|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
05-05-2007, 10:29 PM
|
#1 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Multiple infections
Unfortunately, I had tried to battle these infections on my own before finding this place. As the result, HJT logs might not accurately reflect what had really happened.
I noticed recurring Logo_1.exe and rundl132.exe under C:\WINDOWS\ and C:\WINDOWS\uninstall\, respectively, as well as recurring WOW.exe, SERVICES.exe, LSASS.exe, and ?sy.exe (0sy.exe, 1sy.exe, 2sy.exe ... 10sy.exe, etc.) under C:\Program Files\Internet Explorer\. AVG Anti-Spyware showed reports of Trojan.Nilage.ara and Trojan.OnLineGames.es (I don't play on-line games), amongst other names that I can no longer remember (sorry). Since some of the aforementioned files seem to help propagate and/or download other trojans, I have created some folders with the same names with locked-up permissions to prevent recreation of these files. I am running Windows XP Media Center Edition with SP2. This is a legitimate copy, so I should be able to receive the updates, but I can't... Otherwise I have followed the five steps very closely. I'll post the logs on my subsequent posts. Thank you so much in advance, I've been working without sleep on this for the past 30 h... |
|
     |
| Sponsored Links |
|
05-05-2007, 10:33 PM
|
#2 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Re: Multiple infections
main.txt
Deckard's System Scanner v20070426.43 Run by ohno on 2007-05-06 at 15:01:58 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 2 Restore Point(s) -- 2: 2007-05-06 05:02:19 UTC - RP2 - Deckard's System Scanner Restore Point 1: 2007-05-06 03:39:25 UTC - RP1 - 系統檢查點 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as ohno.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 15:09:10, on 05.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\sm56hlpr.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\Java\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\Splendid\ACMON.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\ACEngSvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\VPN Client\cvpnd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\WINDOWS\system32\IFXSPMGT.exe c:\WINDOWS\system32\IFXTCS.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Infineon\Security Platform Software\PSDrt.exe c:\Program Files\Infineon\Security Platform Software\SpTna.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\VPN Client\vpngui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\conime.exe D:\dump\dss.exe C:\PROGRA~1\HIJACK~1\ohno.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: adobe gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: adobe reader speed launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: bttray.lnk = ? O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\bin\ssv.dll O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: 傳送至 OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1167123636500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178423521968 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C0E1C8C4-2406-42DD-AECE-202B0C88534F}: NameServer = 129.78.64.2,129.78.64.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll O20 - Winlogon Notify: OneCard - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\VPN Client\cvpnd.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WinWMServiceNow - Unknown owner - C:\DOCUME~1\ohno\LOCALS~1\Temp\RAVWM.EXE (file missing) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 ItSDisk - c:\windows\system32\drivers\itsdisk.sys <Not Verified; Cognizance Corporation; Microsoft (R) Windows NT(TM) Operating System> R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product> R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0> R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver> S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700> S3 ipswuio - c:\windows\system32\drivers\ipswuio.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 IFXSpMgtSrv (Security Platform Management Service) - c:\windows\system32\ifxspmgt.exe <Not Verified; Infineon Technologies AG; Infineon TPM Software> R2 IFXTCS (Trusted Platform Core Service) - c:\windows\system32\ifxtcs.exe <Not Verified; Infineon Technologies AG; Infineon TPM Software> R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service> S2 WinWMServiceNow - c:\docume~1\ohno\locals~1\temp\ravwm.exe (file missing) -- Files created between 2007-04-06 and 2007-05-06 ----------------------------- 2007-05-06 14:54:06 21312 --a------ C:\WINDOWS\choice.exe 2007-05-06 14:47:19 0 d-------- C:\Program Files\SpywareBlaster 2007-05-06 14:20:32 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-05-06 14:20:27 0 d-------- C:\WINDOWS\LastGood 2007-05-06 13:23:48 0 d--h----- C:\WINDOWS\rundl132.exe 2007-05-06 13:21:03 0 d--h----- C:\WINDOWS\vdll.dll 2007-05-06 13:20:44 0 d--h----- C:\WINDOWS\Logo_1.exe 2007-05-06 13:19:58 0 d--h----- C:\WINDOWS\Logo1_.exe 2007-05-06 13:04:57 0 d--h----- C:\WINDOWS\uninstall 2007-05-06 12:25:24 0 d-------- C:\Documents and Settings\ohno\Application Data\IDMComp 2007-05-06 12:25:12 0 d-------- C:\Program Files\IDM Computer Solutions 2007-05-06 11:48:18 10752 --a------ C:\WINDOWS\system32\msccrt.dll 2007-05-06 11:37:03 0 d--hs---- C:\WINDOWS\CSC 2007-05-05 15:50:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-05-05 15:50:04 0 d-------- C:\Program Files\Spybot 2007-05-05 10:09:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-05 09:44:07 77312 --a------ C:\WINDOWS\ua2.dll 2007-05-04 23:48:38 18484 ---h----- C:\WINDOWS\system32\RAVWM506.dll 2007-05-04 23:48:24 233472 --a------ C:\WINDOWS\system32\wpcap.dll <Not Verified; CACE Technologies; WinPcap high level library> 2007-05-04 23:48:24 61440 --a------ C:\WINDOWS\system32\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library> 2007-05-04 23:48:24 81920 --a------ C:\WINDOWS\system32\Packet.dll <Not Verified; CACE Technologies; WinPcap low level packet library> 2007-05-04 23:48:24 32512 --a------ C:\WINDOWS\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver> 2007-05-04 23:48:16 11264 --a------ C:\WINDOWS\system32\winform.dll 2007-05-04 23:48:14 5632 --a------ C:\WINDOWS\system32\Kvsc3.dll 2007-05-04 23:48:09 11264 --a------ C:\WINDOWS\system32\cmdbcs.dll 2007-05-04 23:48:06 32696 --a------ C:\WINDOWS\RichDll.dll -- Find3M Report --------------------------------------------------------------- 2007-05-06 15:05:57 0 d-------- C:\Program Files\Google 2007-05-06 15:05:45 0 d-------- C:\Program Files\DAEMON Tools 2007-05-06 15:05:43 0 d-------- C:\Program Files\CuteFTP 2007-05-06 14:27:25 0 d-------- C:\Program Files\Wireless Console 2 2007-05-06 14:27:04 0 d-------- C:\Program Files\VPN Client 2007-05-06 14:26:36 0 d-------- C:\Program Files\MSN Messenger 2007-05-06 13:04:57 0 d-------- C:\Program Files\putty 2007-05-06 11:48:00 0 d-------- C:\Documents and Settings\ohno\Application Data\AVG7 2007-05-06 09:50:59 0 d-------- C:\Program Files\SyncBack 2007-05-04 23:51:00 0 d-------- C:\Program Files\Windows XP MUI Pack 2007-05-04 23:50:58 0 d-------- C:\Program Files\Winamp 2007-05-04 23:50:41 0 d-------- C:\Program Files\Real Alternative 2007-05-04 23:50:40 0 d-------- C:\Program Files\QuickTime Alternative 2007-05-04 23:50:33 0 d-------- C:\Program Files\pg2 2007-05-04 23:50:33 0 d-------- C:\Program Files\PCMan 2007-05-04 23:50:25 0 d-------- C:\Program Files\K-Lite Codec Pack 2007-05-04 23:50:17 0 d-------- C:\Program Files\eMule 2007-05-04 23:50:15 0 d-------- C:\Program Files\BitComet 2007-03-10 21:15:30 0 d-------- C:\Documents and Settings\ohno\Application Data\Adobe 2007-03-06 17:37:21 0 d-------- C:\Documents and Settings\ohno\Application Data\Sun 2007-03-06 17:31:58 0 d-------- C:\Program Files\Java 2007-03-06 17:14:46 0 d-------- C:\Program Files\Common Files\Java 2007-02-23 11:19:49 12245199 -----n--- C:\AVG7QT.DAT 2007-02-22 22:17:17 8 --a------ C:\WINDOWS\system32\success -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\bin\ssv.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll {DF21F1DB-80C6-11D3-9483-B03D0EC10000} c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "SkyTel"="SkyTel.EXE" "SMSERIAL"="sm56hlpr.exe" "Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Zshutdown"="c:\\sysprep\\patch\\sysprep.cmd" "RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\bin\\jusched.exe\"" "RTHDCPL"="RTHDCPL.EXE" "ABLKSR"="C:\\windows\\ABLKSR\\ABLKSR.exe" "ACMON"="C:\\Program Files\\ASUS\\Splendid\\ACMON.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "CognizanceTS"="rundll32.exe c:\\PROGRA~1\\ASUSSE~1\\ASUSSE~1\\Bin\\ASTSVCC.dll,RegisterModule" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" "HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="APSHook.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0ASWLNPkg\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ALCMTR" "hkey"="HKLM" "command"="ALCMTR.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ALU" "hkey"="HKLM" "command"="C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BatteryLife" "hkey"="HKLM" "command"="C:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Cognizance REG_MULTI_SZ ASChannel\0\0 -- End of Deckard's System Scanner: finished at 2007-05-06 at 15:10:27 --------- |
|
|
|
|
05-05-2007, 10:34 PM
|
#3 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Re: Multiple infections
extra.txt
Deckard's System Scanner v20070426.43 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz CPU 1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz Percentage of Memory in Use: 58% Physical Memory (total/avail): 1023.29 MiB / 420.95 MiB Pagefile Memory (total/avail): 2457.69 MiB / 1733.28 MiB Virtual Memory (total/avail): 2047.88 MiB / 1932.53 MiB C: is Fixed (NTFS) - 19.53 GiB total, 7.87 GiB free. D: is Fixed (NTFS) - 69.72 GiB total, 23.29 GiB free. E: is CDROM (No Media) F: is Fixed (NTFS) - 37.25 GiB total, 6.31 GiB free. G: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: AVG 7.5.467 v7.5.467 (GRISOFT) -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\ohno\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=WMD ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\ohno LOGONSERVER=\\WMD NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\IDM Computer Solutions\UltraEdit-32 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f06 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ohno\LOCALS~1\Temp TMP=C:\DOCUME~1\ohno\LOCALS~1\Temp USERDOMAIN=WMD USERNAME=ohno USERPROFILE=C:\Documents and Settings\ohno windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- ohno (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747} Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} AVG 7.5 --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Dynasty Warriors 4 Hyper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Documents and Settings\ohno\Application Data\InstallShield Installation Information\{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}\setup.exe" -l0x9 Google 更新器 --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070} mIRC --> "F:\storage\nox\mirc.exe" -uninstall Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Documents and Settings\ohno\Application Data\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot\unins000.exe" SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" SyncBack --> "C:\Program Files\SyncBack\unins000.exe" UltraEdit-32 --> "C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uninstall.exe" "C:\Program Files\IDM Computer Solutions\UltraEdit-32\ueinstall.log" -u VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall 三國志11 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{64893225-ADBA-469E-B114-F3B2C1FBBA77} -- End of Deckard's System Scanner: finished at 2007-05-06 at 15:10:27 --------- |
|
|
|
|
05-05-2007, 10:39 PM
|
#4 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Re: Multiple infections
hijackthis.log
Logfile of HijackThis v1.99.1 Scan saved at 15:09:10, on 05.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\sm56hlpr.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\Java\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\Splendid\ACMON.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\ACEngSvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\VPN Client\cvpnd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\WINDOWS\system32\IFXSPMGT.exe c:\WINDOWS\system32\IFXTCS.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Infineon\Security Platform Software\PSDrt.exe c:\Program Files\Infineon\Security Platform Software\SpTna.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\VPN Client\vpngui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\conime.exe D:\dump\dss.exe C:\PROGRA~1\HIJACK~1\ohno.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: adobe gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: adobe reader speed launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: bttray.lnk = ? O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\bin\ssv.dll O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: 傳送至 OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1167123636500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178423521968 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C0E1C8C4-2406-42DD-AECE-202B0C88534F}: NameServer = 129.78.64.2,129.78.64.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll O20 - Winlogon Notify: OneCard - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\VPN Client\cvpnd.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WinWMServiceNow - Unknown owner - C:\DOCUME~1\ohno\LOCALS~1\Temp\RAVWM.EXE (file missing) |
|
|
|
|
05-05-2007, 10:56 PM
|
#5 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista
|
Re: Multiple infections
Hello ohno and welcome to TSF,
I'll be honest--this can be a particularly nasty infection to get rid of. Download Combofix and save it to your desktop. **Note: It is important that it is saved directly to your desktop** ------------------------------------- Disconnect from the internet. -------------------------------------------------------------------- Go to Start>Run then copy/paste the following red text into the Run box then click OK "%userprofile%\desktop\combofix.exe" /wow-drv WinWMServiceNow When finished, it shall produce a log for you. I'll need that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ----------------------------------------------------------------------- Run a new scan with HijackThis and save the log. ----------------------------------------------------------------------- Please include the following in your next reply: C:\ComboFix.txt New HijackThis log |
|
|
|
|
05-06-2007, 12:55 AM
|
#6 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Re: Multiple infections
Hello Ried, thanks for the welcome and the fast reply. (Sorry about "ComboFix2.txt", I ran it directly after downloading without saving it first for the first time, so I ran it again after saving it first.)
ComboFix.txt "ohno" - 2007-05-06 17:43:07 Service Pack 2 ComboFix 07-05.06.1.V - Running from: "D:\dump\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 )))))))))))))))))))))))))))))))))) 2007-05-06 17:41 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-06 14:55 <DIR> d-------- C:\Deckard 2007-05-06 14:54 21,312 --a------ C:\WINDOWS\choice.exe 2007-05-06 14:47 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-05-06 14:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-05-06 14:20 <DIR> d-------- C:\WINDOWS\LastGood 2007-05-06 13:23 <DIR> d--h----- C:\WINDOWS\rundl132.exe 2007-05-06 13:21 <DIR> d--h----- C:\WINDOWS\vdll.dll 2007-05-06 13:20 <DIR> d--h----- C:\WINDOWS\Logo_1.exe 2007-05-06 13:19 <DIR> d--h----- C:\WINDOWS\Logo1_.exe 2007-05-06 13:04 <DIR> d--h----- C:\WINDOWS\uninstall 2007-05-06 12:25 <DIR> d-------- C:\Program Files\IDM Computer Solutions 2007-05-06 12:25 <DIR> d-------- C:\DOCUME~1\ohno\APPLIC~1\IDMComp 2007-05-06 11:37 <DIR> d--hs---- C:\WINDOWS\CSC 2007-05-05 15:50 <DIR> d-------- C:\Program Files\Spybot 2007-05-05 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-05-05 10:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-05 10:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-05 10:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2007-05-05 09:44 77,312 --a------ C:\WINDOWS\ua2.dll 2007-05-04 23:48 5,632 --a------ C:\WINDOWS\system32\Kvsc3.dll 2007-05-04 23:48 18,484 ---h----- C:\WINDOWS\system32\RAVWM506.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-06 06:36:27 -------- d-----w C:\Program Files\VPN Client 2007-05-06 06:27:01 -------- d-----w C:\Program Files\Wireless Console 2 2007-05-06 06:24:35 -------- d-----w C:\Program Files\MSN Messenger 2007-05-06 06:21:19 -------- d-----w C:\Program Files\Google 2007-05-06 06:21:08 -------- d-----w C:\Program Files\DAEMON Tools 2007-05-06 06:21:06 -------- d-----w C:\Program Files\CuteFTP 2007-05-06 03:04:57 -------- d-----w C:\Program Files\putty 2007-05-06 02:25:24 -------- d-----w C:\DOCUME~1\ohno\APPLIC~1.\IDMComp 2007-05-05 23:50:59 -------- d-----w C:\Program Files\SyncBack 2007-05-04 13:51:00 -------- d-----w C:\Program Files\Windows XP MUI Pack 2007-05-04 13:50:58 -------- d-----w C:\Program Files\Winamp 2007-05-04 13:50:41 -------- d-----w C:\Program Files\Real Alternative 2007-05-04 13:50:40 -------- d-----w C:\Program Files\QuickTime Alternative 2007-05-04 13:50:33 -------- d-----w C:\Program Files\pg2 2007-05-04 13:50:33 -------- d-----w C:\Program Files\PCMan 2007-05-04 13:50:25 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-05-04 13:50:17 -------- d-----w C:\Program Files\eMule 2007-05-04 13:50:15 -------- d-----w C:\Program Files\BitComet 2007-02-23 01:19:49 12,245,199 ------w C:\AVG7QT.DAT (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="C:\Program Files\BitComet\tools\BitCometBHO.dll" "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\bin\ssv.dll" "{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar2.dll" "{DF21F1DB-80C6-11D3-9483-B03D0EC10000}"="c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "SkyTel"="SkyTel.EXE" "SMSERIAL"="sm56hlpr.exe" "Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Zshutdown"="c:\\sysprep\\patch\\sysprep.cmd" "RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\bin\\jusched.exe\"" "RTHDCPL"="RTHDCPL.EXE" "ABLKSR"="C:\\windows\\ABLKSR\\ABLKSR.exe" "ACMON"="C:\\Program Files\\ASUS\\Splendid\\ACMON.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "CognizanceTS"="rundll32.exe c:\\PROGRA~1\\ASUSSE~1\\ASUSSE~1\\Bin\\ASTSVCC.dll,RegisterModule" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" "HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="APSHook.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0ASWLNPkg\0\0 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr ALCMTR.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asus live update C:\Program Files\ASUS\ASUS Live Update\ALU.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\power_gear C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 Cognizance ASChannel\0\0 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-06 17:44:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-06 17:44:11 C:\ComboFix-quarantined-files.txt ... 2007-05-06 17:44 C:\ComboFix2.txt ... 2007-05-06 17:41 |
|
|
|
|
05-06-2007, 12:56 AM
|
#7 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Re: Multiple infections
ComboFix-quarantined-files.txt
Code:
2005-08-03 05:08 61440 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\WanPacket.dll.vir
2005-08-03 05:08 81920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\Packet.dll.vir
2005-08-03 05:18 233472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2007-02-12 15:28 212 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ohno\APPLIC~1\Macromedia\Flash Player\#SharedObjects\5B2B7EZU\www.inter-focus.cn\IFFLASHAD_PLAYER.sol.vir
2007-02-12 15:28 88 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ohno\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol.vir
2007-05-06 09:49 8 --a------ C:\Qoobox\Quarantine\C\_desktop.ini.vir
2007-05-06 11:48 10752 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\msccrt.dll.vir
2007-05-06 11:48 11264 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cmdbcs.dll.vir
2007-05-06 11:49 32512 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
2007-05-06 13:05 32696 --a------ C:\Qoobox\Quarantine\C\WINDOWS\RichDll.dll.vir
列出磁碟區 System 的資料夾 PATH
磁碟區序列號碼為 0C51-29A0
C:\QOOBOX
\---Quarantine
\---C
| _desktop.ini.vir
|
+---DOCUME~1
| \---ohno
| \---APPLIC~1
| \---Macromedia
| \---Flash Player
| +---#SharedObjects
| | \---5B2B7EZU
| | \---www.inter-focus.cn
| | IFFLASHAD_PLAYER.sol.vir
| |
| \---macromedia.com
| \---support
| \---flashplayer
| \---sys
| \---#www.inter-focus.cn
| settings.sol.vir
|
\---WINDOWS
| RichDll.dll.vir
|
\---system32
| cmdbcs.dll.vir
| msccrt.dll.vir
| Packet.dll.vir
| WanPacket.dll.vir
| wpcap.dll.vir
|
\---drivers
npf.sys.vir
|
|
|
|
|
05-06-2007, 12:58 AM
|
#8 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Re: Multiple infections
ComboFix2.txt
"ohno" - 2007-05-06 17:39:54 Service Pack 2 ComboFix 07-05.06.1.V - Running from: "C:\Documents and Settings\ohno\Desktop\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\_desktop.ini C:\WINDOWS\system32\Packet.dll C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wpcap.dll C:\DOCUME~1\ohno\APPLIC~1.\macromedia\Flash Player\#SharedObjects\5B2B7EZU\www.inter-focus.cn\IFFLASHAD_PLAYER.sol C:\DOCUME~1\ohno\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol C:\WINDOWS\system32\cmdbcs.dll C:\WINDOWS\system32\msccrt.dll C:\WINDOWS\richdll.dll C:\WINDOWS\system32\drivers\npf.sys C:\DOCUME~1\ohno\APPLIC~1.\macromedia\Flash Player\#SharedObjects\5B2B7EZU\www.inter-focus.cn C:\DOCUME~1\ohno\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NPF -------\NPF ((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 )))))))))))))))))))))))))))))))))) 2007-05-06 14:55 <DIR> d-------- C:\Deckard 2007-05-06 14:54 21,312 --a------ C:\WINDOWS\choice.exe 2007-05-06 14:47 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-05-06 14:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-05-06 14:20 <DIR> d-------- C:\WINDOWS\LastGood 2007-05-06 13:23 <DIR> d--h----- C:\WINDOWS\rundl132.exe 2007-05-06 13:21 <DIR> d--h----- C:\WINDOWS\vdll.dll 2007-05-06 13:20 <DIR> d--h----- C:\WINDOWS\Logo_1.exe 2007-05-06 13:19 <DIR> d--h----- C:\WINDOWS\Logo1_.exe 2007-05-06 13:04 <DIR> d--h----- C:\WINDOWS\uninstall 2007-05-06 12:25 <DIR> d-------- C:\Program Files\IDM Computer Solutions 2007-05-06 12:25 <DIR> d-------- C:\DOCUME~1\ohno\APPLIC~1\IDMComp 2007-05-06 11:37 <DIR> d--hs---- C:\WINDOWS\CSC 2007-05-05 15:50 <DIR> d-------- C:\Program Files\Spybot 2007-05-05 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-05-05 10:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-05 10:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-05 10:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2007-05-05 09:44 77,312 --a------ C:\WINDOWS\ua2.dll 2007-05-04 23:48 5,632 --a------ C:\WINDOWS\system32\Kvsc3.dll 2007-05-04 23:48 18,484 ---h----- C:\WINDOWS\system32\RAVWM506.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-06 06:36:27 -------- d-----w C:\Program Files\VPN Client 2007-05-06 06:27:01 -------- d-----w C:\Program Files\Wireless Console 2 2007-05-06 06:24:35 -------- d-----w C:\Program Files\MSN Messenger 2007-05-06 06:21:19 -------- d-----w C:\Program Files\Google 2007-05-06 06:21:08 -------- d-----w C:\Program Files\DAEMON Tools 2007-05-06 06:21:06 -------- d-----w C:\Program Files\CuteFTP 2007-05-06 03:04:57 -------- d-----w C:\Program Files\putty 2007-05-06 02:25:24 -------- d-----w C:\DOCUME~1\ohno\APPLIC~1.\IDMComp 2007-05-05 23:50:59 -------- d-----w C:\Program Files\SyncBack 2007-05-04 13:51:00 -------- d-----w C:\Program Files\Windows XP MUI Pack 2007-05-04 13:50:58 -------- d-----w C:\Program Files\Winamp 2007-05-04 13:50:41 -------- d-----w C:\Program Files\Real Alternative 2007-05-04 13:50:40 -------- d-----w C:\Program Files\QuickTime Alternative 2007-05-04 13:50:33 -------- d-----w C:\Program Files\pg2 2007-05-04 13:50:33 -------- d-----w C:\Program Files\PCMan 2007-05-04 13:50:25 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-05-04 13:50:17 -------- d-----w C:\Program Files\eMule 2007-05-04 13:50:15 -------- d-----w C:\Program Files\BitComet 2007-02-23 01:19:49 12,245,199 ------w C:\AVG7QT.DAT (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="C:\Program Files\BitComet\tools\BitCometBHO.dll" "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\bin\ssv.dll" "{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar2.dll" "{DF21F1DB-80C6-11D3-9483-B03D0EC10000}"="c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "SkyTel"="SkyTel.EXE" "SMSERIAL"="sm56hlpr.exe" "Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Zshutdown"="c:\\sysprep\\patch\\sysprep.cmd" "RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\bin\\jusched.exe\"" "RTHDCPL"="RTHDCPL.EXE" "ABLKSR"="C:\\windows\\ABLKSR\\ABLKSR.exe" "ACMON"="C:\\Program Files\\ASUS\\Splendid\\ACMON.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "CognizanceTS"="rundll32.exe c:\\PROGRA~1\\ASUSSE~1\\ASUSSE~1\\Bin\\ASTSVCC.dll,RegisterModule" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" "HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="APSHook.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0ASWLNPkg\0\0 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr ALCMTR.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asus live update C:\Program Files\ASUS\ASUS Live Update\ALU.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\power_gear C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 Cognizance ASChannel\0\0 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-06 17:41:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-06 17:41:57 C:\ComboFix-quarantined-files.txt ... 2007-05-06 17:41 |
|
|
|
|
05-06-2007, 12:59 AM
|
#9 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Re: Multiple infections
hijackthis.log (new)
Logfile of HijackThis v1.99.1 Scan saved at 17:46:37, on 05.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\sm56hlpr.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\Java\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\Splendid\ACMON.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\ACEngSvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\VPN Client\cvpnd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\WINDOWS\system32\IFXSPMGT.exe c:\WINDOWS\system32\IFXTCS.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Infineon\Security Platform Software\PSDrt.exe c:\Program Files\Infineon\Security Platform Software\SpTna.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\VPN Client\vpngui.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\conime.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\dump\HiJackThis_v2\HiJackThis_v2.exe C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: adobe gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: adobe reader speed launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: bttray.lnk = ? O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\bin\ssv.dll O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: 傳送至 OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1167123636500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178423521968 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll O20 - Winlogon Notify: OneCard - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\VPN Client\cvpnd.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WinWMServiceNow - Unknown owner - C:\DOCUME~1\ohno\LOCALS~1\Temp\RAVWM.EXE (file missing) |
|
|
|
|
05-06-2007, 01:47 AM
|
#10 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Re: Multiple infections
I am sorry, I just realised that I didn't put it on the desktop and I forgot the command switch. This is the one after the reboot.
ComboFix.txt (new) "ohno" - 2007-05-06 18:35:51 Service Pack 2 ComboFix 07-05.06.1.V - Running from: "D:\dump\" Command switches used :: "/wow-drv WinWMServiceNow" ((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 )))))))))))))))))))))))))))))))))) 2007-05-06 17:41 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-06 14:55 <DIR> d-------- C:\Deckard 2007-05-06 14:54 21,312 --a------ C:\WINDOWS\choice.exe 2007-05-06 14:47 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-05-06 14:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-05-06 13:23 <DIR> d--h----- C:\WINDOWS\rundl132.exe 2007-05-06 13:21 <DIR> d--h----- C:\WINDOWS\vdll.dll 2007-05-06 13:20 <DIR> d--h----- C:\WINDOWS\Logo_1.exe 2007-05-06 13:19 <DIR> d--h----- C:\WINDOWS\Logo1_.exe 2007-05-06 13:04 <DIR> d--h----- C:\WINDOWS\uninstall 2007-05-06 12:25 <DIR> d-------- C:\Program Files\IDM Computer Solutions 2007-05-06 12:25 <DIR> d-------- C:\DOCUME~1\ohno\APPLIC~1\IDMComp 2007-05-06 11:37 <DIR> d--hs---- C:\WINDOWS\CSC 2007-05-05 15:50 <DIR> d-------- C:\Program Files\Spybot 2007-05-05 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-05-05 10:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-05 10:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-05 10:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2007-05-05 09:44 77,312 --a------ C:\WINDOWS\ua2.dll 2007-05-04 23:48 5,632 --a------ C:\WINDOWS\system32\Kvsc3.dll 2007-05-04 23:48 18,484 ---h----- C:\WINDOWS\system32\RAVWM506.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-06 08:37:05 -------- d-----w C:\Program Files\VPN Client 2007-05-06 06:27:01 -------- d-----w C:\Program Files\Wireless Console 2 2007-05-06 06:24:35 -------- d-----w C:\Program Files\MSN Messenger 2007-05-06 06:21:19 -------- d-----w C:\Program Files\Google 2007-05-06 06:21:08 -------- d-----w C:\Program Files\DAEMON Tools 2007-05-06 06:21:06 -------- d-----w C:\Program Files\CuteFTP 2007-05-06 03:04:57 -------- d-----w C:\Program Files\putty 2007-05-06 02:25:24 -------- d-----w C:\DOCUME~1\ohno\APPLIC~1.\IDMComp 2007-05-05 23:50:59 -------- d-----w C:\Program Files\SyncBack 2007-05-04 13:51:00 -------- d-----w C:\Program Files\Windows XP MUI Pack 2007-05-04 13:50:58 -------- d-----w C:\Program Files\Winamp 2007-05-04 13:50:41 -------- d-----w C:\Program Files\Real Alternative 2007-05-04 13:50:40 -------- d-----w C:\Program Files\QuickTime Alternative 2007-05-04 13:50:33 -------- d-----w C:\Program Files\pg2 2007-05-04 13:50:33 -------- d-----w C:\Program Files\PCMan 2007-05-04 13:50:25 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-05-04 13:50:17 -------- d-----w C:\Program Files\eMule 2007-05-04 13:50:15 -------- d-----w C:\Program Files\BitComet 2007-02-23 01:19:49 12,245,199 ------w C:\AVG7QT.DAT (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="C:\Program Files\BitComet\tools\BitCometBHO.dll" "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\bin\ssv.dll" "{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar2.dll" "{DF21F1DB-80C6-11D3-9483-B03D0EC10000}"="c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "SkyTel"="SkyTel.EXE" "SMSERIAL"="sm56hlpr.exe" "Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Zshutdown"="c:\\sysprep\\patch\\sysprep.cmd" "RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\bin\\jusched.exe\"" "RTHDCPL"="RTHDCPL.EXE" "ABLKSR"="C:\\windows\\ABLKSR\\ABLKSR.exe" "ACMON"="C:\\Program Files\\ASUS\\Splendid\\ACMON.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "CognizanceTS"="rundll32.exe c:\\PROGRA~1\\ASUSSE~1\\ASUSSE~1\\Bin\\ASTSVCC.dll,RegisterModule" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" "HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="APSHook.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0ASWLNPkg\0\0 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr ALCMTR.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asus live update C:\Program Files\ASUS\ASUS Live Update\ALU.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\power_gear C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 Cognizance ASChannel\0\0 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-06 18:40:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-06 18:41:58 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-06 18:41 C:\ComboFix2.txt ... 2007-05-06 17:44 C:\ComboFix3.txt ... 2007-05-06 17:41 |
|
|
|
|
05-06-2007, 01:50 AM
|
#11 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Re: Multiple infections
hijackthis.log (after reboot)
Logfile of HijackThis v1.99.1 Scan saved at 18:47:58, on 05.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\VPN Client\cvpnd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\WINDOWS\system32\IFXSPMGT.exe c:\WINDOWS\system32\IFXTCS.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\conime.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Infineon\Security Platform Software\PSDrt.exe c:\Program Files\Infineon\Security Platform Software\SpTna.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\sm56hlpr.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\Java\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\Splendid\ACMON.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\ACEngSvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: adobe gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: adobe reader speed launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: bttray.lnk = ? O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\bin\ssv.dll O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: 傳送至 OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1167123636500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178423521968 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll O20 - Winlogon Notify: OneCard - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\VPN Client\cvpnd.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WinWMServiceNow - Unknown owner - C:\DOCUME~1\ohno\LOCALS~1\Temp\RAVWM.EXE (file missing) |
|
|
|
|
05-06-2007, 07:58 AM
|
#12 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista
|
Re: Multiple infections
Hi,
Click Start->Run - type services.msc & then click on the OK button *Locate the service - WinWMServiceNow *Double-click on it to open the Properties dialog. *Under the General tab, take note of the Service Name given--(it may be the same, but check to be certain) you'll need that shortly. *Stop the service by using the Stop button. *Change the Startup type to Disabled & then click on the OK button Next, start HiJackThis & go to Config>Misc.Tools...> Delete an NT service... *In the popup box that appears, type in type in the *Service Name you saw listed under the General Tab Click OK and allow reboot. --------------------------------------------------------------------- Go here and do the BitDefender online virus scan.
Run a new scan with dss.exe and post the main.txt here along with the BitDefender results. What symptoms remain? How is your system behaving? |
|
|
|
|
05-06-2007, 11:25 AM
|
#13 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Re: Multiple infections
hijackthis.log (after using BitDefender -- bitdefender.txt is too big, I'm still breaking it up)
Logfile of HijackThis v1.99.1 Scan saved at 04:21:38, on 05.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\VPN Client\cvpnd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\WINDOWS\system32\IFXSPMGT.exe c:\WINDOWS\system32\IFXTCS.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\Java\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\Splendid\ACMON.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\ATK0100\ATKOSD.exe c:\Program Files\Infineon\Security Platform Software\PSDrt.exe c:\Program Files\Infineon\Security Platform Software\SpTna.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: adobe gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: adobe reader speed launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: bttray.lnk = ? O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\bin\ssv.dll O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: 傳送至 OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1167123636500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178423521968 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll O20 - Winlogon Notify: OneCard - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\VPN Client\cvpnd.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe |
|
|
|
|
05-06-2007, 11:29 AM
|
#14 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Re: Multiple infections
main.txt
Deckard's System Scanner v20070426.43 Run by ohno on 2007-05-07 at 04:26:31 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as ohno.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 04:27:00, on 05.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\VPN Client\cvpnd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\WINDOWS\system32\IFXSPMGT.exe c:\WINDOWS\system32\IFXTCS.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\Java\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\Splendid\ACMON.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\ATK0100\ATKOSD.exe c:\Program Files\Infineon\Security Platform Software\PSDrt.exe c:\Program Files\Infineon\Security Platform Software\SpTna.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\dump\dss.exe C:\PROGRA~1\HIJACK~1\ohno.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: adobe gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: adobe reader speed launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: bttray.lnk = ? O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\bin\ssv.dll O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: 傳送至 OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1167123636500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178423521968 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll O20 - Winlogon Notify: OneCard - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\VPN Client\cvpnd.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- Files created between 2007-04-07 and 2007-05-07 ----------------------------- 2007-05-07 02:24:58 0 d-------- C:\WINDOWS\BDOSCAN8 2007-05-07 02:24:55 0 d-------- C:\WINDOWS\LastGood 2007-05-06 14:54:06 21312 --a------ C:\WINDOWS\choice.exe 2007-05-06 14:47:19 0 d-------- C:\Program Files\SpywareBlaster 2007-05-06 14:20:32 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-05-06 13:23:48 0 d--h----- C:\WINDOWS\rundl132.exe 2007-05-06 13:21:03 0 d--h----- C:\WINDOWS\vdll.dll 2007-05-06 13:20:44 0 d--h----- C:\WINDOWS\Logo_1.exe 2007-05-06 13:19:58 0 d--h----- C:\WINDOWS\Logo1_.exe 2007-05-06 13:04:57 0 d--h----- C:\WINDOWS\uninstall 2007-05-06 12:25:24 0 d-------- C:\Documents and Settings\ohno\Application Data\IDMComp 2007-05-06 12:25:12 0 d-------- C:\Program Files\IDM Computer Solutions 2007-05-06 11:37:03 0 d--hs---- C:\WINDOWS\CSC 2007-05-05 15:50:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-05-05 15:50:04 0 d-------- C:\Program Files\Spybot 2007-05-05 10:09:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-05 09:44:07 77312 --a------ C:\WINDOWS\ua2.dll 2007-05-04 23:48:38 18484 ---h----- C:\WINDOWS\system32\RAVWM506.dll 2007-05-04 23:48:14 5632 --a------ C:\WINDOWS\system32\Kvsc3.dll -- Find3M Report --------------------------------------------------------------- 2007-05-07 03:01:24 0 d-------- C:\Program Files\Windows XP MUI Pack 2007-05-07 02:56:55 0 d-------- C:\Program Files\Winamp 2007-05-07 02:56:23 0 d-------- C:\Program Files\VPN Client 2007-05-07 02:56:23 0 d-------- C:\Program Files\SyncBack 2007-05-07 02:56:06 0 d-------- C:\Program Files\Real Alternative 2007-05-07 02:56:02 0 d-------- C:\Program Files\QuickTime Alternative 2007-05-07 02:55:39 0 d-------- C:\Program Files\pg2 2007-05-07 02:55:38 0 d-------- C:\Program Files\PCMan 2007-05-07 02:52:16 0 d-------- C:\Program Files\K-Lite Codec Pack 2007-05-07 02:50:24 0 d-------- C:\Program Files\Google 2007-05-07 02:50:21 0 d-------- C:\Program Files\eMule 2007-05-07 02:50:18 0 d-------- C:\Program Files\DAEMON Tools 2007-05-07 02:50:17 0 d-------- C:\Program Files\CuteFTP 2007-05-07 02:47:39 0 d-------- C:\Program Files\BitComet 2007-05-06 16:27:01 0 d-------- C:\Program Files\Wireless Console 2 2007-05-06 16:24:35 0 d-------- C:\Program Files\MSN Messenger 2007-05-06 13:04:57 0 d-------- C:\Program Files\putty 2007-05-06 11:48:00 0 d-------- C:\Documents and Settings\ohno\Application Data\AVG7 2007-03-10 21:15:30 0 d-------- C:\Documents and Settings\ohno\Application Data\Adobe 2007-02-23 11:19:49 12245199 -----n--- C:\AVG7QT.DAT 2007-02-22 22:17:17 8 --a------ C:\WINDOWS\system32\success -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\bin\ssv.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll {DF21F1DB-80C6-11D3-9483-B03D0EC10000} c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "SkyTel"="SkyTel.EXE" "SMSERIAL"="sm56hlpr.exe" "Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Zshutdown"="c:\\sysprep\\patch\\sysprep.cmd" "RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\bin\\jusched.exe\"" "RTHDCPL"="RTHDCPL.EXE" "ABLKSR"="C:\\windows\\ABLKSR\\ABLKSR.exe" "ACMON"="C:\\Program Files\\ASUS\\Splendid\\ACMON.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "CognizanceTS"="rundll32.exe c:\\PROGRA~1\\ASUSSE~1\\ASUSSE~1\\Bin\\ASTSVCC.dll,RegisterModule" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" "HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="APSHook.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0ASWLNPkg\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ALCMTR" "hkey"="HKLM" "command"="ALCMTR.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ALU" "hkey"="HKLM" "command"="C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BatteryLife" "hkey"="HKLM" "command"="C:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Cognizance REG_MULTI_SZ ASChannel\0\0 -- End of Deckard's System Scanner: finished at 2007-05-07 at 04:27:20 --------- |
|
|
|
|
05-06-2007, 11:33 AM
|
#15 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Re: Multiple infections
bitdefender.txt (part 1)
BitDefender Online Scanner Scan report generated at: Mon, May 07, 2007 - 04:11:14 Scan path: C:\;D:\;E:\;F:\;G:\; Statistics Time 01:44:05 Files 673744 Folders 8184 Boot Sectors 6 Archives 12154 Packed Files 76599 Results Identified Viruses 13 Infected Files 702 Suspect Files 1 Warnings 0 Disinfected 0 Deleted Files 703 Engines Info Virus Definitions 504395 Engine build AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08) Scan plugins 14 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk=>C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk=>C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe Disinfection failed C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk=>C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe Deleted C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk Update failed C:\Documents and Settings\Administrator\SendTo\Bluetooth\ㄤ....lnk=>C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_explorer.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\Administrator\SendTo\Bluetooth\ㄤ....lnk=>C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_explorer.exe Disinfection failed C:\Documents and Settings\Administrator\SendTo\Bluetooth\ㄤ....lnk=>C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_explorer.exe Deleted C:\Documents and Settings\Administrator\SendTo\Bluetooth\ㄤ....lnk Update failed C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Personal.lnk=>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Personal.lnk=>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Disinfection failed C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Personal.lnk=>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Deleted C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Personal.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\ㄤウ祘Α\bridge.lnk=>C:\Program Files\Adobe\Adobe Bridge\Bridge.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\ㄤウ祘Α\bridge.lnk=>C:\Program Files\Adobe\Adobe Bridge\Bridge.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\ㄤウ祘Α\bridge.lnk=>C:\Program Files\Adobe\Adobe Bridge\Bridge.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\ㄤウ祘Α\bridge.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\ㄤウ祘Α\google updater.lnk=>C:\Program Files\Google\Google Updater\GoogleUpdater.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\ㄤウ祘Α\google updater.lnk=>C:\Program Files\Google\Google Updater\GoogleUpdater.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\ㄤウ祘Α\google updater.lnk=>C:\Program Files\Google\Google Updater\GoogleUpdater.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\ㄤウ祘Α\google updater.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows Audio Converter.lnk=>C:\Program Files\Windows Plus\Audio Converter\AudioConverter.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows Audio Converter.lnk=>C:\Program Files\Windows Plus\Audio Converter\AudioConverter.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows Audio Converter.lnk=>C:\Program Files\Windows Plus\Audio Converter\AudioConverter.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows Audio Converter.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows CD Label Maker.lnk=>C:\Program Files\Windows Plus\CDLM\CDLM.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows CD Label Maker.lnk=>C:\Program Files\Windows Plus\CDLM\CDLM.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows CD Label Maker.lnk=>C:\Program Files\Windows Plus\CDLM\CDLM.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows CD Label Maker.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows Dancer.lnk=>C:\Program Files\Windows Plus\Dancer\Dancer.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows Dancer.lnk=>C:\Program Files\Windows Plus\Dancer\Dancer.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows Dancer.lnk=>C:\Program Files\Windows Plus\Dancer\Dancer.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows Dancer.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows Party Mode.lnk=>C:\Program Files\Windows Plus\Party Mode\PartyMode.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows Party Mode.lnk=>C:\Program Files\Windows Plus\Party Mode\PartyMode.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows Party Mode.lnk=>C:\Program Files\Windows Plus\Party Mode\PartyMode.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\计\Windows Party Mode.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\╰参蝴臔\anti-rootkit.lnk=>C:\Program Files\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\╰参蝴臔\anti-rootkit.lnk=>C:\Program Files\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\╰参蝴臔\anti-rootkit.lnk=>C:\Program Files\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\╰参蝴臔\anti-rootkit.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\╰参蝴臔\partitionmagic.lnk=>C:\Program Files\PowerQuest\PartitionMagic\PMagic.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\╰参蝴臔\partitionmagic.lnk=>C:\Program Files\PowerQuest\PartitionMagic\PMagic.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\╰参蝴臔\partitionmagic.lnk=>C:\Program Files\PowerQuest\PartitionMagic\PMagic.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\╰参蝴臔\partitionmagic.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\╰参蝴臔\syncback.lnk=>C:\Program Files\SyncBack\SyncBack.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\╰参蝴臔\syncback.lnk=>C:\Program Files\SyncBack\SyncBack.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\╰参蝴臔\syncback.lnk=>C:\Program Files\SyncBack\SyncBack.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\╰参蝴臔\syncback.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\呼隔ㄣ\emule.lnk=>C:\Program Files\eMule\emule.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\呼隔ㄣ\emule.lnk=>C:\Program Files\eMule\emule.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\呼隔ㄣ\emule.lnk=>C:\Program Files\eMule\emule.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\呼隔ㄣ\emule.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\呼隔ㄣ\pg-recover.lnk=>C:\Program Files\pg2\pgfix.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\呼隔ㄣ\pg-recover.lnk=>C:\Program Files\pg2\pgfix.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\呼隔ㄣ\pg-recover.lnk=>C:\Program Files\pg2\pgfix.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\呼隔ㄣ\pg-recover.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\呼隔ㄣ\pg.lnk=>C:\Program Files\pg2\pg2.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\呼隔ㄣ\pg.lnk=>C:\Program Files\pg2\pg2.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\呼隔ㄣ\pg.lnk=>C:\Program Files\pg2\pg2.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\呼隔ㄣ\pg.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\ASUS Security Center\My Identity.lnk=>C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASPanel.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\地河\ASUS Security Center\My Identity.lnk=>C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASPanel.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\ASUS Security Center\My Identity.lnk=>C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASPanel.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\地河\ASUS Security Center\My Identity.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\ASUSTeK ASUSDVD\ASUSTeK ASUSDVD.lnk=>C:\Program Files\ASUSTeK\ASUSDVD\ASUSDVD.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\地河\ASUSTeK ASUSDVD\ASUSTeK ASUSDVD.lnk=>C:\Program Files\ASUSTeK\ASUSDVD\ASUSDVD.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\ASUSTeK ASUSDVD\ASUSTeK ASUSDVD.lnk=>C:\Program Files\ASUSTeK\ASUSDVD\ASUSDVD.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\地河\ASUSTeK ASUSDVD\ASUSTeK ASUSDVD.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\ASUSTeK ASUSDVD\╰参禘耞 .lnk=>C:\Program Files\ASUSTeK\ASUSDVD\CLDMA.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\地河\ASUSTeK ASUSDVD\╰参禘耞 .lnk=>C:\Program Files\ASUSTeK\ASUSDVD\CLDMA.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\ASUSTeK ASUSDVD\╰参禘耞 .lnk=>C:\Program Files\ASUSTeK\ASUSDVD\CLDMA.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\地河\ASUSTeK ASUSDVD\╰参禘耞 .lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\Infineon Security Platform ㄣ\Security Platform 弧.lnk=>C:\Program Files\Infineon\Security Platform Software\SpMUIHlp.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\地河\Infineon Security Platform ㄣ\Security Platform 弧.lnk=>C:\Program Files\Infineon\Security Platform Software\SpMUIHlp.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\Infineon Security Platform ㄣ\Security Platform 弧.lnk=>C:\Program Files\Infineon\Security Platform Software\SpMUIHlp.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\地河\Infineon Security Platform ㄣ\Security Platform 弧.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\lifeframe.lnk=>C:\Program Files\ASUS\LifeFrame2\LifeFrame.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\地河\lifeframe.lnk=>C:\Program Files\ASUS\LifeFrame2\LifeFrame.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\lifeframe.lnk=>C:\Program Files\ASUS\LifeFrame2\LifeFrame.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\地河\lifeframe.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero OEM\Nero Cover Designer.lnk=>C:\Program Files\Ahead\CoverDesigner\CoverDes.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero OEM\Nero Cover Designer.lnk=>C:\Program Files\Ahead\CoverDesigner\CoverDes.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero OEM\Nero Cover Designer.lnk=>C:\Program Files\Ahead\CoverDesigner\CoverDes.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero OEM\Nero Cover Designer.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero OEM\Nero Express.lnk=>C:\Program Files\Ahead\Nero\nero.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero OEM\Nero Express.lnk=>C:\Program Files\Ahead\Nero\nero.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero OEM\Nero Express.lnk=>C:\Program Files\Ahead\Nero\nero.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero OEM\Nero Express.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero Toolkit\Nero CD-DVD Speed.lnk=>C:\Program Files\Ahead\Nero Toolkit\CDSpeed.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero Toolkit\Nero CD-DVD Speed.lnk=>C:\Program Files\Ahead\Nero Toolkit\CDSpeed.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero Toolkit\Nero CD-DVD Speed.lnk=>C:\Program Files\Ahead\Nero Toolkit\CDSpeed.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero Toolkit\Nero CD-DVD Speed.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero Toolkit\Nero DriveSpeed.lnk=>C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero Toolkit\Nero DriveSpeed.lnk=>C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero Toolkit\Nero DriveSpeed.lnk=>C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero Toolkit\Nero DriveSpeed.lnk Update failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero Toolkit\Nero InfoTool.lnk=>C:\Program Files\Ahead\Nero Toolkit\InfoTool.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero Toolkit\Nero InfoTool.lnk=>C:\Program Files\Ahead\Nero Toolkit\InfoTool.exe Disinfection failed C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero Toolkit\Nero InfoTool.lnk=>C:\Program Files\Ahead\Nero Toolkit\InfoTool.exe Deleted C:\Documents and Settings\All Users\Start Menu\Programs\地河\Nero\Nero Toolkit\Nero InfoTool.lnk Update failed C:\Documents and Settings\ohno\Start Menu\Programs\糧辅笴栏\ag2.lnk=>D:\fun\ag2\game\AG2.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\ohno\Start Menu\Programs\糧辅笴栏\ag2.lnk=>D:\fun\ag2\game\AG2.exe Disinfection failed C:\Documents and Settings\ohno\Start Menu\Programs\糧辅笴栏\ag2.lnk=>D:\fun\ag2\game\AG2.exe Deleted C:\Documents and Settings\ohno\Start Menu\Programs\糧辅笴栏\ag2.lnk Update failed C:\Documents and Settings\ohno\Start Menu\Programs\糧辅笴栏\civ4.lnk=>D:\fun\civ4\game\Civilization4.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\ohno\Start Menu\Programs\糧辅笴栏\civ4.lnk=>D:\fun\civ4\game\Civilization4.exe Disinfection failed C:\Documents and Settings\ohno\Start Menu\Programs\糧辅笴栏\civ4.lnk=>D:\fun\civ4\game\Civilization4.exe Deleted C:\Documents and Settings\ohno\Start Menu\Programs\糧辅笴栏\civ4.lnk Update failed C:\Documents and Settings\ohno\Start Menu\Programs\糧辅笴栏\dk4pk.lnk=>D:\fun\dk4pk\game\DK4PK.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\ohno\Start Menu\Programs\糧辅笴栏\dk4pk.lnk=>D:\fun\dk4pk\game\DK4PK.exe Disinfection failed C:\Documents and Settings\ohno\Start Menu\Programs\糧辅笴栏\dk4pk.lnk=>D:\fun\dk4pk\game\DK4PK.exe Deleted C:\Documents and Settings\ohno\Start Menu\Programs\糧辅笴栏\dk4pk.lnk Update failed C:\Documents and Settings\ohno\Start Menu\Programs\呼隔ㄣ\bitcomet.lnk=>C:\Program Files\BitComet\BitComet.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Documents and Settings\ohno\Start Menu\Programs\呼隔ㄣ\bitcomet.lnk=>C:\Program Files\BitComet\BitComet.exe Disinfection failed C:\Documents and Settings\ohno\Start Menu\Programs\呼隔ㄣ\bitcomet.lnk=>C:\Program Files\BitComet\BitComet.exe Deleted C:\Documents and Settings\ohno\Start Menu\Programs\呼隔ㄣ\bitcomet.lnk Update failed C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\setup.exe Infected with: Trojan.PWS.Onlinegames.EF C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\setup.exe Disinfection failed C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\setup.exe Deleted C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe Disinfection failed C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe Deleted C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe Disinfection failed C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe Deleted C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\CHT\setup.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\CHT\setup.exe Disinfection failed C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\CHT\setup.exe Deleted C:\Program Files\Adobe\Adobe Help Center\ahc.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Help Center\ahc.exe Disinfection failed C:\Program Files\Adobe\Adobe Help Center\ahc.exe Deleted C:\Program Files\Adobe\Adobe Help Center\ahcremind.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Help Center\ahcremind.exe Disinfection failed C:\Program Files\Adobe\Adobe Help Center\ahcremind.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Required\Droplet Template.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Required\Droplet Template.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Required\Droplet Template.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Constrain 350, Make JPG 30.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Constrain 350, Make JPG 30.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Constrain 350, Make JPG 30.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Constrain to 200x200 pixels.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Constrain to 200x200 pixels.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Constrain to 200x200 pixels.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Constrain to 64X64 pixels.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Constrain to 64X64 pixels.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Constrain to 64X64 pixels.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make Button.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make Button.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make Button.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make GIF (128 colors).exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make GIF (128 colors).exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make GIF (128 colors).exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make GIF (32, no dither).exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make GIF (32, no dither).exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make GIF (32, no dither).exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make GIF (64 colors).exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make GIF (64 colors).exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make GIF (64 colors).exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make JPEG (quality 10).exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make JPEG (quality 10).exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make JPEG (quality 10).exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make JPEG (quality 30).exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make JPEG (quality 30).exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make JPEG (quality 30).exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make JPEG (quality 60).exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make JPEG (quality 60).exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Make JPEG (quality 60).exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Metal Slide Thumbnail.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Metal Slide Thumbnail.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Metal Slide Thumbnail.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Multi-Size Save.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Multi-Size Save.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Multi-Size Save.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Rounded Rect Thumbnail.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Rounded Rect Thumbnail.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Rounded Rect Thumbnail.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Slide Thumbnail.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Slide Thumbnail.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Slide Thumbnail.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Unsharp Mask.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Unsharp Mask.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets\Unsharp Mask.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Aged Photo.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Aged Photo.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Aged Photo.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Conditional Mode Change.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Conditional Mode Change.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Conditional Mode Change.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Constrain to 300 pixels.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Constrain to 300 pixels.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Constrain to 300 pixels.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Constrain to 64 pixels.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Constrain to 64 pixels.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Constrain to 64 pixels.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Drop Shadow Frame.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Drop Shadow Frame.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Drop Shadow Frame.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Make Button.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Make Button.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Make Button.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Make Sepia Tone.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Make Sepia Tone.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Make Sepia Tone.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Save As JPEG Medium.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Save As JPEG Medium.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Save As JPEG Medium.exe Deleted C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Save As Photoshop PDF.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Save As Photoshop PDF.exe Disinfection failed C:\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets\Save As Photoshop PDF.exe Deleted C:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit\ExtendScript Toolkit.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit\ExtendScript Toolkit.exe Disinfection failed C:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit\ExtendScript Toolkit.exe Deleted C:\Program Files\Ahead\Nero\NeroCmd.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Ahead\Nero\NeroCmd.exe Disinfection failed C:\Program Files\Ahead\Nero\NeroCmd.exe Deleted C:\Program Files\Ahead\Nero\NRESTORE.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Ahead\Nero\NRESTORE.EXE Disinfection failed C:\Program Files\Ahead\Nero\NRESTORE.EXE Deleted C:\Program Files\Ahead\Nero\Uninstall\UNNero.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Ahead\Nero\Uninstall\UNNero.exe Disinfection failed C:\Program Files\Ahead\Nero\Uninstall\UNNero.exe Deleted C:\Program Files\Ahead\Nero BackItUp\BackItUp.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Ahead\Nero BackItUp\BackItUp.exe Disinfection failed C:\Program Files\Ahead\Nero BackItUp\BackItUp.exe Deleted C:\Program Files\Ahead\Nero BackItUp\NBJ.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Ahead\Nero BackItUp\NBJ.exe Disinfection failed C:\Program Files\Ahead\Nero BackItUp\NBJ.exe Deleted C:\Program Files\Ahead\Nero BackItUp\NBR.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Ahead\Nero BackItUp\NBR.exe Disinfection failed C:\Program Files\Ahead\Nero BackItUp\NBR.exe Deleted C:\Program Files\Ahead\Nero SoundTrax\SoundTrax.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Ahead\Nero SoundTrax\SoundTrax.exe Disinfection failed C:\Program Files\Ahead\Nero SoundTrax\SoundTrax.exe Deleted C:\Program Files\Ahead\Nero Toolkit\hwinfo.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Ahead\Nero Toolkit\hwinfo.exe Disinfection failed C:\Program Files\Ahead\Nero Toolkit\hwinfo.exe Deleted C:\Program Files\Ahead\Nero Wave Editor\DXEnum.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Ahead\Nero Wave Editor\DXEnum.exe Disinfection failed C:\Program Files\Ahead\Nero Wave Editor\DXEnum.exe Deleted C:\Program Files\Ahead\Nero Wave Editor\WaveEdit.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Ahead\Nero Wave Editor\WaveEdit.exe Disinfection failed C:\Program Files\Ahead\Nero Wave Editor\WaveEdit.exe Deleted C:\Program Files\Ahead\WMPBurn\WMPBurn.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Ahead\WMPBurn\WMPBurn.exe Disinfection failed C:\Program Files\Ahead\WMPBurn\WMPBurn.exe Deleted C:\Program Files\ASUS\ASUS Live Update\ALU.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS\ASUS Live Update\ALU.exe Disinfection failed C:\Program Files\ASUS\ASUS Live Update\ALU.exe Deleted C:\Program Files\ASUS\ASUS Live Update\LiveUpdt.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS\ASUS Live Update\LiveUpdt.exe Disinfection failed C:\Program Files\ASUS\ASUS Live Update\LiveUpdt.exe Deleted C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe Disinfection failed C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe Deleted C:\Program Files\ASUS\LifeFrame2\AutoPlayer.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS\LifeFrame2\AutoPlayer.exe Disinfection failed C:\Program Files\ASUS\LifeFrame2\AutoPlayer.exe Deleted C:\Program Files\ASUS\Net4Switch\Net4Switch.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS\Net4Switch\Net4Switch.exe Disinfection failed C:\Program Files\ASUS\Net4Switch\Net4Switch.exe Deleted C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe Disinfection failed C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe Deleted C:\Program Files\ASUS\Power4 Gear\CLOSEWIN.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS\Power4 Gear\CLOSEWIN.exe Disinfection failed C:\Program Files\ASUS\Power4 Gear\CLOSEWIN.exe Deleted C:\Program Files\ASUS\Power4 Gear\PModeCfg.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS\Power4 Gear\PModeCfg.exe Disinfection failed C:\Program Files\ASUS\Power4 Gear\PModeCfg.exe Deleted C:\Program Files\ASUS\Splendid\ACOVS.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS\Splendid\ACOVS.exe Disinfection failed C:\Program Files\ASUS\Splendid\ACOVS.exe Deleted C:\Program Files\ASUS\Splendid\ACVT.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS\Splendid\ACVT.exe Disinfection failed C:\Program Files\ASUS\Splendid\ACVT.exe Deleted C:\Program Files\ASUS\WinFlash\WinFlash.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS\WinFlash\WinFlash.exe Disinfection failed C:\Program Files\ASUS\WinFlash\WinFlash.exe Deleted C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASRunDll.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASRunDll.exe Disinfection failed C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASRunDll.exe Deleted C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTray.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTray.exe Disinfection failed C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTray.exe Deleted C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItPackage.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItPackage.exe Disinfection failed C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItPackage.exe Deleted C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\LDIF2REG.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\LDIF2REG.exe Disinfection failed C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\LDIF2REG.exe Deleted C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\Utils\ChnlTest.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\Utils\ChnlTest.exe Disinfection failed C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\Utils\ChnlTest.exe Deleted C:\Program Files\ASUSTeK\ASUSDVD\cltest.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUSTeK\ASUSDVD\cltest.exe Disinfection failed C:\Program Files\ASUSTeK\ASUSDVD\cltest.exe Deleted C:\Program Files\ASUSTeK\ASUSDVD\ddtester.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUSTeK\ASUSDVD\ddtester.exe Disinfection failed C:\Program Files\ASUSTeK\ASUSDVD\ddtester.exe Deleted C:\Program Files\ASUSTeK\ASUSDVD\dvdrgn.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\ASUSTeK\ASUSDVD\dvdrgn.exe Disinfection failed C:\Program Files\ASUSTeK\ASUSDVD\dvdrgn.exe Deleted C:\Program Files\BitComet\CrashReport.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\BitComet\CrashReport.exe Disinfection failed C:\Program Files\BitComet\CrashReport.exe Deleted C:\Program Files\BitComet\tools\CodecCheck.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\BitComet\tools\CodecCheck.exe Disinfection failed C:\Program Files\BitComet\tools\CodecCheck.exe Deleted C:\Program Files\BitComet\tools\curl.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\BitComet\tools\curl.exe Disinfection failed C:\Program Files\BitComet\tools\curl.exe Deleted C:\Program Files\BitComet\tools\FlvPlayer.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\BitComet\tools\FlvPlayer.exe Disinfection failed C:\Program Files\BitComet\tools\FlvPlayer.exe Deleted C:\Program Files\BitComet\uninst.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\BitComet\uninst.exe Disinfection failed C:\Program Files\BitComet\uninst.exe Deleted C:\Program Files\CuteFTP\cuteftppro.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\CuteFTP\cuteftppro.exe Disinfection failed C:\Program Files\CuteFTP\cuteftppro.exe Deleted C:\Program Files\CuteFTP\ftpte.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\CuteFTP\ftpte.exe Disinfection failed C:\Program Files\CuteFTP\ftpte.exe Deleted C:\Program Files\DAEMON Tools\uninst.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\DAEMON Tools\uninst.exe Disinfection failed C:\Program Files\DAEMON Tools\uninst.exe Deleted C:\Program Files\eMule\LinkCreator.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\eMule\LinkCreator.exe Disinfection failed C:\Program Files\eMule\LinkCreator.exe Deleted C:\Program Files\eMule\Uninstall.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\eMule\Uninstall.exe Disinfection failed C:\Program Files\eMule\Uninstall.exe Deleted C:\Program Files\Google\Google Updater\2.0.755.22488\GoogleUpdaterAdminPrefs.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Google\Google Updater\2.0.755.22488\GoogleUpdaterAdminPrefs.exe Disinfection failed C:\Program Files\Google\Google Updater\2.0.755.22488\GoogleUpdaterAdminPrefs.exe Deleted C:\Program Files\Google\Google Updater\2.0.755.22488\GoogleUpdaterInstallMgr.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Google\Google Updater\2.0.755.22488\GoogleUpdaterInstallMgr.exe Disinfection failed C:\Program Files\Google\Google Updater\2.0.755.22488\GoogleUpdaterInstallMgr.exe Deleted C:\Program Files\Google\Google Updater\2.0.755.22488\GoogleUpdaterRestartManager.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Google\Google Updater\2.0.755.22488\GoogleUpdaterRestartManager.exe Disinfection failed C:\Program Files\Google\Google Updater\2.0.755.22488\GoogleUpdaterRestartManager.exe Deleted C:\Program Files\Google\Google Updater\2.0.755.22488\GoogleUpdaterSetup.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Google\Google Updater\2.0.755.22488\GoogleUpdaterSetup.exe Disinfection failed C:\Program Files\Google\Google Updater\2.0.755.22488\GoogleUpdaterSetup.exe Deleted C:\Program Files\Google\googletoolbar2user.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Google\googletoolbar2user.exe Disinfection failed C:\Program Files\Google\googletoolbar2user.exe Deleted C:\Program Files\Grisoft\AVG Anti-Rootkit Free\Uninstall.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Grisoft\AVG Anti-Rootkit Free\Uninstall.exe Disinfection failed C:\Program Files\Grisoft\AVG Anti-Rootkit Free\Uninstall.exe Deleted C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Disinfection failed C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Deleted C:\Program Files\Grisoft\AVG Free\setup.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Grisoft\AVG Free\setup.exe Disinfection failed C:\Program Files\Grisoft\AVG Free\setup.exe Deleted C:\Program Files\Infineon\Security Platform Software\SpBackupWz.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Infineon\Security Platform Software\SpBackupWz.exe Disinfection failed C:\Program Files\Infineon\Security Platform Software\SpBackupWz.exe Deleted C:\Program Files\Infineon\Security Platform Software\SpMigWz.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Infineon\Security Platform Software\SpMigWz.exe Disinfection failed C:\Program Files\Infineon\Security Platform Software\SpMigWz.exe Deleted C:\Program Files\Infineon\Security Platform Software\SpP12Wz.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Infineon\Security Platform Software\SpP12Wz.exe Disinfection failed C:\Program Files\Infineon\Security Platform Software\SpP12Wz.exe Deleted C:\Program Files\Infineon\Security Platform Software\SpPwdResetWz.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Infineon\Security Platform Software\SpPwdResetWz.exe Disinfection failed C:\Program Files\Infineon\Security Platform Software\SpPwdResetWz.exe Deleted C:\Program Files\Infineon\Security Platform Software\SpTPMWz.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Infineon\Security Platform Software\SpTPMWz.exe Disinfection failed C:\Program Files\Infineon\Security Platform Software\SpTPMWz.exe Deleted C:\Program Files\Infineon\Security Platform Software\SpUserWz.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Infineon\Security Platform Software\SpUserWz.exe Disinfection failed C:\Program Files\Infineon\Security Platform Software\SpUserWz.exe Deleted C:\Program Files\Intel\Wireless\Bin\DrWiFi.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Intel\Wireless\Bin\DrWiFi.exe Disinfection failed C:\Program Files\Intel\Wireless\Bin\DrWiFi.exe Deleted C:\Program Files\Intel\Wireless\Bin\iWrap.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Intel\Wireless\Bin\iWrap.exe Disinfection failed C:\Program Files\Intel\Wireless\Bin\iWrap.exe Deleted C:\Program Files\Intel\Wireless\Bin\RfToggle.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Intel\Wireless\Bin\RfToggle.exe Disinfection failed C:\Program Files\Intel\Wireless\Bin\RfToggle.exe Deleted C:\Program Files\Intel\Wireless\Drivers\DPInst.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Intel\Wireless\Drivers\DPInst.exe Disinfection failed C:\Program Files\Intel\Wireless\Drivers\DPInst.exe Deleted C:\Program Files\Intel\Wireless\Drivers\iProDifX.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Intel\Wireless\Drivers\iProDifX.exe Disinfection failed C:\Program Files\Intel\Wireless\Drivers\iProDifX.exe Deleted C:\Program Files\Java\bin\java.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\java.exe Disinfection failed C:\Program Files\Java\bin\java.exe Deleted C:\Program Files\Java\bin\javacpl.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\javacpl.exe Disinfection failed C:\Program Files\Java\bin\javacpl.exe Deleted C:\Program Files\Java\bin\javaw.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\javaw.exe Disinfection failed C:\Program Files\Java\bin\javaw.exe Deleted C:\Program Files\Java\bin\javaws.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\javaws.exe Disinfection failed C:\Program Files\Java\bin\javaws.exe Deleted C:\Program Files\Java\bin\jucheck.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\jucheck.exe Disinfection failed C:\Program Files\Java\bin\jucheck.exe Deleted C:\Program Files\Java\bin\keytool.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\keytool.exe Disinfection failed C:\Program Files\Java\bin\keytool.exe Deleted C:\Program Files\Java\bin\kinit.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\kinit.exe Disinfection failed C:\Program Files\Java\bin\kinit.exe Deleted C:\Program Files\Java\bin\klist.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\klist.exe Disinfection failed C:\Program Files\Java\bin\klist.exe Deleted C:\Program Files\Java\bin\ktab.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\ktab.exe Disinfection failed C:\Program Files\Java\bin\ktab.exe Deleted C:\Program Files\Java\bin\orbd.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\orbd.exe Disinfection failed C:\Program Files\Java\bin\orbd.exe Deleted C:\Program Files\Java\bin\pack200.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\pack200.exe Disinfection failed C:\Program Files\Java\bin\pack200.exe Deleted C:\Program Files\Java\bin\policytool.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\policytool.exe Disinfection failed C:\Program Files\Java\bin\policytool.exe Deleted C:\Program Files\Java\bin\rmid.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\rmid.exe Disinfection failed C:\Program Files\Java\bin\rmid.exe Deleted C:\Program Files\Java\bin\rmiregistry.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\rmiregistry.exe Disinfection failed C:\Program Files\Java\bin\rmiregistry.exe Deleted C:\Program Files\Java\bin\servertool.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\servertool.exe Disinfection failed C:\Program Files\Java\bin\servertool.exe Deleted C:\Program Files\Java\bin\tnameserv.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\tnameserv.exe Disinfection failed C:\Program Files\Java\bin\tnameserv.exe Deleted C:\Program Files\Java\bin\unpack200.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Java\bin\unpack200.exe Disinfection failed C:\Program Files\Java\bin\unpack200.exe Deleted C:\Program Files\K-Lite Codec Pack\tools\fixcodecs.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\K-Lite Codec Pack\tools\fixcodecs.exe Disinfection failed C:\Program Files\K-Lite Codec Pack\tools\fixcodecs.exe Deleted C:\Program Files\K-Lite Codec Pack\tools\gspot\gspot.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\K-Lite Codec Pack\tools\gspot\gspot.exe Disinfection failed C:\Program Files\K-Lite Codec Pack\tools\gspot\gspot.exe Deleted C:\Program Files\K-Lite Codec Pack\tools\VobSubStrip.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\K-Lite Codec Pack\tools\VobSubStrip.exe Disinfection failed C:\Program Files\K-Lite Codec Pack\tools\VobSubStrip.exe Deleted C:\Program Files\K-Lite Codec Pack\unins000.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\K-Lite Codec Pack\unins000.exe Disinfection failed C:\Program Files\K-Lite Codec Pack\unins000.exe Deleted C:\Program Files\Lavasoft\Ad-Aware SE Personal\unregaaw.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Lavasoft\Ad-Aware SE Personal\unregaaw.exe Disinfection failed C:\Program Files\Lavasoft\Ad-Aware SE Personal\unregaaw.exe Deleted C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE Disinfection failed C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE Deleted C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe Disinfection failed C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe Deleted C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe Disinfection failed C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe Deleted C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe Disinfection failed C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe Deleted C:\Program Files\PCMan\Symbols.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PCMan\Symbols.exe Disinfection failed C:\Program Files\PCMan\Symbols.exe Deleted C:\Program Files\PCMan\uninstall.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PCMan\uninstall.exe Disinfection failed C:\Program Files\PCMan\uninstall.exe Deleted C:\Program Files\pg2\unins000.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\pg2\unins000.exe Disinfection failed C:\Program Files\pg2\unins000.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\BTIniNt.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\BTIniNt.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\BTIniNt.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\DOCS\PM8Flash.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\DOCS\PM8Flash.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\DOCS\PM8Flash.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\DOS\BTIni.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\DOS\BTIni.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\DOS\BTIni.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\DOS\FSIMAGE.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\DOS\FSIMAGE.EXE Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\DOS\FSIMAGE.EXE Deleted C:\Program Files\PowerQuest\PartitionMagic\DOS\partinfo.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\DOS\partinfo.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\DOS\partinfo.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\DOS\PQBOOT.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\DOS\PQBOOT.EXE Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\DOS\PQBOOT.EXE Deleted C:\Program Files\PowerQuest\PartitionMagic\DOS\PQBOOTX.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\DOS\PQBOOTX.EXE Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\DOS\PQBOOTX.EXE Deleted C:\Program Files\PowerQuest\PartitionMagic\DOS\PQMAGIC.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\DOS\PQMAGIC.EXE Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\DOS\PQMAGIC.EXE Deleted C:\Program Files\PowerQuest\PartitionMagic\DOS\PTEDIT.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\DOS\PTEDIT.EXE Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\DOS\PTEDIT.EXE Deleted C:\Program Files\PowerQuest\PartitionMagic\DOS\SNUTIL.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\DOS\SNUTIL.EXE Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\DOS\SNUTIL.EXE Deleted C:\Program Files\PowerQuest\PartitionMagic\DOS\WRPROG.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\DOS\WRPROG.EXE Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\DOS\WRPROG.EXE Deleted C:\Program Files\PowerQuest\PartitionMagic\DrvMap.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\DrvMap.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\DrvMap.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\PartIn.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\PartIn.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\PartIn.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\PartIn9x.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\PartIn9x.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\PartIn9x.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\PartInNT.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\PartInNT.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\PartInNT.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\PMagic9x.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\PMagic9x.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\PMagic9x.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\PMagicBt.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\PMagicBt.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\PMagicBt.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\PMagicNT.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\PMagicNT.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\PMagicNT.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\Pqboot32.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\Pqboot32.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\Pqboot32.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\pqbw.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\pqbw.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\pqbw.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\PQLAUNCH.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\PQLAUNCH.EXE Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\PQLAUNCH.EXE Deleted C:\Program Files\PowerQuest\PartitionMagic\PqPe.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\PqPe.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\PqPe.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\pqpe9x.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\pqpe9x.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\pqpe9x.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\pqpeNT.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\pqpeNT.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\pqpeNT.exe Deleted C:\Program Files\PowerQuest\PartitionMagic\PTEDIT32.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\PTEDIT32.EXE Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\PTEDIT32.EXE Deleted C:\Program Files\PowerQuest\PartitionMagic\RESCUEME\Setup.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\PowerQuest\PartitionMagic\RESCUEME\Setup.exe Disinfection failed C:\Program Files\PowerQuest\PartitionMagic\RESCUEME\Setup.exe Deleted C:\Program Files\QuickTime Alternative\QuickTimePlayer.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\QuickTime Alternative\QuickTimePlayer.exe Disinfection failed C:\Program Files\QuickTime Alternative\QuickTimePlayer.exe Deleted C:\Program Files\QuickTime Alternative\unins000.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\QuickTime Alternative\unins000.exe Disinfection failed C:\Program Files\QuickTime Alternative\unins000.exe Deleted C:\Program Files\Real Alternative\mpclauncher.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Real Alternative\mpclauncher.exe Disinfection failed C:\Program Files\Real Alternative\mpclauncher.exe Deleted C:\Program Files\Real Alternative\settings.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Real Alternative\settings.exe Disinfection failed C:\Program Files\Real Alternative\settings.exe Deleted C:\Program Files\Real Alternative\unins000.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Real Alternative\unins000.exe Disinfection failed C:\Program Files\Real Alternative\unins000.exe Deleted C:\Program Files\Real Alternative\Update_OB\upgrdhlp.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Real Alternative\Update_OB\upgrdhlp.exe Disinfection failed C:\Program Files\Real Alternative\Update_OB\upgrdhlp.exe Deleted C:\Program Files\Realtek\InstallShield\ALCMTR.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Realtek\InstallShield\ALCMTR.EXE Disinfection failed C:\Program Files\Realtek\InstallShield\ALCMTR.EXE Deleted C:\Program Files\Realtek\InstallShield\ALCWZRD.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Realtek\InstallShield\ALCWZRD.EXE Disinfection failed C:\Program Files\Realtek\InstallShield\ALCWZRD.EXE Deleted C:\Program Files\Realtek\InstallShield\ChCfg.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Realtek\InstallShield\ChCfg.exe Disinfection failed C:\Program Files\Realtek\InstallShield\ChCfg.exe Deleted C:\Program Files\Realtek\InstallShield\CPLUTL64.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Realtek\InstallShield\CPLUTL64.EXE Disinfection failed C:\Program Files\Realtek\InstallShield\CPLUTL64.EXE Deleted C:\Program Files\Realtek\InstallShield\MICCAL.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Realtek\InstallShield\MICCAL.EXE Disinfection failed C:\Program Files\Realtek\InstallShield\MICCAL.EXE Deleted C:\Program Files\Realtek\InstallShield\RTHDCPL.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Realtek\InstallShield\RTHDCPL.EXE Disinfection failed C:\Program Files\Realtek\InstallShield\RTHDCPL.EXE Deleted C:\Program Files\Realtek\InstallShield\RTLCPL.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Realtek\InstallShield\RTLCPL.EXE Disinfection failed C:\Program Files\Realtek\InstallShield\RTLCPL.EXE Deleted C:\Program Files\Realtek\InstallShield\RTLUPD.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Realtek\InstallShield\RTLUPD.EXE Disinfection failed C:\Program Files\Realtek\InstallShield\RTLUPD.EXE Deleted C:\Program Files\Realtek\InstallShield\RTLUPD64.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Realtek\InstallShield\RTLUPD64.EXE Disinfection failed C:\Program Files\Realtek\InstallShield\RTLUPD64.EXE Deleted C:\Program Files\Realtek\InstallShield\SKYTEL.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Realtek\InstallShield\SKYTEL.EXE Disinfection failed C:\Program Files\Realtek\InstallShield\SKYTEL.EXE Deleted C:\Program Files\Realtek\InstallShield\SOUNDMAN.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Realtek\InstallShield\SOUNDMAN.EXE Disinfection failed C:\Program Files\Realtek\InstallShield\SOUNDMAN.EXE Deleted C:\Program Files\Spybot\blindman.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Spybot\blindman.exe Disinfection failed C:\Program Files\Spybot\blindman.exe Deleted C:\Program Files\Spybot\TeaTimer.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Spybot\TeaTimer.exe Disinfection failed C:\Program Files\Spybot\TeaTimer.exe Deleted C:\Program Files\Spybot\unins000.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Spybot\unins000.exe Disinfection failed C:\Program Files\Spybot\unins000.exe Deleted C:\Program Files\Spybot\Update.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Spybot\Update.exe Disinfection failed C:\Program Files\Spybot\Update.exe Deleted C:\Program Files\Synaptics\SynTP\InstNT.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Synaptics\SynTP\InstNT.exe Disinfection failed C:\Program Files\Synaptics\SynTP\InstNT.exe Deleted C:\Program Files\Synaptics\SynTP\Media\SETUP.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Synaptics\SynTP\Media\SETUP.EXE Disinfection failed C:\Program Files\Synaptics\SynTP\Media\SETUP.EXE Deleted C:\Program Files\Synaptics\SynTP\SynMood.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Synaptics\SynTP\SynMood.exe Disinfection failed C:\Program Files\Synaptics\SynTP\SynMood.exe Deleted C:\Program Files\Synaptics\SynTP\SynTPLpr.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Synaptics\SynTP\SynTPLpr.exe Disinfection failed C:\Program Files\Synaptics\SynTP\SynTPLpr.exe Deleted C:\Program Files\Synaptics\SynTP\SynZMetr.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Synaptics\SynTP\SynZMetr.exe Disinfection failed C:\Program Files\Synaptics\SynTP\SynZMetr.exe Deleted C:\Program Files\Synaptics\SynTP\Tutorial.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Synaptics\SynTP\Tutorial.exe Disinfection failed C:\Program Files\Synaptics\SynTP\Tutorial.exe Deleted C:\Program Files\SyncBack\unins000.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\SyncBack\unins000.exe Disinfection failed C:\Program Files\SyncBack\unins000.exe Deleted C:\Program Files\VPN Client\autoupdate.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\VPN Client\autoupdate.exe Disinfection failed C:\Program Files\VPN Client\autoupdate.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\BcbtRmv_1.7.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\BcbtRmv_1.7.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\BcbtRmv_1.7.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\BtDfuWizardP.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\BtDfuWizardP.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\BtDfuWizardP.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\BTInvoke.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\BTInvoke.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\BTInvoke.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\CheckWindow.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\CheckWindow.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\CheckWindow.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\DPInst.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\DPInst.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\DPInst.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1028.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1028.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1028.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1030.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1030.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1030.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1031.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1031.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1031.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1033.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1033.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1033.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1034.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1034.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1034.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1035.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1035.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1035.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1036.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1036.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1036.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1040.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1040.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1040.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1041.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1041.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1041.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1042.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1042.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1042.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1043.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1043.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1043.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1044.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1044.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1044.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1045.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1045.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1045.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1046.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1046.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1046.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1049.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1049.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1049.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1053.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1053.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_1053.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_2052.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_2052.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\KB818801_2052.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1028.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1028.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1028.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1030.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1030.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1030.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1031.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1031.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1031.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1033.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1033.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1033.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1034.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1034.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1034.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1035.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1035.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1035.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1036.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1036.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1036.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1040.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1040.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1040.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1041.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1041.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1041.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1042.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1042.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1042.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1043.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1043.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1043.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1044.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1044.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1044.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1045.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1045.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1045.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1046.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1046.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1046.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1049.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1049.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1049.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1053.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1053.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_1053.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_2052.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_2052.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\bin\Q816650_2052.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\BtwHtmlPrint.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\BtwHtmlPrint.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\BtwHtmlPrint.exe Deleted C:\Program Files\WIDCOMM\Bluetooth Software\gzip.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\WIDCOMM\Bluetooth Software\gzip.exe Disinfection failed C:\Program Files\WIDCOMM\Bluetooth Software\gzip.exe Deleted C:\Program Files\Winamp\UninstWA.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Winamp\UninstWA.exe Disinfection failed C:\Program Files\Winamp\UninstWA.exe Deleted C:\Program Files\Windows XP MUI Pack\mm21_muicht.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Windows XP MUI Pack\mm21_muicht.exe Disinfection failed C:\Program Files\Windows XP MUI Pack\mm21_muicht.exe Deleted C:\Program Files\Windows XP MUI Pack\mp10setup_muiCht.exe Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Windows XP MUI Pack\mp10setup_muiCht.exe Disinfection failed C:\Program Files\Windows XP MUI Pack\mp10setup_muiCht.exe Deleted C:\Program Files\Windows XP MUI Pack\MUIQFE.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Windows XP MUI Pack\MUIQFE.EXE Disinfection failed C:\Program Files\Windows XP MUI Pack\MUIQFE.EXE Deleted C:\Program Files\Windows XP MUI Pack\MUISETUP.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\Program Files\Windows XP MUI Pack\MUISETUP.EXE Disinfection failed C:\Program Files\Windows XP MUI Pack\MUISETUP.EXE Deleted C:\QooBox\Quarantine\C\WINDOWS\RichDll.dll.vir Infected with: Trojan.PWS.Onlinegames.EF C:\QooBox\Quarantine\C\WINDOWS\RichDll.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\RichDll.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\cmdbcs.dll.vir Infected with: Generic.PWS.Games.A73B8452 C:\QooBox\Quarantine\C\WINDOWS\system32\cmdbcs.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\cmdbcs.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\msccrt.dll.vir Infected with: Generic.PWS.Games.46CFC4D8 C:\QooBox\Quarantine\C\WINDOWS\system32\msccrt.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\msccrt.dll.vir Deleted C:\support\TOOLS\SETUP.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\support\TOOLS\SETUP.EXE Disinfection failed C:\support\TOOLS\SETUP.EXE Deleted Last edited by ohno; 05-06-2007 at 11:36 AM. |
|
|
|
|
05-06-2007, 11:38 AM
|
#16 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Re: Multiple infections
bitdefender.txt (part 2)
C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000011.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000011.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000011.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000012.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000012.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000012.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000013.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000013.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000013.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000014.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000014.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000014.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000015.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000015.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000015.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000017.exe Infected with: Generic.Malware.Sdld!gPWS.3CF39842 C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000017.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000017.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000018.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000018.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000018.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000019.exe Infected with: Trojan.PWS.OnLineGames.ASG C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000019.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000019.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000021.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000021.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000021.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000023.EXE Infected with: Generic.PWS.WoW.E7F936BA C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000023.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000023.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000024.EXE Infected with: Backdoor.Agent.ALH C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000024.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000024.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000026.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000026.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000026.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000027.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000027.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000027.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000028.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000028.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000028.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000039.dll Infected with: Generic.PWS.Games.5E8C9078 C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000039.dll Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000039.dll Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000064.dll Infected with: Generic.PWS.Games.A73B8452 C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000064.dll Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000064.dll Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000065.dll Infected with: Generic.PWS.Games.46CFC4D8 C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000065.dll Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000065.dll Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000066.dll Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000066.dll Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000066.dll Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000153.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000153.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000153.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000163.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000163.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000163.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000183.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000183.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000183.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000184.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000184.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000184.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000185.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000185.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000185.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000186.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000186.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000186.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000187.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000187.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000187.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000188.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000188.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000188.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000189.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000189.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000189.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000190.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000190.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000190.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000191.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000191.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000191.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000192.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000192.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000192.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000193.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000193.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000193.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000194.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000194.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000194.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000195.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000195.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000195.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000196.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000196.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000196.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000197.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000197.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000197.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000198.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000198.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000198.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000199.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000199.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000199.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000200.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000200.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000200.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000201.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000201.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000201.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000202.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000202.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000202.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000203.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000203.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000203.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000204.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000204.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000204.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000205.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000205.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000205.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000206.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000206.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000206.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000207.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000207.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000207.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000211.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000211.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000211.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000212.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000212.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000212.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000213.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000213.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000213.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000214.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000214.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000214.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000215.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000215.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000215.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000216.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000216.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000216.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000217.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000217.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000217.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000218.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000218.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000218.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000219.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000219.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000219.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000220.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000220.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000220.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000221.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000221.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000221.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000222.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000222.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000222.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000223.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000223.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000223.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000224.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000224.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000224.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000225.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000225.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000225.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000226.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000226.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000226.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000227.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000227.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000227.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000228.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000228.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000228.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000229.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000229.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000229.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000230.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000230.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000230.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000231.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000231.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000231.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000232.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000232.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000232.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000233.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000233.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000233.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000234.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000234.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000234.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000235.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000235.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000235.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000236.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000236.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000236.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000237.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000237.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000237.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000238.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000238.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000238.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000239.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000239.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000239.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000240.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000240.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000240.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000241.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000241.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000241.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000242.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000242.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000242.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000243.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000243.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000243.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000244.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000244.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000244.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000245.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000245.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000245.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000246.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000246.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000246.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000247.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000247.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000247.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000248.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000248.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000248.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000249.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000249.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000249.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000250.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000250.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000250.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000251.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000251.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000251.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000252.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000252.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000252.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000253.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000253.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000253.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000254.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000254.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000254.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000255.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000255.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000255.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000256.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000256.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000256.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000257.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000257.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000257.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000258.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000258.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000258.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000259.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000259.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000259.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000260.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000260.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000260.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000261.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000261.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000261.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000262.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000262.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000262.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000263.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000263.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000263.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000264.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000264.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000264.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000265.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000265.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000265.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000266.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000266.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000266.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000267.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000267.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000267.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000268.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000268.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000268.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000269.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000269.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000269.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000270.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000270.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000270.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000271.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000271.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000271.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000272.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000272.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000272.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000273.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000273.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000273.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000274.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000274.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000274.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000275.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000275.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000275.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000276.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000276.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000276.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000277.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000277.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000277.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000278.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000278.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000278.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000279.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000279.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000279.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000280.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000280.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000280.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000281.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000281.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000281.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000282.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000282.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000282.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000283.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000283.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000283.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000284.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000284.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000284.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000285.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000285.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000285.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000286.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000286.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000286.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000287.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000287.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000287.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000288.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000288.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000288.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000289.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000289.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000289.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000290.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000290.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000290.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000291.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000291.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000291.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000292.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000292.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000292.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000293.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000293.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000293.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000294.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000294.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000294.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000295.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000295.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000295.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000296.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000296.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000296.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000297.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000297.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000297.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000298.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000298.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000298.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000299.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000299.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000299.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000300.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000300.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000300.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000301.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000301.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000301.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000302.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000302.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000302.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000303.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000303.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000303.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000304.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000304.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000304.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000305.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000305.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000305.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000306.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000306.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000306.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000307.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000307.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000307.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000308.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000308.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000308.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000309.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000309.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000309.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000310.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000310.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000310.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000311.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000311.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000311.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000312.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000312.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000312.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000313.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000313.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000313.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000314.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000314.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000314.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000315.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000315.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000315.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000316.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000316.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000316.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000317.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000317.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000317.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000318.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000318.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000318.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000319.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000319.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000319.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000320.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000320.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000320.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000321.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000321.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000321.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000322.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000322.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000322.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000323.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000323.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000323.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000324.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000324.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000324.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000325.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000325.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000325.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000326.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000326.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000326.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000327.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000327.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000327.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000328.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000328.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000328.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000329.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000329.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000329.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000330.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000330.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000330.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000331.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000331.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000331.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000332.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000332.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000332.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000333.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000333.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000333.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000334.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000334.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000334.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000335.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000335.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000335.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000336.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000336.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000336.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000337.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000337.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000337.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000338.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000338.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000338.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000339.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000339.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000339.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000340.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000340.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000340.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000341.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000341.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000341.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000342.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000342.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000342.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000343.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000343.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000343.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000344.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000344.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000344.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000345.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000345.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000345.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000346.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000346.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000346.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000347.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000347.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000347.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000348.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000348.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000348.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000349.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000349.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000349.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000350.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000350.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000350.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000351.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000351.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000351.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000352.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000352.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000352.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000353.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000353.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000353.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000354.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000354.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000354.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000355.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000355.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000355.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000356.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000356.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000356.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000357.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000357.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000357.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000358.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000358.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000358.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000359.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000359.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000359.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000360.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000360.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000360.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000361.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000361.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000361.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000362.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000362.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000362.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000363.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000363.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000363.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000364.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000364.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000364.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000365.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000365.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000365.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000366.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000366.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000366.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000367.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000367.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000367.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000368.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000368.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000368.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000369.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000369.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000369.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000370.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000370.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000370.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000371.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000371.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000371.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000372.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000372.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000372.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000373.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000373.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000373.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000374.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000374.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000374.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000375.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000375.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000375.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000376.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000376.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000376.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000377.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000377.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000377.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000378.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000378.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000378.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000379.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000379.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000379.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000380.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000380.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000380.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000381.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000381.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000381.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000382.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000382.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000382.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000383.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000383.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000383.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000384.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000384.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000384.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000385.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000385.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000385.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000386.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000386.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000386.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000387.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000387.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000387.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000388.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000388.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000388.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000389.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000389.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000389.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000390.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000390.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000390.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000391.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000391.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000391.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000392.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000392.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000392.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000393.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000393.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000393.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000394.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000394.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000394.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000395.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000395.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000395.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000396.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000396.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000396.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000397.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000397.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000397.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000398.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000398.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000398.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000399.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000399.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000399.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000400.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000400.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000400.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000401.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000401.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000401.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000402.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000402.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000402.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000403.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000403.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000403.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000404.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000404.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000404.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000405.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000405.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000405.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000406.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000406.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000406.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000407.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000407.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000407.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000408.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000408.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000408.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000409.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000409.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000409.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000410.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000410.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000410.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000411.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000411.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000411.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000412.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000412.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000412.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000413.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000413.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000413.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000414.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000414.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000414.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000415.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000415.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000415.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000416.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000416.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000416.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000417.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000417.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000417.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000418.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000418.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000418.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000419.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000419.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000419.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000420.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000420.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000420.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000421.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000421.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000421.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000422.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000422.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000422.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000423.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000423.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000423.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000424.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000424.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000424.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000425.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000425.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000425.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000426.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000426.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000426.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000427.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000427.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000427.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000428.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000428.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000428.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000429.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000429.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000429.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000430.exe Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000430.exe Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000430.exe Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000431.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000431.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000431.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000432.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000432.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000432.EXE Deleted C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000433.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000433.EXE Disinfection failed C:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000433.EXE Deleted |
|
|
|
|
05-06-2007, 11:39 AM
|
#17 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 19
OS: Windows XP
|
Re: Multiple infections
bitdefender.txt (part 3) C:\temp\ext47680\update\update.exe Infected with: Trojan.PWS.Onlinegames.EF C:\temp\ext47680\update\update.exe Disinfection failed C:\temp\ext47680\update\update.exe Deleted C:\valueadd\3RDPARTY\MGMT\CITRIX\ICA32.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\valueadd\3RDPARTY\MGMT\CITRIX\ICA32.EXE Disinfection failed C:\valueadd\3RDPARTY\MGMT\CITRIX\ICA32.EXE Deleted C:\valueadd\MSFT\MGMT\IAS\IASNT4.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\valueadd\MSFT\MGMT\IAS\IASNT4.EXE Disinfection failed C:\valueadd\MSFT\MGMT\IAS\IASNT4.EXE Deleted C:\valueadd\MSFT\MGMT\PBA\PBAINST.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\valueadd\MSFT\MGMT\PBA\PBAINST.EXE Disinfection failed C:\valueadd\MSFT\MGMT\PBA\PBAINST.EXE Deleted C:\valueadd\MSFT\NET\TOOLS\TTCP.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\valueadd\MSFT\NET\TOOLS\TTCP.EXE Disinfection failed C:\valueadd\MSFT\NET\TOOLS\TTCP.EXE Deleted C:\valueadd\MSFT\USMT\ANSI\SCANSTATE.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\valueadd\MSFT\USMT\ANSI\SCANSTATE.EXE Disinfection failed C:\valueadd\MSFT\USMT\ANSI\SCANSTATE.EXE Deleted C:\valueadd\MSFT\USMT\LOADSTATE.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\valueadd\MSFT\USMT\LOADSTATE.EXE Disinfection failed C:\valueadd\MSFT\USMT\LOADSTATE.EXE Deleted C:\valueadd\MSFT\USMT\SCANSTATE.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\valueadd\MSFT\USMT\SCANSTATE.EXE Disinfection failed C:\valueadd\MSFT\USMT\SCANSTATE.EXE Deleted C:\valueadd\MSFT\USMT\SCANSTATE_A.EXE Infected with: Trojan.PWS.Onlinegames.EF C:\valueadd\MSFT\USMT\SCANSTATE_A.EXE Disinfection failed C:\valueadd\MSFT\USMT\SCANSTATE_A.EXE Deleted D:\fun\ag2\game\STCBasic.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\ag2\game\STCBasic.exe Disinfection failed D:\fun\ag2\game\STCBasic.exe Deleted D:\fun\ag2\game\Uninstall.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\ag2\game\Uninstall.exe Disinfection failed D:\fun\ag2\game\Uninstall.exe Deleted D:\fun\ag2\game\人工少女2.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\ag2\game\人工少女2.exe Disinfection failed D:\fun\ag2\game\人工少女2.exe Deleted D:\fun\civ4\hack\Civilization4.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\civ4\hack\Civilization4.exe Disinfection failed D:\fun\civ4\hack\Civilization4.exe Deleted D:\fun\civ4\hack\Civilization4.old.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\civ4\hack\Civilization4.old.exe Disinfection failed D:\fun\civ4\hack\Civilization4.old.exe Deleted D:\fun\dw4\game\Launcher.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\dw4\game\Launcher.exe Disinfection failed D:\fun\dw4\game\Launcher.exe Deleted D:\fun\dw4\hack\deviance.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\dw4\hack\deviance.exe Disinfection failed D:\fun\dw4\hack\deviance.exe Deleted D:\fun\dw4\hack\Dynasty Warriors 4 Hyper.old.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\dw4\hack\Dynasty Warriors 4 Hyper.old.exe Disinfection failed D:\fun\dw4\hack\Dynasty Warriors 4 Hyper.old.exe Deleted D:\fun\gta\hack\gta_sa.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\gta\hack\gta_sa.exe Disinfection failed D:\fun\gta\hack\gta_sa.exe Deleted D:\fun\gta\hack\gta_sa.old.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\gta\hack\gta_sa.old.exe Disinfection failed D:\fun\gta\hack\gta_sa.old.exe Deleted D:\fun\pm4\hack\no-cd.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\pm4\hack\no-cd.exe Disinfection failed D:\fun\pm4\hack\no-cd.exe Deleted D:\fun\san11\game\S11Launcher.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\san11\game\S11Launcher.exe Disinfection failed D:\fun\san11\game\S11Launcher.exe Deleted D:\fun\san11\game\San11.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\san11\game\San11.exe Disinfection failed D:\fun\san11\game\San11.exe Deleted D:\fun\san11\hack\san11-nocd\San11.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\san11\hack\san11-nocd\San11.exe Disinfection failed D:\fun\san11\hack\san11-nocd\San11.exe Deleted D:\fun\san11\hack\san11-nocd\San11.old.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\san11\hack\san11-nocd\San11.old.exe Disinfection failed D:\fun\san11\hack\san11-nocd\San11.old.exe Deleted D:\fun\san11\hack\san11editor\San11Editor.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\san11\hack\san11editor\San11Editor.exe Disinfection failed D:\fun\san11\hack\san11editor\San11Editor.exe Deleted D:\fun\small\flow\flOw classic.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\small\flow\flOw classic.exe Disinfection failed D:\fun\small\flow\flOw classic.exe Deleted D:\fun\small\flow\flOw official.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\small\flow\flOw official.exe Disinfection failed D:\fun\small\flow\flOw official.exe Deleted D:\fun\small\flow\flOw widescreen.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\small\flow\flOw widescreen.exe Disinfection failed D:\fun\small\flow\flOw widescreen.exe Deleted D:\fun\small\swd\SWD\ASMDRV.EXE Infected with: Trojan.PWS.Onlinegames.EF D:\fun\small\swd\SWD\ASMDRV.EXE Disinfection failed D:\fun\small\swd\SWD\ASMDRV.EXE Deleted D:\fun\small\swd\SWD\JGAME.EXE Infected with: Trojan.PWS.Onlinegames.EF D:\fun\small\swd\SWD\JGAME.EXE Disinfection failed D:\fun\small\swd\SWD\JGAME.EXE Deleted D:\fun\small\swd\SWD\RPG.EXE Infected with: Trojan.PWS.Onlinegames.EF D:\fun\small\swd\SWD\RPG.EXE Disinfection failed D:\fun\small\swd\SWD\RPG.EXE Deleted D:\fun\small\swd\SWD\WRPG.EXE Infected with: Trojan.PWS.Onlinegames.EF D:\fun\small\swd\SWD\WRPG.EXE Disinfection failed D:\fun\small\swd\SWD\WRPG.EXE Deleted D:\fun\small\swd\SWD2\INSTALL.EXE Infected with: Trojan.PWS.Onlinegames.EF D:\fun\small\swd\SWD2\INSTALL.EXE Disinfection failed D:\fun\small\swd\SWD2\INSTALL.EXE Deleted D:\fun\small\swd\SWDA\INSTALL.EXE Infected with: Trojan.PWS.Onlinegames.EF D:\fun\small\swd\SWDA\INSTALL.EXE Disinfection failed D:\fun\small\swd\SWDA\INSTALL.EXE Deleted D:\fun\taikou5\game\DX9\dxsetup.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\taikou5\game\DX9\dxsetup.exe Disinfection failed D:\fun\taikou5\game\DX9\dxsetup.exe Deleted D:\fun\taikou5\game\Taikou5.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\taikou5\game\Taikou5.exe Disinfection failed D:\fun\taikou5\game\Taikou5.exe Deleted D:\fun\taikou5\game\TR5Start.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\taikou5\game\TR5Start.exe Disinfection failed D:\fun\taikou5\game\TR5Start.exe Deleted D:\fun\taikou5\hack\GaTK5edit.exe Infected with: Trojan.PWS.Onlinegames.EF D:\fun\taikou5\hack\GaTK5edit.exe Disinfection failed D:\fun\taikou5\hack\GaTK5edit.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000208.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000208.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000208.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000209.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000209.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000209.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000210.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000210.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000210.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000442.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000442.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000442.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000443.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000443.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000443.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000444.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000444.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000444.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000445.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000445.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000445.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000446.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000446.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000446.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000447.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000447.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000447.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000448.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000448.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000448.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000449.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000449.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000449.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000450.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000450.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000450.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000451.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000451.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000451.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000452.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000452.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000452.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000453.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000453.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000453.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000454.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000454.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000454.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000455.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000455.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000455.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000456.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000456.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000456.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000457.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000457.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000457.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000458.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000458.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000458.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000459.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000459.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000459.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000460.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000460.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000460.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000461.EXE Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000461.EXE Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000461.EXE Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000462.EXE Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000462.EXE Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000462.EXE Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000463.EXE Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000463.EXE Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000463.EXE Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000464.EXE Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000464.EXE Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000464.EXE Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000465.EXE Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000465.EXE Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000465.EXE Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000466.EXE Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000466.EXE Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000466.EXE Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000467.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000467.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000467.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000468.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000468.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000468.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000469.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000469.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000469.exe Deleted D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000470.exe Infected with: Trojan.PWS.Onlinegames.EF D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000470.exe Disinfection failed D:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000470.exe Deleted F:\safehold\setup\.housecall6.6\patch.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\.housecall6.6\patch.exe Disinfection failed F:\safehold\setup\.housecall6.6\patch.exe Deleted F:\safehold\setup\.housecall6.6\tsc.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\.housecall6.6\tsc.exe Disinfection failed F:\safehold\setup\.housecall6.6\tsc.exe Deleted F:\safehold\setup\Application Data\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Application Data\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe Disinfection failed F:\safehold\setup\Application Data\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe Deleted F:\safehold\setup\Application Data\InstallShield Installation Information\{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}\setup.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Application Data\InstallShield Installation Information\{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}\setup.exe Disinfection failed F:\safehold\setup\Application Data\InstallShield Installation Information\{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}\setup.exe Deleted F:\safehold\setup\Application Data\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\NewShortcut2_64893225ADBA469EB114F3B2C1FBBA77.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Application Data\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\NewShortcut2_64893225ADBA469EB114F3B2C1FBBA77.exe Disinfection failed F:\safehold\setup\Application Data\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\NewShortcut2_64893225ADBA469EB114F3B2C1FBBA77.exe Deleted F:\safehold\setup\Application Data\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\S11Launcher.exe_64893225ADBA469EB114F3B2C1FBBA77.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Application Data\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\S11Launcher.exe_64893225ADBA469EB114F3B2C1FBBA77.exe Disinfection failed F:\safehold\setup\Application Data\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\S11Launcher.exe_64893225ADBA469EB114F3B2C1FBBA77.exe Deleted F:\safehold\setup\Local Settings\Temp\AutoDL%3FBundleId=10878_b197838c.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\AutoDL%3FBundleId=10878_b197838c.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\AutoDL%3FBundleId=10878_b197838c.exe Deleted F:\safehold\setup\Local Settings\Temp\AutoRun.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\AutoRun.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\AutoRun.exe Deleted F:\safehold\setup\Local Settings\Temp\eauninstall.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\eauninstall.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\eauninstall.exe Deleted F:\safehold\setup\Local Settings\Temp\First15.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\First15.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\First15.exe Deleted F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdater.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdater.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdater.exe Deleted F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdaterAdminPrefs.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdaterAdminPrefs.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdaterAdminPrefs.exe Deleted F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdaterInstallMgr.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdaterInstallMgr.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdaterInstallMgr.exe Deleted F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdaterService.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdaterService.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdaterService.exe Deleted F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdaterSetup.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdaterSetup.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\gis4884799d\GoogleUpdaterSetup.exe Deleted F:\safehold\setup\Local Settings\Temp\gis4884799d\SearchWithGoogleUpdate_zh-tw.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\gis4884799d\SearchWithGoogleUpdate_zh-tw.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\gis4884799d\SearchWithGoogleUpdate_zh-tw.exe Deleted F:\safehold\setup\Local Settings\Temp\NBA LIVE 07_uninst.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\NBA LIVE 07_uninst.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\NBA LIVE 07_uninst.exe Deleted F:\safehold\setup\Local Settings\Temp\ose00000.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\ose00000.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\ose00000.exe Deleted F:\safehold\setup\Local Settings\Temp\SPTDinst.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\SPTDinst.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\SPTDinst.exe Deleted F:\safehold\setup\Local Settings\Temp\VP6Install.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\VP6Install.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\VP6Install.exe Deleted F:\safehold\setup\Local Settings\Temp\既ヘ魁 1 ノ [ぶ冠紅4.羉砰いゅClone].Princess.Maker.4_NOCD.zip\pm4cd\PrincessMaker4.exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temp\既ヘ魁 1 ノ [ぶ冠紅4.羉砰いゅClone].Princess.Maker.4_NOCD.zip\pm4cd\PrincessMaker4.exe Disinfection failed F:\safehold\setup\Local Settings\Temp\既ヘ魁 1 ノ [ぶ冠紅4.羉砰いゅClone].Princess.Maker.4_NOCD.zip\pm4cd\PrincessMaker4.exe Deleted F:\safehold\setup\Local Settings\Temporary Internet Files\Content.IE5\61TQNUL0\CADDI9IL.exe%2686042623&cc=100&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_tz=480&u_his=4&u_java=true Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temporary Internet Files\Content.IE5\61TQNUL0\CADDI9IL.exe%2686042623&cc=100&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_tz=480&u_his=4&u_java=true Disinfection failed F:\safehold\setup\Local Settings\Temporary Internet Files\Content.IE5\61TQNUL0\CADDI9IL.exe%2686042623&cc=100&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_tz=480&u_his=4&u_java=true Deleted F:\safehold\setup\Local Settings\Temporary Internet Files\Content.IE5\P7VJT18E\CA0WF7LR.exe%2686042623&cc=100&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_tz=480&u_his=4&u_java=true Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temporary Internet Files\Content.IE5\P7VJT18E\CA0WF7LR.exe%2686042623&cc=100&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_tz=480&u_his=4&u_java=true Disinfection failed F:\safehold\setup\Local Settings\Temporary Internet Files\Content.IE5\P7VJT18E\CA0WF7LR.exe%2686042623&cc=100&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_tz=480&u_his=4&u_java=true Deleted F:\safehold\setup\Local Settings\Temporary Internet Files\Content.IE5\P7VJT18E\CAQH3HP9.exe%2686042623&cc=100&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_tz=480&u_his=4&u_java=true Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temporary Internet Files\Content.IE5\P7VJT18E\CAQH3HP9.exe%2686042623&cc=100&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_tz=480&u_his=4&u_java=true Disinfection failed F:\safehold\setup\Local Settings\Temporary Internet Files\Content.IE5\P7VJT18E\CAQH3HP9.exe%2686042623&cc=100&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_tz=480&u_his=4&u_java=true Deleted F:\safehold\setup\Local Settings\Temporary Internet Files\Content.IE5\W7DZ2AJ5\ljArchive-0.9.7[1].exe Infected with: Trojan.PWS.Onlinegames.EF F:\safehold\setup\Local Settings\Temporary Internet Files\Content.IE5\W7DZ2AJ5\ljArchive-0.9.7[1].exe Disinfection failed F:\safehold\setup\Local Settings\Temporary Internet Files\Content.IE5\W7DZ2AJ5\ljArchive-0.9.7[1].exe Deleted F:\storage\DEMO\SWD\AIR.EXE Infected with: Trojan.PWS.Onlinegames.EF F:\storage\DEMO\SWD\AIR.EXE Disinfection failed F:\storage\DEMO\SWD\AIR.EXE Deleted F:\storage\DEMO\SWD\DEMO.EXE Infected with: Trojan.PWS.Onlinegames.EF F:\storage\DEMO\SWD\DEMO.EXE Disinfection failed F:\storage\DEMO\SWD\DEMO.EXE Deleted F:\storage\DEMO\SWD\DEMO2.EXE Infected with: Trojan.PWS.Onlinegames.EF F:\storage\DEMO\SWD\DEMO2.EXE Disinfection failed F:\storage\DEMO\SWD\DEMO2.EXE Deleted F:\storage\DEMO\SWD\OPEN.EXE Infected with: Trojan.PWS.Onlinegames.EF F:\storage\DEMO\SWD\OPEN.EXE Disinfection failed F:\storage\DEMO\SWD\OPEN.EXE Deleted F:\storage\DEMO\SWD\PLAY.EXE Infected with: Trojan.PWS.Onlinegames.EF F:\storage\DEMO\SWD\PLAY.EXE Disinfection failed F:\storage\DEMO\SWD\PLAY.EXE Deleted F:\storage\DEMO\SWD\SS.EXE Infected with: Trojan.PWS.Onlinegames.EF F:\storage\DEMO\SWD\SS.EXE Disinfection failed F:\storage\DEMO\SWD\SS.EXE Deleted F:\storage\DEMO\SWD2\DEMO.EXE Infected with: Trojan.PWS.Onlinegames.EF F:\storage\DEMO\SWD2\DEMO.EXE Disinfection failed F:\storage\DEMO\SWD2\DEMO.EXE Deleted F:\storage\DEMO\SWDA\CHNA2.EXE Infected with: Trojan.PWS.Onlinegames.EF F:\storage\DEMO\SWDA\CHNA2.EXE Disinfection failed F:\storage\DEMO\SWDA\CHNA2.EXE Deleted F:\storage\DEMO\SWDA\DEMO.EXE Infected with: Trojan.PWS.Onlinegames.EF F:\storage\DEMO\SWDA\DEMO.EXE Disinfection failed F:\storage\DEMO\SWDA\DEMO.EXE Deleted F:\storage\DEMO\SWDA\DO.EXE Infected with: Trojan.PWS.Onlinegames.EF F:\storage\DEMO\SWDA\DO.EXE Disinfection failed F:\storage\DEMO\SWDA\DO.EXE Deleted F:\storage\DEMO\SWDA\MAP0.EXE Infected with: Trojan.PWS.Onlinegames.EF F:\storage\DEMO\SWDA\MAP0.EXE Disinfection failed F:\storage\DEMO\SWDA\MAP0.EXE Deleted F:\storage\DEMO\SWDA\MAPA.EXE Infected with: Trojan.PWS.Onlinegames.EF F:\storage\DEMO\SWDA\MAPA.EXE Disinfection failed F:\storage\DEMO\SWDA\MAPA.EXE Deleted F:\storage\locker\hack endless\HACKEN~1.CHM=>/113.html Infected with: Generic.XPL.IESpoof.9189B82A F:\storage\locker\hack endless\HACKEN~1.CHM=>/113.html Disinfection failed F:\storage\locker\hack endless\HACKEN~1.CHM=>/113.html Deleted F:\storage\locker\hack endless\HACKEN~1.CHM Update failed F:\storage\locker\hack endless\HACKEN~1.CHM=>/378.html Infected with: JS.Distance F:\storage\locker\hack endless\HACKEN~1.CHM=>/378.html Disinfection failed F:\storage\locker\hack endless\HACKEN~1.CHM=>/378.html Deleted F:\storage\locker\hack endless\HACKEN~1.CHM Update failed F:\storage\locker\hack endless\HACKEN~1.CHM=>/120.html Infected with: Backdoor.ASP.Rootkit.A F:\storage\locker\hack endless\HACKEN~1.CHM=>/120.html Disinfection failed F:\storage\locker\hack endless\HACKEN~1.CHM=>/120.html Deleted F:\storage\locker\hack endless\HACKEN~1.CHM Update failed F:\storage\locker\hack endless\HACKEN~1.CHM=>/190.html Suspected of: Type_ScriptMailer F:\storage\locker\hack endless\HACKEN~1.CHM=>/190.html Disinfection failed F:\storage\locker\hack endless\HACKEN~1.CHM=>/190.html Deleted F:\storage\locker\hack endless\HACKEN~1.CHM Update failed F:\storage\locker\msoffice\SETUP.EXE Infected with: Trojan.PWS.Onlinegames.EF F:\storage\locker\msoffice\SETUP.EXE Disinfection failed F:\storage\locker\msoffice\SETUP.EXE Deleted F:\storage\nox\mirc.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\nox\mirc.exe Disinfection failed F:\storage\nox\mirc.exe Deleted F:\storage\setup.old\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\setup.old\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe Disinfection failed F:\storage\setup.old\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe Deleted F:\storage\setup.old\Application Data\Microsoft\Installer\{532EFE70-19BC-4F0F-8F50-D5F15C243133}\NewShortcut1_8315396A5EA1419DBEC4978284BDF556.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\setup.old\Application Data\Microsoft\Installer\{532EFE70-19BC-4F0F-8F50-D5F15C243133}\NewShortcut1_8315396A5EA1419DBEC4978284BDF556.exe Disinfection failed F:\storage\setup.old\Application Data\Microsoft\Installer\{532EFE70-19BC-4F0F-8F50-D5F15C243133}\NewShortcut1_8315396A5EA1419DBEC4978284BDF556.exe Deleted F:\storage\setup.old\Application Data\Microsoft\Installer\{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}\NewShortcut1_8315396A5EA1419DBEC4978284BDF556.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\setup.old\Application Data\Microsoft\Installer\{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}\NewShortcut1_8315396A5EA1419DBEC4978284BDF556.exe Disinfection failed F:\storage\setup.old\Application Data\Microsoft\Installer\{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}\NewShortcut1_8315396A5EA1419DBEC4978284BDF556.exe Deleted F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_18be6784.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_18be6784.exe Disinfection failed F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_18be6784.exe Deleted F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_294823.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_294823.exe Disinfection failed F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_294823.exe Deleted F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_2cd672ae.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_2cd672ae.exe Disinfection failed F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_2cd672ae.exe Deleted F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_4ae13d6c.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_4ae13d6c.exe Disinfection failed F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_4ae13d6c.exe Deleted F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_69525f90.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_69525f90.exe Disinfection failed F:\storage\setup.old\Application Data\Microsoft\Installer\{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}\_69525f90.exe Deleted F:\storage\torpark\App\tor\tor.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\torpark\App\tor\tor.exe Disinfection failed F:\storage\torpark\App\tor\tor.exe Deleted F:\storage\torpark\App\tor\torcircuitstatus.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\torpark\App\tor\torcircuitstatus.exe Disinfection failed F:\storage\torpark\App\tor\torcircuitstatus.exe Deleted F:\storage\torpark\App\tor\tor_resolve.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\torpark\App\tor\tor_resolve.exe Disinfection failed F:\storage\torpark\App\tor\tor_resolve.exe Deleted F:\storage\torpark\App\torpark\firefox\updater.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\torpark\App\torpark\firefox\updater.exe Disinfection failed F:\storage\torpark\App\torpark\firefox\updater.exe Deleted F:\storage\torpark\App\torpark\firefox\xpicleanup.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\torpark\App\torpark\firefox\xpicleanup.exe Disinfection failed F:\storage\torpark\App\torpark\firefox\xpicleanup.exe Deleted F:\storage\torpark\Data\torpark\profile\extensions\{65f3d609-18c1-4f62-bcef-1973b6abeab4}\FlushCircuit.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\torpark\Data\torpark\profile\extensions\{65f3d609-18c1-4f62-bcef-1973b6abeab4}\FlushCircuit.exe Disinfection failed F:\storage\torpark\Data\torpark\profile\extensions\{65f3d609-18c1-4f62-bcef-1973b6abeab4}\FlushCircuit.exe Deleted F:\storage\torpark\Data\torpark\profile\extensions\{65f3d609-18c1-4f62-bcef-1973b6abeab4}\signal.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\torpark\Data\torpark\profile\extensions\{65f3d609-18c1-4f62-bcef-1973b6abeab4}\signal.exe Disinfection failed F:\storage\torpark\Data\torpark\profile\extensions\{65f3d609-18c1-4f62-bcef-1973b6abeab4}\signal.exe Deleted F:\storage\torpark\Torpark.exe Infected with: Trojan.PWS.Onlinegames.EF F:\storage\torpark\Torpark.exe Disinfection failed F:\storage\torpark\Torpark.exe Deleted F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000471.exe Infected with: Trojan.PWS.Onlinegames.EF F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000471.exe Disinfection failed F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000471.exe Deleted F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000472.exe Infected with: Trojan.PWS.Onlinegames.EF F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000472.exe Disinfection failed F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000472.exe Deleted F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000473.exe Infected with: Trojan.PWS.Onlinegames.EF F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000473.exe Disinfection failed F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000473.exe Deleted F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000474.exe Infected with: Trojan.PWS.Onlinegames.EF F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000474.exe Disinfection failed F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000474.exe Deleted F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000475.exe Infected with: Trojan.PWS.Onlinegames.EF F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000475.exe Disinfection failed F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000475.exe Deleted F:\System Volume Information\_restore{8471649D-4BA9-4D6C-B107-E6A565E2BBA5}\RP2\A0000476.exe In |
