Опять эти баннеры

[dimon8033]

Раньше получалось как то самостоятельно справляться с ними, этот новый...
И в безопасном режиме и в обычном висит на переднем плане, диспетчер естественно заблокирокан, меню пуск не открывается, и вообще никакие горячие комбинации не работают...
Соответственно никаких логов у меня нет.
Баннер следующего содержания:
Чтобы немедленно удалить рекламный модуль:
оплатите через терминал эхпресс оплаты
счет 004245166112 на 249 руб.

[polword]

1.скачайте Live CD с возможностью поиска и исправления в реестре. Например, ERD Commander.
2.Загрузитесь с этого диска.
3.Кнопка Пуск - Выполнить - erdregedit
4.Посмотрите в реестре:
ветка

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

параметр

userinit

параметр

shell

а также
ветка

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

параметр

AppInit_DLLs

Содержимое этих параметров напишите в своем сообщении

[dimon8033]

а у кого нить есть нормальная ссылка где скачать ЛайфСД такой?

[thyrex]

http://www.google.com.by/search?clie...utf-8&oe=utf-8

[dimon8033]

userinit: 32\userinit.exe,C:\DOCUME~1\USER3\Local Settings\Temp\tempsys.exe
shell: Explorer.exe
AppInit_DLLs: пусто

[thyrex]

Начало параметра userinit у Вас оказалось съеденным при копировании Вами

Удалите в этом параметре "хвост"

C:\DOCUME~1\USER3\Local Settings\Temp\tempsys.exe

Пробуйте выполнить правила

[dimon8033]

чёй удалить?

Добавлено через 4 минуты

ща ребутил систему и в этом параметре еще куча г-на появилось

Добавлено через 5 минут

да, забыл, а вот начало: 32\userinit.exe пропало

Добавлено через 21 минуту

Ну в общем разобрался, удалил в этом параметре все и прописал путь к userinit.exe
Ща смог нормально запуститься, так что теперь уже буду сканить и выполнять правила...

[polword]

в параметре userinit
пропишите

c:\windows\System32\userinit.exe,

, если система у вас стоит не на диске С, то исправьте на соответствующую букву диска

сделайте логи по правилам

[dimon8033]

логи

[thyrex]

Выполните скрипт в AVZ в безопасном режиме

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\DOCUME~1\USER3\Local Settings\Temp\tempsys.exe','');
DeleteFile('C:\DOCUME~1\USER3\Local Settings\Temp\tempsys.exe');
 QuarantineFile('C:\Documents and Settings\USER3\Главное меню\Программы\Автозагрузка\monoca32.exe','');
 QuarantineFile('C:\Program Files\Internet Explorer\setupapi.dll','');
 DeleteFile('C:\Program Files\Internet Explorer\setupapi.dll');
 DeleteFile('C:\Documents and Settings\USER3\Главное меню\Программы\Автозагрузка\monoca32.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Компьютер перезагрузится.

Пришлите карантин согласно Приложения 3 правил по красной ссылке Прислать запрошенный карантин вверху темы

Сделайте новые логи в обычном режиме

Сделайте лог полного сканирования МВАМ

[dimon8033]

Карантин оказался почему то пустым!
Новые логи

[polword]

1. удалите в MBAM

Код:

Зараженные ключи в реестре:
HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e623b96-b166-4c70-8169-820761794299} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bd5258af-20ae-4bd3-b748-b2851aca7335} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f5a62e2-51f2-11d3-a075-cc7364cae42a} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3f5a62e2-51f2-11d3-a075-cc7364cae42a} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3f5a62e2-51f2-11d3-a075-cc7364cae42a} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{995e885e-3ff5-4f66-a107-8bfb3a0f8f12} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{fbb40fdf-b715-4342-ab82-244ecc66e979} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{087c4054-0a2b-4f35-b0db-bed3e21650f4} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fffc57db-1de3-4303-b24d-cee6dcdd3d86} (Adware.MyCentria) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{fffc57db-1de3-4303-b24d-cee6dcdd3d86} (Adware.MyCentria) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyCentria (Adware.MyCentria) -> No action taken.
HKEY_CLASSES_ROOT\VideoAXObject.Chl (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\seekmo (Adware.Seekmo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\seekmosa (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\seekmo (Adware.Seekmo) -> No action taken.

Зараженные параметры в реестре:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3f5a62e2-51f2-11d3-a075-cc7364cae42a} (Trojan.BHO) -> No action taken.

Объекты реестра заражены:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.137 -> No action taken.

Зараженные папки:
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\eskin (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\IESkins (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0 (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\HostOI (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\HostOI\dynamic (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\HostOI\static (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\HostOL (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\HostOL\dynamic (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\HostOL\static (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\344stat (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (Trojan.Agent) -> Files: 911 -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1 (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2 (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SeekmoSA (Adware.Seekmo) -> No action taken.

Зараженные файлы:
C:\WINDOWS\reset.exe (Trojan.Agent.CK) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\eskin\empty_bg_st.htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\eskin\FileManager.txt (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1028407.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1032719.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1043399.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1055783.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1058115.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1065003.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1067625.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1206583.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1224397.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1351627.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1383356.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1383574.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1383771.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1383918.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1384966.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1384984.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1384985.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1385552.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1385738.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1385999.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1388487.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1389349.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1394213.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1396679.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1397347.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1397644.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1398178.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1402109.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1403659.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1404082.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1405797.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1406557.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1407182.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1408056.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1426011.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1717164.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1739006.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1808505.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1826229.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1831299.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\1855293.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2005790.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2010501.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2077936.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2153113.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2248360.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2305376.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2330550.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2343678.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\239125.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2492256.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2538269.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2598591.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2601779.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2605943.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2716638.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2739673.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2769824.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2827348.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\283337.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\287227.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2883915.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2884324.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2884484.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2885069.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2899654.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\2934775.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\294776.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\3265653.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\3340762.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\3384128.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\339779.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\371005.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\3755934.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\3756052.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\3756064.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\3756260.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\3781343.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\3847415.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\3852201.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\3852203.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\3852513.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\3893289.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\398992.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\419391.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\429132.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\44714.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\48657.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\512217.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\530416.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\586945.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\600583.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\612248.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\665880.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\668887.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\695814.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\706953.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\770502.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\797539.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\805478.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\830153.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\854706.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\930074.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\968732.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\975844.sdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\3600.dat (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans.idx (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categorize.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_comparison.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hotbarcom.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Mails.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpages.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_1000.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_2000.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_3000.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bar.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bbar1.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_logos.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_other.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_weather.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-548964.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-9595.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\icons2.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\linkpathlegal.txt (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\progress.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\s_icons_buttons.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\t2_bg.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans.idx (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans1.dat (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\buttondir.txt (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\components.cdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\cursors.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\default.cdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hotbarcom.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Mails.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_1000.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_2000.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_3000.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bar.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bbar1.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_logos.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_other.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_weather.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-548964.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-9595.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\icons2.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_video.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords.idx (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords1.dat (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\layout.cdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\linkpathlegal.txt (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\progress.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\s_icons_buttons.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\t2_bg.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\theweb.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\top7.cdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\progress.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEula.mht (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat (Adware.Seekmo) -> No action taken.
C:\Program Files\Common Files\keylog.txt (Malware.Trace) -> No action taken.
C:\Program Files\Mozilla Firefox\setupapi.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER3\Application Data\avdrn.dat (Malware.Trace) -> No action taken.

2.Выполните скрипт в AVZ в безопасном режиме

Код:

begin
 SearchRootkit(true, true);
 SetAVZGuardStatus(True);
 DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
 RegKeyStrParamWrite('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon','UserInit', GetEnvironmentVariable ('WinDir')+'\System32\userinit.exe,'); 
 QuarantineFile('C:\Documents and Settings\USER3\Главное меню\Программы\Автозагрузка\monoca32.exe','');
 DeleteFile('C:\Documents and Settings\USER3\Главное меню\Программы\Автозагрузка\monoca32.exe');
 BC_ImportAll;
 ExecuteSysClean;
 ExecuteRepair(20);
 ExecuteWizard('TSW', 2, 2, true);
 ExecuteWizard('SCU', 2, 2, true);
 RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun',221);
 BC_Activate;
 RebootWindows(true);
end.

После перезагрузки:
- выполните такой скрипт

Код:

begin
  CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); 
 end.

- Файл quarantine.zip из папки AVZ загрузите по ссылке Прислать запрошенный карантин вверху темы
- Сделайте повторный лог virusinfo_syscheck.zip;
- Сделайте повторный лог MBAM
- Скачайте RSIT тут. Запустите, выберите проверку файлов за последние три месяца и нажмите продолжить. Должны открыться два отчета log.txt и info.txt. Прикрепите их к следующему сообщению. Если вы их закрыли, то логи по умолчанию сохраняются в одноименной папке (RSIT) в корне системного диска.

[dimon8033]

новые логи

[dimon8033]

ну так что? все чисто или еще не известно?

[Rene-gad]

-Выполните скрипт:

Код:

begin
 QuarantineFile('C:\Documents and Settings\USER3\Application Data\Mikogo\Mikogo-Host.exe','');
 QuarantineFile('C:\WINDOWS\system32\PLCMsiren.acm','');
 QuarantineFile('C:\WINDOWS\system32\PLCMg729A.acm','');
 QuarantineFile('C:\WINDOWS\system32\PLCMg728.acm','');
 QuarantineFile('C:\WINDOWS\system32\PLCMg722.acm','');
 QuarantineFile('C:\WINDOWS\system32\PrereqChk.dll','');
CreateQurantineArchive('%userprofile%\desktop\avz_quarantine.zip'); 
end.

- Файл avz_quarantine.zip с Рабочего Стола закачайте ТУТ для анализа.

[polword]

после выполнения скрипта из поста №15
- выполните такой скрипт в AVZ

Код:

begin
 SearchRootkit(true, true);
 SetAVZGuardStatus(True);
 QuarantineFile('C:\WINDOWS\system32\e9e64aea.exe','');
 DeleteFile('C:\WINDOWS\system32\e9e64aea.exe');
 QuarantineFile('C:\WINDOWS\System32\sfcfiles.dll','');
 BC_ImportAll;
 ExecuteSysClean;
 BC_Activate;
 RebootWindows(true);
end.

После перезагрузки:
- выполните такой скрипт

Код:

begin
  CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); 
 end.

- Файл quarantine.zip из папки AVZ загрузите по ссылке Прислать запрошенный карантин вверху темы

[dimon8033]

извините, отпуск, смогу продолжить через 2 недели...

[dimon8033]

-Выполните скрипт:


- Файл avz_quarantine.zip с Рабочего Стола закачайте ТУТ для анализа.

Карантин не создается

Добавлено через 1 час 15 минут

по посту №16, карантин отправил

[thyrex]

Логи RSIT новые сделайте

[CyberHelper]

Статистика проведенного лечения:

• Получено карантинов: 2
• Обработано файлов: 14
• В ходе лечения обнаружены вредоносные программы:
  
  1. c:\\documents and settings\\user3\\главное меню\\программы\\автозагрузка\\monoca32.exe - Packed.Win32.Krap.ao ( DrWEB: Trojan.Botnetlog.126, BitDefender: Gen:Variant.Kazy.43, AVAST4: Win32:Crypt-HKP [Drp] )
  2. c:\\windows\\system32\\e9e64aea.exe - Trojan.Win32.Agent.exrz ( DrWEB: Trojan.Packed.20771, BitDefender: Backdoor.Generic.418936, AVAST4: Win32:MalOb-DS [Cryp] )