I have trojan downloaders, i have vritumonde, Ezula, agens.NSM and much more! PC is also slow!
PLS help!
I give you a VBG log, a HijackLog, and a Nod32 Log:
VBG
[12/02/2007, 12:45:28] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\laris\Bureaublad\VirtumundoBeGone.exe" )
[12/02/2007, 12:45:40] - Detected System Information:
[12/02/2007, 12:45:40] - Windows Version: 5.1.2600, Service Pack 2
[12/02/2007, 12:45:40] - Current Username: laris (Admin)
[12/02/2007, 12:45:40] - Windows is in NORMAL mode.
[12/02/2007, 12:45:40] - Searching for Browser Helper Objects:
[12/02/2007, 12:45:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[12/02/2007, 12:45:40] - BHO 2: {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} ()
[12/02/2007, 12:45:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/02/2007, 12:45:40] - Checking for HKLM\...\Winlogon\Notify\urqnlif
[12/02/2007, 12:45:40] - Found: HKLM\...\Winlogon\Notify\urqnlif - This is probably Virtumundo.
[12/02/2007, 12:45:40] - Assigning {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} MSEvents Object
[12/02/2007, 12:45:40] - BHO list has been changed! Starting over...
[12/02/2007, 12:45:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[12/02/2007, 12:45:40] - BHO 2: {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} (MSEvents Object)
[12/02/2007, 12:45:40] - ALERT: Found MSEvents Object!
[12/02/2007, 12:45:40] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/02/2007, 12:45:40] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/02/2007, 12:45:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/02/2007, 12:45:40] - No filename found. Continuing.
[12/02/2007, 12:45:40] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/02/2007, 12:45:40] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/02/2007, 12:45:40] - BHO 7: {c086456d-7640-4ea5-83a1-edf4bfa7811e} ()
[12/02/2007, 12:45:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/02/2007, 12:45:40] - Checking for HKLM\...\Winlogon\Notify\scmymkuy
[12/02/2007, 12:45:40] - Key not found: HKLM\...\Winlogon\Notify\scmymkuy, continuing.
[12/02/2007, 12:45:40] - BHO 8: {CBB95130-8BE5-4644-BED7-5F4C0740D3B6} ()
[12/02/2007, 12:45:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/02/2007, 12:45:40] - Checking for HKLM\...\Winlogon\Notify\vtstr
[12/02/2007, 12:45:40] - Key not found: HKLM\...\Winlogon\Notify\vtstr, continuing.
[12/02/2007, 12:45:40] - Finished Searching Browser Helper Objects
[12/02/2007, 12:45:40] - *** Detected MSEvents Object
[12/02/2007, 12:45:40] - Trying to remove MSEvents Object...
[12/02/2007, 12:45:41] - Terminating Process: IEXPLORE.EXE
[12/02/2007, 12:45:41] - Terminating Process: RUNDLL32.EXE
[12/02/2007, 12:45:42] - Disabling Automatic Shell Restart
[12/02/2007, 12:45:42] - Terminating Process: EXPLORER.EXE
[12/02/2007, 12:45:42] - Suspending the NT Session Manager System Service
[12/02/2007, 12:45:42] - Terminating Windows NT Logon/Logoff Manager
[12/02/2007, 12:45:43] - Re-enabling Automatic Shell Restart
[12/02/2007, 12:45:43] - File to disable: C:\WINDOWS\system32\urqnlif.dll
[12/02/2007, 12:45:43] - Renaming C:\WINDOWS\system32\urqnlif.dll -> C:\WINDOWS\system32\urqnlif.dll.vir
[12/02/2007, 12:45:49] - File successfully renamed!
[12/02/2007, 12:45:49] - Removing HKLM\...\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}
[12/02/2007, 12:45:49] - Removing HKCR\CLSID\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}
[12/02/2007, 12:45:49] - Adding Kill Bit for ActiveX for GUID: {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}
[12/02/2007, 12:45:49] - Deleting ATLEvents/MSEvents Registry entries
[12/02/2007, 12:45:49] - Removing HKLM\...\Winlogon\Notify\urqnlif
[12/02/2007, 12:45:49] - Searching for Browser Helper Objects:
[12/02/2007, 12:45:49] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[12/02/2007, 12:45:49] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/02/2007, 12:45:49] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/02/2007, 12:45:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/02/2007, 12:45:49] - No filename found. Continuing.
[12/02/2007, 12:45:49] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/02/2007, 12:45:49] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/02/2007, 12:45:49] - BHO 6: {c086456d-7640-4ea5-83a1-edf4bfa7811e} ()
[12/02/2007, 12:45:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/02/2007, 12:45:49] - Checking for HKLM\...\Winlogon\Notify\scmymkuy
[12/02/2007, 12:45:49] - Key not found: HKLM\...\Winlogon\Notify\scmymkuy, continuing.
[12/02/2007, 12:45:49] - BHO 7: {CBB95130-8BE5-4644-BED7-5F4C0740D3B6} ()
[12/02/2007, 12:45:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/02/2007, 12:45:49] - Checking for HKLM\...\Winlogon\Notify\vtstr
[12/02/2007, 12:45:49] - Key not found: HKLM\...\Winlogon\Notify\vtstr, continuing.
[12/02/2007, 12:45:49] - Finished Searching Browser Helper Objects
[12/02/2007, 12:45:49] - Finishing up...
[12/02/2007, 12:45:49] - A restart is needed.
[12/02/2007, 12:45:56] - Attempting to Restart via STOP error (Blue Screen!)
Hijacklog
Logfile of HijackThis v1.99.1
Scan saved at 12:53:05, on 2-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\laris\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = google.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.143.245.40:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe /tray
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2D9D6D-F1EC-4F3A-81F9-2D4E4163E12F}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4F2D9D6D-F1EC-4F3A-81F9-2D4E4163E12F}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Nod32 Log
Time Module Object Name Threat Action User Information
2-12-2007 12:56:38 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\SO81WFMV\hctp[1] Win32/Adware.Virtumonde application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:56:36 AMON file C:\DOCUME~1\laris\LOCALS~1\Temp\fewsgdsa.dll Win32/Adware.Virtumonde application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:56:34 IMON file http://89.188.16.57/...9B302DF1C57BDE8 Win32/Adware.Virtumonde application Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 12:50:48 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\4B8986FS\poiu[1] Win32/TrojanDownloader.Tiny.ID trojan quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:50:47 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\SO81WFMV\mosx1024[2] Win32/TrojanDownloader.Agent.NSM trojan quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:50:44 AMON file C:\DOCUME~1\laris\LOCALS~1\Temp\tkroxxsw.dll Win32/TrojanDownloader.Agent.NSM trojan quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:50:43 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Tiny.ID trojan LARIS-8CN6I20DL\laris
2-12-2007 12:50:40 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Agent.NSM trojan Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 12:48:30 AMON file C:\DOCUME~1\laris\LOCALS~1\Temp\nndftuas.exe Win32/Adware.Ezula application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:48:28 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\SO81WFMV\pochki20071106[1] Win32/Adware.Ezula application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:48:24 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/Adware.Ezula application LARIS-8CN6I20DL\laris
2-12-2007 12:39:17 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\VFMUUGAC\hctp[1] Win32/Adware.Virtumonde application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
2-12-2007 12:39:14 AMON file C:\DOCUME~1\laris\LOCALS~1\Temp\pgcfytpd.dll Win32/Adware.Virtumonde application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
2-12-2007 12:39:03 IMON file http://89.188.16.57/...9B302DF1C57BDE8 Win32/Adware.Virtumonde application Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 12:35:55 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Tiny.ID trojan Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 12:33:12 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\SO81WFMV\pochki20071106[1] Win32/Adware.Ezula application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
2-12-2007 12:33:11 AMON file C:\DOCUME~1\laris\LOCALS~1\Temp\rwpjwckx.exe Win32/Adware.Ezula application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
2-12-2007 12:33:03 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\VFMUUGAC\mosx1024[1] Win32/TrojanDownloader.Agent.NSM trojan quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
2-12-2007 12:33:00 AMON file C:\DOCUME~1\laris\LOCALS~1\Temp\sutoshli.dll Win32/TrojanDownloader.Agent.NSM trojan quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
2-12-2007 12:32:58 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/Adware.Ezula application Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 12:32:41 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Agent.NSM trojan Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 12:28:37 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\5288ZRAZ\hctp[1] Win32/Adware.Virtumonde application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:28:35 AMON file C:\DOCUME~1\laris\LOCALS~1\Temp\tiyuhino.dll Win32/Adware.Virtumonde application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:28:31 IMON file http://89.188.16.57/...9B302DF1C57BDE8 Win32/Adware.Virtumonde application Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 12:25:16 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\5288ZRAZ\poiu[1] Win32/TrojanDownloader.Tiny.ID trojan quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:25:11 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\5288ZRAZ\poiu[1] Win32/TrojanDownloader.Tiny.ID trojan deleted LARIS-8CN6I20DL\laris Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
2-12-2007 12:25:09 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Tiny.ID trojan Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 12:19:22 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\4B8986FS\mosx1024[1] Win32/TrojanDownloader.Agent.NSM trojan quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:19:19 AMON file C:\DOCUME~1\laris\LOCALS~1\Temp\tpbrkfji.dll Win32/TrojanDownloader.Agent.NSM trojan quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:19:11 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Agent.NSM trojan quarantined - Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 12:17:26 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\VFMUUGAC\pochki20071106[1] Win32/Adware.Ezula application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:17:23 AMON file C:\DOCUME~1\laris\LOCALS~1\Temp\khxypdcc.exe Win32/Adware.Ezula application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:17:13 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/Adware.Ezula application Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 12:14:08 AMON file C:\DOCUME~1\laris\LOCALS~1\Temp\omjrogiv.exe Win32/Adware.Ezula application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 12:14:03 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/Adware.Ezula application Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 10:03:36 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Agent.NSM trojan Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 0:06:23 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\5288ZRAZ\hctp[1] Win32/Adware.Virtumonde application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 0:06:20 AMON file C:\DOCUME~1\laris\LOCALS~1\Temp\ollisoqs.dll Win32/Adware.Virtumonde application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 0:06:17 IMON file http://89.188.16.57/...9B302DF1C57BDE8 Win32/Adware.Virtumonde application quarantined - Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 0:03:58 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Tiny.ID trojan Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 0:03:45 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\4B8986FS\pochki20071106[1] Win32/Adware.Ezula application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
2-12-2007 0:03:39 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Agent.NSM trojan Connection terminated LARIS-8CN6I20DL\laris
2-12-2007 0:03:31 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/Adware.Ezula application quarantined - Connection terminated LARIS-8CN6I20DL\laris
1-12-2007 19:32:58 AMON file C:\DOCUME~1\laris\LOCALS~1\Temp\hkwtcydf.dll Win32/Adware.Virtumonde application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
1-12-2007 19:32:53 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\8BE5Q4WH\hctp[1] Win32/Adware.Virtumonde application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
1-12-2007 19:32:51 IMON file http://89.188.16.57/...9B302DF1C57BDE8 Win32/Adware.Virtumonde application LARIS-8CN6I20DL\laris
1-12-2007 19:26:59 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\TK5OXS21\poiu[1] Win32/TrojanDownloader.Tiny.ID trojan quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
1-12-2007 19:26:56 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Tiny.ID trojan LARIS-8CN6I20DL\laris
1-12-2007 19:23:49 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Agent.NSM trojan Connection terminated LARIS-8CN6I20DL\laris
1-12-2007 19:21:03 AMON file C:\DOCUME~1\laris\LOCALS~1\Temp\lmdoekyv.exe Win32/Adware.Ezula application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
1-12-2007 19:21:01 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\5LKN9RXD\pochki20071106[1] Win32/Adware.Ezula application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
1-12-2007 19:20:59 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/Adware.Ezula application LARIS-8CN6I20DL\laris
1-12-2007 16:55:14 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\LTAXZ3TH\poiu[1] Win32/TrojanDownloader.Tiny.ID trojan quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
1-12-2007 16:55:13 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Tiny.ID trojan LARIS-8CN6I20DL\laris
1-12-2007 16:53:05 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\8BE5Q4WH\hctp[1] Win32/Adware.Virtumonde application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
1-12-2007 16:53:04 IMON file http://89.188.16.57/...9B302DF1C57BDE8 Win32/Adware.Virtumonde application LARIS-8CN6I20DL\laris
1-12-2007 16:53:01 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\8BE5Q4WH\hctp[1] Win32/Adware.Virtumonde application LARIS-8CN6I20DL\laris Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
1-12-2007 16:49:17 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\TK5OXS21\mosx1024[1] Win32/TrojanDownloader.Agent.NSM trojan quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
1-12-2007 16:49:11 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Agent.NSM trojan LARIS-8CN6I20DL\laris
1-12-2007 16:47:11 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\LTAXZ3TH\pochki20071106[1] Win32/Adware.Ezula application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
1-12-2007 16:47:08 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/Adware.Ezula application LARIS-8CN6I20DL\laris
1-12-2007 13:57:16 AMON file C:\DOCUME~1\laris\LOCALS~1\Temp\xjgybjhq.dll Win32/Adware.Virtumonde application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
1-12-2007 13:57:16 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\WLYA41ZC\hctp[1] Win32/Adware.Virtumonde application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
1-12-2007 13:57:15 IMON file http://89.188.16.57/...9B302DF1C57BDE8 Win32/Adware.Virtumonde application LARIS-8CN6I20DL\laris
1-12-2007 13:54:23 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Tiny.ID trojan LARIS-8CN6I20DL\laris
1-12-2007 13:54:22 AMON file C:\Documents and Settings\laris\Local Settings\Temporary Internet Files\Content.IE5\MQH75BJ1\pochki20071106[1] Win32/Adware.Ezula application quarantined - deleted LARIS-8CN6I20DL\laris Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
1-12-2007 13:54:22 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/Adware.Ezula application LARIS-8CN6I20DL\laris
1-12-2007 13:54:13 IMON file http://82.98.235.78/...9B302DF1C57BDE8 Win32/TrojanDownloader.Agent.NSM trojan LARIS-8CN6I20DL\laris
Thanks in advance!!
Edited by doomxxxblood, 03 December 2007 - 01:29 AM.
Sign In
Create Account
