[ruffryder2k7]

meu calculator la locul de muncă hasn't a avut un bun anti-virus si dupa ce l-am instalat Kaspersky acesta a constatat că-mi lsass.exe \ qoMghecb.dll fisiere sunt infectate cu virusul heur.trojan.generic. Nu există nici o info despre el pe cele mai multe site-uri despre cum virus sau de a elimina. Poate cineva te rog sa ma ajuti?

[Hybr! D]

http://www.computer-juice.com/forums...-posting-7476/

Urmaţi ghidul, instalaţi software-ul liber şi post fişierele jurnal.

Apoi, echipa a malware-ului pot vedea ceea ce este în neregulă cu sistemul dumneavoastră.

[ruffryder2k7]

ok aici sunt scanează din acest hijack, super-spyware, malware-ului şi, respectiv,

Logfile de Trend Micro HijackThis v2.0.2
Scan salvate la 11:48:36, pe 10.27.2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Microsoft Windows Live OneCare \ Antivirus \ MsMpEng.exe
C: \ Windows \ system32 \ svchost.exe
C: \ WINDOWS \ Explorer.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ AOL \ ACS \ AOLacsd.exe
C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Windows \ system32 \ nvsvc32.exe
C: \ Program Files \ Microsoft Windows Live OneCare \ Firewall \ msfwsvc.exe
C: \ Windows \ system32 \ wscntfy.exe
C: \ Program Files \ Western Union \ Universal-lansare \ Translink.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dell.com
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Search, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
O2 - BHO: Yahoo! Bara de instrumente Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: CBrowserHelperObject Object - (CA6319C0-31B7-401E-A518-A07C3DB8F777) - C: \ Program Files \ BAE \ BAE.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AVP] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O8 - Extra context menu item: Adauga la Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra button: Web trafic de protecţie statistici - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ Windows \ system32 \ Shdocvw.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (05D44720-58E3-49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: (3BB54395-5982-4788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Invitaţi) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: (3C1F44A9-D1FD-4AA5-BC66-69816B58680C) (Printer Class) -- https: / / webcenter.ipponline.com / ippo...iptPrinter.cab
O16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: (6B0228D7-D6D5-4B97-82E7-79557E4314D0) (ScannerDll.CheckScanner) -- https: / / webcenter.ipponline.com / ippo...ScannerDll.CAB
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: (F773E7B2-62A9-4524-9109-87D2F0BEFAA4) (ChessControl Class) -- http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O18 - Filter hijack: text / html - (59610584-cc18-436f-b031-a6893781f08d) - C: \ Windows \ system32 \ msziptools.dll
O20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL, C: \ PROGRA ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ mzvkbd.dll, C: \ PROGRA ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ mzvkbd3.dll, C: \ PROGRA ~ 1 \ kasper ~ 1 \ KASPE R ~ 1 \ adialhk.dll, C: \ PROGRA ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ kloe hk.dll dwolhm.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ AOL \ ACS \ AOLacsd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvsvc32.exe

--
Sfârşit de fişier - 6163 bytes

[ruffryder2k7]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generat 10.23.2008 la 11:31

Application Version: 4.21.1004

Reguli de bază pentru baze de date Version: 3606
Trace Regulamentul Database Version: 1592

Scan type: Complete Scan
Total Scan Ora: 00:36:11

Memorie articole scanate: 460
Memorie ameninţările detectate: 3
Registrul articole scanate: 5191
Registrul ameninţările detectate: 385
Elemente de fişiere scanate: 37221
File ameninţările detectate: 260

Trojan.Downloader-NewJuan/VM
C: \ Windows \ system32 \ SZNQNJ.DLL
C: \ Windows \ system32 \ SZNQNJ.DLL

Trojan.Vundo-Variant/Small-GEN
C: \ Windows \ system32 \ RQRIJAST.DLL
C: \ Windows \ system32 \ RQRIJAST.DLL

Varianta Adware.Vundo / Rezident
C: \ Windows \ system32 \ QOMGHECB.DLL
C: \ Windows \ system32 \ QOMGHECB.DLL

Trojan.Vundo-Variant/NextGen
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (14F3A19A-1552-46C1-A1C8-A2179A397038)
HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038)
HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) \ InprocServer32
HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4)
HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4)
HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) \ InprocServer32
HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4)
Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ rqRiJAst

Trojan.Vundo-Variant/NextGen-Six
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (f904655c-8a31-4df9-be6d-8b5cb123d208)
HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208)
HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) \ InprocServer32
HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) \ InprocServer32 # ThreadingModel
C: \ Windows \ system32 \ PNSWWF.DLL

Varianta Trojan.Smitfraud / IE Anti-Spyware
HKLM \ Software \ Microsoft \ Internet Explorer \ Extensions \ (9034A523-D068-4BE8-A284-9DF278BE776E)

Adware.Tracking Cookie
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@dynamic.media.a drevolver [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ html [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ publicitate [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ chitika [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@server.iad.live persoana [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ linksynergy [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ questionmarket [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@trvlnet.adburea u [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@statse.webtrend slive [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ fastclick [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ specificclick [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@iacas.adbureau [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ad.adocean [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@citi.bridgetrac k [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@banners.andomed ia [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ servire-sys [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ trafficmp [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ads.addynamix [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ zedo [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@glb.adtechus [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ interclick [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ehg-hyundaiusa.hitbox [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@media.ntsserve [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@www.shopica [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 60960915 [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ bluestreak [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ roiservice [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ superrewards [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ atdmt [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ trackalyzer [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ tacoda [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@sparknetworks.1 12.2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ colective-media [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ atwola [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 35668663 [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@web4.realtracke r [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ checkingsaccoun tsfree [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@track.bestbuy [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ads.as4x.tmcs [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ adbrite [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ehg-spyderactivesportinc.hitbox [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ media6degrees [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ dubluclick [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@edge.ru4 [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ casalemedia [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ venituri [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@homeaway.112.2o 7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ insightexpressa i [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@adserver.adreac tor [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@media.mtvnservi ces [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ adinterax [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@tremor.adbureau [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@optimize.indiec linge [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ valueclick [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 44153975 [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@www.travelcount ry [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@media.adrevolve r [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@hearstugo.112.2 O7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ vă rugăm să [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ehg-hollywoodmedia.hitbox [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ waterfrontmedia .112.2 O7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@snapfish.112.2o 7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ads.cnn [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ads.bridgetrack [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ nextag [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@data.coremetric s [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ burstnet [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ azjmp [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 247realmedia [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ tradedoubler [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ cgi-bin [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ehg-dig.hitbox [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ adrevolver [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@anad.tacoda [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ pro-piaţă [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@viavh1com.112.2 O7 [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ adrevolver [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ realmedia [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@viavh1comdev.11 2.2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@e-2dj6wdl4umcjogo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@adopt.specificc linge [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ehg.hitbox [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ statcounter [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@rm.yieldmanager [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ uvertură [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ revsci [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 27467505 [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@extrovert.122.2 O7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@tracking.keywor dmax [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ tribalfusion [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ hitbox [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@208.122.40 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ mediaplex [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@richmedia.yahoo [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ apmebf [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@at.atwola [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@www.calorie-count [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 1071868927 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ gadget [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@www.mynetfinder [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ adlegend [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ kontera [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ backcountry [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ SPD0478 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ mi-caloric-contra [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@www.polygonelit e [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@mlarmani.122.2o 7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ads.o2 [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@aerlingus.122.2 O7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ads.widgetbucks [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@prospect.adbure AU [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@wunderloop.zano x [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@tracking.fathom SEO [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ valeantpharmace uticals.112.2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 1072676049 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@pai.112.2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@shopping.112.2o 7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ads.cheapflight s [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@stampscom.112.2 O7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 27814325 [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ordie.adbureau [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@www.backcountry priză [3]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@www.backcountry priză [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 60960915 [3]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ads.mediamayhem corp [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@counter.surfcou nters [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@msnportal.112.2 O7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ad.associatedco ntent [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@hit.stat [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@e-2dj6wjnyekc5ogo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ showit [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 41586732 [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@tracking.foundr y42 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ads.scribefire [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 1070515056 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ bizrate [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ehg-homesandland.hitbox [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@homestore.122.2 O7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@te.kontera [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@perf.overture [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@112.2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@redirect.clicks hield [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ hypertracker [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 1069204868 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 1070848910 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ joyforouryouth. 112.2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ n lifeline@sales.liveperso [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ adtech [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 1070932382 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@www.backcountry [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@www.backcountry [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@warnerbros.112. 2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@zbox.zanox [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 1068787440 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ehg-officeworld.hitbox [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ehg-warnerbrothers.hitbox [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ directtrack [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ microsoftwindow s.112.2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ qnsr [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ media303 [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ LPneimanmarcus [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ehg-foxsports.hitbox [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ calorie-count [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@bridge.admarket loc [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@adserver.adtech noi [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@viacom.adbureau [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@healthgrades.11 2.2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ford.112.2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ partner2profit [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ backcountryoutl et [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@viator.122.2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@www.burstnet [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@blackstone.122. 2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ssm.directtrack [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ yadro [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ yieldmanager [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ad.yoyo [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ mediapromoter [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ rotator [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ angleinteractiv e.directtrack [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@amazonbebe.122. 2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ clickbooth [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ sharewellgroup. 112.2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ehg-guess.hitbox [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ads.quixsurf [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 1068951109 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ cgi-bin [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ socialmedia [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ adtrafficdriver [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ pcvirusremover2 008 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@login.tracking1 01 [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@www.burstbeacon [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ efashionsolutio ns.122.2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ polygonelite [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@www.penis.com [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@stat.dealtime [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ clicktorrent [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 56294818 [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@sixapart.adbure AU [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ad1.clickhype [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@kaboose.112.2o7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ehg-groupernetworks.hitbox [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@afe.specificcli CK [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ spori [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@videoegg.adbure AU [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@208.122.40 [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ eyewonder [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ hornymatches [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ adserver [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@adserver.easyad [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 33069911 [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ specificmedia [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ mo-media [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@test.coremetric s [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@counter.hitslin k [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ad.zanox [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ads.monster [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ vă rugăm să [3]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@www.findgift [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ pricesexposed [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ shopica [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ wmvmedialease [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 1052094474 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ watchmyclicks [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ads.ovguide [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ crănţăi [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ehg-advertisementbv.hitbox [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ rapid-scanerului [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 1066497271 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@clickz.lonelych eatingwives [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ 76226072 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@tracking.novem [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@viamtvcom.112.2 O7 [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@www.findit-quick [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ conturi [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ad.adocean [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ lifeline@media.licenseac quisition [2]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ servire-sys [1]. Txt
C: \ Documents and Settings \ Vieţii \ Cookies \ Vieţii @ webstats [1]. Txt
C: \ Documents and Settings \ LocalService \ Cookies \ SYSTEM @ 2o7 [1]. Txt

Bara de instrumente CommonName / browser helper object
HKCR \ CLSID \ (00000000-0000-0000-0000-000000000000)

Trojan.MalwareWipe
HKCR \ AppId \ (70F17C8C-1744-41B6-9D07-575DB448DCC5)

Malware.AntiVirusGolden
HKCR \ Cerberus.EngineListener
HKCR \ Cerberus.EngineListener \ CLSID
HKCR \ Cerberus.EngineListener \ CurVer
HKCR \ Cerberus.EngineListener.1
HKCR \ Cerberus.EngineListener.1 \ CLSID
HKCR \ Cerberus.Scanner
HKCR \ Cerberus.Scanner \ CLSID
HKCR \ Cerberus.Scanner \ CurVer
HKCR \ Cerberus.Scanner.1
HKCR \ Cerberus.Scanner.1 \ CLSID
HKCR \ Cerberus.ThreatCollection
HKCR \ Cerberus.ThreatCollection \ CLSID
HKCR \ Cerberus.ThreatCollection \ CurVer
HKCR \ Cerberus.ThreatCollection.1
HKCR \ Cerberus.ThreatCollection.1 \ CLSID
HKCR \ Engine.Backup
HKCR \ Engine.Backup \ CLSID
HKCR \ Engine.Backup \ CurVer
HKCR \ Engine.Backup.1
HKCR \ Engine.Backup.1 \ CLSID
HKCR \ Engine.IgnoreList
HKCR \ Engine.IgnoreList \ CLSID
HKCR \ Engine.IgnoreList \ CurVer
HKCR \ Engine.IgnoreList.1
HKCR \ Engine.IgnoreList.1 \ CLSID
HKCR \ Engine.Log
HKCR \ Engine.Log \ CLSID
HKCR \ Engine.Log \ CurVer
HKCR \ Engine.Log.1
HKCR \ Engine.Log.1 \ CLSID
HKCR \ Engine.LogRecord
HKCR \ Engine.LogRecord \ CLSID
HKCR \ Engine.LogRecord \ CurVer
HKCR \ Engine.LogRecord.1
HKCR \ Engine.LogRecord.1 \ CLSID
HKCR \ Engine.Paths
HKCR \ Engine.Paths \ CLSID
HKCR \ Engine.Paths \ CurVer
HKCR \ Engine.Paths.1
HKCR \ Engine.Paths.1 \ CLSID
HKCR \ Engine.Quarantine
HKCR \ Engine.Quarantine \ CLSID
HKCR \ Engine.Quarantine \ CurVer
HKCR \ Engine.Quarantine.1
HKCR \ Engine.Quarantine.1 \ CLSID
HKCR \ Engine.RunAs
HKCR \ Engine.RunAs \ CLSID
HKCR \ Engine.RunAs \ CurVer
HKCR \ Engine.RunAs.1
HKCR \ Engine.RunAs.1 \ CLSID
HKCR \ Engine.SearchItem
HKCR \ Engine.SearchItem \ CLSID
HKCR \ Engine.SearchItem \ CurVer
HKCR \ Engine.SearchItem.1
HKCR \ Engine.SearchItem.1 \ CLSID
HKCR \ Engine.Threat
HKCR \ Engine.Threat \ CLSID
HKCR \ Engine.Threat \ CurVer
HKCR \ Engine.Threat.1
HKCR \ Engine.Threat.1 \ CLSID
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1)
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) # AppID
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ LocalServer32
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ ProgID
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ programabile
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ TypeLib
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ VersionIndependentProgID
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A)
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) # AppID
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ LocalServer32
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ ProgID
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ programabile
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ TypeLib
HKCR \ CLSID \ (125494B2-ACAD-414c-98B9-452F3EF7703A) \ VersionIndependentProgID
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C)
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) # AppID
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ LocalServer32
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ ProgID
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ programabile
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ TypeLib
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ VersionIndependentProgID
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C)
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) # AppID
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ LocalServer32
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ ProgID
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ TypeLib
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ VersionIndependentProgID
HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC)
HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) # AppID
HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ LocalServer32
HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ ProgID
HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ TypeLib
HKCR \ CLSID \ (408F660A-9465-44a3-B557-8709DFD992BC) \ VersionIndependentProgID
HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE)
HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) # AppID
HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ LocalServer32
HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ ProgID
HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ TypeLib
HKCR \ CLSID \ (5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE) \ VersionIndependentProgID
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A)
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) # AppID
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ LocalServer32
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ ProgID
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ TypeLib
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ VersionIndependentProgID
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E)
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) # AppID
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ LocalServer32
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ ProgID
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ TypeLib
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ VersionIndependentProgID
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38)
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) # AppID
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ LocalServer32
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ ProgID
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ programabile
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ TypeLib
HKCR \ CLSID \ (97F56E12-C706-4aeb-9FFB-133C05EE5D38) \ VersionIndependentProgID
HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988)
HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) # AppID
HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ LocalServer32
HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ ProgID
HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ TypeLib
HKCR \ CLSID \ (9BB7E700-4E48-476d-B75C-6F47606BE988) \ VersionIndependentProgID
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535)
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) # AppID
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ LocalServer32
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ ProgID
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ programabile
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ TypeLib
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ VersionIndependentProgID
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D)
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) # AppID
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ LocalServer32
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ ProgID
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ TypeLib
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ VersionIndependentProgID
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139)
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ 0
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ Steaguri
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ HELPDIR
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E)
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ ProxyStubClsid
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ ProxyStubClsid32
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ TypeLib
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ TypeLib # Version
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019)
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ ProxyStubClsid
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ ProxyStubClsid32
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ TypeLib
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ TypeLib # Version
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601)
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ ProxyStubClsid
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ ProxyStubClsid32
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ TypeLib
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ TypeLib # Version
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C)
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ ProxyStubClsid
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ ProxyStubClsid32
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ TypeLib
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ TypeLib # Version
HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9)
HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ ProxyStubClsid
HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ ProxyStubClsid32
HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ TypeLib
HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ TypeLib # Version
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB)
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ ProxyStubClsid
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ ProxyStubClsid32
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ TypeLib
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ TypeLib # Version
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D)
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ ProxyStubClsid
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ ProxyStubClsid32
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ TypeLib
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ TypeLib # Version
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866)
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ ProxyStubClsid
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ ProxyStubClsid32
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ TypeLib
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ TypeLib # Version
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1)
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ ProxyStubClsid
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ ProxyStubClsid32
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ TypeLib
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ TypeLib # Version
HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E)
HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ ProxyStubClsid
HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ ProxyStubClsid32
HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ TypeLib
HKCR \ Interface \ (D483521B-D5CC-43FF-A45A-9BE4A8E6606E) \ TypeLib # Version
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2)
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ ProxyStubClsid
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ ProxyStubClsid32
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ TypeLib
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ TypeLib # Version
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E)
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ ProxyStubClsid
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ ProxyStubClsid32
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ TypeLib
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ TypeLib # Version
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF)
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ ProxyStubClsid
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ ProxyStubClsid32
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ TypeLib
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ TypeLib # Version
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA)
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ ProxyStubClsid
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ ProxyStubClsid32
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ TypeLib
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ TypeLib # Version
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B)
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ ProxyStubClsid
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ ProxyStubClsid32
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ TypeLib
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ TypeLib # Version
HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5)
HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ ProxyStubClsid
HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ ProxyStubClsid32
HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ TypeLib
HKCR \ Interface \ (FF609434-EB47-481B-BA0E-1D2B467629A5) \ TypeLib # Version
HKCR \ AppId \ Cerberus.EXE
HKCR \ AppId \ Cerberus.EXE # AppID

Trojan.Media-Codec
C: \ Documents and Settings \ Vieţii \ Favorite \ Online Security Test.url

Adware.180solutions/Seekmo
HKU \ S-1-5-21-4234981574-39719586-4263454222-1007 \ Software \ seekmo
HKLM \ Software \ seekmo
HKLM \ Software \ seekmo # CVF
HKLM \ Software \ seekmo # install_embedded
HKLM \ Software \ seekmo # UMT
HKLM \ Software \ seekmo # duid
HKLM \ Software \ seekmo # partner_id
HKLM \ Software \ seekmo # product_id
C: \ Program Files \ Seekmo \ seekmoau.dat
C: \ Program Files \ Seekmo \ seekmo_gdf.dat
C: \ Program Files \ Seekmo \ seekmo_kyf.dat
C: \ Program Files \ Seekmo
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Seekmo Search Assistant \ Seekmo Client Support.url
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Seekmo Search Assistant \ Seekmo.com.url
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Seekmo Search Assistant \ Uninstall Seekmo Instructions.lnk
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Seekmo Search Assistant

Trojan.DNSChanger-Codec
HKCR \ CLSID \ E404.e404mgr
HKCR \ CLSID \ E404.e404mgr # Id-ul de utilizator

Trojan.Media-Codec/V4
HKCR \ videoPl.chl
HKCR \ videoPl.chl \ CLSID
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ MultiMedia Software
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ MultiMedia Software # ProductionEnvironment
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ MultiMedia Software # DisplayName
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ MultiMedia Software # UninstallString
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ MultiMedia Software # DisplayIcon
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ MultiMedia Software # DisplayVersion
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ MultiMedia Software Distribuitor #

Rogue.AntiSpyKit
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B)
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ cnreqoyLmwnuv
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ crrmlfrwzfxhg
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ gizbuobfa
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ InprocServer32
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ KIcbv
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ nfjRol
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ rDkSqA

Rogue.VirusHeat
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1)
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ hwuhrcdfh
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ hxgfzhjfHrx
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ InprocServer32
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ iTzlTI
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ nMnkE
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ OufPqTb
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ sBnix
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ uAEeiihPke
HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF)
HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0
HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ 0
HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ Steaguri
HKCR \ TypeLib \ (CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF) \ 1.0 \ HELPDIR
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2)
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ ProxyStubClsid
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ ProxyStubClsid32
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ TypeLib
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ TypeLib # Version
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE)
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ ProxyStubClsid
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ ProxyStubClsid32
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ TypeLib
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ TypeLib # Version
HKCR \ Interface \ (25297614-1B76-82C6-4C2C-62738AA0E8F0)
HKCR \ Interface \ (25297614-1B76-82C6-4C2C-62738AA0E8F0) \ ProxyStubClsid
HKCR \ Interface \ (25297614-1B76-82C6-4C2C-62738AA0E8F0) \ ProxyStubClsid32
HKCR \ Interface \ (25297614-1B76-82C6-4C2C-62738AA0E8F0) \ TypeLib
HKCR \ Interface \ (25297614-1B76-82C6-4C2C-62738AA0E8F0) \ TypeLib # Version
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870)
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ ProxyStubClsid
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ ProxyStubClsid32
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ TypeLib
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ TypeLib # Version
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8)
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ ProxyStubClsid
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ ProxyStubClsid32
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ TypeLib
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ TypeLib # Version
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246)
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ ProxyStubClsid
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ ProxyStubClsid32
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ TypeLib
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ TypeLib # Version
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7)
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ ProxyStubClsid
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ ProxyStubClsid32
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ TypeLib
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ TypeLib # Version
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D)
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ ProxyStubClsid
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ ProxyStubClsid32
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ TypeLib
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ TypeLib # Version
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4)
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ ProxyStubClsid
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ ProxyStubClsid32
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ TypeLib
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ TypeLib # Version
HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E)
HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ ProxyStubClsid
HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ ProxyStubClsid32
HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ TypeLib
HKCR \ Interface \ (88DAA291-B413-4C46-B378-3BE66F65369E) \ TypeLib # Version
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C)
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ ProxyStubClsid
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ ProxyStubClsid32
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ TypeLib
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ TypeLib # Version
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6)
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ ProxyStubClsid
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ ProxyStubClsid32
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ TypeLib
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ TypeLib # Version
HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF)
HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ ProxyStubClsid
HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ ProxyStubClsid32
HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ TypeLib
HKCR \ Interface \ (CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF) \ TypeLib # Version
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F)
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ ProxyStubClsid
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ ProxyStubClsid32
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ TypeLib
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ TypeLib # Version
HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9)
HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ ProxyStubClsid
HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ ProxyStubClsid32
HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ TypeLib
HKCR \ Interface \ (F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9) \ TypeLib # Version
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01)
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ ProxyStubClsid
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ ProxyStubClsid32
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ TypeLib
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ TypeLib # Version

Trojan.Media-Codec/V5
HKU \ S-1-5-21-4234981574-39719586-4263454222-1007 \ Software \ NetProject
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ de servicii de internet
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service # DisplayName
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service # UninstallString
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing # DisplayName
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing # UninstallString

Varianta Adware.Vundo / Rel
HKLM \ SOFTWARE \ Microsoft \ FCOVM
HKLM \ SOFTWARE \ Microsoft \ RemoveRP

[ruffryder2k7]

Malwarebytes' Anti-Malware 1.30
Baza de date versiune: 1310
Windows 5.1.2600 Service Pack 2

10.23.2008 12:24:55
mbam-log-2008-10-23 (12.24.55). txt

Scan type: Quick Scan
Obiecte scanate: 52051
Timpul scurs: 6 minute (s), 54 secunde (s)

Memory Processes Infected: 0
Memory Modules Infected: 7
Chei de Registry Infected: 124
Registry Values Infected: 15
Registrul de date Elemente Infected: 2
Folders Infected: 6
Fişiere infectate: 56

Memory Processes Infected:
(Nici un rău elemente detectat)

Memory Modules Infected:
C: \ Windows \ system32 \ lptjntqu.dll (Trojan.Vundo.H) -> Delete pe reboot.
C: \ Windows \ system32 \ qoMghecb.dll (Trojan.Vundo.H) -> Delete pe reboot.
C: \ Windows \ system32 \ pnswwf.dll (Trojan.Vundo) -> Delete pe reboot.
C: \ Windows \ system32 \ rqRiJAst.dll (Trojan.Vundo.H) -> Delete pe reboot.
C: \ Windows \ system32 \ emufbyex.dll (Trojan.Vundo) -> Delete pe reboot.
C: \ Windows \ system32 \ dwolhm.dll (Trojan.Vundo) -> Delete pe reboot.
C: \ Windows \ system32 \ cryptuik.dll (Trojan.Vundo.H) -> Delete pe reboot.

Chei de Registry Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (06ef2cab-3340-4eb1-a740-c33ac922fa1f) (Trojan.Vundo.H) -> Delete pe reboot.
HKEY_CLASSES_ROOT \ CLSID \ (06ef2cab-3340-4eb1-a740-c33ac922fa1f) (Trojan.Vundo.H) -> Delete pe reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo.H) -> Delete pe reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ rqrijast (Trojan.Vundo.H) -> Delete pe reboot.
HKEY_CLASSES_ROOT \ CLSID \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo.H) -> Delete pe reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Vundo.H) -> Delete pe reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ jvkuajdi (Trojan.Vundo.H) -> Delete pe reboot.
HKEY_CLASSES_ROOT \ CLSID \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Vundo.H) -> Delete pe reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Vundo.H) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Vundo.H) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo.H) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (06ef2cab-3340-4eb1-a740-c33ac922fa1f) (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ cerberus.enginelistener (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ cerberus.enginelistener.1 (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ cerberus.scanner (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ cerberus.scanner.1 (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ cerberus.threatcollection (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ cerberus.threatcollection.1 (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.backup (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.backup.1 (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.ignorelist (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.ignorelist.1 (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.log (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.log.1 (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.logrecord (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.logrecord.1 (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.paths (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.paths.1 (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.quarantine (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.quarantine.1 (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.runas (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.runas.1 (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.searchitem (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.searchitem.1 (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.threat (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ engine.threat.1 (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ main.bho (Trojan.BHO) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ main.bho.1 (Trojan.BHO) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (0ec085a8-43b7-9818-b975-ec7555eda4d2) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (1a74c41c-0837-4fbe-ba50-621eb70f01ce) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (25297614-1b76-4c2c-82c6-62738aa0e8f0) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (27ed4ac2-b6d8-4079-9831-017a100b391e) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (37f89457-1208-4670-9245-58c62bd6d870) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (3f6d6c35-fb73-45e6-9473-bb4cc25ce019) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (45477032-abd0-454d-9ce4-ea34c10322f8) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (69e34747-0b27-4b30-ae20-1023bf29e246) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (715d709b-2b10-42fa-a069-297d25d93601) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (79be5b3b-80b2-4b77-a042-efc90f6e0de7) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (7c0ec6bf-81b9-4fe0-9447-4ed29a36bf5d) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (7ebb34cf-1728-4136-a968-48f231dad1b4) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (872c1b1e-3cf0-4d3a-95e5-a0c662d2854c) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (886b1d08-b404-40f0-aa18-4e416682a2e9) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (88daa291-b413-4c46-b378-3be66f65369e) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (8b5f65cf-0b0a-4291-8da2-86d7f7b0a6db) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (925b0211-a1c1-4712-8fca-5f5b8101736d) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (936a2f4a-53f8-4d2f-92aa-2f9de889841c) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (986a8ac1-ab4d-4f41-9068-4b01c0197867) (Trojan.BHO) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (afcc3fa7-82a9-42d5-a405-78711e97a5d6) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (b01e37c4-5497-4d58-9ffd-d5653b8dc866) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (cc05a4a3-7b28-488f-ab02-6aaedb86accf) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (ccaa201c-c48d-48a8-a1e8-846562cbf1c1) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (d483521b-d5cc-43ff-a45a-9be4a8e6606e) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (e80114aa-6653-4952-9e97-5f1dc63bee0f) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (ed2aff47-b7be-4273-a203-c796e87f72d2) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (f0fa7ed9-5a0a-4374-b63e-bebafd52192e) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (f5dee77c-87eb-4e00-bbf9-8cbf3bdea7af) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (f9109a2a-432b-4add-a6fa-06ba22dcd2d9) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (fb5ddab7-6aa5-4e97-9541-5a75addf4aba) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (fca3958a-8d38-4d14-8b81-ccd7f68a8a01) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (fddf521b-0ebe-4d15-838c-73e2d851161b) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (ff609434-eb47-481b-ba0e-1d2b467629a5) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (6743c36c-cbfe-11db-9705-005056c00008) (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) (Rogue.Multiple) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) (Trojan.Zlob) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (020b1227-417d-4682-9ac3-61f43cb5b6b1) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (125494b2-acad-414c-98b9-452f3ef7703a) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (3d00a39c-655b-428b-aeb2-2fba03dcc49c) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (408f660a-9465-44a3-b557-8709dfd992bc) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (8ee6bf73-b370-4d13-9126-eb0071178f2e) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (97f56e12-c706-4aeb-9ffb-133c05ee5d38) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (9bb7e700-4e48-476d-b75c-6f47606be988) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (cbcaca58-1aee-4600-8cf0-e8b30bff1535) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (d6d64cdf-0363-4261-b723-29a3af365e1d) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Typelib \ (8e3c68cd-f500-4a2a-8cb9-132bb38c3573) (Trojan.BHO) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Typelib \ (60f94d7d-563e-4942-b5ec-2de9c135c139) (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Typelib \ (cbd02e9b-37ef-47d2-96b0-3abbb2eb92bf) (Rogue.VirusHeat) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ AppID \ (a0e1054b-01ee-4d57-a059-4d99f339709f) (Trojan.BHO) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ AppID \ (70f17c8c-1744-41b6-9d07-575db448dcc5) (Rogue.Multiple) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Installer \ UpgradeCodes \ 7c673a5b8 71b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (afd4ad01-58c1-47db-a404-fbe00a6c5486) (Trojan.BHO) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (9034a523-d068-4be8-a284-9df278be776e) (Trojan.Zlob) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (c2a1c5cb-c0ef-4689-9436-f62cca1c5383) (Trojan.Zlob) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ SearchScopes \ (daed9266-8c28-4c1c-8b58-5c66eff1d302) (Search.Hijack) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ UpgradeCodes \ 7c673a5b871b8cd4 19f47dd0de5a6d18 (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ControlPanel \ namespace \ (6743c3 6c-cbfe-11db-9705-005056c00008) (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Ext \ PreApproved \ (0ac49246-419b-4ee0-8917-8818daad6a4e) (Adware.180Solutions) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Ext \ PreApproved \ (99410cde-6f16-42ce-9d49-3807f78f0287) (Adware.180Solutions) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Ext \ PreApproved \ (f31a5d11-bf0b-4a4e-90af-274f2090aaa6) (Adware.180Solutions) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Extensions \ (9034a523-d068-4be8-a284-9df278be776e) (Trojan.Zlob) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ j qvxedzb (Trojan.Vundo.H) -> Delete pe reboot.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ j qvxedzb (Trojan.Vundo.H) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ jqvxedzb (Trojan.Vundo.H) -> Delete pe reboot.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.Vundo.H) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ seekmo (Adware.Seekmo) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ AdwareAlert (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ NetProject (Trojan.Zlob) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet Service (Trojan.Zlob) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Secure Browsing (Trojan.Zlob) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ aplicaţie web (Trojan.Zlob) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ instkey (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Track System (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ MultiMedia Software (Trojan.Zlob) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ seekmo (Adware.Seekmo) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ videoPl.chl (Trojan.Zlob) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ AppID \ Cerberus.EXE (Rogue.Antivirus.Gold) -> carantină şi a fost şters cu succes.

Registry Values Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ b0c087c0 (Trojan.Vundo.H) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.Vundo.H) -> Delete pe reboot.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ Extensions \ CmdMapping \ (9034a523-d068-4be8-a284-9df278be776e) (Trojan.Zlob) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ SharedTaskScheduler \ (ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c) (Trojan.Zlob) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ BF (Trojan.Agent) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ BK (Trojan.Agent) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ iu (Trojan.Agent) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ mu (Trojan.Agent) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ Folders \ C: \ Program Files \ adwarealert \ (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ Folders \ C: \ Program Files \ adwarealert \ filterdrv \ (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ Folders \ C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ adwarealert \ (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ ADP (Rogue.Multiple) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ lasă \ *. securewebinfo.com (Trojan.Zlob) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ lasă \ *. safetyincludes.com (Trojan.Zlob) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ lasă \ *. securemanaging.com (Trojan.Zlob) -> carantină şi a fost şters cu succes.

Registrul de date Elemente Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Notificarea pachete (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ qomghecb -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Pachete de autentificare (Trojan.Vundo) -> Data: c: \ windows \ system32 \ qomghecb -> Ştergere pe reboot.

Folders Infected:
C: \ Program Files \ Seekmo (Adware.180Solutions) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ AppCert (Trojan.Downloader) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ AdwareAlert (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Jurnal (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Settings (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.

Files Infected:
C: \ Windows \ system32 \ qoMghecb.dll (Trojan.Vundo.H) -> Delete pe reboot.
C: \ Windows \ system32 \ bcehgMoq.ini (Trojan.Vundo.H) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ bcehgMoq.ini2 (Trojan.Vundo.H) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ rqRiJAst.dll (Trojan.Vundo.H) -> Delete pe reboot.
C: \ Windows \ system32 \ cryptuik.dll (Trojan.Vundo.H) -> Delete pe reboot.
C: \ Windows \ system32 \ dwolhm.dll (Trojan.Vundo.H) -> Delete pe reboot.
C: \ Windows \ system32 \ evhuoman.dll (Trojan.Vundo.H) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ namouhve.ini (Trojan.Vundo.H) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ lptjntqu.dll (Trojan.Vundo.H) -> Delete pe reboot.
C: \ Windows \ system32 \ uqtnjtpl.ini (Trojan.Vundo.H) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ pnswwf.dll (Trojan.Vundo) -> Delete pe reboot.
C: \ Windows \ system32 \ emufbyex.dll (Trojan.Vundo) -> Delete pe reboot.
C: \ Program Files \ Common \ _helper.dll (Trojan.BHO) -> carantină şi a fost şters cu succes.
C: \ Windows \ Installer \ (AD4149B3-56B1-4E2A-A8A4-54FF9DE92C87) \ Icon.exe (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ ywpnxpys.dll (Trojan.Vundo) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ cwokkj.dll (Trojan.Vundo) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ cypdyp.dll (Trojan.Vundo) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ dhebaasf.dll (Trojan.Vundo) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ fdbgbvkj.exe (Trojan.LowZones) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ mpasahjl.exe (Trojan.LowZones) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ sznqnj.dll (Trojan.Vundo) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ nuuwnrfb.exe (Trojan.LowZones) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ opcapbye.dll (Trojan.Vundo) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ plljru.dll (Trojan.Vundo) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ tgycffmw.exe (Trojan.LowZones) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ blukkoij.exe (Trojan.LowZones) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ bxdiyfrs.dll (Trojan.Vundo) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ ftvwbfjg.exe (Trojan.LowZones) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ vgrksjuc.dll (Trojan.Vundo) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ ulmxavjt.exe (Trojan.LowZones) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LMQL183J \ upd105320 [1] (Trojan.Vundo) -> carantină şi a fost şters cu succes.
C: \ Program Files \ Seekmo \ seekmoau.dat (Adware.180Solutions) -> carantină şi a fost şters cu succes.
C: \ Program Files \ Seekmo \ seekmo_gdf.dat (Adware.180Solutions) -> carantină şi a fost şters cu succes.
C: \ Program Files \ Seekmo \ seekmo_kyf.dat (Adware.180Solutions) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ AppCert \ filter.drv (Trojan.Downloader) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ AppCert \ options.dat (Trojan.Downloader) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ AdwareAlert \ AdwareAlert pe Web.lnk (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ AdwareAlert \ AdwareAlert.lnk (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ rs.dat (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Log \ 2008 19 aprilie - 03_00_00 AM_625.log (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Log \ 2008 19 aprilie - 03_00_01 AM_046.log (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Log \ 2008 20 aprilie - 03_00_00 AM_609.log (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Log \ 2008 20 aprilie - 03_00_01 AM_046.log (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Log \ 2008 21 aprilie - 03_00_00 AM_484.log (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Log \ 2008 21 aprilie - 03_00_01 AM_203.log (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Log \ 2008 22 aprilie - 03_00_00 AM_250.log (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Log \ 2008 22 aprilie - 03_00_00 AM_562.log (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Log \ 2008 23 aprilie - 03_00_00 AM_281.log (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Log \ 2008 23 aprilie - 03_00_00 AM_640.log (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Log \ 2008 23 aprilie - 11_06_53 AM_968.log (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Log \ 2008 23 aprilie - 11_12_02 AM_000.log (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Application Data \ AdwareAlert \ Settings \ ScanResults.pie (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.
C: \ Program Files \ Common \ helper.dll (Trojan.BHO) -> carantină şi a fost şters cu succes.
C: \ WINDOWS \ Tasks \ AdwareAlert programate Scan.job (Trojan.Downloader) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ Vieţii \ Favorite \ Online Security Test.url (Rogue.Link) -> carantină şi a fost şters cu succes.
C: \ Documents and Settings \ All Users \ Desktop \ AdwareAlert.lnk (Rogue.AdwareAlert) -> carantină şi a fost şters cu succes.

[evilfantasy]

Sunteti folosind două antivirus şi firewall doi (apartamente de securitate). Vă rugăm să dezinstalaţi unul dintre ei acum, apoi posta un nou log HijackThis.

[ruffryder2k7]

bine i-au instalat astfel Kaspersky sale antivirus şi foc perete şi im ghicitul Paravanul de protecţie Windows este pe
şi i dont know ce alte antivirus am instalat im nu rulează nimic altceva
u poate fi mai specific?

[evilfantasy]

Microsoft Windows Live OneCare este, de asemenea, un antivirus / firewall asociere.

[ruffryder2k7]

ok m-am uitat, dar o grija nu este instalat am dezinstalat-o atunci când a fost de a instala Kaspersky
aici este un nou hijackthis oricum.

Logfile de Trend Micro HijackThis v2.0.2
Scan salvate la 11:02:53, pe 10.29.2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ WINDOWS \ Explorer.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ AOL \ ACS \ AOLacsd.exe
C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Windows \ system32 \ nvsvc32.exe
C: \ Windows \ system32 \ wscntfy.exe
C: \ Program Files \ Western Union \ Universal-lansare \ Translink.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dell.com
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Search, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
O2 - BHO: Yahoo! Bara de instrumente Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: CBrowserHelperObject Object - (CA6319C0-31B7-401E-A518-A07C3DB8F777) - C: \ Program Files \ BAE \ BAE.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AVP] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O8 - Extra context menu item: Adauga la Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra button: Web trafic de protecţie statistici - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ Windows \ system32 \ Shdocvw.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (05D44720-58E3-49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: (3BB54395-5982-4788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Invitaţi) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: (3C1F44A9-D1FD-4AA5-BC66-69816B58680C) (Printer Class) -- https: / / webcenter.ipponline.com / ippo...iptPrinter.cab
O16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: (6B0228D7-D6D5-4B97-82E7-79557E4314D0) (ScannerDll.CheckScanner) -- https: / / webcenter.ipponline.com / ippo...ScannerDll.CAB
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: (F773E7B2-62A9-4524-9109-87D2F0BEFAA4) (ChessControl Class) -- http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O18 - Filter hijack: text / html - (59610584-cc18-436f-b031-a6893781f08d) - C: \ Windows \ system32 \ msziptools.dll
O20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL, C: \ PROGRA ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ mzvkbd.dll, C: \ PROGRA ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ mzvkbd3.dll, C: \ PROGRA ~ 1 \ kasper ~ 1 \ KASPE R ~ 1 \ adialhk.dll, C: \ PROGRA ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ kloe hk.dll dwolhm.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ AOL \ ACS \ AOLacsd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C: \ Program Files \ Microsoft Windows Live OneCare \ Firewall \ msfwsvc.exe (fişierul lipseşte)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvsvc32.exe
O23 - Service: OneCare antispyware şi antivirus (OneCareMP) - Unknown owner - C: \ Program Files \ Microsoft Windows Live OneCare \ Antivirus \ MsMpEng.exe (fişierul lipseşte)

--
Sfârşit de fişier - 6332 bytes

[evilfantasy]

Deschide HijackThis şi selectaţi Fă-un sistem de scanare numai.

Se pune un semn de selectare lângă următoarele menţiuni: (dacă există)

- O18 - Filter hijack: text / html - (59610584-cc18-436f-b031-a6893781f08d) - C: \ Windows \ system32 \ msziptools.dll
- O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C: \ Program Files \ Microsoft Windows Live OneCare \ Firewall \ msfwsvc.exe (fişierul lipseşte)
- O23 - Service: OneCare antispyware şi antivirus (OneCareMP) - Unknown owner - C: \ Program Files \ Microsoft Windows Live OneCare \ Antivirus \ MsMpEng.exe (fişierul lipseşte)

Important: Închideţi toate ferestrele cu excepţia HijackThis apoi faceţi clic pe Fix verificate.

Exit HijackThis.

----------

Du-te la Start> Run şi de tip Notepad.exe apoi faceţi clic pe OK.

Copiaţi şi inseraţi următorul text în caseta de cod în noul Notepad dosar.

Cod:

@ ECHO OFF sc opri "msfwsvc" sc şterge "msfwsvc" sc opri "OneCareMP" sc şterge "OneCareMP" ieşire

În Notepad, selectaţi Dosar şi Salvare ca
Selectaţi Salvare pentru a locaţie pentru a fi în spaţiul de lucru, precum şi pentru Nume fişier: de tip în fixme.bat asigurându-se că Salvare ca tip domeniul spune Toate fişierele.

Înainte dublu clic fixservice.bat să îl rulaţi.
O cutie neagră ar trebui să se deschidă şi aproape după o perioadă scurtă de timp, acest lucru este normal.
Nu continua până la cutie neagră a închis
Ştergere fixservice.bat de pe desktop.

----------

Descărca OTMoveIt2 de Oldtimer şi salvaţi-o să-ţi Spaţiul de lucru.

Notă: Dacă rulaţi pe Vista, faceţi clic dreapta pe OTMoveIt2.exe şi alegeţi Executare ca administrator.

1. Faceţi dublu-clic pe OTMoveIt2.exe să îl rulaţi.
2. Copiere de linii în codebox de mai jos.

Cod:

[ucide Explorer] C: \ Program Files \ Microsoft Windows Live OneCare EmptyTemp [începe Explorer]

3. Întoarceţi-vă la OTMoveIt2, click dreapta în Lipire Lista de fişiere / foldere pentru a Mutare fereastră (în galben bar) şi alegeţi Lipire
4. Faceţi clic pe roşu Moveit! buton.
5. Copiaţi totul în Rezultatele fereastra (sub bara verde) şi inseraţi-l în următoarea replică.
6. Închide OTMoveIt2

Notă: Dacă un fişier sau un dosar nu poate fi mutat imediat ce i se poate cere să reporniţi computerul pentru a termina procesul de mutare. Dacă a cerut pentru a reporni, alegeţi Da. Dacă nu, oricum reboot.

----------

Descarca ComboFix de sUBs de la unul din link-urile de mai jos. Asiguraţi-vă că aţi început să-l salvaţi în Spaţiul de lucru.

Link # 1
Link # 2

** Notă: Este important că este salvat direct pe Desktop

Închideţi orice deschide browsere. (Firefox, Internet Explorer, etc), înainte de a începe ComboFix.

Temporar dezactiva al tău antivirus, Precum şi orice antispyware de protecţie în timp real înainte care efectuează o scanare. Faceţi clic pe acest link pentru a vedea o listă de programe de securitate care ar trebui să fie cu handicap şi modul de dezactivare a lor.

Faceţi dublu clic combofix.exe & urmăriţi solicitările.

Pentru Windows XP Systems instala Consola de recuperare:

- Dacă folosiţi Windows XP şi nu au deja instalat Consola de recuperare, vă rugăm să vă asiguraţi-vă conexiunea la Internet este activ (dacă este posibil) şi faceţi clic pe Da.
- Dacă, dintr-un motiv Internet nu este lucru faceţi clic pe Nu.
-- Dacă nu utilizaţi Windows XP, nu vi se va solicita.
- Când vi se solicită să acceptaţi EULA clicaţi OK.
- Accept Microsoft EULA (Faceţi clic pe Da).
- Când se spune că RC este instalat corect, faceţi clic pe YES pentru a continua scanare pentru malware-ului.

Când aţi terminat ComboFix va produce un jurnal pentru tine.
Post de ComboFix jurnal în următoarea replică.

Important: Nu mouseclick ComboFix de fereastră în timp ce se execută. Care pot determina să-l băga în grajd.

Amintiţi-vă să vă reactiva de protecţie antivirus şi antispyware, atunci când ComboFix este completă.