|
|
|||||||
|
 |
|
|
Thread Tools |
|
#1
21 Oct 2008, 10:48
|
|||
|
|||
|
Infisert med Heur.trojan.generic Please Help
Min datamaskin på jobben hasn't hadde en god anti virus og etter at jeg installerte kaspersky det funnet at min lsass.exe \ qoMghecb.dll filer er infisert med heur.trojan.generic viruset. Det er ingen info om det på de fleste nettsteder om viruset eller hvordan å fjerne det. Kanne noen behage hjelpe meg ut?
|
|
#2
21 Oct 2008, 10:49
|
||||||||||||
|
||||||||||||
|
Infisert med Heur.trojan.generic Please Help
http://www.computer-juice.com/forums...-posting-7476/
__________________
Følg veiledningen, installere gratis programvare og etter loggfilene. Deretter malware team kan se hva som er galt med systemet. Min System: Hybr! D
|
|
#3
27th Oct 2008, 08:58
|
|||
|
|||
|
Infisert med Heur.trojan.generic Please Help
ok her er skannet fra kapre dette super spyware og malware henholdsvis
Logfile of Trend Micro HijackThis v2.0.2 Scan lagret på 11:48:36, on 10/27/2008 Plattform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Kjører prosesser: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ Lsass.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Programfiler \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ Explorer.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Programfiler \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ progra ~ 1 \ FELLES ~ 1 \ AOL \ ACS \ AOLacsd.exe C: \ Programfiler \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ Programfiler \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe C: \ WINDOWS \ system32 \ wscntfy.exe C: \ Program Files \ Western Union \ Universal-Release \ Translink.exe C: \ Programfiler \ Internet Explorer \ iexplore.exe C: \ Programfiler \ Mozilla Firefox \ firefox.exe C: \ Programfiler \ Trend Micro \ HijackThis \ sniper.exe.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dell.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025 O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.5.0_09 \ bin \ ssv.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programfiler \ Google \ googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programfiler \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll O2 - BHO: CBrowserHelperObject Object - (CA6319C0-31B7-401E-A518-A07C3DB8F777) - C: \ Programfiler \ Bae \ BAE.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programfiler \ Google \ googletoolbar3.dll O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [AVP] "C: \ Programfiler \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O8 - Extra sammenheng menyelement: Legg til Bannerannonse Blocker - C: \ Programfiler \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ MI1933 ~ 1 \ Office11 \ EXCEL.EXE/3000 O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Extra knappen: webområdetrafikk beskyttelse statistics - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Programfiler \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ MI1933 ~ 1 \ Office11 \ REFIEBAR.DLL O9 - Extra knappen: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe O16 - DPF: (05D44720-58E3-49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: (3BB54395-5982-4788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Inviter) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab Ø16 - DPF: (3C1F44A9-D1FD-4AA5-BC66-69816B58680C) (Printer Class) -- https: / / webcenter.ipponline.com / ippo...iptPrinter.cab O16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab Ø16 - DPF: (6B0228D7-D6D5-4B97-82E7-79557E4314D0) (ScannerDll.CheckScanner) -- https: / / webcenter.ipponline.com / ippo...ScannerDll.CAB O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab Ø16 - DPF: (F773E7B2-62A9-4524-9109-87D2F0BEFAA4) (ChessControl Class) -- http://zone.msn.com/bingame/zpagames...p.cab56961.cab Ø18 - Filter hijack: text / html - (59610584-cc18-436f-b031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll Ø20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd.dll C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd3.dll C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPE R ~ 1 \ adialhk.dll C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ kloe hk.dll dwolhm.dll O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: AOL Tilkobling Service (AOL ACS) - America Online, Inc. - c: \ progra ~ 1 \ FELLES ~ 1 \ AOL \ ACS \ AOLacsd.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C: \ Programfiler \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe -- End of file - 6163 bytes |
|
#4
27th Oct 2008, 08:58
|
|||
|
|||
|
Infisert med Heur.trojan.generic Please Help
SUPERAntiSpyware Scan Log
http://www.superantispyware.com Generated 10/23/2008 at 11:31 Application Version: 4.21.1004 Core Rules Database Version: 3606 Trace Rules Database Version: 1592 Scan type: Complete Scan Total Scan Time: 00:36:11 Memory eks skannet: 460 Minne trusler oppdages: 3 Register eks skannet: 5191 Register trusler oppdages: 385 File eks skannet: 37221 File trusler oppdages: 260 Trojan.Downloader-NewJuan/VM C: \ WINDOWS \ SYSTEM32 \ SZNQNJ.DLL C: \ WINDOWS \ SYSTEM32 \ SZNQNJ.DLL Trojan.Vundo-Variant/Small-GEN C: \ WINDOWS \ SYSTEM32 \ RQRIJAST.DLL C: \ WINDOWS \ SYSTEM32 \ RQRIJAST.DLL Adware.Vundo Variant / Resident C: \ WINDOWS \ SYSTEM32 \ QOMGHECB.DLL C: \ WINDOWS \ SYSTEM32 \ QOMGHECB.DLL Trojan.Vundo-Variant/NextGen HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (14F3A19A-1552-46C1-A1C8-A2179A397038) HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) \ InprocServer32 HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) \ InprocServer32 # ThreadingModel HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) \ InprocServer32 HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) \ InprocServer32 # ThreadingModel HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ rqRiJAst Trojan.Vundo-Variant/NextGen-Six HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (f904655c-8a31-4df9-be6d-8b5cb123d208) HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) \ InprocServer32 HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) \ InprocServer32 # ThreadingModel C: \ WINDOWS \ SYSTEM32 \ PNSWWF.DLL Trojan.Smitfraud Variant / IE Anti-Spyware HKLM \ Software \ Microsoft \ Internet Explorer \ Extensions \ (9034A523-D068-4BE8-A284-9DF278BE776E) Adware.Tracking Cookie C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@dynamic.media.a drevolver [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ html [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ advertising [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Pus [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@server.iad.live person [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ linksynergy [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ questionmarket [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@trvlnet.adburea u [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@statse.webtrend slive [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ fastclick [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ specificclick [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@iacas.adbureau [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.adocean [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@citi.bridgetrac k [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@banners.andomed ia [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ serving-sys [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ trafficmp [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.addynamix [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Zedo [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.pointroll [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@glb.adtechus [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ interclick [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-hyundaiusa.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.ntsserve [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.shopica [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 60960915 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@bs.serving-sys [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Bluestreak [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ roiservice [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ superrewards [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ atdmt [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ trackalyzer [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ tacoda [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@sparknetworks.1 12.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ kollektiv-media [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ atwola [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 35668663 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@web4.realtracke r [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ checkingsaccoun tsfree [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@track.bestbuy [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.as4x.tmcs [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ AdBrite [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-spyderactivesportinc.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ media6degrees [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ DoubleClick [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@edge.ru4 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ casalemedia [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ revenue [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@homeaway.112.2o 7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ insightexpressa i [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adserver.adreac Tor [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.mtvnservi ces [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ adinterax [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tremor.adbureau [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@optimize.indiec slikke [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ reservert [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 44153975 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.travelcount ry [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.adrevolve r [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@hearstugo.112.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ vennligst [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-hollywoodmedia.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ waterfrontmedia .112.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@anat.tacoda [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@snapfish.112.2o 7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.cnn [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.bridgetrack [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Kjøpsguider [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@data.coremetric s [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ burstnet [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ azjmp [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 247realmedia [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ TradeDoubler [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ cgi-bin [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-dig.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adopt.euroclick [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ adrevolver [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@anad.tacoda [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ pro-market [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viavh1com.112.2 o7 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ adrevolver [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ realmedia [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viavh1comdev.11 2.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@e-2dj6wdl4umcjogo.stats.esomniture [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adopt.specificc slikke [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ statcounter [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@rm.yieldmanager [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ overture [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ revsci [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 27467505 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@extrovert.122.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.keywor dmax [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ tribalfusion [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@208.122.40 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Mediaplex [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@richmedia.yahoo [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ apmebf [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@at.atwola [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.calorie-count [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1071868927 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ gadget [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.mynetfinder [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ adlegend [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Kontera [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ backcountry [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ SPD0478 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ mitt-calorie-counter [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.polygonelit e [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@mlarmani.122.2o 7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.o2 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@aerlingus.122.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.widgetbucks [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@prospect.adbure au [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@wunderloop.zano x [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.fathom seo [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ valeantpharmace uticals.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1072676049 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@pai.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@shopping.112.2o 7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.cheapflight s [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@stampscom.112.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 27814325 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ordie.adbureau [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry stikkontakt [3]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry stikkontakt [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 60960915 [3]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.mediamayhem corp [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@counter.surfcou nters [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@msnportal.112.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.associatedco ntent [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@hit.stat [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@e-2dj6wjnyekc5ogo.stats.esomniture [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ showit [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 41586732 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.foundr y42 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.scribefire [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1070515056 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ BizRate [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-homesandland.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@homestore.122.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@te.kontera [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@perf.overture [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@redirect.clicks hield [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ hypertracker [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1069204868 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1070848910 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ joyforouryouth. 112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@sales.liveperso n [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ adtech [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1070932382 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@warnerbros.112. 2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@zbox.zanox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1068787440 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-officeworld.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-warnerbrothers.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ directtrack [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ microsoftwindow s.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ qnsr [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ media303 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ LPneimanmarcus [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-foxsports.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ kalori-teller [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@bridge.admarket plass [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adserver.adtech oss [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viacom.adbureau [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@healthgrades.11 2.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ford.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ partner2profit [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ backcountryoutl et [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viator.122.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.burstnet [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@blackstone.122. 2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ssm.directtrack [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ yadro [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ yieldmanager [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yoyo [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ mediapromoter [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ rotator [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ angleinteractiv e.directtrack [2]. Txt C: \ Documents and Settings \ Livsnerven \ Cookies \ lifeline@amazonbebe.122. 2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ clickbooth [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ sharewellgroup. 112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-guess.hitbox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.quixsurf [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1068951109 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ cgi-bin [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ socialmedia [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ adtrafficdriver [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ pcvirusremover2 008 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@login.tracking1 01 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.burstbeacon [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ efashionsolutio ns.122.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ polygonelite [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.penis.com [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@stat.dealtime [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ clicktorrent [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 56294818 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@sixapart.adbure au [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad1.clickhype [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@kaboose.112.2o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-groupernetworks.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@afe.specificcli ck [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ forsterke [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@videoegg.adbure au [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@208.122.40 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ EyeWonder [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ hornymatches [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ adserver [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adserver.easyad [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 33069911 [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ specificmedia [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ mo-media [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@test.coremetric s [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@counter.hitslin k [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.zanox [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.monster [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ vennligst [3]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.findgift [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ pricesexposed [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ shopica [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ wmvmedialease [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1052094474 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ watchmyclicks [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.ovguide [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ knitre [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-advertisementbv.hitbox [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ rask-skanneren [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 1066497271 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ eatingwives lifeline@clickz.lonelych [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ 76226072 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.novem [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viamtvcom.112.2 o7 [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.findit-quick [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ kontoer [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.adocean [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yieldmanager [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.licenseac quisition [2]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ serving-sys [1]. Txt C: \ Documents and Settings \ Lifeline \ Cookies \ livline @ Webstats [1]. Txt C: \ Documents and Settings \ LocalService \ Cookies \ system @ 2o7 [1]. Txt COMMONNAME Toolbar / Browser Helper Object HKCR \ CLSID \ (00000000-0000-0000-0000-000000000000) Trojan.MalwareWipe HKCR \ AppID \ (70F17C8C-1744-41B6-9D07-575DB448DCC5) Malware.AntiVirusGolden HKCR \ Cerberus.EngineListener HKCR \ Cerberus.EngineListener \ CLSID HKCR \ Cerberus.EngineListener \ CurVer HKCR \ Cerberus.EngineListener.1 HKCR \ Cerberus.EngineListener.1 \ CLSID HKCR \ Cerberus.Scanner HKCR \ Cerberus.Scanner \ CLSID HKCR \ Cerberus.Scanner \ CurVer HKCR \ Cerberus.Scanner.1 HKCR \ Cerberus.Scanner.1 \ CLSID HKCR \ Cerberus.ThreatCollection HKCR \ Cerberus.ThreatCollection \ CLSID HKCR \ Cerberus.ThreatCollection \ CurVer HKCR \ Cerberus.ThreatCollection.1 HKCR \ Cerberus.ThreatCollection.1 \ CLSID HKCR \ Engine.Backup HKCR \ Engine.Backup \ CLSID HKCR \ Engine.Backup \ CurVer HKCR \ Engine.Backup.1 HKCR \ Engine.Backup.1 \ CLSID HKCR \ Engine.IgnoreList HKCR \ Engine.IgnoreList \ CLSID HKCR \ Engine.IgnoreList \ CurVer HKCR \ Engine.IgnoreList.1 HKCR \ Engine.IgnoreList.1 \ CLSID HKCR \ Engine.Log HKCR \ Engine.Log \ CLSID HKCR \ Engine.Log \ CurVer HKCR \ Engine.Log.1 HKCR \ Engine.Log.1 \ CLSID HKCR \ Engine.LogRecord HKCR \ Engine.LogRecord \ CLSID HKCR \ Engine.LogRecord \ CurVer HKCR \ Engine.LogRecord.1 HKCR \ Engine.LogRecord.1 \ CLSID HKCR \ Engine.Paths HKCR \ Engine.Paths \ CLSID HKCR \ Engine.Paths \ CurVer HKCR \ Engine.Paths.1 HKCR \ Engine.Paths.1 \ CLSID HKCR \ Engine.Quarantine HKCR \ Engine.Quarantine \ CLSID HKCR \ Engine.Quarantine \ CurVer HKCR \ Engine.Quarantine.1 HKCR \ Engine.Quarantine.1 \ CLSID HKCR \ Engine.RunAs HKCR \ Engine.RunAs \ CLSID HKCR \ Engine.RunAs \ CurVer HKCR \ Engine.RunAs.1 HKCR \ Engine.RunAs.1 \ CLSID HKCR \ Engine.SearchItem HKCR \ Engine.SearchItem \ CLSID HKCR \ Engine.SearchItem \ CurVer HKCR \ Engine.SearchItem.1 HKCR \ Engine.SearchItem.1 \ CLSID HKCR \ Engine.Threat HKCR \ Engine.Threat \ CLSID HKCR \ Engine.Threat \ CurVer HKCR \ Engine.Threat.1 HKCR \ Engine.Threat.1 \ CLSID HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) # AppID HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ LocalServer32 HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ ProgID HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ Programmable HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ TypeLib HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ VersionIndependentProgID HKCR \ CLSID \ (125494B2-ANOD-414c-98B9-452F3EF7703A) HKCR \ CLSID \ (125494B2-ANOD-414c-98B9-452F3EF7703A) # AppID HKCR \ CLSID \ (125494B2-ANOD-414c-98B9-452F3EF7703A) \ LocalServer32 HKCR \ CLSID \ (125494B2-ANOD-414c-98B9-452F3EF7703A) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (125494B2-ANOD-414c-98B9-452F3EF7703A) \ ProgID HKCR \ CLSID \ (125494B2-ANOD-414c-98B9-452F3EF7703A) \ Programmable HKCR \ CLSID \ (125494B2-ANOD-414c-98B9-452F3EF7703A) \ TypeLib HKCR \ CLSID \ (125494B2-ANOD-414c-98B9-452F3EF7703A) \ VersionIndependentProgID HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) # AppID HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ LocalServer32 HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ ProgID HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ Programmable HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ TypeLib HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ VersionIndependentProgID HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) # AppID HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ LocalServer32 HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ ProgID HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ TypeLib HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ VersionIndependentProgID HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) # AppID HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ LocalServer32 HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ ProgID HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ TypeLib HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ VersionIndependentProgID HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) # AppID HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ LocalServer32 HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ ProgID HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ TypeLib HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ VersionIndependentProgID HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) # AppID HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ LocalServer32 HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ ProgID HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ TypeLib HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ VersionIndependentProgID HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) # AppID HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ LocalServer32 HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ ProgID HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ TypeLib HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ VersionIndependentProgID HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) # AppID HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ LocalServer32 HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ ProgID HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ Programmable HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ TypeLib HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ VersionIndependentProgID HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) # AppID HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ LocalServer32 HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ ProgID HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ TypeLib HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ VersionIndependentProgID HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) # AppID HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ LocalServer32 HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ ProgID HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ Programmable HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ TypeLib HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ VersionIndependentProgID HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) # AppID HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ LocalServer32 HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ LocalServer32 # ThreadingModel HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ ProgID HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ TypeLib HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ VersionIndependentProgID HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ 0 HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ 0 \ win32 HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ FLAGS HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ HELPDIR HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ ProxyStubClsid HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ ProxyStubClsid32 HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ TypeLib HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ TypeLib # Version HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ ProxyStubClsid HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ ProxyStubClsid32 HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ TypeLib HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ TypeLib # Version HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ ProxyStubClsid HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ ProxyStubClsid32 HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ TypeLib HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ TypeLib # Version HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ ProxyStubClsid HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ ProxyStubClsid32 HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ TypeLib HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ TypeLib # Version HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ ProxyStubClsid HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ ProxyStubClsid32 HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ TypeLib HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ TypeLib # Version HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ ProxyStubClsid HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ ProxyStubClsid32 HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ TypeLib HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ TypeLib # Version HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ ProxyStubClsid HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ ProxyStubClsid32 HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ TypeLib HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ TypeLib # Version HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ ProxyStubClsid HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ ProxyStubClsid32 HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ TypeLib HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ TypeLib # Version HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ ProxyStubClsid HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ ProxyStubClsid32 HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ TypeLib HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ TypeLib # Version HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ ProxyStubClsid HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ ProxyStubClsid32 HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ TypeLib HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ TypeLib # Version HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ ProxyStubClsid HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ ProxyStubClsid32 HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ TypeLib HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ TypeLib # Version HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ ProxyStubClsid HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ ProxyStubClsid32 HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ TypeLib HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ TypeLib # Version HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ ProxyStubClsid HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ ProxyStubClsid32 HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ TypeLib HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ TypeLib # Version HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ ProxyStubClsid HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ ProxyStubClsid32 HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ TypeLib HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ TypeLib # Version HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ ProxyStubClsid HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ ProxyStubClsid32 HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ TypeLib HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ TypeLib # Version HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ ProxyStubClsid HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ ProxyStubClsid32 HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ TypeLib HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ TypeLib # Version HKCR \ AppID \ Cerberus.EXE HKCR \ AppID \ Cerberus.EXE # AppID Trojan.Media-kodek C: \ Documents and Settings \ Lifeline \ Favoritter \ Online Security Test.url Adware.180solutions/Seekmo HKU \ S-1-5-21-4234981574-39719586-4263454222-1007 \ Software \ seekmo HKLM \ Software \ seekmo HKLM \ Software \ seekmo # CVF HKLM \ Software \ seekmo # install_embedded HKLM \ Software \ seekmo # UMT HKLM \ Software \ seekmo # duid HKLM \ Software \ seekmo # partner_id HKLM \ Software \ seekmo # product_id C: \ Program Files \ Seekmo \ seekmoau.dat C: \ Program Files \ Seekmo \ seekmo_gdf.dat C: \ Program Files \ Seekmo \ seekmo_kyf.dat C: \ Program Files \ Seekmo C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Seekmo Search Assistant \ Seekmo Customer Support.url C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Seekmo Search Assistant \ Seekmo.com.url C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Seekmo Search Assistant \ Uninstall Seekmo Instructions.lnk C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Seekmo Search Assistant Trojan.DNSChanger-kodek HKCR \ CLSID \ E404.e404mgr HKCR \ CLSID \ E404.e404mgr # UserId Trojan.Media-Codec/V4 HKCR \ videoPl.chl HKCR \ videoPl.chl \ CLSID HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ MultiMedia Software HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ MultiMedia Software # ProductionEnvironment HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ MultiMedia Software # DisplayName HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ MultiMedia Software # UninstallString HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ MultiMedia Software # DisplayIcon HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ MultiMedia Software # DisplayVersion HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ MultiMedia Software # Utgiver Rogue.AntiSpyKit HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ cnreqoyLmwnuv HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ crrmlfrwzfxhg HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ gizbuobfa HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ InprocServer32 HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ KIcbv HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ nfjRol HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ rDkSqA Rogue.VirusHeat HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ hwuhrcdfh HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ hxgfzhjfHrx HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ InprocServer32 HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ InprocServer32 # ThreadingModel HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ iTzlTI HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ nMnkE HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ OufPqTb HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ sBnix HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ uAEeiihPke HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ 0 HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ 0 \ win32 HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ FLAGS HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ HELPDIR HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ ProxyStubClsid HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ ProxyStubClsid32 HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ TypeLib HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ TypeLib # Version HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ ProxyStubClsid HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ ProxyStubClsid32 HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ TypeLib HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ TypeLib # Version HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ ProxyStubClsid HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ ProxyStubClsid32 HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ TypeLib HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ TypeLib # Version HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ ProxyStubClsid HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ ProxyStubClsid32 HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ TypeLib HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ TypeLib # Version HKCR \ Interface \ (45477032-ABD0-454D 9CE4--EA34C10322F8) HKCR \ Interface \ (45477032-ABD0-454D 9CE4--EA34C10322F8) \ ProxyStubClsid HKCR \ Interface \ (45477032-ABD0-454D 9CE4--EA34C10322F8) \ ProxyStubClsid32 HKCR \ Interface \ (45477032-ABD0-454D 9CE4--EA34C10322F8) \ TypeLib HKCR \ Interface \ (45477032-ABD0-454D 9CE4--EA34C10322F8) \ TypeLib # Version HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ ProxyStubClsid HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ ProxyStubClsid32 HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ TypeLib HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ TypeLib # Version HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ ProxyStubClsid HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ ProxyStubClsid32 HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ TypeLib HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ TypeLib # Version HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ ProxyStubClsid HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ ProxyStubClsid32 HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ TypeLib HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ TypeLib # Version HKCR \ Interface \ (7EBB34CF-1728-4136-a968-48F231DAD1B4) HKCR \ Interface \ (7EBB34CF-1728-4136-a968-48F231DAD1B4) \ ProxyStubClsid HKCR \ Interface \ (7EBB34CF-1728-4136-a968-48F231DAD1B4) \ ProxyStubClsid32 HKCR \ Interface \ (7EBB34CF-1728-4136-a968-48F231DAD1B4) \ TypeLib HKCR \ Interface \ (7EBB34CF-1728-4136-a968-48F231DAD1B4) \ TypeLib # Version HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ ProxyStubClsid HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ ProxyStubClsid32 HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ TypeLib HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ TypeLib # Version HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ ProxyStubClsid HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ ProxyStubClsid32 HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ TypeLib HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ TypeLib # Version HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ ProxyStubClsid HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ ProxyStubClsid32 HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ TypeLib HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ TypeLib # Version HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ ProxyStubClsid HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ ProxyStubClsid32 HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ TypeLib HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ TypeLib # Version HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ ProxyStubClsid HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ ProxyStubClsid32 HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ TypeLib HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ TypeLib # Version HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ ProxyStubClsid HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ ProxyStubClsid32 HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ TypeLib HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ TypeLib # Version HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ ProxyStubClsid HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ ProxyStubClsid32 HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ TypeLib HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ TypeLib # Version Trojan.Media-Codec/V5 HKU \ S-1-5-21-4234981574-39719586-4263454222-1007 \ Software \ NetProject HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service # DisplayName HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service # UninstallString HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing # DisplayName HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing # UninstallString Adware.Vundo Variant / rel HKLM \ SOFTWARE \ Microsoft \ FCOVM HKLM \ SOFTWARE \ Microsoft \ RemoveRP |
|
#5
27th Oct 2008, 08:59
|
|||
|
|||
|
Infisert med Heur.trojan.generic Please Help
Malwarebytes' Anti-Malware 1.30
Database versjon: 1310 Windows 5.1.2600 Service Pack 2 10/23/2008 12:24:55 mbam-log-2008-10-23 (12-24-55). txt Scan type: Quick Scan Objekter skannet: 52051 Tid brukt: 6 minutt (er), 54 sekund (er) Memory Processes Infected: 0 Minnemoduler infisert: 7 Registernøkler infisert: 124 Registerverdier infisert: 15 Registry Data Items Infected: 2 Folders Infected: 6 Filer infisert: 56 Memory Processes Infected: (Ingen skadelige eks oppdaget) Memory Modules Infected: C: \ WINDOWS \ system32 \ lptjntqu.dll (Trojan.Vundo.H) -> Delete on reboot. C: \ WINDOWS \ system32 \ qoMghecb.dll (Trojan.Vundo.H) -> Delete on reboot. C: \ WINDOWS \ system32 \ pnswwf.dll (Trojan.Vundo) -> Delete on reboot. C: \ WINDOWS \ system32 \ rqRiJAst.dll (Trojan.Vundo.H) -> Delete on reboot. C: \ WINDOWS \ system32 \ emufbyex.dll (Trojan.Vundo) -> Delete on reboot. C: \ WINDOWS \ system32 \ dwolhm.dll (Trojan.Vundo) -> Delete on reboot. C: \ WINDOWS \ system32 \ cryptuik.dll (Trojan.Vundo.H) -> Delete on reboot. Registernøkler Infected: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (06ef2cab-3340-4eb1-a740-c33ac922fa1f) (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT \ CLSID \ (06ef2cab-3340-4eb1-a740-c33ac922fa1f) (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ rqrijast (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT \ CLSID \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ jvkuajdi (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT \ CLSID \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ CLSID \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (06ef2cab-3340-4eb1-a740-c33ac922fa1f) (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ cerberus.enginelistener (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ cerberus.enginelistener.1 (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ cerberus.scanner (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ cerberus.scanner.1 (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ cerberus.threatcollection (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ cerberus.threatcollection.1 (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.backup (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.backup.1 (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.ignorelist (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.ignorelist.1 (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.log (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.log.1 (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.logrecord (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.logrecord.1 (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.paths (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.paths.1 (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.quarantine (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.quarantine.1 (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.runas (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.runas.1 (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.searchitem (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.searchitem.1 (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.threat (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ engine.threat.1 (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ main.bho (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (0ec085a8-9818-43b7-b975-ec7555eda4d2) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (1a74c41c-0837-4fbe-ba50-621eb70f01ce) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (25297614-1b76-4c2c-82c6-62738aa0e8f0) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (27ed4ac2-b6d8-4079-9831-017a100b391e) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (37f89457-1208-4670-9245-58c62bd6d870) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (3f6d6c35-fb73-45e6-9473-bb4cc25ce019) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (45477032-abd0-454d-9ce4-ea34c10322f8) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (69e34747-0b27-4b30-ae20-1023bf29e246) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (715d709b-2b10-42fa-a069-297d25d93601) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (79be5b3b-80b2-4b77-A042-efc90f6e0de7) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (7c0ec6bf-81b9-4fe0-9447-4ed29a36bf5d) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (7ebb34cf-1728-4136-a968-48f231dad1b4) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (872c1b1e-3cf0-4d3a-95e5-a0c662d2854c) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (886b1d08-b404-40f0-aa18-4e416682a2e9) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (88daa291-b413-4c46-b378-3be66f65369e) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (8b5f65cf-0b0a-4291-8da2-86d7f7b0a6db) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (925b0211-a1c1-4712-8fca-5f5b8101736d) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (936a2f4a-53f8-4d2f-92aa-2f9de889841c) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (986a8ac1-ab4d-4f41-9068-4b01c0197867) (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (afcc3fa7-82a9-42d5-a405-78711e97a5d6) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (b01e37c4-5497-4d58-9ffd-d5653b8dc866) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (cc05a4a3-7b28-488f-AB02-6aaedb86accf) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (ccaa201c-c48d-48a8-a1e8-846562cbf1c1) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (d483521b-d5cc-43ff-a45a-9be4a8e6606e) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (e80114aa-6653-4952-9e97-5f1dc63bee0f) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (ed2aff47-b7be-4273-a203-c796e87f72d2) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (f0fa7ed9-5a0a-4374-b63e-bebafd52192e) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (f5dee77c-87eb-4e00-bbf9-8cbf3bdea7af) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (f9109a2a-432b-4add-a6fa-06ba22dcd2d9) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (fb5ddab7-6aa5-4e97-9541-5a75addf4aba) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (fca3958a-8d38-4d14-8b81-ccd7f68a8a01) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Interface \ (fddf521b-0ebe-4d15-838c-73e2d851161b) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ Interface \ (ff609434-eb47-481b-ba0e-1d2b467629a5) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ CLSID \ (6743c36c-cbfe-11db 9705--005056c00008) (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ CLSID \ (020b1227-417d-4682-9ac3-61f43cb5b6b1) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ CLSID \ (125494b2-acad-414c-98b9-452f3ef7703a) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ CLSID \ (20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ CLSID \ (3d00a39c-655b-428b-aeb2-2fba03dcc49c) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ CLSID \ (408f660a-9465-44a3-b557-8709dfd992bc) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ CLSID \ (5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ CLSID \ (8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ CLSID \ (8ee6bf73-b370-4d13-9126-eb0071178f2e) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ CLSID \ (97f56e12-c706-4aeb-9ffb-133c05ee5d38) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ CLSID \ (9bb7e700-4e48-476d-b75c-6f47606be988) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ CLSID \ (cbcaca58-1aee-4600-8cf0-e8b30bff1535) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ CLSID \ (d6d64cdf-0363-4261-b723-29a3af365e1d) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ TypeLib \ (8e3c68cd-F500-4a2a-8cb9-132bb38c3573) (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ Typelib \ (60f94d7d-563e-4942-b5ec-2de9c135c139) (Rogue.Antivirus.Gold) -> karantene og slettet. HKEY_CLASSES_ROOT \ TypeLib \ (cbd02e9b-37ef-47d2-96b0-3abbb2eb92bf) (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ AppID \ (a0e1054b-01ee-4d57-a059-4d99f339709f) (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ AppID \ (70f17c8c-1744-41b6-9d07-575db448dcc5) (Rogue.Multiple) -> karantene og slettet. HKEY_CLASSES_ROOT \ Installer \ UpgradeCodes \ 7c673a5b8 71b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (afd4ad01-58C1-47dB-a404-fbe00a6c5486) (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (9034a523-d068-4be8-a284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (c2a1c5cb-c0ef-4689-9436-f62cca1c5383) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ SearchScopes \ (daed9266-8c28-4c1c-8b58-5c66eff1d302) (Search.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ UpgradeCodes \ 7c673a5b871b8cd4 19f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ControlPanel \ Navnerom \ (6743c3 6c-cbfe-11db-9705-005056c00008) (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Ext \ PreApproved \ (0ac49246-419b-4ee0-8917-8818daad6a4e) (Adware.180Solutions) -> karantene og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Ext \ PreApproved \ (99410cde-6f16-42ce-9d49-3807f78f0287) (Adware.180Solutions) -> karantene og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Ext \ forhåndsgodkjent \ f31a5d11-(bf0b-4a4e-90af-274f2090aaa6) (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Extensions \ (9034a523-d068-4be8-a284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ j qvxedzb (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ j qvxedzb (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services es \ jqvxedzb (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ seekmo (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ NetProject (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Web Application (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> karantene og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> karantene og slettet. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ instkey (Trojan.Vundo) -> karantene og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Track System (Trojan.Vundo) -> karantene og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> karantene og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> karantene og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> karantene og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ MultiMedia Software (Trojan.Zlob) -> karantene og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ seekmo (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT \ AppID \ Cerberus.EXE (Rogue.Antivirus.Gold) -> karantene og slettet. Registry Values Infected: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ b0c087c0 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ Extensions \ CmdMapping \ (9034a523-d068-4be8-a284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ SharedTaskScheduler \ (ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c) (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ bf (Trojan.Agent) -> karantene og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ bk (Trojan.Agent) -> karantene og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ iu (Trojan.Agent) -> karantene og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ mu (Trojan.Agent) -> karantene og slettet. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ Folders \ c: \ programfiler \ adwarealert \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ Folders \ c: \ programfiler \ adwarealert \ filterdrv \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ Folders \ c: \ Documents and Settings \ All Users \ Start meny \ programmer \ adwarealert \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ ADP (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. securewebinfo.com (Trojan.Zlob) -> karantene og slettet. HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. safetyincludes.com (Trojan.Zlob) -> karantene og slettet. HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. securemanaging.com (Trojan.Zlob) -> karantene og slettet. Registry Data Items Infected: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ LSA \ Notification Packages (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ qomghecb -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ LSA \ Authentication Packages (Trojan.Vundo) -> Data: c: \ windows \ system32 \ qomghecb -> Delete on reboot. Folders Infected: C: \ Programfiler \ Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ AppCert (Trojan.Downloader) -> Quarantined and deleted successfully. C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully. Files Infected: C: \ WINDOWS \ system32 \ qoMghecb.dll (Trojan.Vundo.H) -> Delete on reboot. C: \ WINDOWS \ system32 \ bcehgMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ bcehgMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ rqRiJAst.dll (Trojan.Vundo.H) -> Delete on reboot. c: \ WINDOWS \ system32 \ cryptuik.dll (Trojan.Vundo.H) -> Delete on reboot. C: \ WINDOWS \ system32 \ dwolhm.dll (Trojan.Vundo.H) -> Delete on reboot. C: \ WINDOWS \ system32 \ evhuoman.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ namouhve.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ lptjntqu.dll (Trojan.Vundo.H) -> Delete on reboot. C: \ WINDOWS \ system32 \ uqtnjtpl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ pnswwf.dll (Trojan.Vundo) -> Delete on reboot. C: \ WINDOWS \ system32 \ emufbyex.dll (Trojan.Vundo) -> Delete on reboot. C: \ Programfiler \ Fellesfiler \ _helper.dll (Trojan.BHO) -> Quarantined and deleted successfully. C: \ WINDOWS \ Installer \ (AD4149B3-56B1-4E2A-A8A4-54FF9DE92C87) \ Icon.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ ywpnxpys.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ cwokkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ cypdyp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ dhebaasf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ fdbgbvkj.exe (Trojan.LowZones) -> Quarantined and deleted successfully. Dir: \ WINDOWS \ system32 \ mpasahjl.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ sznqnj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ nuuwnrfb.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ opcapbye.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ plljru.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ tgycffmw.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ blukkoij.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ bxdiyfrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ ftvwbfjg.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ vgrksjuc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ ulmxavjt.exe (Trojan.LowZones) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ LMQL183J \ upd105320 [1] (Trojan.Vundo) -> Quarantined and deleted successfully. C: \ Program Files \ Seekmo \ seekmoau.dat (Adware.180Solutions) -> Quarantined and deleted successfully. C: \ Program Files \ Seekmo \ seekmo_gdf.dat (Adware.180Solutions) -> Quarantined and deleted successfully. C: \ Program Files \ Seekmo \ seekmo_kyf.dat (Adware.180Solutions) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ AppCert \ filter.drv (Trojan.Downloader) -> Quarantined and deleted successfully. C: \ WINDOWS \ system32 \ AppCert \ options.dat (Trojan.Downloader) -> Quarantined and deleted successfully. C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ AdwareAlert \ AdwareAlert på Web.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ AdwareAlert \ AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 19 - 03_00_00 AM_625.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 19 - 03_00_01 AM_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 20 - 03_00_00 AM_609.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 20 - 03_00_01 AM_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 21 - 03_00_00 AM_484.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 21 - 03_00_01 AM_203.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 22 - 03_00_00 AM_250.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 22 - 03_00_00 AM_562.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 03_00_00 AM_281.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 03_00_00 AM_640.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 11_06_53 AM_968.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 11_12_02 AM_000.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Settings \ ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C: \ Programfiler \ Fellesfiler \ helper.dll (Trojan.BHO) -> Quarantined and deleted successfully. C: \ WINDOWS \ Tasks \ AdwareAlert Planlagt Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully. C: \ Documents and Settings \ Lifeline \ Favoritter \ Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully. C: \ Documents and Settings \ All Users \ Skrivebord \ AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully. |
|
#6
27th Oct 2008, 09:04
|
|||
|
|||
|
Infisert med Heur.trojan.generic Please Help
Du bruker to antivirus og to brannmurer (sikkerhet suiter). Avinstaller én av dem nå da legge inn en ny HijackThis logg.
__________________
 |
|
#7
27th Oct 2008, 09:11
|
|||
|
|||
|
Infisert med Heur.trojan.generic Please Help
vel jeg ha kaspersky installert så sine antivirus-og brann vegg og im gjette Windows-brannmuren er aktivert
og jeg dont vite hva andre antivirus jeg ha installert im ikke kjører noe annet kan u være mer spesifikk? |
|
#8
27th Oct 2008, 09:17
|
|||
|
|||
|
Infisert med Heur.trojan.generic Please Help
Microsoft Windows OneCare Live er også et antivirus / brannmur kombinasjon.
__________________
|
|
#9
29 oktober 2008, 08:01
|
|||
|
|||
|
Infisert med Heur.trojan.generic Please Help
Ok jeg ser men en vare ikke er installert hadde jeg avinstallerte det da jeg var installere kaspersky
her er en ny HijackThis uansett. Logfile of Trend Micro HijackThis v2.0.2 Scan lagret på 11:02:53, on 10/29/2008 Plattform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Kjører prosesser: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ Lsass.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ Explorer.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Programfiler \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ progra ~ 1 \ FELLES ~ 1 \ AOL \ ACS \ AOLacsd.exe C: \ Programfiler \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ system32 \ wscntfy.exe C: \ Program Files \ Western Union \ Universal-Release \ Translink.exe C: \ Programfiler \ Internet Explorer \ iexplore.exe C: \ Programfiler \ Mozilla Firefox \ firefox.exe C: \ Programfiler \ Trend Micro \ HijackThis \ sniper.exe.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dell.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025 O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.5.0_09 \ bin \ ssv.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programfiler \ Google \ googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programfiler \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll O2 - BHO: CBrowserHelperObject Object - (CA6319C0-31B7-401E-A518-A07C3DB8F777) - C: \ Programfiler \ Bae \ BAE.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programfiler \ Google \ googletoolbar3.dll O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [AVP] "C: \ Programfiler \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O8 - Extra sammenheng menyelement: Legg til Bannerannonse Blocker - C: \ Programfiler \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ MI1933 ~ 1 \ Office11 \ EXCEL.EXE/3000 O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Extra knappen: webområdetrafikk beskyttelse statistics - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Programfiler \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ MI1933 ~ 1 \ Office11 \ REFIEBAR.DLL O9 - Extra knappen: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe O16 - DPF: (05D44720-58E3-49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: (3BB54395-5982-4788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Inviter) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab Ø16 - DPF: (3C1F44A9-D1FD-4AA5-BC66-69816B58680C) (Printer Class) -- https: / / webcenter.ipponline.com / ippo...iptPrinter.cab O16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab Ø16 - DPF: (6B0228D7-D6D5-4B97-82E7-79557E4314D0) (ScannerDll.CheckScanner) -- https: / / webcenter.ipponline.com / ippo...ScannerDll.CAB O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab Ø16 - DPF: (F773E7B2-62A9-4524-9109-87D2F0BEFAA4) (ChessControl Class) -- http://zone.msn.com/bingame/zpagames...p.cab56961.cab Ø18 - Filter hijack: text / html - (59610584-cc18-436f-b031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll Ø20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd.dll C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd3.dll C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPE R ~ 1 \ adialhk.dll C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ kloe hk.dll dwolhm.dll O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: AOL Tilkobling Service (AOL ACS) - America Online, Inc. - c: \ progra ~ 1 \ FELLES ~ 1 \ AOL \ ACS \ AOLacsd.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C: \ Programfiler \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C: \ Programfiler \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe O23 - Service: OneCare AntiSpyware og AntiVirus (OneCareMP) - Unknown owner - C: \ Programfiler \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe (file missing) -- End of file - 6332 bytes |
|
#10
29th Oct 2008, 09:55
|
|||
|
|||
|
Infisert med Heur.trojan.generic Please Help
Åpne HijackThis og velg Gjør et søk.
Sett et merke ved siden av følgende oppføringer: (hvis det) - Ø18 - Filter hijack: text / html - (59610584-cc18-436f-b031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll - O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C: \ Programfiler \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe (file missing) - O23 - Service: OneCare AntiSpyware og AntiVirus (OneCareMP) - Unknown owner - C: \ Programfiler \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe (file missing) Viktig: Lukk alle vinduer unntatt HijackThis og klikk Fix kontrolleres. Avslutt HijackThis. ---------- Gå til Start> Kjør og skriver Notepad.exe deretter OK. Kopier og lim inn følgende tekst i koden boksen i den nye Notisblokk fil. Code:
@ Echo off sc stop "msfwsvc" sc delete "msfwsvc" sc stop "OneCareMP" sc delete "OneCareMP" exit Velg Lagre i stedet for å være på skrivebordet og for Filnavn: skriv inn fixme.bat å sørge for at Filtype Feltet sier Alle filer. Neste dobbeltklikk fixservice.bat å kjøre den. En svart boks skal åpne og lukke etter kort tid, er dette normalt. Ikke fortsette før den svarte boksen er stengt Slett fixservice.bat fra Desktop. ---------- Laste ned OTMoveIt2 av OldTimer og lagre den på Desktop. Merk: Hvis du kjører på Vista, høyreklikk på OTMoveIt2.exe og velge Kjør som Administrator. 1. Dobbeltklikk OTMoveIt2.exe å kjøre den. 2. Kopier linjene i codebox nedenfor. Code:
[drepe explorer] "C: \ Programfiler \ Microsoft Windows OneCare Live EmptyTemp [start explorer] 4. Klikk på den røde Moveit! knappen. 5. Kopier alt i resultatene vinduet (under den grønne linjen) og lime den inn i din neste svar. 6. Lukke OTMoveIt2 Merk: Hvis en fil eller mappe som ikke kan flyttes umiddelbart kan du bli bedt om å starte datamaskinen på nytt for å fullføre flyttingen prosessen. Hvis du blir bedt om å starte på nytt, velger Ja. Hvis ikke, reboot uansett. ---------- Last ned ComboFix av ubåter fra én av de nedenfor koblinger. Pass på at toppen lagre det til Desktop. Link # 1 Link # 2 ** Merk: Det er viktig at det er lagret direkte til skrivebordet ditt Lukk alle åpne weblesere. (Firefox, Internet Explorer, osv.) før du starter ComboFix. Midlertidig deaktivere din antivirus, Og eventuelle antispyware sanntid beskyttelse før utføre en skanning. Klikk denne koblingen å se en liste over sikkerhetsprogrammer som skal være deaktivert og hvordan du deaktiverer dem. Dobbeltklikk combofix.exe og følg instruksjonene. For Windows XP systemer installere gjenopprettingskonsollen: - Hvis du bruker Windows XP og ikke allerede har gjenopprettingskonsollen er installert, må du sørge for Internett-tilkoblingen er aktiv (hvis mulig) og klikk Ja. - Hvis for noe grunn din Internett fungerer ikke klikker Nei. -- Hvis du ikke bruker Windows XP, vil du ikke bli bedt om. - Når du blir bedt om å godta lisensavtalen klikk OK. - Godta Microsofts EULA (Klikk Ja). - Når du blir fortalt at RC er riktig installert klikk JA å fortsette scanning for malware. Når du er ferdig ComboFix vil produsere en logg for deg. Poste ComboFix logg i neste svaret. Viktig: Ikke mouseclick ComboFix's vinduet mens den kjører. Det kan føre til stall. Husk å aktivere din antivirus og antispyware beskyttelse når ComboFix er fullført.
__________________
|
