MBAM-Logg 2010

[Hkkkooe]

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databaseversjon: 4309

 

Windows 6.0.6001 Service Pack 3

Internet Explorer 8.0.6001.18928

 

13.07.2010 19:19:16

mbam-log-2010-07-13 (19-19-16).txt

 

Skanntype: Hurtigsøk

Objekter skannet: 131779

Tid tilbakelagt: 8 minutt(er), 44 sekund(er)

 

Minneprosesser infisert: 3

Minnemoduler infisert: 3

Registernøkler infisert: 5

Registerverdier infisert: 5

Registerfiler infisert: 4

Mapper infisert: 1

Filer infisert 25

 

Minneprosesser infisert:

C:\Users\Kenneth\AppData\Local\Temp\AUTMGR32.EXE (Trojan.Dropper) -> Unloaded process successfully.

C:\Users\Kenneth\AppData\Local\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

C:\Users\Kenneth\AppData\Roaming\Defense Center\defcnt.exe (Trojan.FakeAlert) -> Unloaded process successfully.

 

Minnemoduler infisert:

C:\Users\Kenneth\AppData\Local\Temp\mschrt20ex.dll (Rogue.DefenseCenter) -> Delete on reboot.

C:\Users\Kenneth\AppData\Roaming\Defense Center\defhook.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\Users\Kenneth\AppData\Local\ASAupn.dll (Trojan.Hiloti) -> Delete on reboot.

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pragmawifexrpqtc (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\djivonibumerujo (Trojan.Hiloti) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\defense center (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

 

Mapper infisert:

C:\Windows\PRAGMAwifexrpqtc (Trojan.DNSChanger) -> Quarantined and deleted successfully.

 

Filer infisert

C:\Users\Kenneth\AppData\Local\Temp\mschrt20ex.dll (Rogue.DefenseCenter) -> Delete on reboot.

C:\Users\Kenneth\AppData\Roaming\Defense Center\defhook.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\Users\Kenneth\AppData\Local\ASAupn.dll (Trojan.Hiloti) -> Delete on reboot.

C:\Users\Kenneth\AppData\Local\Temp\AUTMGR32.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Kenneth\AppData\Local\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Kenneth\AppData\Roaming\Defense Center\defcnt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Kenneth\AppData\Local\Temp\tmpD624.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Kenneth\AppData\Local\Temp\dhdhtrdhdrtr5y (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Kenneth\AppData\Local\Temp\Low\RBZpIFOdAa.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\Users\Kenneth\AppData\Local\Temp\Low\TMP22416.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Kenneth\AppData\Local\Temp\Low\topwesitjh (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Kenneth\AppData\Local\Temp\Low\uxptar-update.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\Users\Kenneth\AppData\Local\Temp\Low\emBKjPAnBZ.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Kenneth\AppData\Local\Temp\Low\WHSIXoYuhZ.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\PRAGMAwifexrpqtc\pragmabbr.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Windows\PRAGMAwifexrpqtc\PRAGMAc.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Windows\PRAGMAwifexrpqtc\PRAGMAcfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Windows\PRAGMAwifexrpqtc\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Windows\PRAGMAwifexrpqtc\pragmaserf.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Windows\PRAGMAwifexrpqtc\PRAGMAsrcr.dat (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\ProgramData\pragmamfeklnmal.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Kenneth\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Kenneth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Defense Center.LNK (Rogue.DefenseCenter) -> Quarantined and deleted successfully.

C:\Users\Kenneth\AppData\Local\Temp\PRAGMA6308.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Users\Kenneth\AppData\Local\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

[ilpostino]

Da TS har laget flere emner om det samme stenges denne tråden.inholdet i førsteposten er limt inn i denne tråden.