virtumonde help needed [Archive] - Safer-Networking Forums

View Full Version : virtumonde help needed

timd32

2007-11-24, 00:50

Had and still have some issues.

Had Smitfraud-C, used smitfraudfix did not work out for what I had.

Combofix got rid of most of the smitfraud-c stuff it seems.

Now all I come up with Virtumonde is and used Vundofix which would remove all but one file. Better to ask for some help then then try to struggle any longer and make more of a mess out of this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:13 PM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArchestrA\aaLogger.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Common Files\ArchestrA\NTServApp.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Siemens\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
C:\Program Files\Common Files\ArchestrA\slssvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Venturi Client\Client\ventc.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\S7ubtoox.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [fca0d631] rundll32.exe "C:\WINDOWS\system32\csgyywfc.dll",b
O4 - HKLM\..\Run: [{0D-D6-69-9E-ZN}] C:\Documents and Settings\Tim\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Paradyne ADSL Network Driver V2.3] C:\WINDOWS\netcfgx32.exe
O4 - HKCU\..\Run: [Tair] "C:\DOCUME~1\Tim\MYDOCU~1\RACLE~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_01\bin\npjpi140_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_01\bin\npjpi140_01.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191689394187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jdclighting.com
O17 - HKLM\Software\..\Telephony: DomainName = jdclighting.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{60027A13-E714-45CD-95CD-9703E51DE03F}: NameServer = 66.174.95.44 69.78.96.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jdclighting.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{60027A13-E714-45CD-95CD-9703E51DE03F}: NameServer = 66.174.95.44 69.78.96.14
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: ArchestrA Logger (aaLogger) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\aaLogger.exe
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: FS Service Control - Wonderware Corporation - C:\Program Files\Common Files\ArchestrA\NTServApp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
O23 - Service: Wonderware SuiteLink (slssvc) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\slssvc.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - C:\Program Files\Venturi Client\Client\ventc.exe
O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\wwnetdde.exe

--
End of file - 7426 bytes

timd32

2007-11-24, 00:53

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 23, 2007 7:35:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/11/2007
Kaspersky Anti-Virus database records: 464719
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 144358
Number of viruses found: 25
Number of infected objects: 254
Number of suspicious objects: 0
Duration of the scan process: 02:07:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\ArchestrA\LogFiles\TIMD1195842637.aaLDX Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ArchestrA\LogFiles\TIMD1195842637.aaLOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_TIMD.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_TIMD.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tim\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tim\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tim\Local Settings\History\History.IE5\MSHist012007112320071124\index.dat Object is locked skipped
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tim\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tim\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Siemens\SWS\almsrv\almdb.ldb Object is locked skipped
C:\Program Files\Common Files\Siemens\SWS\almsrv\almdb.mdb Object is locked skipped
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\LOG\SQLAGENT.OUT Object is locked skipped
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe1177388478 Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Venturi Client\Client\vent2.log Object is locked skipped
C:\qoobox\Quarantine\C\Program Files\SecCenter\scprot4.exe.bak.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.z skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\a1\dnslook11.exe.vir Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\fibagbia\fibagbia3.exe.vir Infected: not-a-virus:Downloader.Win32.UltimateFix.d skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\g2\bemwdll3.exe.vir Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\qoobox\Quarantine\catchme2007-11-22_225206.57.zip/ldcore.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\qoobox\Quarantine\catchme2007-11-22_225206.57.zip ZIP: infected - 1 skipped
C:\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP399\A0099876.rbf Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP475\A0112256.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP475\A0112257.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP475\A0112273.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP475\A0112274.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP475\A0112294.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP475\A0112295.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP475\A0112306.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP475\A0112308.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP476\A0112330.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP476\A0112331.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP476\A0112344.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP476\A0112345.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP477\A0112365.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP477\A0112366.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP477\A0112375.rbf Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP477\A0112380.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP477\A0112381.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP477\A0112442.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP477\A0112443.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP478\A0112469.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP478\A0112470.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP478\A0112493.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP478\A0112494.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP478\A0112502.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP478\A0112503.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP478\A0112529.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP478\A0112530.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP478\A0112545.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP478\A0112546.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP478\A0112556.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP478\A0112557.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP478\A0112578.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP478\A0112579.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP479\A0112606.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP479\A0112607.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP479\A0112618.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP479\A0112619.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP479\A0112647.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP479\A0112648.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0112663.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0112664.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0113646.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0113647.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0114646.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0114647.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0115648.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0115649.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0116648.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0116649.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0116665.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0116666.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0116678.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0116680.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0116694.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0116695.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0117692.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP480\A0117693.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP481\A0117730.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP481\A0117731.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP481\A0117751.dll Infected: Trojan-Spy.Win32.Delf.ait skipped

timd32

2007-11-24, 00:55

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP481\A0117752.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP482\A0117818.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP482\A0117819.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP482\A0117841.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP482\A0117842.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP482\A0117852.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP482\A0117853.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP482\A0117870.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP482\A0117871.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP484\A0117907.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP484\A0117908.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP484\A0117918.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP484\A0117919.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP484\A0117928.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP484\A0117929.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP484\A0117957.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP484\A0117958.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP485\A0117979.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP485\A0117980.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP485\A0117992.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP485\A0117993.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP485\A0118009.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP485\A0118010.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP486\A0118027.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP486\A0118028.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP486\A0118041.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP486\A0118042.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP486\A0119040.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP486\A0119041.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP486\A0120041.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP486\A0120042.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0120060.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0120061.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0121060.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0121061.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0121073.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0121074.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0121089.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0121090.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0121103.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0121104.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0121239.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0121240.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0121252.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0121253.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0121280.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP487\A0121281.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP492\A0121317.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP492\A0121318.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP492\A0121341.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP492\A0121342.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP492\A0121355.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP492\A0121356.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP494\A0121442.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP494\A0121443.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP494\A0121460.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP494\A0121461.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP494\A0121486.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP494\A0121487.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP494\A0121499.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP494\A0121500.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP494\A0121515.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP494\A0121517.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0121553.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0121554.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0121576.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0121577.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0121607.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0121608.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0121627.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0121628.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0121643.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0121644.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0121655.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0121656.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0121674.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0121675.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0122674.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP495\A0122675.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP496\A0123675.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP496\A0123676.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP496\A0123691.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP496\A0123692.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP496\A0124689.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP496\A0124690.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP496\A0125687.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP496\A0125688.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP496\A0125717.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP496\A0125718.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP497\A0125756.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP497\A0125758.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP497\A0125772.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP497\A0125773.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP498\A0125811.dll Infected: Trojan-Spy.Win32.Delf.ait skipped

timd32

2007-11-24, 00:56

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP498\A0125812.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP498\A0126811.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP498\A0126812.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP498\A0126832.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP498\A0126833.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP499\A0126883.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP499\A0126884.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP499\A0127881.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP499\A0127882.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP499\A0127897.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP499\A0127898.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP499\A0127910.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP499\A0127911.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0127927.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0127928.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0128929.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0128930.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0128981.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0128982.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0129977.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0129978.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP501\A0130017.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP501\A0130018.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP501\A0130038.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP501\A0130039.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP501\A0130064.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP501\A0130065.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP501\A0130078.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP501\A0130079.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP501\A0131079.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP501\A0131080.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP501\A0131088.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP501\A0131089.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP502\A0131135.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP502\A0131136.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP502\A0131155.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP502\A0131156.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP502\A0131167.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP502\A0131168.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP502\A0132168.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP502\A0132169.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP503\A0132337.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP503\A0132338.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP508\A0139591.exe Infected: Trojan-Downloader.Win32.Adload.ni skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP509\A0140033.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP509\A0140034.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP510\A0140136.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP510\A0140534.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP510\A0140535.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP510\A0140561.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP510\A0140562.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP510\A0140565.exe Infected: Trojan.Win32.Agent.crf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP510\A0140573.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.z skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP510\A0140574.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP510\A0141547.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP511\A0144526.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP511\A0144544.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0144554.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0144577.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0145566.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0146573.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0147584.exe Infected: Trojan-Downloader.Win32.Small.gnk skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0147592.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0147596.exe Infected: Trojan-Downloader.Win32.Small.gnk skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0147598.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0147600.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0147656.exe Infected: not-a-virus:Dialer.Win32.Agent.r skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0147670.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0147672.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0147672.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0148347.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0149370.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.d skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0149376.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0149377.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP512\A0149381.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP519\A0151142.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP519\A0151143.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP519\change.log Object is locked skipped
C:\VundoFix Backups\efcbaxy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.apx skipped
C:\VundoFix Backups\eryjreee.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\VundoFix Backups\wnvvstod.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\fsclient32.dll Infected: Backdoor.Win32.Rbot.ezy skipped
C:\WINDOWS\mcithread.dll Infected: Trojan-Spy.Win32.Delf.ait skipped
C:\WINDOWS\ModemLog_Novatel Wireless Merlin CDMA EV-DO Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\WinCCLog.evt Object is locked skipped
C:\WINDOWS\system32\csgyywfc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\WINDOWS\system32\efcbaxy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apx skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\urqrpnm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arf skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xxxldcore.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\WINDOWS\TEMP\JETC5BC.tmp Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_7a8.dat Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_c0.dat Object is locked skipped
C:\WINDOWS\VGlt\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.