Virus alert - HJT ongelma?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by nvidie, Sep 29, 2008.

  1. nvidie

    nvidie Member

    Joined:
    Oct 24, 2007
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    11
    Sain hommattua viiruksen koneeseeni, joka teki VIRUS ALERT tekstin kellon viereen ja vähän väliä tuli WINDOWS SECURITY ALERT ja SPYWARE ALERT ilmoituksia ja esim. C: asema hävisi näkyvistä. Ajoin Malwarebytes antimalware ja CCleaner ohjelmat ja virus alert tekstit ja kyseiset ilmoitukset hävisivät mutta Windows tehtävien hallinta näyttää että suoritinkäyttö on kokoajan väh. 50% ja järjeslmänpalautusta ei voi suorittaa, joten osaisiko joku sanoa mikä mättää tässä loki:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:41:23, on 29.9.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    H:\Asennetutu ohjelmat\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Hauppauge\WinTV NOVA USB\TTUSBAutoRun.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Hauppauge\WinTV NOVA USB\DVBData.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "H:\Asennetutu ohjelmat\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Asennetutu ohjelmat\DAEMON Tools Lite\daemon.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DVB-USB Start Up Service.lnk = C:\Program Files\Hauppauge\WinTV NOVA USB\TTUSBAutoRun.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6390 bytes
     
    nvidie, Sep 29, 2008
    #1
  2. nvidie

    nvidie Member

    Joined:
    Oct 24, 2007
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    11
    Ja tässä Malwarebytesin loki:

    Malwarebytes' Anti-Malware 1.28
    Tietokantaversio: 1221
    Windows 5.1.2600 Service Pack 2

    29.9.2008 12:15:44
    mbam-log-2008-09-29 (12-15-44).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|E:\|F:\|G:\|H:\|)
    Tarkistetut kohteet: 79315
    Kulunut aika: 31 minute(s), 45 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 5
    Saastuneita rekisteriavaimia: 28
    Saastuneita rekisteriarvoja: 5
    Saastuneita rekisterikohteita: 18
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 50

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    C:\WINDOWS\system32\emlmhoso.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\urqOeeDV.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\fccyyVOI.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\rwlfsdmk.dll (Trojan.Zlob) -> Delete on reboot.
    C:\WINDOWS\onfwbsak.dll (Trojan.FakeAlert) -> Delete on reboot.

    Saastuneita rekisteriavaimia:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b091d1b-af42-4ea3-8ff5-3adb46fe8dae} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccyyvoi (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{7b091d1b-af42-4ea3-8ff5-3adb46fe8dae} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0fd8d20-254a-46e8-8a89-1ae0058e9b94} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{b0fd8d20-254a-46e8-8a89-1ae0058e9b94} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{b46021f2-b50f-4f72-aa13-3698d851a344} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{b3336375-6d34-4704-a5f4-6775adcf0424} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{82bc1bf9-f653-4871-8e09-e70a99617508} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{59b4236e-2a39-4942-8278-980630d6d26f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0c7903d3-3a4d-4dfb-9b6d-d6325d3bd39a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{5b89edb3-5196-4c58-b470-0d1579fee6e9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0b35f3bd-f003-496d-a13d-a1ed0b18784d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{be7e682b-ce10-44e8-9b7f-1430e9c0f305} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f07c2b06-ff81-4eb8-8ab9-7620a24309fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f07c2b06-ff81-4eb8-8ab9-7620a24309fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\peltodgx.bxfa (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\peltodgx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\98948ff4 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7b091d1b-af42-4ea3-8ff5-3adb46fe8dae} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\rwlfsdmk (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{59b4236e-2a39-4942-8278-980630d6d26f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\onfwbsak (Trojan.FakeAlert) -> Delete on reboot.

    Saastuneita rekisterikohteita:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqoeedv -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqoeedv -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55697-645-2982205-23937) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (H:mm:ss) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    C:\WINDOWS\system32\fccyyVOI.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\urqOeeDV.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\VDeeOqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\VDeeOqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\emlmhoso.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\osohmlme.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\rwlfsdmk.dll (Trojan.Zlob) -> Delete on reboot.
    C:\Documents and Settings\PS\Local Settings\Temp\0mYq8p2N.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\Documents and Settings\PS\Local Settings\Temporary Internet Files\Content.IE5\0X4LWRAZ\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\PS\Local Settings\Temporary Internet Files\Content.IE5\CJQDKHMX\CA3BUREX (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\PS\Local Settings\Temporary Internet Files\Content.IE5\SDWBANK9\file[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP285\A0067189.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP286\A0071203.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP289\A0075310.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP289\A0075339.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP289\A0075360.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP290\A0075404.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP291\A0075482.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP292\A0077504.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP293\A0078517.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP293\A0078518.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP293\A0079530.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP304\A0085942.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP305\A0086003.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP307\A0089098.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP308\A0089133.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP308\A0089144.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP312\A0091379.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP313\A0091400.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP313\A0092443.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP313\A0092444.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8CC47014-63E4-4B6F-874A-65D5C39719FE}\RP313\A0092445.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\ewte.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbXnOGya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfcbxuS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnlJyAR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tuvTmmnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkkHxXr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUnOIXQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnmmlKa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pw72Gp0F.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Y51n5g4I.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\peltodgx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\onfwbsak.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\fbxrqtwn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\dfmlxbpkvkd.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\PS\Local Settings\Temp\sfsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\PS\Suosikit\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\PS\Suosikit\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\PS\Suosikit\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
     
    nvidie, Sep 29, 2008
    #2

Share This Page