Malwarebytes' Anti-Malware 1.25 Database versjon: 1089 Windows 5.1.2600 Service Pack 2 21:18:10 27.08.2008 mbam-log-08-27-2008 (21-18-10).txt Skanntype: Rask Skann Objekter skannet: 40069 Tid tilbakelagt: 2 minute(s), 20 second(s) Minneprosesser infisert: 2 Minnemoduler infisert: 3 Registernøkler infisert: 6 Registerverdier infisert: 5 Registerfiler infisert: 2 Mapper infisert: 12 Filer infisert: 20 Minneprosesser infisert: C:\Programfiler\rhc373j0erfe\rhc373j0erfe.exe (Rogue.Multiple) -> Unloaded process successfully. C:\WINDOWS\system32\pphc773j0erfe.exe (Trojan.FakeAlert) -> Unloaded process successfully. Minnemoduler infisert: C:\Programfiler\rhc373j0erfe\MFC71.dll (Rogue.Multiple) -> Delete on reboot. C:\Programfiler\rhc373j0erfe\msvcp71.dll (Rogue.Multiple) -> Delete on reboot. C:\Programfiler\rhc373j0erfe\msvcr71.dll (Rogue.Multiple) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc373j0erfe (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\rhc373j0erfe (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc373j0erfe (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: C:\Programfiler\rhc373j0erfe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Berg\Programdata\rhc373j0erfe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Berg\Programdata\rhc373j0erfe\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Berg\Programdata\rhc373j0erfe\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Berg\Programdata\rhc373j0erfe\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Berg\Programdata\rhc373j0erfe\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Berg\Programdata\rhc373j0erfe\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Berg\Programdata\rhc373j0erfe\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Berg\Programdata\rhc373j0erfe\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Berg\Programdata\rhc373j0erfe\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Berg\Programdata\rhc373j0erfe\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Berg\Programdata\rhc373j0erfe\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully. Filer infisert: C:\WINDOWS\system32\blphc773j0erfe.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Programfiler\rhc373j0erfe\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programfiler\rhc373j0erfe\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programfiler\rhc373j0erfe\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programfiler\rhc373j0erfe\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programfiler\rhc373j0erfe\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programfiler\rhc373j0erfe\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programfiler\rhc373j0erfe\rhc373j0erfe.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programfiler\rhc373j0erfe\rhc373j0erfe.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Programfiler\rhc373j0erfe\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Berg\Programdata\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\phc773j0erfe.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pphc773j0erfe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.