Gå til innhold

Msn virus. får ikke fjernet!

daim

Av daim
i IKT-drift og sikkerhet

Anbefalte innlegg

daim

daim

Skrevet
Skrevet

Hei. har et msn virus på pc`n! sender ut linker til alle!

 

her er logg!

 

Logfile of HijackThis v1.99.1

Scan saved at 18:42:19, on 10.12.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Eset\nod32krn.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Documents and Settings\Stian Solstad\Desktop\ww.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Common Files\{A8B0883B-096B-1033-1004-04020604002f}\Update.exe

C:\DOCUME~1\STIANS~1\LOCALS~1\Temp\Rar$EX00.719\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.catchgamer.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38B08~1\Bar888.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38B08~1\Bar888.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Stian Solstad\Desktop\ww.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: wineak32 - C:\WINDOWS\SYSTEM32\wineak32.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe (file missing)

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe (file missing)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe (file missing)

 

 

 

 

 

Har kjørt SAS!

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Avinstaller MSN fra legg til/fjern programmer

Avinstaller 888bar fra legg til/fjern programmer (om det finnes)

 

Last ned DrWeb

 

Last ned CCleaner, installer.

 

Kjør HJT og fix:

 

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38B08~1\Bar888.dll

O3 - Toolbar: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38B08~1\Bar888.dll

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Stian Solstad\Desktop\ww.exe

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)

 

Sørg for at du ser skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skulte filer og mapper"

 

Restart i sikker modus (tapp f8 under oppstart)

 

Bruk utforsker til å finne og slette (i bold):

C:\Documents and Settings\Stian Solstad\Desktop\ww.exe

(hvis det ikke lar seg slette, se om ww.exe kjører i prosesslisten -> høyreklikk på oppgavelinja og åpne oppgavebehandleren)

 

Kjør drweb-cureit.exe (si ja til å kjøre en express scan)

Når dette er ferdig klikker du på Option -> Change settings.

Under fanearket Scan, fjerner du haken ved Heuristic analysis.

Under fanearket Actions, skal alle punkt under Malware settes til Rename.

Velg partisjon du vil scanne og klikk deretter på den grønne pilen for

å starte scanningen. Velg "yes to all" når det finner noe for første gang.

 

Kjør en ny, complete, scan med SAS

 

Legg ut ny HJT-logg samt loggen fra SAS (preferences->statistics/logs)

Lenke til kommentar
daim

daim

Skrevet
  • Forfatter
Skrevet

Takk for svar:) ser ut som alt er ok på pc`n min nå! :)

 

HJT LOGG!

 

Logfile of HijackThis v1.99.1

Scan saved at 13:54:57, on 11.12.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Eset\nod32krn.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Documents and Settings\Stian Solstad\ww.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Stian Solstad\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.catchgamer.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38B08~1\Bar888.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Stian Solstad\ww.exe

O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"

O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: wineak32 - C:\WINDOWS\SYSTEM32\wineak32.dll

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe (file missing)

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe (file missing)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe (file missing)

 

SAS LOGG!

 

SUPERAntiSpyware Scan Log

Generated 12/10/2006 at 06:13 PM

 

Application Version : 3.4.1000

 

Core Rules Database Version : 3144

Trace Rules Database Version: 1160

 

Scan type : Complete Scan

Total Scan Time : 00:46:18

 

Memory items scanned : 519

Memory threats detected : 6

Registry items scanned : 4374

Registry threats detected : 212

File items scanned : 39015

File threats detected : 232

 

Adware.180solutions/ZangoSearch

C:\PROGRAM FILES\SEEKMO\SEEKMO.EXE

C:\PROGRAM FILES\SEEKMO\SEEKMO.EXE

C:\PROGRAM FILES\SEEKMO\SEEKMOHOOK.DLL

C:\PROGRAM FILES\SEEKMO\SEEKMOHOOK.DLL

[seekmo] C:\PROGRAM FILES\SEEKMO\SEEKMO.EXE

HKLM\Software\Classes\CLSID\{5929CD6E-2062-44a4-B2C5-2C7E78FBAB38}

HKCR\CLSID\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}

HKCR\CLSID\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}

HKCR\CLSID\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}\Control

HKCR\CLSID\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}\InprocServer32

HKCR\CLSID\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}\InprocServer32#ThreadingModel

HKCR\CLSID\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}\MiscStatus

HKCR\CLSID\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}\MiscStatus\1

HKCR\CLSID\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}\ProgID

HKCR\CLSID\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}\Programmable

HKCR\CLSID\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}\ToolboxBitmap32

HKCR\CLSID\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}\Version

HKCR\CLSID\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}\VersionIndependentProgID

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929CD6E-2062-44a4-B2C5-2C7E78FBAB38}

HKCR\ClientAX.ClientInstaller

HKCR\ClientAX.ClientInstaller\CLSID

HKCR\ClientAX.ClientInstaller\CurVer

HKCR\ClientAX.ClientInstaller.1

HKCR\ClientAX.ClientInstaller.1\CLSID

HKCR\ClientAX.RequiredComponent

HKCR\ClientAX.RequiredComponent\CLSID

HKCR\ClientAX.RequiredComponent\CurVer

HKCR\ClientAX.RequiredComponent.1

HKCR\ClientAX.RequiredComponent.1\CLSID

HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}

HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32

HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32#ThreadingModel

HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\ProgID

HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\Programmable

HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\TypeLib

HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\VersionIndependentProgID

HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}

HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Control

HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32

HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32#ThreadingModel

HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus

HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1

HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID

HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Programmable

HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32

HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib

HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version

HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID

HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}

HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Control

HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32

HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32#ThreadingModel

HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus

HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1

HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID

HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Programmable

HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32

HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib

HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version

HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID

HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}

HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0

HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0

HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32

HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS

HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR

HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}

HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0

HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\0

HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\0\win32

HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\FLAGS

HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\HELPDIR

HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}

HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid

HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid32

HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib

HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib#Version

HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}

HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid

HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid32

HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib

HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib#Version

HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}

HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid

HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid32

HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib

HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib#Version

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP100\A0023876.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP101\A0023908.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP101\A0023959.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP103\A0024128.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP103\A0024215.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP104\A0024263.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP105\A0024287.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP106\A0024353.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP106\A0024393.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP107\A0024455.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP107\A0024466.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP108\A0025465.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP108\A0025508.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP109\A0025561.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP109\A0025571.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP110\A0025636.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP110\A0025676.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP111\A0025746.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP113\A0025843.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP113\A0025909.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP116\A0025987.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP116\A0026014.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP117\A0026421.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP117\A0026571.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP118\A0026647.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP118\A0026663.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP119\A0026700.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP119\A0026747.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP120\A0026797.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP120\A0026812.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP121\A0026906.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP121\A0026974.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP121\A0026985.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP121\A0027053.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP122\A0027112.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP123\A0027160.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP124\A0027204.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP124\A0027247.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP125\A0027298.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP125\A0027309.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP126\A0027365.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP126\A0027391.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP127\A0028388.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP128\A0028439.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP129\A0028498.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP130\A0028553.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP130\A0028623.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP131\A0028680.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP131\A0028746.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP132\A0028822.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP132\A0028827.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP132\A0028882.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP132\A0028896.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP97\A0023644.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP98\A0023755.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP99\A0023806.LNK

 

Adware.IPWins

C:\PROGRAM FILES\IPWINS\IPWINS.EXE

C:\PROGRAM FILES\IPWINS\IPWINS.EXE

HKU\S-1-5-21-1659004503-1960408961-839522115-1003\Software\IpWins

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#UninstallString

C:\Program Files\ipwins\pop14D.tmp

C:\Program Files\ipwins\Services.dll

C:\Program Files\ipwins\Uninst.exe

C:\Program Files\ipwins

 

Trojan.Update-Mcboo

C:\PROGRAM FILES\COMMON FILES\{A8B0883B-096B-1033-1004-04020604002F}\UPDATE.EXE

C:\PROGRAM FILES\COMMON FILES\{A8B0883B-096B-1033-1004-04020604002F}\UPDATE.EXE

C:\RECYCLER\S-1-5-21-1659004503-1960408961-839522115-1003\DC33\UPDATE.EXE

C:\RECYCLER\S-1-5-21-1659004503-1960408961-839522115-1003\DC40\UPDATE.EXE

C:\RECYCLER\S-1-5-21-1659004503-1960408961-839522115-1003\DC41\UPDATE.EXE

 

Trojan.Hacktool

C:\PROGRAM FILES\COMMON FILES\{A8B0883B-096B-1033-1004-04020604002F}\SYSTEM.DLL

C:\PROGRAM FILES\COMMON FILES\{A8B0883B-096B-1033-1004-04020604002F}\SYSTEM.DLL

C:\RECYCLER\S-1-5-21-1659004503-1960408961-839522115-1003\DC33\SYSTEM.DLL

C:\RECYCLER\S-1-5-21-1659004503-1960408961-839522115-1003\DC40\SYSTEM.DLL

C:\RECYCLER\S-1-5-21-1659004503-1960408961-839522115-1003\DC41\SYSTEM.DLL

 

Trojan.Downloader-DoneDU

C:\WINDOWS\SYSTEM32\UYRPBEE.DLL

C:\WINDOWS\SYSTEM32\UYRPBEE.DLL

 

BearShare File Sharing Client

[bearShare] C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE

C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\BEARSHARE.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP132\A0028928.LNK

 

Adware.180solutions/Seekmo

HKLM\Software\Classes\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}#AppID

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\InprocServer32

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\InprocServer32#ThreadingModel

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\ProgID

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\Programmable

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\TypeLib

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\VersionIndependentProgID

C:\PROGRAM FILES\SEEKMO PROGRAMS\SEEKMO TOOLBAR\SEEKMOTB.DLL

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{53E0B6E8-A51D-448B-B692-40B67B285543}

HKCR\SeekmoToolbar.SeekmoToolband.1

HKCR\SeekmoToolbar.SeekmoToolband.1\CLSID

HKCR\SeekmoToolbar.SeekmoToolband

HKCR\SeekmoToolbar.SeekmoToolband\CLSID

HKCR\SeekmoToolbar.SeekmoToolband\CurVer

HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}

HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0

HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\0

HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\0\win32

HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\FLAGS

HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\HELPDIR

HKCR\seekmohook.SABHO

HKCR\seekmohook.SABHO\CLSID

HKCR\seekmohook.SABHO\CurVer

HKCR\seekmohook.SABHO.1

HKCR\seekmohook.SABHO.1\CLSID

HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}

HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\ProxyStubClsid

HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\ProxyStubClsid32

HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\TypeLib

HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\TypeLib#Version

HKCR\AppId\SeekmoTB.DLL

HKCR\AppId\SeekmoTB.DLL#AppID

HKCR\AppId\{21B8997E-251A-412C-A805-B0A4F791B03E}

HKU\S-1-5-21-1659004503-1960408961-839522115-1003\Software\seekmo

HKLM\Software\seekmo

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo#DisplayIcon

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar#UninstallString

C:\Program Files\Seekmo\seekmoau.dat

C:\Program Files\Seekmo\seekmo_gdf.dat

C:\Program Files\Seekmo\seekmo_kyf.dat

C:\Program Files\Seekmo

C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTBUninstaller.exe

C:\Program Files\Seekmo Programs\Seekmo Toolbar

C:\Program Files\Seekmo Programs

C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo Search Assistant\Seekmo Customer Support.url

C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo Search Assistant\Seekmo.com.url

C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo Search Assistant\Uninstall Seekmo Instructions.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo Search Assistant

 

Trojan.WinFixer

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\awtsq

C:\WINDOWS\SYSTEM32\AWTSQ.DLL

 

Adware.Tracking Cookie

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@clicksor[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@realmedia[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@webpower[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@indexstats[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@cgi-bin[3].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@tacoda[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@revsci[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@statsgold[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@adtech[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@revenue[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@2o7[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@clicktorrent[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@indextools[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@malwarewipe[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@casalemedia[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@hitbox[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@cgi-bin[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@zedo[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@sexlist[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@weborama[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@atdmt[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@mediaplex[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@tribalfusion[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@tradedoubler[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@advertising[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@xiti[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@mb[4].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@vitecmedia[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@kanoodle[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@1071232900[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@ad[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@2006[3].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@fastclick[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@cgi-bin[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@cpvfeed[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@1071636537[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@statcounter[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@mb[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@adrevolver[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@adbrite[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@mb[5].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@mb[3].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@winantivirus[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@2006[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@doubleclick[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@amaena[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@sextracker[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@targetnet[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@10973025[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@admarketplace[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@questionmarket[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@valueclick[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@overture[2].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian solstad@adultbouncer[1].txt

C:\Documents and Settings\Stian Solstad\Cookies\stian [email protected][1].txt

 

Browser Hijacker.BestSafetyGuide

HKCR\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA}

HKCR\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA}\InprocServer32

HKCR\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a43385f0-7113-496d-96d7-b9b550e3fcca}

 

Trojan.Media-Codec

HKCR\CLSID\{860C2F6B-CA82-4282-9187-BECCBB66F0AF}

HKCR\CLSID\{860C2F6B-CA82-4282-9187-BECCBB66F0AF}\Implemented Categories

HKCR\CLSID\{860C2F6B-CA82-4282-9187-BECCBB66F0AF}\Implemented Categories\{00021493-0000-0000-C000-000000000046}

HKCR\CLSID\{860C2F6B-CA82-4282-9187-BECCBB66F0AF}\InprocServer32

HKCR\CLSID\{860C2F6B-CA82-4282-9187-BECCBB66F0AF}\InprocServer32#ThreadingModel

HKU\S-1-5-21-1659004503-1960408961-839522115-1003\Software\Internet Security

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec#ProductionEnvironment

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec#DisplayIcon

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec#DisplayVersion

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec#URLInfoAbout

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec#Publisher

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#UninstallString

C:\Program Files\IntCodec\ot.ico

C:\Program Files\IntCodec\ts.ico

C:\Program Files\IntCodec\uninst.exe

C:\Program Files\IntCodec

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#homepage.monitor.exe [ C:\Program Files\IntCodec\isamonitor.exe ]

 

Unclassified.Unknown Origin

HKCR\CLSID\{1DAEFCB9-06C8-47C6-8F20-3FB54B244DAA}

HKCR\CLSID\{1DAEFCB9-06C8-47C6-8F20-3FB54B244DAA}\InprocServer32

HKCR\CLSID\{1DAEFCB9-06C8-47C6-8F20-3FB54B244DAA}\InprocServer32#ThreadingModel

HKCR\CLSID\{849B9523-785F-4014-9CAF-079FB4A74C61}

HKCR\CLSID\{849B9523-785F-4014-9CAF-079FB4A74C61}\InprocServer32

HKCR\CLSID\{849B9523-785F-4014-9CAF-079FB4A74C61}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\VTUVTQP.DLL

 

Adware.180solutions/Search Assistant

HKCR\LMgr180.WMDRMAx

HKCR\LMgr180.WMDRMAx\CLSID

HKCR\LMgr180.WMDRMAx\CurVer

HKCR\LMgr180.WMDRMAx.1

HKCR\LMgr180.WMDRMAx.1\CLSID

HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}

HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid

HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32

HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib

HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib#Version

HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}

HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid

HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32

HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib

HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib#Version

HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}

HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid

HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32

HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib

HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib#Version

C:\WINDOWS\Downloaded Program Files\ClientAX.dll

 

Trojan.Unknown Origin

HKLM\SOFTWARE\Microsoft\MSSMGR

HKLM\SOFTWARE\Microsoft\MSSMGR#Data

HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV

HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd

HKLM\SOFTWARE\Microsoft\MSSMGR#Rid

HKLM\SOFTWARE\Microsoft\MSSMGR#LID

C:\WINDOWS\SYSTEM32\OT.ICO

C:\WINDOWS\SYSTEM32\TS.ICO

 

Adware.Toolbar888

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version

HKU\S-1-5-21-1659004503-1960408961-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}

 

Trojan.Security Toolbar

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url

C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

 

Trojan.Malware

HKCR\AVZipEnchancer.Chl

HKCR\AVZipEnchancer.Chl\CLSID

 

Trojan.AtmClk

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#kernel32.dll [ C:\WINDOWS\system32\isnotify.exe ]

 

Malware.Notifier

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#ishost.exe [ ishost.exe ]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#issearch.exe [ issearch.exe ]

C:\WINDOWS\SYSTEM32\ISHOST.EXE

C:\WINDOWS\SYSTEM32\ISSEARCH.EXE

 

Malware.VirusBurst

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#pmsngr.exe [ C:\Program Files\IntCodec\pmsngr.exe ]

 

Adware.VSToolbar

HKU\S-1-5-21-1659004503-1960408961-839522115-1003\Software\Search Toolbar Corp

C:\Program Files\VSToolbar\VSToolBar.dll

C:\Program Files\VSToolbar

C:\Documents and Settings\Stian Solstad\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt

C:\Documents and Settings\Stian Solstad\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt

C:\Documents and Settings\Stian Solstad\Application Data\SearchToolbarCorp\Toolbar Vision

C:\Documents and Settings\Stian Solstad\Application Data\SearchToolbarCorp

 

Trojan.Freeprod

C:\DOCUMENTS AND SETTINGS\STIAN SOLSTAD\INSTALL.EXE

C:\DOCUMENTS AND SETTINGS\STIAN SOLSTAD\LOCAL SETTINGS\TEMP\MC-110-12-0001411.EXE

C:\DOCUMENTS AND SETTINGS\STIAN SOLSTAD\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\YXSVUHG1\INSTALL[1].EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP132\A0028931.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9B784B24-D248-4F5D-9580-AA9845E5B3C5}\RP133\A0028947.EXE

 

Trojan.Downloader-Gen/Installer

C:\DOCUMENTS AND SETTINGS\STIAN SOLSTAD\LOCAL SETTINGS\TEMP\B116.EXE

 

Unclassified.Unknown Origin/System

C:\DOCUMENTS AND SETTINGS\STIAN SOLSTAD\LOCAL SETTINGS\TEMP\B122.EXE

C:\WINDOWS\SYSTEM32\IXT0.DLL

 

Trojan.Flx/Conhook

C:\WINDOWS\SYSTEM32\COMPONENTS\FLX0.DLL

C:\WINDOWS\SYSTEM32\COMPONENTS\FLX1.DLL

C:\WINDOWS\SYSTEM32\COMPONENTS\FLX2.DLL

 

Worm.Rbot Variant

C:\WINDOWS\SYSTEM32\ISMINI.EXE

 

Trojan.Downloader-VSToolbar

C:\WINDOWS\SYSTEM32\YFLQIJGY.EXE

 

 

 

 

Ser det greit ut eller?:)

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet (endret)

Beklager, gikk litt fort i svingen her

 

Avinstaller fra legg til/fjern programmer (hvis de finnes):

seekmo

888bar

vidmon

 

 

Kjør HJT og fix:

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38B08~1\Bar888.dll

O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"

O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

O20 - Winlogon Notify: wineak32 - C:\WINDOWS\SYSTEM32\wineak32.dll

 

Sørg for at du ser skjulte filer og mapper

 

Restart i sikker modus (tapp f8 under oppstart)

 

Bruk utforsker til å finne og slette (i bold)

c:\program files\seekmo\

C:\WINDOWS\system32\vidmon\

C:\WINDOWS\SYSTEM32\wineak32.dll

 

Er dette noe du kjenner til?

C:\Documents and Settings\Stian Solstad\ww.exe - kjører du noen form for værvarsling?

 

Hvis ww.exe er ukjent fixer du linja i HJT:

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Stian Solstad\ww.exe

 

Og sletter fra utforsker (i bold):

C:\Documents and Settings\Stian Solstad\ww.exe

 

Kjør en ny full scan med SAS

 

Restart i normal modus og post en ny HJT samt logg fra SAS

Endret av norbat
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...