Malwarebytes' Anti-Malware 1.36
Database versie: 2116
Windows 5.1.2600 Service Pack 2

13/05/2009 14:51:14
mbam-log-2009-05-13 (14-51-14).txt

Scan type: Snelle Scan
Objecten gescand: 83382
Verstreken tijd: 6 minute(s), 39 second(s)

Geheugenprocessen geīnfecteerd: 0
Geheugenmodulen geīnfecteerd: 2
Registersleutels geīnfecteerd: 13
Registerwaarden geīnfecteerd: 2
Registerdata bestanden geīnfecteerd: 3
Mappen geīnfecteerd: 0
Bestanden geīnfecteerd: 7

Geheugenprocessen geīnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geīnfecteerd:
C:\WINDOWS\system32\efcASMee.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ddcyAtrO.dll (Trojan.Vundo.H) -> Delete on reboot.

Registersleutels geīnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41d3bc72-e32a-4eb1-aa3a-dfc93e5cf7ab} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{41d3bc72-e32a-4eb1-aa3a-dfc93e5cf7ab} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0ba0854-9d72-4958-9c33-6f4b4f6fe805} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcyatro (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f0ba0854-9d72-4958-9c33-6f4b4f6fe805} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0ba0854-9d72-4958-9c33-6f4b4f6fe805} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{41d3bc72-e32a-4eb1-aa3a-dfc93e5cf7ab} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registerwaarden geīnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f0ba0854-9d72-4958-9c33-6f4b4f6fe805} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registerdata bestanden geīnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efcasmee -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcasmee  -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen geīnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geīnfecteerd:
C:\WINDOWS\system32\efcASMee.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\eeMSAcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eeMSAcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcyAtrO.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jkkhhGvu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXOGXOE.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqroLfd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.