rel HKLM \ SOFTWARE \ Microsoft \ FCOVM HKLM \ SOFTWARE \ Microsoft \ RemoveRP |
|
#5
27 oktober 2008, 08:59
| |||
| |||
| Inficeret med Heur.trojan.generic venligst Hjælp Malwarebytes' Anti-Malware 1.30 Database version: 1310 Windows 5.1.2600 Service Pack 2 10/23/2008 12:24:55 mbam-log-2008-10-23 (12-24-55). txt Scan type: Quick Scan Objekter skannet: 52.051 Tidsforbrug: 6 minut (s), 54 sekund (s) Memory Processes Infected: 0 Inficerede Hukommelses Moduler: 7 Registry Keys Infected: 124 Inficerede Registeringsdatabase Værdier: 15 Registry Data Items Infected: 2 Folders Infected: 6 Inficerede Filer: 56 Memory Processes Infected: (Nr. ondsindede elementer opdaget) Memory Modules Infected: C: \ WINDOWS \ system32 \ lptjntqu.dll (Trojan.Vundo.H) -> Delete on reboot. C: \ WINDOWS \ system32 \ qoMghecb.dll (Trojan.Vundo.H) -> Delete on reboot. C: \ WINDOWS \ system32 \ pnswwf.dll (Trojan.Vundo) -> Delete on reboot. C: \ WINDOWS \ system32 \ rqRiJAst.dll (Trojan.Vundo.H) -> Delete on reboot. C: \ WINDOWS \ system32 \ emufbyex.dll (Trojan.Vundo) -> Delete on reboot. C: \ WINDOWS \ system32 \ dwolhm.dll (Trojan.Vundo) -> Delete on reboot. C: \ WINDOWS \ system32 \ cryptuik.dll (Trojan.Vundo.H) -> Delete on reboot. Registreringsdatabasenøgler Inficerede: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (06ef2cab-3340-4eb1-A740-c33ac922fa1f) (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT \ CLSID \ (06ef2cab-3340-4eb1-A740-c33ac922fa1f) (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ rqrijast (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT \ CLSID \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ jvkuajdi (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT \ CLSID \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ CLSID \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ WINDOWS \ Curre ntVersion \ Ext \ Stats \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (06ef2cab-3340-4eb1-A740-c33ac922fa1f) (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ cerberus.enginelistener (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ cerberus.enginelistener.1 (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ cerberus.scanner (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ cerberus.scanner.1 (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ cerberus.threatcollection (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ cerberus.threatcollection.1 (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.backup (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.backup.1 (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.ignorelist (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.ignorelist.1 (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.log (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.log.1 (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.logrecord (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.logrecord.1 (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.paths (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.paths.1 (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.quarantine (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.quarantine.1 (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.runas (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.runas.1 (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.searchitem (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.searchitem.1 (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.threat (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ engine.threat.1 (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ main.bho (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ main.bho.1 (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (0ec085a8-9818-43b7-b975-ec7555eda4d2) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (1a74c41c-0837-4fbe-ba50-621eb70f01ce) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (25297614-1b76-4c2c-82c6-62738aa0e8f0) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (27ed4ac2-b6d8-4079-9831-017a100b391e) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (37f89457-1208-4670-9245-58c62bd6d870) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (3f6d6c35-fb73-45e6-9473-bb4cc25ce019) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (45477032-abd0-454d-9ce4-ea34c10322f8) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (69e34747-0b27-4b30-ae20-1023bf29e246) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (715d709b-2b10-42fa-a069-297d25d93601) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (79be5b3b-80b2-4b77-A042-efc90f6e0de7) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (7c0ec6bf-81b9-4fe0-9447-4ed29a36bf5d) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (7ebb34cf-1728-4136-a968-48f231dad1b4) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (872c1b1e-3cf0-4d3a-95e5-a0c662d2854c) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (886b1d08-b404-40f0-aa18-4e416682a2e9) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (88daa291-b413-4c46-b378-3be66f65369e) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (8b5f65cf-0b0a-4291-8da2-86d7f7b0a6db) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (925b0211-a1c1-4712-8fca-5f5b8101736d) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (936a2f4a-53f8-4d2f-92aa-2f9de889841c) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (986a8ac1-ab4d-4f41-9068-4b01c0197867) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (afcc3fa7-82a9-42d5-a405-78711e97a5d6) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (b01e37c4-5497-4d58-9ffd-d5653b8dc866) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (cc05a4a3-7b28-488f-ab02-6aaedb86accf) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (ccaa201c-c48d-48a8-a1e8-846562cbf1c1) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (d483521b-d5cc-43ff-a45a-9be4a8e6606e) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (e80114aa-6653-4952-9e97-5f1dc63bee0f) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (ed2aff47-b7be-4273-a203-c796e87f72d2) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (f0fa7ed9-5a0a-4374-b63e-bebafd52192e) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (f5dee77c-87eb-4e00-bbf9-8cbf3bdea7af) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (f9109a2a-432b-4add-a6fa-06ba22dcd2d9) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (fb5ddab7-6aa5-4e97-9541-5a75addf4aba) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (fca3958a-8d38-4d14-8b81-ccd7f68a8a01) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (fddf521b-0ebe-4d15-838c-73e2d851161b) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Interface \ (ff609434-eb47-481b-ba0e-1d2b467629a5) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ CLSID \ (6743c36c-cbfe-11db-9705-005056c00008) (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ CLSID \ (020b1227-417d-4682-9ac3-61f43cb5b6b1) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ CLSID \ (125494b2-Acad-414c-98b9-452f3ef7703a) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ CLSID \ (20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ CLSID \ (3d00a39c-655b-428b-aeb2-2fba03dcc49c) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ CLSID \ (408f660a-9465-44a3-b557-8709dfd992bc) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ CLSID \ (5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ CLSID \ (8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ CLSID \ (8ee6bf73-b370-4d13-9126-eb0071178f2e) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ CLSID \ (97f56e12-c706-4aeb-9FFB-133c05ee5d38) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ CLSID \ (9bb7e700-4e48-476d-b75c-6f47606be988) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ CLSID \ (cbcaca58-1aee-4600-8cf0-e8b30bff1535) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ CLSID \ (d6d64cdf-0363-4261-b723-29a3af365e1d) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ TypeLib \ (8e3c68cd-F500-4a2a-8cb9-132bb38c3573) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Typelib \ (60f94d7d-563e-4942-b5ec-2de9c135c139) (Rogue.Antivirus.Gold) -> karantæne og slettet. HKEY_CLASSES_ROOT \ TypeLib \ (cbd02e9b-37ef-47d2-96b0-3abbb2eb92bf) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ AppID \ (a0e1054b-01ee-4d57-A059-4d99f339709f) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ AppID \ (70f17c8c-1744-41b6-9d07-575db448dcc5) (Rogue.Multiple) -> karantæne og slettet. HKEY_CLASSES_ROOT \ Installer \ UpgradeCodes \ 7c673a5b8 71b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (afd4ad01-58C1-47dB-A404-fbe00a6c5486) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (9034a523-d068-4be8-a284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (c2a1c5cb-c0ef-4689-9436-f62cca1c5383) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ SearchScopes \ (daed9266-8c28-4c1c-8b58-5c66eff1d302) (Search.Hijack) -> karantæne og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ UpgradeCodes \ 7c673a5b871b8cd4 19f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ControlPanel \ NameSpace \ (6743c3 6c-cbfe-11db-9705-005056c00008) (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Ext \ PreApproved \ (0ac49246-419b-4ee0-8917-8818daad6a4e) (Adware.180Solutions) -> karantæne og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Ext \ PreApproved \ (99410cde-6f16-42ce-9d49-3807f78f0287) (Adware.180Solutions) -> karantæne og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Ext \ forhåndsgodkendt \ (f31a5d11-bf0b-4A4E-90af-274f2090aaa6) (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Extensions \ (9034a523-d068-4be8-a284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ j qvxedzb (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ j qvxedzb (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ jqvxedzb (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ seekmo (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ NetProject (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Web Application (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> karantæne og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> karantæne og slettet. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ instkey (Trojan.Vundo) -> karantæne og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Track System (Trojan.Vundo) -> karantæne og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> karantæne og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> karantæne og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> karantæne og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ multimediesoftware (Trojan.Zlob) -> karantæne og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ seekmo (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ AppID \ Cerberus.EXE (Rogue.Antivirus.Gold) -> karantæne og slettet. Registry Values Infected: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ b0c087c0 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ shellexecutehooks \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ Extensions \ CmdMapping \ (9034a523-d068-4be8-a284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ SharedTaskScheduler \ (ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ bf (Trojan.Agent) -> karantæne og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ bk (Trojan.Agent) -> karantæne og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ IE (Trojan.Agent) -> karantæne og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ mu (Trojan.Agent) -> karantæne og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ Folders \ c: \ program files \ adwarealert \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ Folders \ c: \ program files \ adwarealert \ filterdrv \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ Folders \ c: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ adwarealert \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ ADP (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. securewebinfo.com (Trojan.Zlob) -> karantæne og slettet. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. safetyincludes.com (Trojan.Zlob) -> karantæne og slettet. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. securemanaging.com (Trojan.Zlob) -> karantæne og slettet. Registry Data Items Infected: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Notification Packages (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ qomghecb -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Authentication Packages (Trojan.Vundo) -> Data: c: \ windows \ system32 \ qomghecb -> Delete on reboot. Folders Infected: C: \ Programmer \ Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ AppCert (Trojan.Downloader) -> Quarantined and deleted successfully. C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully. Files Infected: C: \ WINDOWS \ system32 \ qoMghecb.dll (Trojan.Vundo.H) -> Delete on reboot. C: \ WINDOWS \ system32 \ bcehgMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ bcehgMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ rqRiJAst.dll (Trojan.Vundo.H) -> Delete on reboot. c: \ WINDOWS \ system32 \ cryptuik.dll (Trojan.Vundo.H) -> Delete on reboot. C: \ WINDOWS \ system32 \ dwolhm.dll (Trojan.Vundo.H) -> Delete on reboot. C: \ WINDOWS \ system32 \ evhuoman.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ namouhve.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ lptjntqu.dll (Trojan.Vundo.H) -> Delete on reboot. C: \ WINDOWS \ system32 \ uqtnjtpl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ pnswwf.dll (Trojan.Vundo) -> Delete on reboot. C: \ WINDOWS \ system32 \ emufbyex.dll (Trojan.Vundo) -> Delete on reboot. C: \ Programmer \ Common \ _helper.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C: \ Windows \ Installer \ (AD4149B3-56B1-4E2A-A8A4-54FF9DE92C87) \ Icon.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ ywpnxpys.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ cwokkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ cypdyp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ dhebaasf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ fdbgbvkj.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ mpasahjl.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ sznqnj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ nuuwnrfb.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ opcapbye.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ plljru.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ tgycffmw.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ blukkoij.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ bxdiyfrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ ftvwbfjg.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ vgrksjuc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ ulmxavjt.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LMQL183J \ upd105320 [1] (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ Programmer \ Seekmo \ seekmoau.dat (Adware.180Solutions) -> Quarantined and deleted successfully. C: \ Programmer \ Seekmo \ seekmo_gdf.dat (Adware.180Solutions) -> Quarantined and deleted successfully. C: \ Programmer \ Seekmo \ seekmo_kyf.dat (Adware.180Solutions) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ AppCert \ filter.drv (Trojan.Downloader) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ AppCert \ options.dat (Trojan.Downloader) -> Quarantined and deleted successfully. C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ AdwareAlert \ AdwareAlert på Web.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ AdwareAlert \ AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 19 - 03_00_00 AM_625.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 19 - 03_00_01 AM_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 20 - 03_00_00 AM_609.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 20 - 03_00_01 AM_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 21 - 03_00_00 AM_484.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 21 - 03_00_01 AM_203.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 22 - 03_00_00 AM_250.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 22 - 03_00_00 AM_562.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 03_00_00 AM_281.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 03_00_00 AM_640.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 11_06_53 AM_968.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 11_12_02 AM_000.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Settings \ ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Programmer \ Common \ helper.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C: \ WINDOWS \ Tasks \ AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Foretrukne \ Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully. C: \ Documents and Settings \ All Users \ Desktop \ AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully. |
|
#6
27 oktober 2008, 09:04
| |||
| |||
| Inficeret med Heur.trojan.generic venligst Hjælp Du bruger to antivirus og to firewalls (sikkerhed suiter). Afinstaller et af dem nu og derefter sende en ny HijackThis log.
__________________  |
|
#7
27 oktober 2008, 09:11
| |||
| |||
| Inficeret med Heur.trojan.generic venligst Hjælp Jamen jeg har kaspersky installeret så dets antivirus og brand væg og im gætte Windows Firewall er slået og jeg dont kende hvad andre antivirus Jeg har installeret im ikke kører noget andet kunne u være mere konkret? |
|
#8
27 oktober 2008, 09:17
| |||
| |||
| Inficeret med Heur.trojan.generic venligst Hjælp Microsoft Windows OneCare Live er også en antivirus / firewall kombination.
__________________ |
|
#9
29 oktober 2008, 08:01
| |||
| |||
| Inficeret med Heur.trojan.generic venligst Hjælp Ok jeg kiggede, men en forsigtig er ikke installeret jeg havde afinstalleret det da jeg var installere kaspersky her er en ny hijackthis alligevel. Logfile af Trend Micro HijackThis v2.0.2 Scan gemt kl 11:02:53, den 10/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Kørende processer: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ Lsass.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ Explorer.EXE C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ ACS \ AOLacsd.exe C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Programmer \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ system32 \ wscntfy.exe C: \ Programmer \ Western Union \ Universal-Release \ Translink.exe C: \ Programmer \ Internet Explorer \ iexplore.exe C: \ Programmer \ Mozilla Firefox \ firefox.exe C: \ Programmer \ Trend Micro \ HijackThis \ sniper.exe.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dell.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025 O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.5.0_09 \ bin \ ssv.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programmer \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll O2 - BHO: CBrowserHelperObject Object - (CA6319C0-31B7-401E-A518-A07C3DB8F777) - C: \ Programmer \ BAE \ BAE.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [AVP] "C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O8 - Extra sammenhæng menupunkt: Føj til Bannerannonce Blocker - C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office11 \ EXCEL.EXE/3000 O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Ekstra knap: webtrafik beskyttelse statistik - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office11 \ REFIEBAR.DLL O9 - Ekstra knap: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe O16 - DPF: (05D44720-58E3-49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: (3BB54395-5982-4788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Inviter) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: (3C1F44A9-D1FD-4AA5-BC66-69816B58680C) (Printer Class) -- https: / / webcenter.ipponline.com / ippo...iptPrinter.cab O16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: (6B0228D7-D6D5-4B97-82E7-79557E4314D0) (ScannerDll.CheckScanner) -- https: / / webcenter.ipponline.com / ippo...ScannerDll.CAB O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab O16 - DPF: (F773E7B2-62A9-4524-9109-87D2F0BEFAA4) (ChessControl klasse) -- http://zone.msn.com/bingame/zpagames...p.cab56961.cab O18 - Filter hijack: text / html - (59610584-cc18-436f-b031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll O20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd3.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPE R ~ 1 \ adialhk.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ kloe hk.dll dwolhm.dll O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: AOL Tilslutningsmuligheder Service (AOL ACS) - America Online, Inc. - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ AOL \ ACS \ AOLacsd.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programmer \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C: \ Programmer \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe O23 - Service: OneCare AntiSpyware og AntiVirus (OneCareMP) - Unknown owner - C: \ Programmer \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe (file missing) -- End of file - 6332 bytes |
|
#10
29 oktober 2008, 09:55
| |||
| |||
| Inficeret med Heur.trojan.generic venligst Hjælp Åbn HijackThis og vælg Må en systemscanning kun. Anbringe en markering ved siden af følgende poster: (hvis der) - O18 - Filter hijack: text / html - (59610584-cc18-436f-b031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll - O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C: \ Programmer \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe (file missing) - O23 - Service: OneCare AntiSpyware og AntiVirus (OneCareMP) - Unknown owner - C: \ Programmer \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe (file missing) Vigtigt: Luk alle vinduer undtagen HijackThis og klik derefter på Fix kontrolleres. Afslut HijackThis. ---------- Gå til Start> Kør og type Notepad.exe klik derefter på OK. Kopier og indsæt følgende tekst i kode boksen i den nye Notesblok fil. Code: @ ECHO OFF sc stop "msfwsvc" sc delete "msfwsvc" sc stop "OneCareMP" sc delete "OneCareMP" exit Vælg Gem for at sted at være Desktop og for Filnavn: type i fixme.bat at sikre, at Gem som type området, siger Alle filer. Næste dobbeltklik fixservice.bat at køre den. En sort boks skal åbne og lukke efter kort tid, dette er normalt. Må ikke fortsætte, indtil den sorte boks er lukket Slet fixservice.bat fra skrivebordet. ---------- Downloade OTMoveIt2 ved Oldtimer og gemme den på din Desktop. Bemærk: Hvis du kører på Vista, skal du højreklikke på OTMoveIt2.exe og vælge Kør som administrator. 1. Dobbeltklik på OTMoveIt2.exe at køre den. 2. Kopier linier i codebox nedenfor. Code: [dræbe Explorer] C: \ Programmer \ Microsoft Windows OneCare Live EmptyTemp [Start Explorer] 4. Klik på den røde Moveit! knappen. 5. Kopier alt i Resultater vinduet (under den grønne bar), og indsætte det i dit næste svar. 6. Luk OTMoveIt2 Note: Hvis en fil eller mappe, som ikke kan flyttes straks kan du blive bedt om at genstarte computeren for at afslutte flytningen proces. Hvis du bliver bedt om at genstarte, skal du vælge Ja. Hvis ikke, reboot alligevel. ---------- Download ComboFix ved Subs fra et af nedenstående links. Vær sikker på toppen gemme den til Desktop. Link # 1 Link # 2 ** Note: Det er vigtigt, at den er gemt direkte til dit skrivebord Luk alle åbne Internet-browsere. (Firefox, Internet Explorer, osv.), før du begynder ComboFix. Midlertidigt deaktivere din antivirus, Og enhver antispyware realtid beskyttelse før udførelse af en scanning. Klik på dette link at se en liste over sikkerhedsprogrammer, der skal være slået fra, og hvordan du deaktivere dem. Dobbeltklik combofix.exe & følg instruktionerne. For Windows XP Systems installere genoprettelseskonsollen: - Hvis du bruger Windows XP og ikke allerede har Genoprettelseskonsol installeret, skal du sikre, at din internetforbindelse er aktiv (hvis muligt) og klik Ja. - Hvis der af en eller anden grund din internetudbyder ikke fungerer klik Nej. -- Hvis du ikke bruger Windows XP, vil du ikke blive bedt. - Når du bliver bedt om at acceptere slutbrugerlicensaftalen klik OK. - Accepter Microsofts EULA (Klik Ja). - Når du får at vide, at de RC er installeret korrekt klik JA at fortsætte med at scanne for malware. Når du er færdig ComboFix vil udarbejde en log for dig. Post den ComboFix log i dit næste svar. Vigtigt: Må ikke mouseclick ComboFix vindue mens den kører. Det kan få det til at stå. Husk at genaktivere dine antivirus-og antispyware beskyttelse, når ComboFix er færdig.
__________________ |
|
| |
| Bogmærker |
Lignende Tråde | ||||
| Tråd | Thread Starter | Forum | Svar | Last Post |
| Problem med Trojan Horse Downloader Generic 9 | ÖGB | Virus, Spyware & Sikkerhed | 7 | 21 November 2009 13:06 |
| Inficeret med MultiPacked.Multi.Generic Malware! | ruffryder2k7 | Virus, Spyware & Sikkerhed | 12 | 26th May 2009 19:26 |
| Computer er inficeret med Trojan.downloader og vil ikke slette Via MBAM | bvauilt | Virus, Spyware & Sikkerhed | 15 | 17 april 2009 15:43 |
| Trojan.vundo.h, trojan.agent, adware.mirar + MORE! : ( | sillyarfer | Virus, Spyware & Sikkerhed | 1 | 14th Dec 2008 09:59 |
| Heur Trojan Generic | kathymer | Virus, Spyware & Sikkerhed | 10 | 29 november 2008 12:58 |
| Thread Tools | |
| |
