[ruffryder2k7]

mijn computer op het werk hasnt had een goede anti-virus en nadat ik kaspersky geïnstalleerd geconstateerd dat mijn lsass.exe \ qoMghecb.dll bestanden zijn geïnfecteerd met het heur.trojan.generic virus. Er is geen informatie over het op de meeste websites over het virus of hoe het te verwijderen. Kan iemand please help me out?

[Hybr! D]

http://www.computer-juice.com/forums...-posting-7476/

Volg de gids, het installeren van de gratis software en na de log-bestanden.

Dan is de malware team kan zien wat er mis is met uw systeem.

[ruffryder2k7]

ok hier zijn de scans van deze kapen, super spyware en malware respectievelijk

Logbestand van Trend Micro HijackThis v2.0.2
Scan saved at 11:48:36, op 10.27.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Draaiende processen:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ PROGRA ~ 1 \ COMMON ~ 1 \ AOL \ ACS \ AOLacsd.exe
C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ Program Files \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Western Union \ Universal-Release \ Translink.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dell.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Program Files \ Google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: CBrowserHelperObject Object - (CA6319C0-31B7-401E-A518-A07C3DB8F777) - C: \ Program Files \ BAE \ BAE.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Program Files \ Google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AVP] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm
O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: (geen naam) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra button: Web traffic bescherming statistieken - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll
O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (05D44720-58E3-49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: (3BB54395-5982-4788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Invite) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: (3C1F44A9-D1FD-4AA5-BC66-69816B58680C) (Printer Class) -- https: / / webcenter.ipponline.com / ippo...iptPrinter.cab
O16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: (6B0228D7-D6D5-4B97-82E7-79557E4314D0) (ScannerDll.CheckScanner) -- https: / / webcenter.ipponline.com / ippo...ScannerDll.CAB
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: (F773E7B2-62A9-4524-9109-87D2F0BEFAA4) (ChessControl Class) -- http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O18 - Filter hijack: text / html - (59610584-cc18-436f-B031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll
O20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd3.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPE R ~ 1 \ adialhk.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ Kloe hk.dll dwolhm.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ AOL \ ACS \ AOLacsd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe

--
End of file - 6163 bytes

[ruffryder2k7]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Gegenereerd 10.23.2008 om 11:31

Toepassing Versie: 4.21.1004

Core Rules Database Version: 3606
Trace Rules Database Version: 1592

Scan type: Volledige Scan
Total Scan Time: 00:36:11

Geheugen gescande items: 460
Geheugen bedreigingen gedetecteerd: 3
Register objecten gescand: 5191
Register gedetecteerde bedreigingen: 385
Bestand objecten gescand: 37221
Bestand gedetecteerde bedreigingen: 260

Trojan.Downloader-NewJuan/VM
C: \ WINDOWS \ system32 \ SZNQNJ.DLL
C: \ WINDOWS \ system32 \ SZNQNJ.DLL

Trojan.Vundo-Variant/Small-GEN
C: \ WINDOWS \ system32 \ RQRIJAST.DLL
C: \ WINDOWS \ system32 \ RQRIJAST.DLL

Adware.Vundo Variant / Resident
C: \ WINDOWS \ system32 \ QOMGHECB.DLL
C: \ WINDOWS \ system32 \ QOMGHECB.DLL

Trojan.Vundo-Variant/NextGen
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (14F3A19A-1552-46C1-A1C8-A2179A397038)
HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038)
HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) \ InprocServer32
HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4)
HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4)
HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) \ InprocServer32
HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4)
Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ rqRiJAst

Trojan.Vundo-Variant/NextGen-Six
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (f904655c-8a31-4df9-be6d-8b5cb123d208)
HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208)
HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) \ InprocServer32
HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ PNSWWF.DLL

Trojan.Smitfraud Variant / IE Anti-Spyware
HKLM \ Software \ Microsoft \ Internet Explorer \ Extensions \ (9034A523-D068-4BE8-A284-9DF278BE776E)

Adware.Tracking Cookie
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@dynamic.media.a drevolver [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ html [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ reclame [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ Chitika [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@server.iad.live persoon [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ linksynergy [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ questionmarket [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@trvlnet.adburea u [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@statse.webtrend slive [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ fastclick [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ specificclick [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@iacas.adbureau [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.adocean [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@citi.bridgetrac k [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@banners.andomed ia [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ serving-sys [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ trafficmp [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.addynamix [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ Zedo [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@glb.adtechus [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ interclick [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-hyundaiusa.hitbox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.ntsserve [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.shopica [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 60960915 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ BlueStreak [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ roiservice [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ superrewards [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ atdmt [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ trackalyzer [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ TACODA [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@sparknetworks.1 12.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ collectieve-media [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ atwola [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 35668663 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@web4.realtracke r [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ checkingsaccoun tsfree [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@track.bestbuy [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.as4x.tmcs [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ Adbrite [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-spyderactivesportinc.hitbox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ media6degrees [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ doubleclick [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@edge.ru4 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ Casalemedia [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ ontvangsten [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@homeaway.112.2o 7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ insightexpressa i [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adserver.adreac tor [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.mtvnservi ces [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ adinterax [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tremor.adbureau [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@optimize.indiec likken [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ loading [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 44153975 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.travelcount ry [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.adrevolve r [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@hearstugo.112.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ u [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-hollywoodmedia.hitbox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ waterfrontmedia .112.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@snapfish.112.2o 7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.cnn [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.bridgetrack [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ nextag [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@data.coremetric s [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ burstnet [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ azjmp [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 247realmedia [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ tradedoubler [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ cgi-bin [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-dig.hitbox [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ adrevolver [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@anad.tacoda [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ pro-markt [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viavh1com.112.2 o7 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ adrevolver [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ realmedia [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viavh1comdev.11 2.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@e-2dj6wdl4umcjogo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adopt.specificc likken [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg.hitbox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ statcounter [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@rm.yieldmanager [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ overture [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ revsci [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 27467505 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@extrovert.122.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.keywor dmax [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ tribalfusion [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ Hitbox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@208.122.40 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ Mediaplex [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@richmedia.yahoo [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ apmebf [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@at.atwola [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.calorie-count [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 1071868927 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ gadget [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.mynetfinder [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ adlegend [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ Kontera [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ backcountry [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ SPD0478 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ my-calorie-counter [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.polygonelit e [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@mlarmani.122.2o 7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.o2 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@aerlingus.122.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.widgetbucks [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@prospect.adbure au [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@wunderloop.zano x [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.fathom seo [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ valeantpharmace uticals.112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 1072676049 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@pai.112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@shopping.112.2o 7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.cheapflight s [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@stampscom.112.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 27814325 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ordie.adbureau [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry uitlaat [3]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry uitlaat [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 60960915 [3]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.mediamayhem corp [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@counter.surfcou nters [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@msnportal.112.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.associatedco ntent [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@hit.stat [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@e-2dj6wjnyekc5ogo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ showit [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 41586732 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.foundr Y42 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.scribefire [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 1070515056 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ Bizrate [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-homesandland.hitbox [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@homestore.122.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@te.kontera [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@perf.overture [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@redirect.clicks hield [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ HyperTracker [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 1069204868 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 1070848910 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ reddingslijn @ joyforouryouth. 112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@sales.liveperso n [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ AdTech [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 1070932382 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@warnerbros.112. 2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@zbox.zanox [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 1068787440 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-officeworld.hitbox [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-warnerbrothers.hitbox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ directtrack [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ microsoftwindow s.112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ qnsr [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ media303 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ LPneimanmarcus [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-foxsports.hitbox [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ calorie-count [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@bridge.admarket plaats [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adserver.adtech ons [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viacom.adbureau [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@healthgrades.11 2.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ford.112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ partner2profit [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ backcountryoutl et [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viator.122.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.burstnet [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@blackstone.122. 2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ssm.directtrack [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ yadro [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ yieldmanager [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yoyo [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ mediapromoter [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ rotator [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ angleinteractiv e.directtrack [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@amazonbebe.122. 2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ Clickbooth [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ reddingslijn @ sharewellgroup. 112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-guess.hitbox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.quixsurf [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 1068951109 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ cgi-bin [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ socialmedia [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ adtrafficdriver [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ pcvirusremover2 008 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@login.tracking1 01 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.burstbeacon [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ efashionsolutio ns.122.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ polygonelite [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.penis.com [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@stat.dealtime [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ clicktorrent [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 56294818 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@sixapart.adbure au [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad1.clickhype [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@kaboose.112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-groupernetworks.hitbox [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@afe.specificcli ck [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ verbeteren [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@videoegg.adbure au [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@208.122.40 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ EyeWonder [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ hornymatches [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ adserver [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adserver.easyad [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 33069911 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ specificmedia [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ mo-media [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@test.coremetric s [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@counter.hitslin k [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.zanox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.monster [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ u [3]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.findgift [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ [2 pricesexposed]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ shopica [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ wmvmedialease [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 1052094474 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ watchmyclicks [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.ovguide [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ Crackle [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-advertisementbv.hitbox [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ quick-scanner [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 1066497271 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@clickz.lonelych eatingwives [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ 76226072 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.novem [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viamtvcom.112.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.findit-quick [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ rekeningen [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.adocean [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.licenseac quisition [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ serving-sys [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ levenslijn @ webstats [1]. Txt
C: \ Documents and Settings \ LocalService \ Cookies \ system @ 2o7 [1]. Txt

CommonName Toolbar / Browser Helper Object
HKCR \ CLSID \ (00000000-0000-0000-0000-000000000000)

Trojan.MalwareWipe
HKCR \ AppID \ (70F17C8C-1744-41B6-9D07-575DB448DCC5)

Malware.AntiVirusGolden
HKCR \ Cerberus.EngineListener
HKCR \ Cerberus.EngineListener \ CLSID
HKCR \ Cerberus.EngineListener \ CurVer
HKCR \ Cerberus.EngineListener.1
HKCR \ Cerberus.EngineListener.1 \ CLSID
HKCR \ Cerberus.Scanner
HKCR \ Cerberus.Scanner \ CLSID
HKCR \ Cerberus.Scanner \ CurVer
HKCR \ Cerberus.Scanner.1
HKCR \ Cerberus.Scanner.1 \ CLSID
HKCR \ Cerberus.ThreatCollection
HKCR \ Cerberus.ThreatCollection \ CLSID
HKCR \ Cerberus.ThreatCollection \ CurVer
HKCR \ Cerberus.ThreatCollection.1
HKCR \ Cerberus.ThreatCollection.1 \ CLSID
HKCR \ Engine.Backup
HKCR \ Engine.Backup \ CLSID
HKCR \ Engine.Backup \ CurVer
HKCR \ Engine.Backup.1
HKCR \ Engine.Backup.1 \ CLSID
HKCR \ Engine.IgnoreList
HKCR \ Engine.IgnoreList \ CLSID
HKCR \ Engine.IgnoreList \ CurVer
HKCR \ Engine.IgnoreList.1
HKCR \ Engine.IgnoreList.1 \ CLSID
HKCR \ Engine.Log
HKCR \ Engine.Log \ CLSID
HKCR \ Engine.Log \ CurVer
HKCR \ Engine.Log.1
HKCR \ Engine.Log.1 \ CLSID
HKCR \ Engine.LogRecord
HKCR \ Engine.LogRecord \ CLSID
HKCR \ Engine.LogRecord \ CurVer
HKCR \ Engine.LogRecord.1
HKCR \ Engine.LogRecord.1 \ CLSID
HKCR \ Engine.Paths
HKCR \ Engine.Paths \ CLSID
HKCR \ Engine.Paths \ CurVer
HKCR \ Engine.Paths.1
HKCR \ Engine.Paths.1 \ CLSID
HKCR \ Engine.Quarantine
HKCR \ Engine.Quarantine \ CLSID
HKCR \ Engine.Quarantine \ CurVer
HKCR \ Engine.Quarantine.1
HKCR \ Engine.Quarantine.1 \ CLSID
HKCR \ Engine.RunAs
HKCR \ Engine.RunAs \ CLSID
HKCR \ Engine.RunAs \ CurVer
HKCR \ Engine.RunAs.1
HKCR \ Engine.RunAs.1 \ CLSID
HKCR \ Engine.SearchItem
HKCR \ Engine.SearchItem \ CLSID
HKCR \ Engine.SearchItem \ CurVer
HKCR \ Engine.SearchItem.1
HKCR \ Engine.SearchItem.1 \ CLSID
HKCR \ Engine.Threat
HKCR \ Engine.Threat \ CLSID
HKCR \ Engine.Threat \ CurVer
HKCR \ Engine.Threat.1
HKCR \ Engine.Threat.1 \ CLSID
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1)
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) # AppID
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ LocalServer32
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ ProgID
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ Programmable
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ TypeLib
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ VersionIndependentProgID
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A)
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) # AppID
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ LocalServer32
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ ProgID
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ Programmable
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ TypeLib
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ VersionIndependentProgID
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C)
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) # AppID
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ LocalServer32
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ ProgID
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ Programmable
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ TypeLib
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ VersionIndependentProgID
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C)
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) # AppID
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ LocalServer32
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ ProgID
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ TypeLib
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ VersionIndependentProgID
HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC)
HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) # AppID
HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ LocalServer32
HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ ProgID
HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ TypeLib
HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ VersionIndependentProgID
HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE)
HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) # AppID
HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ LocalServer32
HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ ProgID
HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ TypeLib
HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ VersionIndependentProgID
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A)
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) # AppID
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ LocalServer32
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ ProgID
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ TypeLib
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ VersionIndependentProgID
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E)
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) # AppID
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ LocalServer32
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ ProgID
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ TypeLib
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ VersionIndependentProgID
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38)
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) # AppID
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ LocalServer32
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ ProgID
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ Programmable
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ TypeLib
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ VersionIndependentProgID
HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988)
HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) # AppID
HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ LocalServer32
HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ ProgID
HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ TypeLib
HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ VersionIndependentProgID
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535)
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) # AppID
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ LocalServer32
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ ProgID
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ Programmable
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ TypeLib
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ VersionIndependentProgID
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D)
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) # AppID
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ LocalServer32
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ ProgID
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ TypeLib
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ VersionIndependentProgID
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139)
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ 0
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ FLAGS
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ HELPDIR
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E)
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ ProxyStubClsid
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ ProxyStubClsid32
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ TypeLib
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ TypeLib # Version
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019)
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ ProxyStubClsid
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ ProxyStubClsid32
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ TypeLib
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ TypeLib # Version
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601)
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ ProxyStubClsid
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ ProxyStubClsid32
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ TypeLib
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ TypeLib # Version
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C)
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ ProxyStubClsid
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ ProxyStubClsid32
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ TypeLib
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ TypeLib # Version
HKCR \ Interface \ (886B1D08-B404-40F0-AO18-4E416682A2E9)
HKCR \ Interface \ (886B1D08-B404-40F0-AO18-4E416682A2E9) \ ProxyStubClsid
HKCR \ Interface \ (886B1D08-B404-40F0-AO18-4E416682A2E9) \ ProxyStubClsid32
HKCR \ Interface \ (886B1D08-B404-40F0-AO18-4E416682A2E9) \ TypeLib
HKCR \ Interface \ (886B1D08-B404-40F0-AO18-4E416682A2E9) \ TypeLib # Version
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB)
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ ProxyStubClsid
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ ProxyStubClsid32
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ TypeLib
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ TypeLib # Version
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D)
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ ProxyStubClsid
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ ProxyStubClsid32
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ TypeLib
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ TypeLib # Version
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866)
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ ProxyStubClsid
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ ProxyStubClsid32
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ TypeLib
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ TypeLib # Version
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1)
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ ProxyStubClsid
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ ProxyStubClsid32
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ TypeLib
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ TypeLib # Version
HKCR \ Interface \ (D483521B-D5CC-43ff-A45A-9BE4A8E6606E)
HKCR \ Interface \ (D483521B-D5CC-43ff-A45A-9BE4A8E6606E) \ ProxyStubClsid
HKCR \ Interface \ (D483521B-D5CC-43ff-A45A-9BE4A8E6606E) \ ProxyStubClsid32
HKCR \ Interface \ (D483521B-D5CC-43ff-A45A-9BE4A8E6606E) \ TypeLib
HKCR \ Interface \ (D483521B-D5CC-43ff-A45A-9BE4A8E6606E) \ TypeLib # Version
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2)
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ ProxyStubClsid
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ ProxyStubClsid32
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ TypeLib
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ TypeLib # Version
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E)
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ ProxyStubClsid
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ ProxyStubClsid32
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ TypeLib
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ TypeLib # Version
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF)
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ ProxyStubClsid
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ ProxyStubClsid32
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ TypeLib
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ TypeLib # Version
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA)
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ ProxyStubClsid
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ ProxyStubClsid32
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ TypeLib
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ TypeLib # Version
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B)
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ ProxyStubClsid
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ ProxyStubClsid32
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ TypeLib
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ TypeLib # Version
HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5)
HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ ProxyStubClsid
HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ ProxyStubClsid32
HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ TypeLib
HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ TypeLib # Version
HKCR \ AppID \ Cerberus.EXE
HKCR \ AppID \ Cerberus.EXE # AppID

Trojan.Media-Codec
C: \ Documents and Settings \ Lifeline \ Favorieten \ Online Security Test.url

Adware.180solutions/Seekmo
HKU \ S-1-5-21-4234981574-39719586-4263454222-1007 \ Software \ seekmo
HKLM \ Software \ seekmo
HKLM \ Software \ seekmo # cvf
HKLM \ Software \ seekmo # install_embedded
HKLM \ Software \ seekmo # UMT
HKLM \ Software \ seekmo # duid
HKLM \ Software \ seekmo # partner_id
HKLM \ Software \ seekmo # product_id
C: \ Program Files \ Seekmo \ seekmoau.dat
C: \ Program Files \ Seekmo \ seekmo_gdf.dat
C: \ Program Files \ Seekmo \ seekmo_kyf.dat
C: \ Program Files \ Seekmo
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Seekmo Search Assistant \ Seekmo Customer Support.url
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Seekmo Search Assistant \ Seekmo.com.url
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Seekmo Search Assistant \ Uninstall Seekmo Instructions.lnk
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Seekmo Search Assistant

Trojan.DNSChanger-Codec
HKCR \ CLSID \ E404.e404mgr
HKCR \ CLSID \ E404.e404mgr # UserId

Trojan.Media-Codec/V4
HKCR \ videoPl.chl
HKCR \ videoPl.chl \ CLSID
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Multimedia Software
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Multimedia Software # ProductionEnvironment
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Multimedia Software # DisplayName
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Multimedia Software # UninstallString
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Multimedia Software # DisplayIcon
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Multimedia Software Demo Versie #
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Multimedia Software # Uitgever

Rogue.AntiSpyKit
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B)
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ cnreqoyLmwnuv
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ crrmlfrwzfxhg
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ gizbuobfa
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ InprocServer32
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ KIcbv
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ nfjRol
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ rDkSqA

Rogue.VirusHeat
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1)
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ hwuhrcdfh
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ hxgfzhjfHrx
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ InprocServer32
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ iTzlTI
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ nMnkE
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ OufPqTb
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ sBnix
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ uAEeiihPke
HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF)
HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0
HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ 0
HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ FLAGS
HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ HELPDIR
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2)
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ ProxyStubClsid
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ ProxyStubClsid32
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ TypeLib
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ TypeLib # Version
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE)
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ ProxyStubClsid
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ ProxyStubClsid32
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ TypeLib
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ TypeLib # Version
HKCR \ Interface \ (25297614-1B76-4c2c-82C6-62738AA0E8F0)
HKCR \ Interface \ (25297614-1B76-4c2c-82C6-62738AA0E8F0) \ ProxyStubClsid
HKCR \ Interface \ (25297614-1B76-4c2c-82C6-62738AA0E8F0) \ ProxyStubClsid32
HKCR \ Interface \ (25297614-1B76-4c2c-82C6-62738AA0E8F0) \ TypeLib
HKCR \ Interface \ (25297614-1B76-4c2c-82C6-62738AA0E8F0) \ TypeLib # Version
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870)
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ ProxyStubClsid
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ ProxyStubClsid32
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ TypeLib
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ TypeLib # Version
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8)
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ ProxyStubClsid
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ ProxyStubClsid32
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ TypeLib
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ TypeLib # Version
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246)
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ ProxyStubClsid
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ ProxyStubClsid32
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ TypeLib
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ TypeLib # Version
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7)
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ ProxyStubClsid
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ ProxyStubClsid32
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ TypeLib
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ TypeLib # Version
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D)
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ ProxyStubClsid
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ ProxyStubClsid32
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ TypeLib
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ TypeLib # Version
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4)
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ ProxyStubClsid
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ ProxyStubClsid32
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ TypeLib
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ TypeLib # Version
HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E)
HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ ProxyStubClsid
HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ ProxyStubClsid32
HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ TypeLib
HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ TypeLib # Version
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C)
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ ProxyStubClsid
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ ProxyStubClsid32
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ TypeLib
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ TypeLib # Version
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6)
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ ProxyStubClsid
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ ProxyStubClsid32
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ TypeLib
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ TypeLib # Version
HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF)
HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ ProxyStubClsid
HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ ProxyStubClsid32
HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ TypeLib
HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ TypeLib # Version
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F)
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ ProxyStubClsid
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ ProxyStubClsid32
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ TypeLib
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ TypeLib # Version
HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9)
HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ ProxyStubClsid
HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ ProxyStubClsid32
HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ TypeLib
HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ TypeLib # Version
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01)
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ ProxyStubClsid
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ ProxyStubClsid32
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ TypeLib
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ TypeLib # Version

Trojan.Media-Codec/V5
HKU \ S-1-5-21-4234981574-39719586-4263454222-1007 \ Software \ NetProject
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service # DisplayName
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service # UninstallString
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing # DisplayName
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing # UninstallString

Adware.Vundo Variant / Rel
HKLM \ SOFTWARE \ Microsoft \ FCOVM
HKLM \ SOFTWARE \ Microsoft \ RemoveRP

[ruffryder2k7]

Malwarebytes' Anti-Malware 1.30
Database versie: 1310
Windows 5.1.2600 Service Pack 2

10.23.2008 12:24:55
mbam-log-2008-10-23 (12-24-55). txt

Scan type: Quick Scan
Objecten gescand: 52051
Verstreken tijd: 6 minuten (s), 54 seconde (n)

Memory Processes Infected: 0
Geheugenmodulen geïnfecteerd: 7
Registersleutels geïnfecteerd: 124
Registerwaarden geïnfecteerd: 15
Registry Data Items Infected: 2
Folders Infected: 6
Bestanden geïnfecteerd: 56

Memory Processes Infected:
(Geen kwaadaardige items gedetecteerd)

Memory Modules Infected:
C: \ WINDOWS \ system32 \ lptjntqu.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ qoMghecb.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ pnswwf.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ rqRiJAst.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ emufbyex.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ dwolhm.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ cryptuik.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (06ef2cab-3340-4eb1-A740-c33ac922fa1f) (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT \ CLSID \ (06ef2cab-3340-4eb1-A740-c33ac922fa1f) (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ rqrijast (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT \ CLSID \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ jvkuajdi (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT \ CLSID \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ CLSID \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (06ef2cab-3340-4eb1-A740-c33ac922fa1f) (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ cerberus.enginelistener (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ cerberus.enginelistener.1 (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ cerberus.scanner (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ cerberus.scanner.1 (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ cerberus.threatcollection (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ cerberus.threatcollection.1 (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.backup (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.backup.1 (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.ignorelist (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.ignorelist.1 (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.log (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.log.1 (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.logrecord (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.logrecord.1 (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.paths (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.paths.1 (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.quarantine (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.quarantine.1 (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.runas (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.runas.1 (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.searchitem (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.searchitem.1 (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.threat (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ engine.threat.1 (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ main.bho (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ main.bho.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (0ec085a8-9818-43b7-b975-ec7555eda4d2) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (1a74c41c-0837-4fbe-ba50-621eb70f01ce) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (25297614-1b76-4c2c-82c6-62738aa0e8f0) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (27ed4ac2-b6d8-4079-9831-017a100b391e) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (37f89457-1208-4670-9245-58c62bd6d870) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (3f6d6c35-fb73-45e6-9473-bb4cc25ce019) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (45477032-abd0-454d-9ce4-ea34c10322f8) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (69e34747-0b27-4b30-ae20-1023bf29e246) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (715d709b-2b10-42fa-a069-297d25d93601) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (79be5b3b-80b2-4b77-a042-efc90f6e0de7) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (7c0ec6bf-81b9-4fe0-9447-4ed29a36bf5d) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (7ebb34cf-1728-4136-a968-48f231dad1b4) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (872c1b1e-3cf0-4d3a-95e5-a0c662d2854c) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (886b1d08-b404-40f0-aa18-4e416682a2e9) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (88daa291-b413-4c46-b378-3be66f65369e) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (8b5f65cf-0b0a-4291-8da2-86d7f7b0a6db) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (925b0211-a1c1-4712-8fca-5f5b8101736d) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (936a2f4a-53f8-4d2f-92aa-2f9de889841c) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (986a8ac1-ab4d-4f41-9068-4b01c0197867) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (afcc3fa7-82a9-42d5-A405-78711e97a5d6) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (b01e37c4-5497-4d58-9ffd-d5653b8dc866) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (cc05a4a3-7b28-488f-ab02-6aaedb86accf) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (ccaa201c-c48d-48a8-a1e8-846562cbf1c1) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (d483521b-d5cc-43ff-a45a-9be4a8e6606e) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (e80114aa-6653-4952-9e97-5f1dc63bee0f) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (ed2aff47-b7be-4273-a203-c796e87f72d2) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (f0fa7ed9-5a0a-4374-b63e-bebafd52192e) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (f5dee77c-87eb-4e00-bbf9-8cbf3bdea7af) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (f9109a2a-432b-4add-a6fa-06ba22dcd2d9) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (fb5ddab7-6aa5-4e97-9541-5a75addf4aba) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (fca3958a-8d38-4d14-8b81-ccd7f68a8a01) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (fddf521b-0ebe-4d15-838c-73e2d851161b) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (ff609434-eb47-481b-ba0e-1d2b467629a5) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ CLSID \ (6743c36c-cbfe-11db-9705-005056c00008) (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ CLSID \ (020b1227-417d-4682-9ac3-61f43cb5b6b1) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ CLSID \ (125494b2-Acad-414c-98b9-452f3ef7703a) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ CLSID \ (20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ CLSID \ (3d00a39c-655b-428b-aeb2-2fba03dcc49c) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ CLSID \ (408f660a-9465-44a3-b557-8709dfd992bc) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ CLSID \ (5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ CLSID \ (8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ CLSID \ (8ee6bf73-b370-4d13-9126-eb0071178f2e) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ CLSID \ (97f56e12-c706-4aeb-9ffb-133c05ee5d38) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ CLSID \ (9bb7e700-4e48-476d-b75c-6f47606be988) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ CLSID \ (cbcaca58-1aee-4600-8cf0-e8b30bff1535) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ CLSID \ (d6d64cdf-0363-4261-b723-29a3af365e1d) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (8e3c68cd-F500-4a2a-8cb9-132bb38c3573) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ TypeLib \ (60f94d7d-563e-4942-b5ec-2de9c135c139) (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Interface \ (cbd02e9b-37ef-47d2-96b0-3abbb2eb92bf) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ AppID \ (a0e1054b-01ee-4d57-A059-4d99f339709f) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ AppID \ (70f17c8c-1744-41b6-9d07-575db448dcc5) (Rogue.Multiple) -> quarantaine en verwijderd.
HKEY_CLASSES_ROOT \ Installer \ UpgradeCodes \ 7c673a5b8 71b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (afd4ad01-58c1-47dB-A404-fbe00a6c5486) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (9034a523-d068-4be8-A284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (c2a1c5cb-c0ef-4689-9436-f62cca1c5383) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ SearchScopes \ (daed9266-8c28-4c1c-8b58-5c66eff1d302) (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installer \ UpgradeCodes \ 7c673a5b871b8cd4 19f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ ControlPanel \ NameSpace \ (6743c3 6c-cbfe-11db-9705-005056c00008) (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Ext \ PreApproved \ (0ac49246-419b-4ee0-8917-8818daad6a4e) (Adware.180Solutions) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Ext \ PreApproved \ (99410cde-6f16-42ce-9d49-3807f78f0287) (Adware.180Solutions) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ vooraf goedgekeurde \ (f31a5d11-bf0b-4a4e-90af-274f2090aaa6) (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Extensions \ (9034a523-d068-4be8-A284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ j qvxedzb (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ j qvxedzb (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ jqvxedzb (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> quarantaine en verwijderd.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ instkey (Trojan.Vundo) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Track System (Trojan.Vundo) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ MultiMedia Software (Trojan.Zlob) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ videoPl.chl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ AppID \ Cerberus.EXE (Rogue.Antivirus.Gold) -> quarantaine en verwijderd.

Registry Values Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ b0c087c0 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ ShellExecuteHooks \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ Extensions \ CmdMapping \ (9034a523-d068-4be8-A284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ SharedTaskScheduler \ (ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ bf (Trojan.Agent) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ bk (Trojan.Agent) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ iu (Trojan.Agent) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ mu (Trojan.Agent) -> quarantaine en verwijderd.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installer \ Folders \ c: \ program files \ adwarealert \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installer \ Folders \ c: \ program files \ adwarealert \ filterdrv \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installer \ Folders \ c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ adwarealert \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. securewebinfo.com (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. safetyincludes.com (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. securemanaging.com (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Notification Packages (Trojan.Vundo) -> Data: c: \ windows \ system32 \ qomghecb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Authentication Packages (Trojan.Vundo) -> Data: c: \ windows \ system32 \ qomghecb -> Delete on reboot.

Folders Infected:
C: \ Program Files \ Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ AppCert (Trojan.Downloader) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Geïnfecteerde bestanden:
C: \ WINDOWS \ system32 \ qoMghecb.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ bcehgMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ bcehgMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ rqRiJAst.dll (Trojan.Vundo) -> Delete on reboot.
c: \ WINDOWS \ system32 \ cryptuik.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ dwolhm.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ evhuoman.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ namouhve.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ lptjntqu.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ uqtnjtpl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ pnswwf.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ emufbyex.dll (Trojan.Vundo) -> Delete on reboot.
C: \ Program Files \ Common \ _helper.dll (Adware.Agent) -> Quarantined and deleted successfully.
C: \ WINDOWS \ Installer \ (AD4149B3-4E2A-56B1-A8A4-54FF9DE92C87) \ Icon.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ ywpnxpys.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ cwokkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ cypdyp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ dhebaasf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ fdbgbvkj.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ mpasahjl.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ sznqnj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ nuuwnrfb.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ opcapbye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ plljru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ tgycffmw.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ blukkoij.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ bxdiyfrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ ftvwbfjg.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ vgrksjuc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ ulmxavjt.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LMQL183J \ upd105320 [1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ Program Files \ Seekmo \ seekmoau.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C: \ Program Files \ Seekmo \ seekmo_gdf.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C: \ Program Files \ Seekmo \ seekmo_kyf.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ AppCert \ filter.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ AppCert \ options.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ AdwareAlert \ AdwareAlert op de Web.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ AdwareAlert \ AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 19 - 03_00_00 AM_625.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 19 - 03_00_01 AM_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 20 - 03_00_00 AM_609.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 20 - 03_00_01 AM_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 21 - 03_00_00 AM_484.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 21 - 03_00_01 AM_203.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 22 - 03_00_00 AM_250.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 22 - 03_00_00 AM_562.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 03_00_00 AM_281.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 03_00_00 AM_640.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 11_06_53 AM_968.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 11_12_02 AM_000.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Settings \ ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Program Files \ Common \ helper.dll (Adware.Agent) -> Quarantined and deleted successfully.
C: \ WINDOWS \ Tasks \ AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Favorieten \ Online Security Test.url (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ All Users \ Desktop \ AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

[evilfantasy]

U gebruikt twee antivirus en twee firewalls (security suites). Verwijder een van hen nu dan na een verse HijackThis log.

[ruffryder2k7]

Nou ik heb kaspersky geïnstalleerd, zodat de antivirus-en firewall-en im gissen Windows Firewall is
en i dont know wat andere antivirus ik heb geïnstalleerd im niet actief iets anders
annuleerteken u meer specifiek?

[evilfantasy]

Microsoft Windows OneCare Live is ook een antivirus / firewall combinatie.

[ruffryder2k7]

Ok ik keek maar een zorg is niet geïnstalleerd ik had verwijderd toen ik was het installeren van kaspersky
hier is een nieuw HijackThis toch.

Logbestand van Trend Micro HijackThis v2.0.2
Scan saved at 11:02:53, op 10.29.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Draaiende processen:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ PROGRA ~ 1 \ COMMON ~ 1 \ AOL \ ACS \ AOLacsd.exe
C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Western Union \ Universal-Release \ Translink.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dell.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Program Files \ Google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: CBrowserHelperObject Object - (CA6319C0-31B7-401E-A518-A07C3DB8F777) - C: \ Program Files \ BAE \ BAE.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Program Files \ Google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AVP] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm
O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: (geen naam) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra button: Web traffic bescherming statistieken - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll
O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (05D44720-58E3-49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: (3BB54395-5982-4788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Invite) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: (3C1F44A9-D1FD-4AA5-BC66-69816B58680C) (Printer Class) -- https: / / webcenter.ipponline.com / ippo...iptPrinter.cab
O16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: (6B0228D7-D6D5-4B97-82E7-79557E4314D0) (ScannerDll.CheckScanner) -- https: / / webcenter.ipponline.com / ippo...ScannerDll.CAB
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: (F773E7B2-62A9-4524-9109-87D2F0BEFAA4) (ChessControl Class) -- http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O18 - Filter hijack: text / html - (59610584-cc18-436f-B031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll
O20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd3.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPE R ~ 1 \ adialhk.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ Kloe hk.dll dwolhm.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ AOL \ ACS \ AOLacsd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C: \ Program Files \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: OneCare AntiSpyware en AntiVirus (OneCareMP) - Unknown owner - C: \ Program Files \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe (file missing)

--
End of file - 6332 bytes

[evilfantasy]

Open HijackThis en selecteer Doe een systeemscan alleen.

Plaats een vinkje naast de volgende items: (indien aanwezig)

- O18 - Filter hijack: text / html - (59610584-cc18-436f-B031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll
- O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C: \ Program Files \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe (file missing)
- O23 - Service: OneCare AntiSpyware en AntiVirus (OneCareMP) - Unknown owner - C: \ Program Files \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe (file missing)

Belangrijk: Sluit alle vensters behalve HijackThis en klik op Fix gecontroleerd.

Afsluiten HijackThis.

----------

Ga naar Start> Uitvoeren en type Notepad.exe klik op OK.

Kopieer en plak de volgende tekst in de code vak in het nieuwe Kladblok bestand.

Code:

@ ECHO OFF sc stop "msfwsvc" sc delete "msfwsvc" sc stop "OneCareMP" sc delete "OneCareMP" exit

Selecteer in Kladblok Bestand en Opslaan als
Kies Opslaan op de locatie worden de Desktop en voor de Bestand naam: type in fixme.bat Zorg ervoor dat de Opslaan als type gebied zegt Alle bestanden.

Volgende dubbelklik fixservice.bat om het uit te voeren.
Een zwarte doos moet openen en sluiten na een korte tijd, dit is normaal.
Ga niet door tot de zwarte doos is gesloten
Fixservice.bat verwijderen van het bureaublad.

----------

Downloaden OTMoveIt2 door Oldtimer en sla het op uw Desktop.

Opmerking: Als u werkt met Vista, klik met de rechtermuisknop op en kies OTMoveIt2.exe Run as administrator.

1. Dubbelklik op OTMoveIt2.exe om het uit te voeren.
2. Kopieer de lijnen in de codebox hieronder.

Code:

[doden explorer] "C: \ Program Files \ Microsoft Windows OneCare Live EmptyTemp [start explorer]

3. Terug naar OTMoveIt2, klik rechts op de Plak Lijst van bestanden / mappen te verplaatsen venster (onder de gele balk) en kies Plakken
4. Klik op de rode Moveit! knop.
5. Kopieer alles in het venster Resultaten (onder de groene balk) en plak het in je volgende antwoord.
6. Sluiten OTMoveIt2

Opmerking: Als een bestand of map kan niet worden verplaatst u onmiddellijk kan worden gevraagd de computer opnieuw opstarten om te eindigen in beweging proces. Als gevraagd om opnieuw op te starten, kiest u Ja. Zo niet, toch opnieuw opstarten.

----------

Download ComboFix door subs uit een van de onderstaande links. Wees er zeker boven op te slaan op de Desktop.

Link # 1
Link # 2

** Opmerking: Het is belangrijk dat het is opgeslagen rechtstreeks op uw bureaublad

Sluit alle open web browsers. (Firefox, Internet Explorer, enz.) voordat u begint ComboFix.

Tijdelijk uitschakelen je antivirus, En eventuele antispyware real-time bescherming voordat het uitvoeren van een scan. Klik op deze link om een lijst van programma's die de veiligheid moeten worden uitgeschakeld en het uitschakelen van hen.

Dubbelklik op combofix.exe en volg de instructies.

Voor Windows XP-systemen installeren van de herstelconsole:

- Als u Windows XP gebruikt en niet al de Recovery Console geïnstalleerd, zorg dan dat uw Internet-verbinding actief is (indien mogelijk) en klik op Ja.
- Indien om een of andere reden uw Internet niet werkt klik Nee.
-- Als u Windows XP niet gebruikt, zult u niet worden gevraagd.
- Wanneer u wordt gevraagd om de EULA klik OK.
- Accepteer Microsoft EULA (Klik Ja).
- Als u verteld dat de RC correct is geïnstalleerd klikt u op JA om verder te gaan scannen voor malware.

Wanneer u klaar bent ComboFix zal een log voor je.
Post de ComboFix log in je volgende antwoord.

Belangrijk: Niet muisklik ComboFix het venster terwijl het draait. Dat kan leiden tot stilstand.

Vergeet niet om opnieuw inschakelen van uw antivirus-en antispyware-bescherming wanneer ComboFix is voltooid.