Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4340 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 23.07.2010 11:13:23 mbam-log-2010-07-23 (11-13-23).txt Skanntype: Full skann (C:\|) Objekter skannet: 233007 Tid tilbakelagt: 45 minutt(er), 51 sekund(er) Minneprosesser infisert: 3 Minnemoduler infisert: 1 Registernøkler infisert: 1 Registerverdier infisert: 4 Registerfiler infisert: 3 Mapper infisert: 1 Filer infisert 34 Minneprosesser infisert: C:\Documents and Settings\ltran\Lokale innstillinger\Temp\MSDERUN.EXE (Trojan.FakeAlert) -> Unloaded process successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\asd12A.tmp.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> Unloaded process successfully. Minnemoduler infisert: C:\Documents and Settings\ltran\Lokale innstillinger\Programdata\Windows Server\mttuqs.dll (Spyware.Passwords) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\Software\Microsoft\idln2 (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\HomePage (Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully. Mapper infisert: C:\Programfiler\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully. Filer infisert C:\Documents and Settings\ltran\Lokale innstillinger\Programdata\Windows Server\mttuqs.dll (Spyware.Passwords) -> Delete on reboot. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\MSDERUN.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\asd12A.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\asd126.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\asd127.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\asd128.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\asd129.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\asd12B.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\asd12D.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\asd12E.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\asd12F.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\tbWYNrle.exe.part (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\TMP26042.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\tmp3AD7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\tmp44F9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\tmp4FF6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\tmp660E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\tmp693A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\tmp6EB9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\tmp7F64.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\tmp8417.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\tmp8DCB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\topwesitjh (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\ERDNT\ERDNTWIN.OVL (Trojan.Banker) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Skrivebord\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Skrivebord\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Skrivebord\spam001.exe (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Skrivebord\spam003.exe (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Skrivebord\troj000.exe (Malware.Trave) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Skrivebord\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Favoritter\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\7.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Documents and Settings\ltran\Lokale innstillinger\Temp\mschrt20ex.dll (Rogue.DefenseCenter) -> Delete on reboot.