|
| |||||||
| Rekisteröidy | Sivustokartta Spy | Käyttäjälista | Lahjoita | Haku | Today's Posts | Mark Forums Read | Foorumin säännöt |
 |
 |
| | Thread Tools |
|
#1
21 lokakuu 2008, 10:48
| |||
| |||
| Tartunnan Heur.trojan.generic Please Help Oma tietokone työssä hasn't oli hyvä anti-virus ja sen jälkeen asensin AVG se katsoi, että minun lsass.exe \ qoMghecb.dll tiedostot tartunnan heur.trojan.generic virus. Ei ole mitään infoa sitä eniten www-sivuille virus tai miten poistaa se. Voisiko joku ystävällisesti auttaa minua? |
|
#2
21 lokakuu 2008, 10:49
| ||||||||||||
| ||||||||||||
| Tartunnan Heur.trojan.generic Please Help http://www.computer-juice.com/forums...-posting-7476/
__________________
Seuraa opas, asenna ilmainen ohjelmisto ja post lokitiedostot. Sitten haittaohjelmien tiimi voi nähdä, mitä on vialla järjestelmään. My System: Hybr! D
|
|
#3
27 lokakuu 2008, 08:58
| |||
| |||
| Tartunnan Heur.trojan.generic Please Help ok tässä on skannaus kaapata tämän, super vakoiluohjelmien ja haittaohjelmien osalta Logfile ja Trend Micro HijackThis v2.0.2 Scan tallennettu at 11:48:36, on 10.27.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Käynnissä olevista prosesseista: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ Lsass.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Program Files \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ Explorer.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ AOLacsd.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ Program Files \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe C: \ WINDOWS \ system32 \ wscntfy.exe C: \ Program Files \ Western Union \ Universal-versioon \ Translink.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dell.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025 O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll O2 - BHO: CBrowserHelperObject Object - (CA6319C0-31B7-401E-A518-A07C3DB8F777) - C: \ Program Files \ BAE \ BAE.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [AVP] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O8 - Extra yhteydessä valikkotoimintoa: Lisää Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm O8 - Extra yhteydessä valikkotoimintoa: E & Vie Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office11 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Extra button: Web-liikenteen suojelun tilastoihin - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office11 \ REFIEBAR.DLL O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (05D44720-58E3-49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: (3BB54395-5982-4788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Invite) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: (3C1F44A9-D1FD-4AA5-BC66-69816B58680C) (tulostin Class) -- https: / / webcenter.ipponline.com / ippo...iptPrinter.cab O16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: (6B0228D7-D6D5-4B97-82E7-79557E4314D0) (ScannerDll.CheckScanner) -- https: / / webcenter.ipponline.com / ippo...ScannerDll.CAB O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab O16 - DPF: (F773E7B2-62A9-4524-9109-87D2F0BEFAA4) (ChessControl Class) -- http://zone.msn.com/bingame/zpagames...p.cab56961.cab O18 - Filter hijack: text / html - (59610584-cc18-436f-b031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll Ø20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd3.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPE R ~ 1 \ adialhk.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ kloe hk.dll dwolhm.dll O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: AOL Yhteydet Service (AOL ACS) - America Online, Inc. - C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ AOLacsd.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe -- End of file - 6163 bytes |
|
#4
27 lokakuu 2008, 08:58
| |||
| |||
| Tartunnan Heur.trojan.generic Please Help SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10.23.2008 klo 11:31 Application Version: 4.21.1004 Core Rules Database Version: 3606 Trace Rules Database Version: 1592 Scan type: Complete Scan Total Scan Time: 00:36:11 Muisti tuotteet skannatut: 460 Muisti uhkia havaittu: 3 Rekisterikohteita skannatut: 5191 Rekisterin uhkia havaittu: 385 Tiedostoalkiot skannatut: 37221 Tiedoston uhkia havaittu: 260 Trojan.Downloader-NewJuan/VM C: \ WINDOWS \ SYSTEM32 \ SZNQNJ.DLL C: \ WINDOWS \ SYSTEM32 \ SZNQNJ.DLL Trojan.Vundo-Variant/Small-GEN C: \ WINDOWS \ SYSTEM32 \ RQRIJAST.DLL C: \ WINDOWS \ SYSTEM32 \ RQRIJAST.DLL Adware.Vundo Variantti / Asukas C: \ WINDOWS \ SYSTEM32 \ QOMGHECB.DLL C: \ WINDOWS \ SYSTEM32 \ QOMGHECB.DLL Trojan.Vundo-Variant/NextGen HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (14F3A19A-1552-46C1-A1C8-A2179A397038) HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) \ InprocServer32 HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) \ InprocServer32 # ThreadingModel HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) \ InprocServer32 HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) \ InprocServer32 # ThreadingModel HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ rqRiJAst Trojan.Vundo-Variant/NextGen-Six HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (f904655c-8a31-4df9-be6d-8b5cb123d208) HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) \ InprocServer32 HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) \ InprocServer32 # ThreadingModel C: \ WINDOWS \ SYSTEM32 \ PNSWWF.DLL Trojan.Smitfraud Variantti / IE Anti-Spyware HKLM \ Software \ Microsoft \ Internet Explorer \ Extensions \ (9034A523-D068-4BE8-A284-9DF278BE776E) Adware.Tracking Cookie C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@dynamic.media.a drevolver [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ html [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ mainontaa [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ Chitika [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@server.iad.live henkilö [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ linksynergy [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ questionmarket [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@trvlnet.adburea u [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@statse.webtrend slive [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ fastclick [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ specificclick [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@iacas.adbureau [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.adocean [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@citi.bridgetrac K [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@banners.andomed ia [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ palvelevat-sys [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ trafficmp [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.addynamix [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ Zedo [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.pointroll [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@glb.adtechus [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ interclick [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-hyundaiusa.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.ntsserve [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.shopica [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 60960915 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@bs.serving-sys [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ BlueStreak [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ roiservice [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ superrewards [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ atdmt [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ trackalyzer [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ tacoda [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@sparknetworks.1 12.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ kollektiivisen-media [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ atwola [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 35668663 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@web4.realtracke r [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ checkingsaccoun tsfree [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@track.bestbuy [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.as4x.tmcs [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ AdBrite [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-spyderactivesportinc.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ media6degrees [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ DoubleClick [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@edge.ru4 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ casalemedia [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ tulot [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@homeaway.112.2o 7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ insightexpressa i [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adserver.adreac Tor [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.mtvnservi CES [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ adinterax [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tremor.adbureau [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@optimize.indiec nuolemaan [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ valueclick [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 44153975 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.travelcount ry [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.adrevolve r [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@hearstugo.112.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ ota [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-hollywoodmedia.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ waterfrontmedia .112.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@anat.tacoda [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@snapfish.112.2o 7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.cnn [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.bridgetrack [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ Pixmania [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@data.coremetric s [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ burstnet [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ azjmp [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 247realmedia [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ TradeDoublerin [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ cgi-bin [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-dig.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adopt.euroclick [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ adrevolver [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@anad.tacoda [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ pro-markkinoilla [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viavh1com.112.2 o7 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ adrevolver [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ RealMedia [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viavh1comdev.11 2.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@e-2dj6wdl4umcjogo.stats.esomniture [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adopt.specificc nuolemaan [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ StatCounter [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@rm.yieldmanager [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ alkusoitto [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ revsci [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 27467505 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@extrovert.122.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.keywor Dmax [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ tribalfusion [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@208.122.40 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ mediaplex [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@richmedia.yahoo [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ apmebf [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@at.atwola [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.calorie-count [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1071868927 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ gadget [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.mynetfinder [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ adlegend [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ Kontera [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ Backcountry [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ SPD0478 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ my-kalori-counter [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.polygonelit e [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@mlarmani.122.2o 7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.o2 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@aerlingus.122.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.widgetbucks [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@prospect.adbure au [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@wunderloop.zano x [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.fathom SEO [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ valeantpharmace uticals.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1072676049 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@pai.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@shopping.112.2o 7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.cheapflight s [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@stampscom.112.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 27814325 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ordie.adbureau [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry pistorasiaan [3]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry pistorasiaan [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 60960915 [3]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.mediamayhem Corp [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@counter.surfcou nters [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@msnportal.112.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.associatedco ntent [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@hit.stat [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@e-2dj6wjnyekc5ogo.stats.esomniture [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ showit [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 41586732 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.foundr y42 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.scribefire [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1070515056 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ BizRate [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-homesandland.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@homestore.122.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@te.kontera [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@perf.overture [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@redirect.clicks hield [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ hypertracker [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1069204868 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1070848910 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ elinehto @ joyforouryouth. 112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@sales.liveperso n [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ Adtech [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1070932382 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@warnerbros.112. 2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@zbox.zanox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1068787440 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-officeworld.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-warnerbrothers.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ directtrack [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ microsoftwindow s.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ qnsr [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ media303 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ LPneimanmarcus [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-foxsports.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ kaloreita count [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@bridge.admarket paikka [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adserver.adtech meitä [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viacom.adbureau [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@healthgrades.11 2.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ford.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ partner2profit [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ backcountryoutl et [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viator.122.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.burstnet [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@blackstone.122. 2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ssm.directtrack [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ yadro [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ yieldmanager [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yoyo [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ mediapromoter [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ Rotator [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ angleinteractiv e.directtrack [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@amazonbebe.122. 2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ clickbooth [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ elinehto @ sharewellgroup. 112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-guess.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.quixsurf [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1068951109 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ cgi-bin [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ socialmedia [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ adtrafficdriver [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ pcvirusremover2 008 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@login.tracking1 01 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.burstbeacon [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ efashionsolutio ns.122.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ polygonelite [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.penis.com [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@stat.dealtime [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ clicktorrent [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 56294818 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@sixapart.adbure au [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad1.clickhype [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@kaboose.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-groupernetworks.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@afe.specificcli ah [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ parantaa [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@videoegg.adbure au [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@208.122.40 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ EyeWonder [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ hornymatches [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ adserver [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adserver.easyad [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 33069911 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ specificmedia [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ mo-media [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@test.coremetric s [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@counter.hitslin k [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.zanox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.monster [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ ota [3]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.findgift [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ pricesexposed [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ shopica [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ wmvmedialease [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1052094474 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ watchmyclicks [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.ovguide [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ Crackle [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-advertisementbv.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ Quick-skanneri [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1066497271 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@clickz.lonelych eatingwives [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 76226072 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.novem [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viamtvcom.112.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.findit-quick [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ osuus [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.adocean [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yieldmanager [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.licenseac quisition [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ palvelevat-sys [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ webstats [1]. Txt C: \ Documents and Settings \ LocalService \ Cookies \ system @ 2o7 [1]. Txt CommonName Toolbar / Browser Helper Object HKCR \ CLSID \ (00000000-0000-0000-0000-000000000000) Trojan.MalwareWipe HKCR \ AppID \ (70F17C8C-1744-41B6-9D07-575DB448DCC5) Malware.AntiVirusGolden HKCR \ Cerberus.EngineListener HKCR \ Cerberus.EngineListener \ CLSID HKCR \ Cerberus.EngineListener \ Curver HKCR \ Cerberus.EngineListener.1 HKCR \ Cerberus.EngineListener.1 \ CLSID HKCR \ Cerberus.Scanner HKCR \ Cerberus.Scanner \ CLSID HKCR \ Cerberus.Scanner \ Curver HKCR \ Cerberus.Scanner.1 HKCR \ Cerberus.Scanner.1 \ CLSID HKCR \ Cerberus.ThreatCollection HKCR \ Cerberus.ThreatCollection \ CLSID HKCR \ Cerberus.ThreatCollection \ Curver HKCR \ Cerberus.ThreatCollection.1 HKCR \ Cerberus.ThreatCollection.1 \ CLSID HKCR \ Engine.Backup HKCR \ Engine.Backup \ CLSID HKCR \ Engine.Backup \ Curver HKCR \ Engine.Backup.1 HKCR \ Engine.Backup.1 \ CLSID HKCR \ Engine.IgnoreList HKCR \ Engine.IgnoreList \ CLSID HKCR \ Engine.IgnoreList \ Curver HKCR \ Engine.IgnoreList.1 HKCR \ Engine.IgnoreList.1 \ CLSID HKCR \ Engine.Log HKCR \ Engine.Log \ CLSID HKCR \ Engine.Log \ Curver HKCR \ Engine.Log.1 HKCR \ Engine.Log.1 \ CLSID HKCR \ Engine.LogRecord HKCR \ Engine.LogRecord \ CLSID HKCR \ Engine.LogRecord \ Curver HKCR \ Engine.LogRecord.1 HKCR \ Engine.LogRecord.1 \ CLSID HKCR \ Engine.Paths HKCR \ Engine.Paths \ CLSID HKCR \ Engine.Paths \ Curver HKCR \ Engine.Paths.1 HKCR \ Engine.Paths.1 \ CLSID HKCR \ Engine.Quarantine HKCR \ Engine.Quarantine \ CLSID HKCR \ Engine.Quarantine \ Curver HKCR \ Engine.Quarantine.1 HKCR \ Engine.Quarantine.1 \ CLSID HKCR \ Engine.RunAs HKCR \ Engine.RunAs \ CLSID HKCR \ Engine.RunAs \ Curver HKCR \ Engine.RunAs.1 HKCR \ Engine.RunAs.1 \ CLSID HKCR \ Engine.SearchItem HKCR \ Engine.SearchItem \ CLSID HKCR \ Engine.SearchItem \ Curver HKCR \ Engine.SearchItem.1 HKCR \ Engine.SearchItem.1 \ CLSID HKCR \ Engine.Threat HKCR \ Engine.Threat \ CLSID HKCR \ Engine.Threat \ Curver HKCR \ Engine.Threat.1 HKCR \ Engine.Threat.1 \ CLSID HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) # AppID HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ LocalServer32 HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ ProgID HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ Programmable HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ TypeLib HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ VersionIndependentProgID HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) # AppID HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ LocalServer32 HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ ProgID HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ Programmable HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ TypeLib HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ VersionIndependentProgID HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) # AppID HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ LocalServer32 HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ ProgID HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ Programmable HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ TypeLib HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ VersionIndependentProgID HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) # AppID HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ LocalServer32 HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ ProgID HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ TypeLib HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ VersionIndependentProgID HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) # AppID HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ LocalServer32 HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ ProgID HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ TypeLib HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ VersionIndependentProgID HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) # AppID HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ LocalServer32 HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ ProgID HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ TypeLib HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ VersionIndependentProgID HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) # AppID HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ LocalServer32 HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ ProgID HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ TypeLib HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ VersionIndependentProgID HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) # AppID HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ LocalServer32 HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ ProgID HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ TypeLib HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ VersionIndependentProgID HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) # AppID HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ LocalServer32 HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ ProgID HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ Programmable HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ TypeLib HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ VersionIndependentProgID HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) # AppID HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ LocalServer32 HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ ProgID HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ TypeLib HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ VersionIndependentProgID HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) # AppID HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ LocalServer32 HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ ProgID HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ Programmable HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ TypeLib HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ VersionIndependentProgID HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) # AppID HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ LocalServer32 HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ ProgID HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ TypeLib HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ VersionIndependentProgID HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ 0 HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ 0 \ win32 HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ LIPUT HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ HELPDIR HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ ProxyStubClsid HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ ProxyStubClsid32 HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ TypeLib HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ TypeLib # Version HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ ProxyStubClsid HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ ProxyStubClsid32 HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ TypeLib HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ TypeLib # Version HKCR \ Interface \ (715D709B-2b10-42FA-A069-297D25D93601) HKCR \ Interface \ (715D709B-2b10-42FA-A069-297D25D93601) \ ProxyStubClsid HKCR \ Interface \ (715D709B-2b10-42FA-A069-297D25D93601) \ ProxyStubClsid32 HKCR \ Interface \ (715D709B-2b10-42FA-A069-297D25D93601) \ TypeLib HKCR \ Interface \ (715D709B-2b10-42FA-A069-297D25D93601) \ TypeLib # Version HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ ProxyStubClsid HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ ProxyStubClsid32 HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ TypeLib HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ TypeLib # Version HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ ProxyStubClsid HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ ProxyStubClsid32 HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ TypeLib HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ TypeLib # Version HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ ProxyStubClsid HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ ProxyStubClsid32 HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ TypeLib HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ TypeLib # Version HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ ProxyStubClsid HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ ProxyStubClsid32 HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ TypeLib HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ TypeLib # Version HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ ProxyStubClsid HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ ProxyStubClsid32 HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ TypeLib HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ TypeLib # Version HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ ProxyStubClsid HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ ProxyStubClsid32 HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ TypeLib HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ TypeLib # Version HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ ProxyStubClsid HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ ProxyStubClsid32 HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ TypeLib HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ TypeLib # Version HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ ProxyStubClsid HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ ProxyStubClsid32 HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ TypeLib HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ TypeLib # Version HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ ProxyStubClsid HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ ProxyStubClsid32 HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ TypeLib HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ TypeLib # Version HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ ProxyStubClsid HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ ProxyStubClsid32 HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ TypeLib HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ TypeLib # Version HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ ProxyStubClsid HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ ProxyStubClsid32 HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ TypeLib HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ TypeLib # Version HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ ProxyStubClsid HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ ProxyStubClsid32 HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ TypeLib HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ TypeLib # Version HKCR \ Interface \ (FF609434-EB47-481b-BA0E-1D2B467629A5) HKCR \ Interface \ (FF609434-EB47-481b-BA0E-1D2B467629A5) \ ProxyStubClsid HKCR \ Interface \ (FF609434-EB47-481b-BA0E-1D2B467629A5) \ ProxyStubClsid32 HKCR \ Interface \ (FF609434-EB47-481b-BA0E-1D2B467629A5) \ TypeLib HKCR \ Interface \ (FF609434-EB47-481b-BA0E-1D2B467629A5) \ TypeLib # Version HKCR \ AppID \ Cerberus.EXE HKCR \ AppID \ Cerberus.EXE # AppID Trojan.Media-Codec C: \ Documents and Settings \ Lifeline \ Suosikit \ Online Security Test.url Adware.180solutions/Seekmo HKU \ S-1-5-21-4234981574-39719586-4263454222-1007 \ Software \ seekmo HKLM \ Software \ seekmo HKLM \ Software \ seekmo # CVF HKLM \ Software \ seekmo # install_embedded HKLM \ Software \ seekmo # umt HKLM \ Software \ seekmo # duid HKLM \ Software \ seekmo # partner_id HKLM \ Software \ seekmo # product_id C: \ Program Files \ Seekmo \ seekmoau.dat C: \ Program Files \ Seekmo \ seekmo_gdf.dat C: \ Program Files \ Seekmo \ seekmo_kyf.dat C: \ Program Files \ Seekmo C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ Seekmo Search Assistant \ Seekmo Asiakas Support.url C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ Seekmo Search Assistant \ Seekmo.com.url C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ Seekmo Search Assistant \ Uninstall Seekmo Instructions.lnk C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ Seekmo Search Assistant Trojan.DNSChanger-Codec HKCR \ CLSID \ E404.e404mgr HKCR \ CLSID \ E404.e404mgr # Käyttäjätunnus Trojan.Media-Codec/V4 HKCR \ videoPl.chl HKCR \ videoPl.chl \ CLSID HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ multimediaohjelmistojen HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ multimediaohjelmistojen # ProductionEnvironment HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ multimediaohjelmistojen # DisplayName HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ multimediaohjelmistojen # UninstallString HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ multimediaohjelmistojen # DisplayIcon HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ multimediaohjelmistojen # DisplayVersion HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ multimediaohjelmistojen # Julkaisija Rogue.AntiSpyKit HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ cnreqoyLmwnuv HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ crrmlfrwzfxhg HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ gizbuobfa HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ InprocServer32 HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ KIcbv HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ nfjRol HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ rDkSqA Rogue.VirusHeat HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ hwuhrcdfh HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ hxgfzhjfHrx HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ InprocServer32 HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ InprocServer32 # ThreadingModel HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ iTzlTI HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ nMnkE HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ OufPqTb HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ sBnix HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ uAEeiihPke HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ 0 HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ 0 \ win32 HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ LIPUT HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ HELPDIR HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ ProxyStubClsid HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ ProxyStubClsid32 HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ TypeLib HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ TypeLib # Version HKCR \ Interface \ (1A74C41C-0837-4FBE-ba50-621EB70F01CE) HKCR \ Interface \ (1A74C41C-0837-4FBE-ba50-621EB70F01CE) \ ProxyStubClsid HKCR \ Interface \ (1A74C41C-0837-4FBE-ba50-621EB70F01CE) \ ProxyStubClsid32 HKCR \ Interface \ (1A74C41C-0837-4FBE-ba50-621EB70F01CE) \ TypeLib HKCR \ Interface \ (1A74C41C-0837-4FBE-ba50-621EB70F01CE) \ TypeLib # Version HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ ProxyStubClsid HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ ProxyStubClsid32 HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ TypeLib HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ TypeLib # Version HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ ProxyStubClsid HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ ProxyStubClsid32 HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ TypeLib HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ TypeLib # Version HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ ProxyStubClsid HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ ProxyStubClsid32 HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ TypeLib HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ TypeLib # Version HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ ProxyStubClsid HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ ProxyStubClsid32 HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ TypeLib HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ TypeLib # Version HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ ProxyStubClsid HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ ProxyStubClsid32 HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ TypeLib HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ TypeLib # Version HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ ProxyStubClsid HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ ProxyStubClsid32 HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ TypeLib HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ TypeLib # Version HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ ProxyStubClsid HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ ProxyStubClsid32 HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ TypeLib HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ TypeLib # Version HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ ProxyStubClsid HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ ProxyStubClsid32 HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ TypeLib HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ TypeLib # Version HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ ProxyStubClsid HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ ProxyStubClsid32 HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ TypeLib HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ TypeLib # Version HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ ProxyStubClsid HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ ProxyStubClsid32 HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ TypeLib HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ TypeLib # Version HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ ProxyStubClsid HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ ProxyStubClsid32 HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ TypeLib HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ TypeLib # Version HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ ProxyStubClsid HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ ProxyStubClsid32 HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ TypeLib HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ TypeLib # Version HKCR \ Interface \ (F9109A2A-432b-4ADD-A6FA-06BA22DCD2D9) HKCR \ Interface \ (F9109A2A-432b-4ADD-A6FA-06BA22DCD2D9) \ ProxyStubClsid HKCR \ Interface \ (F9109A2A-432b-4ADD-A6FA-06BA22DCD2D9) \ ProxyStubClsid32 HKCR \ Interface \ (F9109A2A-432b-4ADD-A6FA-06BA22DCD2D9) \ TypeLib HKCR \ Interface \ (F9109A2A-432b-4ADD-A6FA-06BA22DCD2D9) \ TypeLib # Version HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ ProxyStubClsid HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ ProxyStubClsid32 HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ TypeLib HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ TypeLib # Version Trojan.Media-Codec/V5 HKU \ S-1-5-21-4234981574-39719586-4263454222-1007 \ Software \ NetProject HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service # DisplayName HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service # UninstallString HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure selaaminen HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure selaaminen # DisplayName HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure selaaminen # UninstallString Adware.Vundo Variantti / Rel HKLM \ SOFTWARE \ Microsoft \ FCOVM HKLM \ SOFTWARE \ Microsoft \ RemoveRP |
|
#5
27 lokakuu 2008, 08:59
| |||
| |||
| Tartunnan Heur.trojan.generic Please Help Malwarebytes' Anti-Malware 1.30 Tietokantaversio: 1310 Windows 5.1.2600 Service Pack 2 10.23.2008 12:24:55 mbam-log-2008-10-23 (12-24-55). txt Scan type: Quick Scan Objects skannatut: 52051 Kulunut aika: 6 min (s), 54 toinen (t) Memory Processes Infected: 0 Saastuneita muistimoduuleja: 7 Saastuneita rekisteriavaimia: 124 Saastuneita rekisteriarvoja: 15 Registry Data Items Infected: 2 Kansiot Infected: 6 Saastuneita tiedostoja: 56 Memory Processes Infected: (Ei haittaohjelmia kohteet havaitaan) Memory Modules Infected: C: \ WINDOWS \ system32 \ lptjntqu.dll (Malware.Trace) -> Delete on reboot. C: \ WINDOWS \ system32 \ qoMghecb.dll (Malware.Trace) -> Delete on reboot. C: \ WINDOWS \ system32 \ pnswwf.dll (Trojan.Vundo) -> Delete on reboot. C: \ WINDOWS \ system32 \ rqRiJAst.dll (Malware.Trace) -> Delete on reboot. C: \ WINDOWS \ system32 \ emufbyex.dll (Trojan.Vundo) -> Delete on reboot. C: \ WINDOWS \ system32 \ dwolhm.dll (Trojan.Vundo) -> Delete on reboot. C: \ WINDOWS \ system32 \ cryptuik.dll (Malware.Trace) -> Delete on reboot. Rekisteriavaimista Infected: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (06ef2cab-3340-4eb1-A740-c33ac922fa1f) (Trojan.Agent) -> Delete on reboot. HKEY_CLASSES_ROOT \ CLSID \ (06ef2cab-3340-4eb1-A740-c33ac922fa1f) (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ rqrijast (Malware.Trace) -> Delete on reboot. HKEY_CLASSES_ROOT \ CLSID \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ jvkuajdi (Malware.Trace) -> Delete on reboot. HKEY_CLASSES_ROOT \ CLSID \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ CLSID \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (06ef2cab-3340-4eb1-A740-c33ac922fa1f) (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ cerberus.enginelistener (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ cerberus.enginelistener.1 (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ cerberus.scanner (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ cerberus.scanner.1 (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ cerberus.threatcollection (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ cerberus.threatcollection.1 (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.backup (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.backup.1 (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.ignorelist (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.ignorelist.1 (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.log (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.log.1 (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.logrecord (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.logrecord.1 (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.paths (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.paths.1 (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.quarantine (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.quarantine.1 (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.runas (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.runas.1 (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.searchitem (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.searchitem.1 (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.threat (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ engine.threat.1 (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ main.bho (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (0ec085a8-9818-43b7-b975-ec7555eda4d2) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (1a74c41c-0837-4fbe-ba50-621eb70f01ce) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (25297614-1b76-4c2c-82c6-62738aa0e8f0) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (27ed4ac2-b6d8-4079-9831-017a100b391e) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (37f89457-1208-4670-9245-58c62bd6d870) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (3f6d6c35-fb73-45e6-9473-bb4cc25ce019) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (45477032-abd0-454d-9ce4-ea34c10322f8) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (69e34747-0b27-4b30-ae20-1023bf29e246) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (715d709b-2b10-42fa-a069-297d25d93601) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (79be5b3b-80b2-4b77-a042-efc90f6e0de7) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (7c0ec6bf-81b9-4fe0-9447-4ed29a36bf5d) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (7ebb34cf-1728-4136-a968-48f231dad1b4) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (872c1b1e-3cf0-4d3a-95e5-a0c662d2854c) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (886b1d08-b404-40f0-aa18-4e416682a2e9) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (88daa291-b413-4c46-b378-3be66f65369e) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (8b5f65cf-0b0a-4291-8da2-86d7f7b0a6db) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (925b0211-a1c1-4712-8fca-5f5b8101736d) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (936a2f4a-53f8-4d2f-92aa-2f9de889841c) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (986a8ac1-ab4d-4f41-9068-4b01c0197867) (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (afcc3fa7-82a9-42d5-A405-78711e97a5d6) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (b01e37c4-5497-4d58-9ffd-d5653b8dc866) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (cc05a4a3-7b28-488f-ab02-6aaedb86accf) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (ccaa201c-c48d-48a8-a1e8-846562cbf1c1) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (d483521b-d5cc-43ff-a45a-9be4a8e6606e) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (e80114aa-6653-4952-9e97-5f1dc63bee0f) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (ed2aff47-b7be-4273-a203-c796e87f72d2) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (f0fa7ed9-5a0a-4374-b63e-bebafd52192e) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (f5dee77c-87eb-4e00-bbf9-8cbf3bdea7af) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (f9109a2a-432b-4add-a6fa-06ba22dcd2d9) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (fb5ddab7-6aa5-4e97-9541-5a75addf4aba) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (fca3958a-8d38-4d14-8b81-ccd7f68a8a01) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (fddf521b-0ebe-4d15-838c-73e2d851161b) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (ff609434-eb47-481b-ba0e-1d2b467629a5) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ CLSID \ (6743c36c-cbfe-11dB-9705-005056c00008) (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ CLSID \ (020b1227-417d-4682-9ac3-61f43cb5b6b1) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ CLSID \ (125494b2-Acad-414c-98b9-452f3ef7703a) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ CLSID \ (20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ CLSID \ (3d00a39c-655b-428b-aeb2-2fba03dcc49c) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ CLSID \ (408f660a-9465-44a3-b557-8709dfd992bc) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ CLSID \ (5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ CLSID \ (8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ CLSID \ (8ee6bf73-b370-4d13-9126-eb0071178f2e) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ CLSID \ (97f56e12-c706-4aeb-9FFB-133c05ee5d38) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ CLSID \ (9bb7e700-4e48-476d-b75c-6f47606be988) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ CLSID \ (cbcaca58-1aee-4600-8cf0-e8b30bff1535) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ CLSID \ (d6d64cdf-0363-4261-b723-29a3af365e1d) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ TypeLib \ (8e3c68cd-F500-4a2a-8cb9-132bb38c3573) (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ TypeLib \ (60f94d7d-563e-4942-b5ec-2de9c135c139) (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ TypeLib \ (cbd02e9b-37ef-47d2-96b0-3abbb2eb92bf) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ AppID \ (a0e1054b-01ee-4d57-A059-4d99f339709f) (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ AppID \ (70f17c8c-1744-41b6-9d07-575db448dcc5) (Rogue.Multiple) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Installer \ UpgradeCodes \ 7c673a5b8 71b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (afd4ad01-58C1-47dB-A404-fbe00a6c5486) (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (9034a523-d068-4be8-a284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (c2a1c5cb-c0ef-4689-9436-f62cca1c5383) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ SearchScopes \ (daed9266-8c28-4c1c-8b58-5c66eff1d302) (Search.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ UpgradeCodes \ 7c673a5b871b8cd4 19f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ControlPanel \ NameSpace \ (6743c3 6c-cbfe-11dB-9705-005056c00008) (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Ext \ PreApproved \ (0ac49246-419b-4ee0-8917-8818daad6a4e) (Adware.180Solutions) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Ext \ PreApproved \ (99410cde-6f16-42ce-9d49-3807f78f0287) (Adware.180Solutions) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Ext \ PreApproved \ (f31a5d11-bf0b-4A4E-90af-274f2090aaa6) (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Extensions \ (9034a523-d068-4be8-a284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ j qvxedzb (Malware.Trace) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ j qvxedzb (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services es \ jqvxedzb (Malware.Trace) -> Delete on reboot. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ seekmo (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ NetProject (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet Application (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> Quarantined ja poistaminen onnistui. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ instkey (Trojan.Vundo) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Track System (Trojan.Vundo) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Uninstall \ multimediaohjelmistojen (Trojan.Zlob) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ seekmo (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ AppID \ Cerberus.EXE (Rogue.Antivirus.Gold) -> Quarantined ja poistaminen onnistui. Registry Values Infected: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ b0c087c0 (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Agent) -> Delete on reboot. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ Extensions \ CmdMapping \ (9034a523-d068-4be8-a284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ SharedTaskScheduler \ (ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Explorer \ Browser Settings \ bf (Trojan.Agent) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Explorer \ Browser Settings \ bk (Trojan.Agent) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Explorer \ Browser Settings \ IU (Trojan.Agent) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Explorer \ Browser Settings \ mu (Trojan.Agent) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ Folders \ C: \ Program Files \ adwarealert \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ Folders \ C: \ Program Files \ adwarealert \ filterdrv \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ Folders \ C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ adwarealert \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ ADP (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. securewebinfo.com (Trojan.Zlob) -> Quarantined ja poistaminen onnistui. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. safetyincludes.com (Trojan.Zlob) -> Quarantined ja poistaminen onnistui. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. securemanaging.com (Trojan.Zlob) -> Quarantined ja poistaminen onnistui. Registry Data Items Infected: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Notification Packages (Malware.Trace) -> Data: c: \ windows \ system32 \ qomghecb -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Authentication Packages (Trojan.Vundo) -> Data: c: \ windows \ system32 \ qomghecb -> Delete on reboot. Kansiot Infected: C: \ Program Files \ Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully. C C: \ WINDOWS \ system32 \ AppCert (Trojan.Downloader) -> Quarantined and deleted successfully. C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C Files Infected: C: \ WINDOWS \ system32 \ qoMghecb.dll (Malware.Trace) -> Delete on reboot. C: \ WINDOWS \ system32 \ bcehgMoq.ini (Malware.Trace) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ bcehgMoq.ini2 (Malware.Trace) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ rqRiJAst.dll (Malware.Trace) -> Delete on reboot. C: \ WINDOWS \ system32 \ cryptuik.dll (Malware.Trace) -> Delete on reboot. C: \ WINDOWS \ system32 \ dwolhm.dll (Malware.Trace) -> Delete on reboot. C: \ WINDOWS \ system32 \ evhuoman.dll (Malware.Trace) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ namouhve.ini (Malware.Trace) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ lptjntqu.dll (Malware.Trace) -> Delete on reboot. C: \ WINDOWS \ system32 \ uqtnjtpl.ini (Malware.Trace) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ pnswwf.dll (Trojan.Vundo) -> Delete on reboot. C: \ WINDOWS \ system32 \ emufbyex.dll (Trojan.Vundo) -> Delete on reboot. C: \ Program Files \ Common \ _helper.dll (Trojan.BHO) -> Quarantined and deleted successfully. C C: \ WINDOWS \ Installer \ (AD4149B3-56B1-4E2A-A8A4-54FF9DE92C87) \ Icon.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ WINDOWS \ system32 \ ywpnxpys.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ cwokkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ cypdyp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ dhebaasf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ fdbgbvkj.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ mpasahjl.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ sznqnj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ nuuwnrfb.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ opcapbye.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ plljru.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ tgycffmw.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ blukkoij.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ bxdiyfrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ ftvwbfjg.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ vgrksjuc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ ulmxavjt.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LMQL183J \ upd105320 [1] (Trojan.Vundo) -> Quarantined and deleted successfully. C C: \ Program Files \ Seekmo \ seekmoau.dat (Adware.180Solutions) -> Quarantined and deleted successfully. C C: \ Program Files \ Seekmo \ seekmo_gdf.dat (Adware.180Solutions) -> Quarantined and deleted successfully. C C: \ Program Files \ Seekmo \ seekmo_kyf.dat (Adware.180Solutions) -> Quarantined and deleted successfully. C C: \ WINDOWS \ system32 \ AppCert \ filter.drv (Trojan.Downloader) -> Quarantined and deleted successfully. C C: \ WINDOWS \ system32 \ AppCert \ options.dat (Trojan.Downloader) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ AdwareAlert \ AdwareAlert on Web.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ AdwareAlert \ AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 19 - 03_00_00 AM_625.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 19 - 03_00_01 AM_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 20 - 03_00_00 AM_609.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 20 - 03_00_01 AM_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 21 - 03_00_00 AM_484.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 21 - 03_00_01 AM_203.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 22 - 03_00_00 AM_250.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 22 - 03_00_00 AM_562.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 03_00_00 AM_281.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 03_00_00 AM_640.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 11_06_53 AM_968.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 11_12_02 AM_000.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Settings \ ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C C: \ Program Files \ Common \ helper.dll (Trojan.BHO) -> Quarantined and deleted successfully. C C: \ WINDOWS \ Tasks \ AdwareAlert Suunniteltu Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ Lifeline \ Suosikit \ Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully. C C: \ Documents and Settings \ All Users \ Desktop \ AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C |
|
#6
27 lokakuu 2008, 09:04
| |||
| |||
| Tartunnan Heur.trojan.generic Please Help Käytät kahta antivirus ja kaksi palomuurit (turvaohjelmistot). Ole hyvä ja poista yksi niistä nyt sitten jälkeen tuoreen HijackThis lokin.
__________________  |
|
#7
27 lokakuu 2008, 09:11
| |||
| |||
| Tartunnan Heur.trojan.generic Please Help No olen Kaspersky asennettu niin sen virustorjunta ja palomuurin ja im arvailla Windowsin palomuuri on päällä ja i dont know, mitä muut antivirus Olen asentanut im ei näy mitään muuta kanisteri u olla tarkemmin? |
|
#8
27 lokakuu 2008, 09:17
| |||
| |||
| Tartunnan Heur.trojan.generic Please Help Microsoft Windows OneCare Live myös antivirus / palomuuri yhdistelmää.
__________________ |
|
#9
29 lokakuu 2008, 08:01
| |||
| |||
| Tartunnan Heur.trojan.generic Please Help ok Katsoin mutta hoito ei ole asennettu olin poistanut sen, kun olin asettaa Kaspersky Tässä on uusi HijackThis tapauksessa. Logfile ja Trend Micro HijackThis v2.0.2 Scan tallennettu at 11:02:53, on 10.29.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Käynnissä olevista prosesseista: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ Lsass.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ Explorer.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ AOLacsd.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ system32 \ wscntfy.exe C: \ Program Files \ Western Union \ Universal-versioon \ Translink.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dell.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025 O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll O2 - BHO: CBrowserHelperObject Object - (CA6319C0-31B7-401E-A518-A07C3DB8F777) - C: \ Program Files \ BAE \ BAE.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [AVP] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O8 - Extra yhteydessä valikkotoimintoa: Lisää Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm O8 - Extra yhteydessä valikkotoimintoa: E & Vie Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office11 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Extra button: Web-liikenteen suojelun tilastoihin - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office11 \ REFIEBAR.DLL O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (05D44720-58E3-49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: (3BB54395-5982-4788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Invite) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: (3C1F44A9-D1FD-4AA5-BC66-69816B58680C) (tulostin Class) -- https: / / webcenter.ipponline.com / ippo...iptPrinter.cab O16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: (6B0228D7-D6D5-4B97-82E7-79557E4314D0) (ScannerDll.CheckScanner) -- https: / / webcenter.ipponline.com / ippo...ScannerDll.CAB O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab O16 - DPF: (F773E7B2-62A9-4524-9109-87D2F0BEFAA4) (ChessControl Class) -- http://zone.msn.com/bingame/zpagames...p.cab56961.cab O18 - Filter hijack: text / html - (59610584-cc18-436f-b031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll Ø20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd3.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPE R ~ 1 \ adialhk.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ kloe hk.dll dwolhm.dll O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: AOL Yhteydet Service (AOL ACS) - America Online, Inc. - C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ AOLacsd.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C: \ Program Files \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe O23 - Service: OneCare AntiSpyware ja AntiVirus (OneCareMP) - Unknown owner - C: \ Program Files \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe (file missing) -- End of file - 6332 bytes |
|
#10
29 lokakuu 2008, 09:55
| |||
| |||
| Tartunnan Heur.trojan.generic Please Help Avaa HijackThis ja valitse Tee järjestelmän tarkistus vain. Aseta valintamerkki vieressä seuraavista maininnoista: (jos on) - O18 - Filter hijack: text / html - (59610584-cc18-436f-b031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll - O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C: \ Program Files \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe (file missing) - O23 - Service: OneCare AntiSpyware ja AntiVirus (OneCareMP) - Unknown owner - C: \ Program Files \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe (file missing) Tärkeää: Sulje kaikki ikkunat lukuun ottamatta HijackThis ja valitse sitten Korjaa tarkastetaan. Poistu HijackThis. ---------- Siirry Käynnistä> Suorita ja tyyppi Notepad.exe sitten OK. Kopioi ja liitä seuraava teksti koodi laatikko uuteen Muistio tiedosto. Code: @ ECHO OFF sc stop "msfwsvc" sc delete "msfwsvc" sc stop "OneCareMP" sc delete "OneCareMP" exit Valitse Tallenna sijainti on Desktop ja että Tiedoston nimi: Kirjoita fixme.bat varmistaa, että Tallenna tyyppi alalla sanoo Kaikki tiedostot. Seuraava kaksoisnapsauttamalla fixservice.bat suorittaa sen. Musta laatikko pitäisi avata ja sulkea sen jälkeen, kun lyhyen ajan, tämä on normaalia. Älä jatka, kunnes musta laatikko on suljettu Poista fixservice.bat suoraan työpöydältäsi. ---------- Ladata OTMoveIt2 jonka Oldtimer ja tallenna se Desktop. Huom: Jos olet käynnissä Vista, oikea-klikkaa OTMoveIt2.exe ja valitse Suorita järjestelmänvalvojana. 1. Kaksoisnapsauta OTMoveIt2.exe suorittaa sen. 2. Kopioi rivit on codebox alla. Code: [tappaa Explorer] C: \ Program Files \ Microsoft Windows OneCare Live EmptyTemp [Start Explorer] 4. Napsauta punaista Moveit! painiketta. 5. Kopioi kaikki Tulokset-ikkunassa (mukaisesti vihreä palkki) ja liitä se näkyy seuraavassa vastausta. 6. Sulje OTMoveIt2 Huomautus: Jos tiedostoa tai kansiota ei voi siirtää välittömästi voidaan pyytää käynnistää tietokone uudelleen, jotta voidaan lopettaa Muuttuva prosessi. Jos tietokone kehotetaan käynnistämään uudelleen, valitse Kyllä. Jos ei, uudelleenkäynnistä anyway. ---------- Lataa ComboFix jonka Subs jonkin alle linkkejä. Olla varma alkuun tallentaa ne Desktop. Linkki # 1 Linkki # 2 ** Huomautus: On tärkeää, että se on tallennettu suoraan Desktopin Sulje kaikki avoimet Internet-selaimissa. (Firefox, Internet Explorer jne.) ennen ComboFix. Väliaikaisesti poistaa käytöstä sinun antivirus, Ja mikä tahansa AntiSpyware reaaliaikainen suoja ennen suorittamalla skannata. Valitse linkki nähdä luettelon tietoturvaohjelmia, että otetaan huomioon myös vammaisten ja miten poistaa ne käytöstä. Kaksoisnapsauta combofix.exe ja seuraa ohjeita. Windows XP Systems asentaa palautuskonsolin: - Jos käytössäsi on Windows XP ja ei vielä ole palautuskonsolin asennettu, varmista, Internet-yhteys on aktiivinen (jos mahdollista) ja napsauta Kyllä. - Jos jostain syystä Internet ei toimi napsauta Ei. -- Jos et käytä Windows XP: n, sinun ei kehota. - Kun kehotus hyväksyä käyttöoikeussopimus valitsemalla OK. - Hyväksy Microsoftin EULA (Napsauta Kyllä). - Kun sanotaan, että RC on asennettu oikein napsauta KYLLÄ jatkaa tarkistaisi haittaohjelmia. Kun olet valmis ComboFix tuottaa lokin sinulle. Postata ComboFix loki näkyy seuraavassa vastausta. Tärkeää: Älä mouseclick ComboFix ikkunassa, kun se on käynnissä. Tämä saattaa aiheuttaa sen, pilttuu. Muista uudelleen käyttöön virustentorjuntaohjelmasi ja antispyware suojelun ComboFix on valmis.
__________________ |
