Specjalne narzędzie do usuwania  Trojana Vundo!!! 

[03/27/2007, 11:48:15] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Mike Light.THELAB\Desktop\VirtumundoBeGone.exe" )
[03/27/2007, 11:48:19] - Detected System Information:
[03/27/2007, 11:48:19] - Windows Version: 5.0.2195, Service Pack 4
[03/27/2007, 11:48:19] - Current Username: Mike Light (Admin)
[03/27/2007, 11:48:19] - Windows is in NORMAL mode.
[03/27/2007, 11:48:19] - Searching for Browser Helper Objects:
[03/27/2007, 11:48:19] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/27/2007, 11:48:19] - BHO 2: {33CFF9A3-7ECB-4382-806D-AB0138BC7386} ()
[03/27/2007, 11:48:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:19] - Checking for HKLM\...\Winlogon\Notify\opnklkj
[03/27/2007, 11:48:19] - Found: HKLM\...\Winlogon\Notify\opnklkj - This is probably Virtumundo.
[03/27/2007, 11:48:19] - Assigning {33CFF9A3-7ECB-4382-806D-AB0138BC7386} MSEvents Object
[03/27/2007, 11:48:19] - BHO list has been changed! Starting over...
[03/27/2007, 11:48:19] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/27/2007, 11:48:19] - BHO 2: {33CFF9A3-7ECB-4382-806D-AB0138BC7386} (MSEvents Object)
[03/27/2007, 11:48:19] - ALERT: Found MSEvents Object!
[03/27/2007, 11:48:19] - BHO 3: {3F0EA7D9-533A-472F-9B1E-3EC98899AACC} ()
[03/27/2007, 11:48:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:19] - Checking for HKLM\...\Winlogon\Notify\pmkji
[03/27/2007, 11:48:19] - Found: HKLM\...\Winlogon\Notify\pmkji - This is probably Virtumundo.
[03/27/2007, 11:48:19] - Assigning {3F0EA7D9-533A-472F-9B1E-3EC98899AACC} MSEvents Object
[03/27/2007, 11:48:19] - BHO list has been changed! Starting over...
[03/27/2007, 11:48:19] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/27/2007, 11:48:19] - BHO 2: {33CFF9A3-7ECB-4382-806D-AB0138BC7386} (MSEvents Object)
[03/27/2007, 11:48:19] - ALERT: Found MSEvents Object!
[03/27/2007, 11:48:19] - BHO 3: {3F0EA7D9-533A-472F-9B1E-3EC98899AACC} (MSEvents Object)
[03/27/2007, 11:48:19] - ALERT: Found MSEvents Object!
[03/27/2007, 11:48:19] - BHO 4: {57E218E6-5A80-4f0c-AB25-83598F25D7E9} ()
[03/27/2007, 11:48:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:19] - Checking for HKLM\...\Winlogon\Notify\djnmtrey
[03/27/2007, 11:48:19] - Key not found: HKLM\...\Winlogon\Notify\djnmtrey, continuing.
[03/27/2007, 11:48:19] - BHO 5: {F772A44A-7C3B-428F-A41C-8D087CD9B895} ()
[03/27/2007, 11:48:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:19] - Checking for HKLM\...\Winlogon\Notify\fdldhtmy
[03/27/2007, 11:48:19] - Key not found: HKLM\...\Winlogon\Notify\fdldhtmy, continuing.
[03/27/2007, 11:48:19] - Finished Searching Browser Helper Objects
[03/27/2007, 11:48:19] - *** Detected MSEvents Object
[03/27/2007, 11:48:19] - Trying to remove MSEvents Object...
[03/27/2007, 11:48:20] - Terminating Process: IEXPLORE.EXE
[03/27/2007, 11:48:20] - Terminating Process: RUNDLL32.EXE
[03/27/2007, 11:48:20] - Disabling Automatic Shell Restart
[03/27/2007, 11:48:20] - Terminating Process: EXPLORER.EXE
[03/27/2007, 11:48:21] - Suspending the NT Session Manager System Service
[03/27/2007, 11:48:21] - Terminating Windows NT Logon/Logoff Manager
[03/27/2007, 11:48:21] - Re-enabling Automatic Shell Restart
[03/27/2007, 11:48:21] - File to disable: C:\WINNT\system32\opnklkj.dll
[03/27/2007, 11:48:21] - Renaming C:\WINNT\system32\opnklkj.dll -> C:\WINNT\system32\opnklkj.dll.vir
[03/27/2007, 11:48:21] - ! File rename was unsucessful.
[03/27/2007, 11:48:21] - Attempting to Deny Access to C:\WINNT\system32\opnklkj.dll
[03/27/2007, 11:48:21] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[03/27/2007, 11:48:21] - processed file: C:\WINNT\system32\opnklkj.dll

[03/27/2007, 11:48:21] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[03/27/2007, 11:48:21] - Removing HKLM\...\Browser Helper Objects\{33CFF9A3-7ECB-4382-806D-AB0138BC7386}
[03/27/2007, 11:48:21] - Removing HKCR\CLSID\{33CFF9A3-7ECB-4382-806D-AB0138BC7386}
[03/27/2007, 11:48:21] - Adding Kill Bit for ActiveX for GUID: {33CFF9A3-7ECB-4382-806D-AB0138BC7386}
[03/27/2007, 11:48:21] - Deleting ATLEvents/MSEvents Registry entries
[03/27/2007, 11:48:21] - Removing HKLM\...\Winlogon\Notify\opnklkj
[03/27/2007, 11:48:21] - Searching for Browser Helper Objects:
[03/27/2007, 11:48:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/27/2007, 11:48:21] - BHO 2: {3F0EA7D9-533A-472F-9B1E-3EC98899AACC} (MSEvents Object)
[03/27/2007, 11:48:21] - ALERT: Found MSEvents Object!
[03/27/2007, 11:48:21] - BHO 3: {57E218E6-5A80-4f0c-AB25-83598F25D7E9} ()
[03/27/2007, 11:48:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:21] - Checking for HKLM\...\Winlogon\Notify\djnmtrey
[03/27/2007, 11:48:21] - Key not found: HKLM\...\Winlogon\Notify\djnmtrey, continuing.
[03/27/2007, 11:48:21] - BHO 4: {F772A44A-7C3B-428F-A41C-8D087CD9B895} ()
[03/27/2007, 11:48:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:21] - Checking for HKLM\...\Winlogon\Notify\fdldhtmy
[03/27/2007, 11:48:21] - Key not found: HKLM\...\Winlogon\Notify\fdldhtmy, continuing.
[03/27/2007, 11:48:21] - Finished Searching Browser Helper Objects
[03/27/2007, 11:48:21] - *** Detected MSEvents Object
[03/27/2007, 11:48:21] - Trying to remove MSEvents Object...
[03/27/2007, 11:48:22] - Terminating Process: IEXPLORE.EXE
[03/27/2007, 11:48:22] - Terminating Process: RUNDLL32.EXE
[03/27/2007, 11:48:22] - Disabling Automatic Shell Restart
[03/27/2007, 11:48:22] - Terminating Process: EXPLORER.EXE
[03/27/2007, 11:48:22] - Suspending the NT Session Manager System Service
[03/27/2007, 11:48:22] - Terminating Windows NT Logon/Logoff Manager
[03/27/2007, 11:48:22] - Re-enabling Automatic Shell Restart
[03/27/2007, 11:48:22] - File to disable: C:\WINNT\system32\pmkji.dll
[03/27/2007, 11:48:22] - Renaming C:\WINNT\system32\pmkji.dll -> C:\WINNT\system32\pmkji.dll.vir
[03/27/2007, 11:48:23] - ! File rename was unsucessful.
[03/27/2007, 11:48:23] - Attempting to Deny Access to C:\WINNT\system32\pmkji.dll
[03/27/2007, 11:48:23] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[03/27/2007, 11:48:23] - ERROR: The system cannot find the file specified.

[03/27/2007, 11:48:23] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[03/27/2007, 11:48:23] - Removing HKLM\...\Browser Helper Objects\{3F0EA7D9-533A-472F-9B1E-3EC98899AACC}
[03/27/2007, 11:48:23] - Removing HKCR\CLSID\{3F0EA7D9-533A-472F-9B1E-3EC98899AACC}
[03/27/2007, 11:48:23] - Adding Kill Bit for ActiveX for GUID: {3F0EA7D9-533A-472F-9B1E-3EC98899AACC}
[03/27/2007, 11:48:23] - Deleting ATLEvents/MSEvents Registry entries
[03/27/2007, 11:48:23] - Removing HKLM\...\Winlogon\Notify\pmkji
[03/27/2007, 11:48:23] - Searching for Browser Helper Objects:
[03/27/2007, 11:48:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/27/2007, 11:48:23] - BHO 2: {57E218E6-5A80-4f0c-AB25-83598F25D7E9} ()
[03/27/2007, 11:48:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:23] - Checking for HKLM\...\Winlogon\Notify\djnmtrey
[03/27/2007, 11:48:23] - Key not found: HKLM\...\Winlogon\Notify\djnmtrey, continuing.
[03/27/2007, 11:48:23] - BHO 3: {F772A44A-7C3B-428F-A41C-8D087CD9B895} ()
[03/27/2007, 11:48:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:23] - Checking for HKLM\...\Winlogon\Notify\fdldhtmy
[03/27/2007, 11:48:23] - Key not found: HKLM\...\Winlogon\Notify\fdldhtmy, continuing.
[03/27/2007, 11:48:23] - Finished Searching Browser Helper Objects
[03/27/2007, 11:48:23] - Finishing up...
[03/27/2007, 11:48:23] - A restart is needed.
[03/27/2007, 11:48:27] - Attempting to Restart via STOP error (Blue Screen!)