Malwarebytes' Anti-Malware 1.30
Database versjon: 1360
Windows 5.1.2600 Service Pack 3

03.11.2008 19:51:49
mbam-log-2008-11-03 (19-51-49).txt

Skanntype: Rask Skann
Objekter skannet: 51368
Tid tilbakelagt: 2 minute(s), 37 second(s)

Minneprosesser infisert: 0
Minnemoduler infisert: 6
Registernøkler infisert: 16
Registerverdier infisert: 2
Registerfiler infisert: 2
Mapper infisert: 0
Filer infisert: 17

Minneprosesser infisert:
(Ingen mistenkelige filer funnet)

Minnemoduler infisert:
C:\WINDOWS\system32\mlJApPIa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vtqroidd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wyaipy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuvWoLee.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sqyxendt.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hdbonj.dll (Trojan.Vundo) -> Delete on reboot.

Registernøkler infisert:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82ebc877-e455-4c09-b1a3-4f7a3e1ee777} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{82ebc877-e455-4c09-b1a3-4f7a3e1ee777} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2c818f8-409d-4ef3-bba6-f5639a6fbb12} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a2c818f8-409d-4ef3-bba6-f5639a6fbb12} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvwolee (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82ebc877-e455-4c09-b1a3-4f7a3e1ee777} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a2c818f8-409d-4ef3-bba6-f5639a6fbb12} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerverdier infisert:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e0ef51c7 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo) -> Delete on reboot.

Registerfiler infisert:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljappia -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljappia  -> Delete on reboot.

Mapper infisert:
(Ingen mistenkelige filer funnet)

Filer infisert:
C:\WINDOWS\system32\mlJApPIa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\aIPpAJlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aIPpAJlm.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hdbonj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tuvWoLee.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cqhoppxa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\axppohqc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtqroidd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ddiorqtv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wyaipy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sqyxendt.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jkkLEVmN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkxdrdqu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vncrvyll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uekqbh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tha Mouse\Local Settings\Temporary Internet Files\Content.IE5\4TEB6FMJ\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tha Mouse\Local Settings\Temporary Internet Files\Content.IE5\4TEB6FMJ\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.