Har fått malware. Logg fra mbam

[spetwols]

Loggen på malwerbyter :

 

Malwarebytes' Anti-Malware 1.41

Databaseversjon: 2775

Windows 5.1.2600 Service Pack 2

 

16.09.2009 22:30:29

mbam-log-2009-09-16 (22-30-29).txt

 

Skanntype: Rask Skann

Objekter skannet: 92308

Tid tilbakelagt: 7 minute(s), 33 second(s)

 

Minneprosesser infisert: 2

Minnemoduler infisert: 1

Registernøkler infisert: 6

Registerverdier infisert: 5

Registerfiler infisert: 0

Mapper infisert: 1

Filer infisert: 26

 

Minneprosesser infisert:

C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> Unloaded process successfully.

C:\WINDOWS\pp12.exe (Worm.KoobFace) -> Unloaded process successfully.

 

Minnemoduler infisert:

c:\program files\ddnsfilter\ddnsfilter.dll (Trojan.DNSChanger) -> Delete on reboot.

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\webserver (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\webserver (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webserver (Worm.KoobFace) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

C:\Program Files\DDnsFilter (Trojan.DNSChanger) -> Delete on reboot.

 

Filer infisert:

C:\WINDOWS\srpira1252789751.eXE (Spyware.Passwords) -> Quarantined and deleted successfully.

C:\Program Files\DDnsFilter\DDnsFilter.dll (Trojan.DNSChanger) -> Delete on reboot.

C:\WINDOWS\vkl_1252789753.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\WINDOWS\vkl_1252789783.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\WINDOWS\vkl_1252850112.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\WINDOWS\vkl_1252850129.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\WINDOWS\vkl_1252850465.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\WINDOWS\vkl_1252850482.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\WINDOWS\vkl_1252853250.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\WINDOWS\vkl_1252853267.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\WINDOWS\vkl_1253046892.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\WINDOWS\vkl_1253047953.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\WINDOWS\vkl_1253101356.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\WINDOWS\vkl_1253101375.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\WINDOWS\nlmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS101120101465050.xe (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS101120101465154.xe (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS101120101465254.xe (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS101120101465349.xe (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\freddy63.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\freddy64.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\ld14.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\mmsmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\pp12.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

[norbat]

spetwols: Logger postes i egen tråd som du oppretter ved å klikke på "Nytt Emne"-knappen.

 

Oppdater og kjør en ny rask skann med MBAM. Deretter går du til Windows Update og oppdaterer med SP3