Malwarebytes' Anti-Malware 1.36
Database versie: 2068
Windows 5.1.2600 Service Pack 3

2-5-2009 22:54:08
mbam-log-2009-05-02 (22-54-08).txt

Scan type: Snelle Scan
Objecten gescand: 90801
Verstreken tijd: 11 minute(s), 39 second(s)

Geheugenprocessen geīnfecteerd: 1
Geheugenmodulen geīnfecteerd: 4
Registersleutels geīnfecteerd: 9
Registerwaarden geīnfecteerd: 7
Registerdata bestanden geīnfecteerd: 7
Mappen geīnfecteerd: 0
Bestanden geīnfecteerd: 12

Geheugenprocessen geīnfecteerd:
C:\WINDOWS\system32\frmwrk32.exe (Trojan.Agent) -> Unloaded process successfully.

Geheugenmodulen geīnfecteerd:
C:\WINDOWS\system32\raferafo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\suwidusu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pikekise.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\lokubaja.dll (Trojan.Vundo.H) -> Delete on reboot.

Registersleutels geīnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{828a4bbf-de87-4cb7-9a97-3f5292012b92} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{828a4bbf-de87-4cb7-9a97-3f5292012b92} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{828a4bbf-de87-4cb7-9a97-3f5292012b92} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.

Registerwaarden geīnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\69553b75 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rorugovoke (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm6a6608e9 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerdata bestanden geīnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pikekise.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pikekise.dll  -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\lokubaja.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen geīnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geīnfecteerd:
C:\WINDOWS\system32\raferafo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ofarefar.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\suwidusu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\lokubaja.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nupejote.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pikekise.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\loader49.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\rasesnet.tmp (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.