Snap.do hijacker hjemmesiden i IE.

[GrandMa]

Hei.

 

Har fått noe Malware ved navn snap.do. Den redircter startsiden min til siden search.snap.do. Til å begynne med ga den meg popups, toolbars, programmer jeg ikke ville ha og faens oldemor, men det aller meste har jeg fått bukt med. Får ikke fjernet denne ved hjelp av tradisjonelle metoder så da prøver jeg meg her med

 

Combofix-logg:

 

 

ComboFix 13-02-26.01 - NO007561 28.02.2013 16:54:36.1.4 - x64

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1033.18.8078.5686 [GMT 1:00]

Kjører fra: c:\users\NO007561\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SNR5OZNZ\ComboFix.exe

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Opprettet nytt gjenopprettingspunkt

* Anti-virus er aktiv

.

.

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\INSTALL.LOG

c:\program files (x86)\Nuance\PDF Professional 7\InboxMonitor.exe

c:\users\NO007561\AppData\Local\assembly\tmp

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2013-01-28 til 2013-02-28 )))))))))))))))))))))))))))))))))

.

.

2013-02-28 15:57 . 2013-02-28 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-28 15:57 . 2013-02-28 15:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-02-28 15:54 . 2013-02-28 15:54 -------- d-----w- C:\Quarantine

2013-02-27 13:30 . 2013-02-27 13:31 -------- d-----w- c:\program files (x86)\GTSUpdate

2013-02-27 13:18 . 2013-02-27 13:18 -------- d-----w- c:\users\NO007561\AppData\Roaming\Malwarebytes

2013-02-27 13:18 . 2013-02-27 13:18 -------- d-----w- c:\programdata\Malwarebytes

2013-02-27 13:18 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-27 13:18 . 2013-02-27 13:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-02-26 22:26 . 2013-02-28 13:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-02-26 22:26 . 2013-02-26 22:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2013-02-26 17:27 . 2012-12-10 09:04 81920 ----a-w- c:\windows\eSellerateControl350.dll

2013-02-26 17:27 . 2012-12-10 09:04 356352 ----a-w- c:\windows\eSellerateEngine.dll

2013-02-26 17:27 . 2009-07-23 16:32 274432 ----a-w- c:\windows\SysWow64\ssleay32.dll

2013-02-26 17:27 . 2009-07-23 16:32 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll

2013-02-26 17:26 . 2013-02-26 17:26 -------- d-----w- c:\users\NO007561\AppData\Local\Programs

2013-02-26 17:15 . 2013-02-26 17:15 -------- d-----w- c:\program files\CCleaner

2013-02-26 12:02 . 2013-02-26 12:02 -------- d-----w- c:\programdata\Ask

2013-02-26 12:02 . 2013-02-26 12:02 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-02-26 12:02 . 2013-02-26 12:02 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-02-26 12:02 . 2013-02-26 12:02 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-25 15:40 . 2013-02-25 15:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-02-25 15:39 . 2013-02-25 15:39 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-25 15:27 . 2013-02-25 15:27 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2013-02-25 12:57 . 2013-02-25 12:57 -------- d-----w- c:\programdata\Citrix

2013-02-25 12:57 . 2013-02-25 13:00 -------- d-----w- c:\users\NO007561\AppData\Roaming\ICAClient

2013-02-25 12:57 . 2013-02-25 12:57 -------- d-----w- c:\users\NO007561\AppData\Local\Citrix

2013-02-25 12:57 . 2013-02-25 12:57 -------- d-----w- c:\program files (x86)\Citrix

2013-02-06 13:04 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-02-06 13:04 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-02-06 12:56 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll

2013-02-06 12:56 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll

2013-02-06 12:56 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2013-02-06 12:56 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2013-02-06 12:50 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2013-02-06 10:24 . 2002-07-26 16:02 153088 ----a-w- c:\programdata\UNWISE.EXE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-26 12:02 . 2012-03-28 18:45 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-02-06 12:56 . 2012-11-12 12:52 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-10 08:09 . 2013-01-10 08:09 98304 ----a-r- c:\users\NO007561\AppData\Roaming\Microsoft\Installer\{8CC024C2-386F-4852-9DAB-39A403F0FA8D}\Icon8CC024C2.exe

2002-07-26 16:02 . 2012-11-12 19:36 153088 ----a-w- c:\program files (x86)\UNWISE.EXE

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IBM Lotus Notes Preloader"="c:\program files (x86)\IBM\Lotus\Notes\nntspreld.exe" [2011-11-02 13312]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-16 5941344]

"SEP Lotus Activator"="c:\program files (x86)\IBM\Lotus\Notes\SeMLotusNotesActivator.exe" [2011-04-12 319488]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120]

"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]

"PDFHook"="c:\program files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe" [2010-07-25 609056]

"PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 7\RegistryController.exe" [2010-07-25 121120]

"AgentUiRunKey"="c:\program files (x86)\Iron Mountain\Connected BackupPC\Agent.exe" [2011-06-26 239104]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-10 300400]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"dontdisplaylockeduserid"= 1 (0x1)

"HideFastUserSwitching"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoOnlinePrintsWizard"= 1 (0x1)

"NoPublishingWizard"= 1 (0x1)

"UseDefaultTile"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisablePersonalDirChange"= 1 (0x1)

"ForceRunOnStartMenu"= 1 (0x1)

"ClearRecentProgForNewUserInStartMenu"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoOnlinePrintsWizard"= 1 (0x1)

"NoPublishingWizard"= 1 (0x1)

"DisallowCpl"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-484763869-1958367476-839522115-27481\Scripts\Logon\0\0]

"Script"=\\no-osldfs001.no.ema.ad.pwcinternal.com\NetProg$\LogonScripts\GTSUpdate5InstVer.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeDlpAgentService]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-05-16 320576]

R3 FireNfcp;McAfee Inc. FireNfcp;c:\windows\system32\drivers\FireNfcp.sys [2011-10-06 48840]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2010-12-20 195280]

R3 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker64.sys [2011-06-26 54824]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-12 97960]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 1662560]

R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 1665120]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-28 1255736]

R4 hdlpnetf;hdlpnetf;c:\windows\system32\drivers\hdlpnetf.sys [2012-04-01 43848]

R4 MSSQL$AURA;SQL Server (AURA);c:\program files\Microsoft SQL Server\MSSQL10_50.AURA\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]

R4 SQLAgent$AURA;SQL Server Agent (AURA);c:\program files\Microsoft SQL Server\MSSQL10_50.AURA\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]

S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-05-16 29512]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-04-19 19224]

S0 MfeEpePc;MfeEpePc; [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-01-04 289152]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-03-07 28992]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600]

S1 hdlpflt;hdlpflt;c:\windows\system32\DRIVERS\hdlpflt.sys [2012-04-01 128840]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-11-28 74904]

S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-03-07 249152]

S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]

S1 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]

S2 AgentService;AgentService;c:\program files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [2011-06-26 7625120]

S2 Cryptzone_LM_Service;Cryptzone SEP Local Machine Service;c:\program files (x86)\SEP Client\x64\Modules\CZ_SEP_Machine_Service.exe [2011-04-12 3845120]

S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-12-20 640312]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-03-10 40808]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-03-10 59240]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]

S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files (x86)\IBM\Lotus\Notes\nsd.exe [2011-11-04 3411968]

S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe [2011-03-24 1626112]

S2 McAfeeDLPAgentService;McAfee DLP Endpoint Service;c:\program files\McAfee\DLP\Agent\fcags.exe [2012-04-01 9397824]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-11-23 203104]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-01-04 162192]

S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2010-07-25 134944]

S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2010-12-15 98816]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-03-07 382272]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]

S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]

S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2010-03-03 26664]

S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2010-03-03 30248]

S3 hdlpctrl;hdlpctrl;c:\windows\system32\drivers\hdlpctrl.sys [2012-04-01 37704]

S3 hdlpdbk;hdlpdbk;c:\windows\system32\drivers\hdlpdbk.sys [2012-04-01 27976]

S3 hdlpevnt;hdlpevnt;c:\windows\system32\drivers\hdlpevnt.sys [2012-04-01 24904]

S3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys [2010-12-01 101416]

S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-10-31 411208]

S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2010-10-31 419912]

S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-10-31 19528]

S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-10-31 472648]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-28 472624]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]

S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2010-12-28 276008]

.

.

--- Andre tjenester/drivere lastet i minnet ---

.

*NewlyCreated* - MPSDRV

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components]

2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\IBM_LotusNotes_8.5.2]

2011-10-19 14:35 2398 ----a-w- c:\windows\Software\Applications\Packaged\LotusNotes852\LotusNotes8.5.2\PwC_PinLotusNotesToTaskBar.vbs

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2013-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 19:10]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 416024]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-03-10 41320]

"SEP Monitor"="c:\program files (x86)\SEP Client\x64\Modules\CZ_SEP_Monitor.exe" [2011-04-12 243200]

"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-12-20 255640]

"Stemple og send bilag til 24SevenOffice"="c:\program files\24SevenOfficePrinter\zvprtsrv.exe" [2010-11-15 3732992]

"MfeEpePcMonitor"="c:\program files\McAfee\Endpoint Encryption for PC v6\EpePcMonitor.exe" [2011-03-24 237568]

"GTSUpdate"="c:\program files (x86)\GTSUpdate\GTSUpdate.exe" [2012-09-24 4772864]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Tilleggsskanning -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://pwc-spark.co...ups/pwc-norway/

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = about:blank

mWindow Title = Eirik

uSearchAssistant = hxxp://feed.snap.do/?publisher=DownloadXYB&dpid=DownloadXYB&co=TJ&userid=7ca20cdb-6da4-4e66-9434-5e6e52f69bf7&searchtype=ds&q={searchTerms}

IE: Append the content of the link to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Open with Nuance PDF Converter 7.0 - c:\program files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100

IE: Open with PDF Professional 7 - c:\program files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{A55FBFE2-0C8B-497D-8C6C-FE6E4B4C1A1A}: NameServer = 212.169.123.67 212.45.188.254

DPF: {83F11695-463B-4C7F-88F9-7277ADDCA00B} - hxxps://app.24sevenoffice.com/media/activex/invoice/KPPrinter.cab

.

- - - - TOMME PEKERE FJERNET - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-PdfProInboxMonitor - c:\program files (x86)\Nuance\PDF Professional 7\InboxMonitor.exe

Wow6432Node-HKLM-Run-InboxMonitor - c:\program files (x86)\Nuance\PDF Professional 7\InboxMonitor.exe

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]

@Denied: (A) (Everyone)

"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]

"Key"="ActionsPane"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe

c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe

c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe

c:\progra~1\Lenovo\Zoom\TPSCREX.EXE

c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE

c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe

c:\program files (x86)\McAfee\Common Framework\McTray.exe

c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2013-02-28 17:01:39 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2013-02-28 16:01

.

Pre-Run: 101 336 887 296 bytes free

Post-Run: 100 997 066 752 bytes free

.

- - End Of File - - EA13E1945C25D2261E0D84F13A46DE18

 

 

 

 

Malwarebytes finner ingenting.

 

Jeg finner adressen som redirecter meg under "Browser Pages" i Spybot, men kan ikke gjøre noe som virker her. Trykker jeg "Change" til noe annet har det ingen effekt. Ellers kan jeg ikke finne den noe sted. Adressen som redirecter meg til search.snap.do er feed.snap.do osv osv.

 

Kan dere hjelpe meg? Dette er en jobbPC så er egentlig ganske upraktisk å måtte formatere. Har sittet sikkert 1,5 timer med fjernhjelp fra IT-Support på jobb uten at de finner ut av det. Hvis jeg ikke får det til blir disken satt opp på nytt. Si i fra hvis dere trenger noe mer info for det kommer jeg gladelig med,

Endret 28. februar 2013 av GrandMa

[nebrewfoz]

Hva med å prøve å boote maskinen fra en "anti virus rescue CD/USB-stick" ?

Sophos: http://www.sophos.com/en-us/support/knowledgebase/52011.aspx

AVG: http://www.avg.com/eu-en/download.prd-arl

[GrandMa]

Hva medfører det? Blir ting slettet da?

 

NB: Jeg skulle gjerne sluppet å bruke IE, men blir nødt til det i sammenheng med jobb.

[nebrewfoz]

Det medfører at Windows-OS'et ikke er involvert i scanningen av filer, men forøvrig er det som å kjøre MalwareBytes e.l. Finner programmet noe, så kan du velge hva som skal gjøres.

 

Jeg brukte AVG-programmet for noen uker siden. Den anti-virusdatabasen som fulgte med var fra november 2012, og den fant ingenting. Hvis jeg kjørte programmet med PC'en tilkoblet nettverket, så hadde jeg muligheten til å oppdatere databasen, og ved neste scanning fant det en trojaner. Når den var slettet, så startet Windows som før, og en kjøring av Spybot luket ut de siste spor av svineriet.

[nebrewfoz]

Fordelen med å kjøre anti-virusprogrammet utenfor Windows, er at mange typer malware nærmest klarer å kamuflere seg i et kjørende Windows-system. Hvis Windows ikke er aktivt, så kan malware være letter å få øye på i filstrukturen (eller i registeret).

[GrandMa]

Hvordan gjør jeg dette? Er ikke noen racer på slikt.

[Dr.Geek]

.Kan dere hjelpe meg? Dette er en jobbPC så er egentlig ganske upraktisk å måtte formatere. Har sittet sikkert 1,5 timer med fjernhjelp fra IT-Support på jobb uten at de finner ut av det. Hvis jeg ikke får det til blir disken satt opp på nytt. Si i fra hvis dere trenger noe mer info for det kommer jeg gladelig med,

 

 

Hai,

 

jeg mistenker at du har en ZeroAccess Rootkit Infeksjon:

 

c:\users\NO007561\AppData\Local\assembly\tmp

 

For å kunne hjelpe deg trenger jeg log fra følgende scan:

 

1. http://www.bleepingcomputer.com/download/aswmbr/ (Download på ditt desktop, høyreklick: Kjør som Administrator) Post log

 

2. Logger fra alle scan som blir beskrevet her:

http://malwaretips.com/blogs/remove-zeroaccess-rootkit/

 

3. OTL log (otl.txt)

http://www.bleepingcomputer.com/download/otl/

[GrandMa]

1:

 

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-02-28 20:51:54

-----------------------------

20:51:54.542 OS Version: Windows x64 6.1.7601 Service Pack 1

20:51:54.542 Number of processors: 4 586 0x2A07

20:51:54.543 ComputerName: NO007561-T420S UserName: NO007561

20:51:54.693 Initialize success

20:52:00.105 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

20:52:00.106 Disk 0 Vendor: INTEL_SS 4PC1 Size: 152627MB BusType: 3

20:52:00.209 Disk 0 MBR read successfully

20:52:00.211 Disk 0 MBR scan

20:52:00.212 Disk 0 unknown MBR code

20:52:00.213 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS 152625 MB offset 2048

20:52:00.216 Disk 0 scanning C:\Windows\system32\drivers

20:52:00.218 Service scanning

20:52:09.218 Modules scanning

20:52:09.223 Disk 0 trace - called modules:

20:52:09.227 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

20:52:09.230 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a032060]

20:52:09.233 3 CLASSPNP.SYS[fffff88001c5a43f] -> nt!IofCallDriver -> [0xfffffa800775f1a0]

20:52:09.237 5 ACPI.sys[fffff88000ee57a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007761050]

20:52:09.565 Scan finished successfully

20:52:32.268 Disk 0 MBR has been saved successfully to "C:\Users\NO007561\Desktop\MBR.dat"

20:52:32.275 The log file has been saved successfully to "C:\Users\NO007561\Desktop\aswMBRlog.txt"

 

 

 

 

2: Kaspersky TDSSKiller ga meg ingen logg, men fant ingenting heller.

 

RogueKiller ga meg heller ingen logg, men den fant 3 ting som jeg slettet. Hadde ingen effekt.

 

HitmanPro:

 

 

HitmanPro 3.7.2.189
www.hitmanpro.com
  Computer name . . . . : NO007561-T420S
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : PWC-NO\NO007561
  UAC . . . . . . . . . : Disabled
  License . . . . . . . : Free
  Scan date . . . . . . : 2013-02-28 21:04:17
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 1m 13s
  Disk access mode  . . : Direct disk access (FsdLow)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No
  Threats . . . . . . . : 0
  Traces  . . . . . . . : 6
  Objects scanned . . . : 1 588 776
  Files scanned . . . . : 17 691
  Remnants scanned  . . : 192 165 files / 1 378 920 keys
Cookies _____________________________________________________________________
  C:\Users\NO007561\AppData\Roaming\Microsoft\Windows\Cookies\1JABT796.txt
  C:\Users\NO007561\AppData\Roaming\Microsoft\Windows\Cookies\BMUJFDS6.txt
  C:\Users\NO007561\AppData\Roaming\Microsoft\Windows\Cookies\IYE7R028.txt
  C:\Users\NO007561\AppData\Roaming\Microsoft\Windows\Cookies\RGF5Z1UE.txt
  C:\Users\NO007561\AppData\Roaming\Microsoft\Windows\Cookies\XKYW2M9Q.txt
  C:\Users\NO007561\AppData\Roaming\Microsoft\Windows\Cookies\ZR8HO4GG.txt

 

 

 

 

Malwarebytes holder fortsatt på. Poster den når den er ferdig

[GrandMa]

Malwarebytes

 

 

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.14.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

NO007561 :: NO007561-T420S [administrator]

28.02.2013 21:02:28

mbam-log-2013-02-28 (21-02-28).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 370327

Time elapsed: 22 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

 

[GrandMa]

Her er den. Slette eller modifisere? Tror ikke det kommer til å virke, men verdt et forsøk?

 

Pleier å være fint å legge til fila

 

ESET Online Scanner fant ingenting

[Dr.Geek]

Det mangler OTL.txt.

[GrandMa]

Emsisoft

 

 

Emsisoft Emergency Kit - Version 3.0

Last update: 28.02.2013 21:38:38

Scan settings:

Scan type: Deep Scan

Objects: Rootkits, Memory, Traces, C:\

Detect Riskware: Off

Scan archives: On

ADS Scan: On

File extension filter: Off

Advanced caching: On

Direct disk access: Off

Scan start: 28.02.2013 21:39:16

Value: HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> HelpText detected: Trace.Registry.SEO Toolbar (A)

Value: HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> MenuText detected: Trace.Registry.SEO Toolbar (A)

Scanned 449539

Found 2

Scan end: 28.02.2013 21:56:58

Scan time: 0:17:42