Hkkkooe Skrevet 13. juli 2010 Del Skrevet 13. juli 2010 Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4309 Windows 6.0.6001 Service Pack 3 Internet Explorer 8.0.6001.18928 13.07.2010 19:19:16 mbam-log-2010-07-13 (19-19-16).txt Skanntype: Hurtigsøk Objekter skannet: 131779 Tid tilbakelagt: 8 minutt(er), 44 sekund(er) Minneprosesser infisert: 3 Minnemoduler infisert: 3 Registernøkler infisert: 5 Registerverdier infisert: 5 Registerfiler infisert: 4 Mapper infisert: 1 Filer infisert 25 Minneprosesser infisert: C:\Users\Kenneth\AppData\Local\Temp\AUTMGR32.EXE (Trojan.Dropper) -> Unloaded process successfully. C:\Users\Kenneth\AppData\Local\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\Users\Kenneth\AppData\Roaming\Defense Center\defcnt.exe (Trojan.FakeAlert) -> Unloaded process successfully. Minnemoduler infisert: C:\Users\Kenneth\AppData\Local\Temp\mschrt20ex.dll (Rogue.DefenseCenter) -> Delete on reboot. C:\Users\Kenneth\AppData\Roaming\Defense Center\defhook.dll (Trojan.FakeAlert) -> Delete on reboot. C:\Users\Kenneth\AppData\Local\ASAupn.dll (Trojan.Hiloti) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pragmawifexrpqtc (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ djivonibumerujo (Trojan.Hiloti) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ defense center (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully. Mapper infisert: C:\Windows\PRAGMAwifexrpqtc (Trojan.DNSChanger) -> Quarantined and deleted successfully. Filer infisert C:\Users\Kenneth\AppData\Local\Temp\mschrt20ex.dll (Rogue.DefenseCenter) -> Delete on reboot. C:\Users\Kenneth\AppData\Roaming\Defense Center\defhook.dll (Trojan.FakeAlert) -> Delete on reboot. C:\Users\Kenneth\AppData\Local\ASAupn.dll (Trojan.Hiloti) -> Delete on reboot. C:\Users\Kenneth\AppData\Local\Temp\AUTMGR32.EXE (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Kenneth\AppData\Local\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Kenneth\AppData\Roaming\Defense Center\defcnt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Kenneth\AppData\Local\Temp\tmpD624.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Kenneth\AppData\Local\Temp\dhdhtrdhdrtr5y (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Kenneth\AppData\Local\Temp\Low\RBZpIFOdAa.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Users\Kenneth\AppData\Local\Temp\Low\TMP22416.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Kenneth\AppData\Local\Temp\Low\topwesitjh (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Kenneth\AppData\Local\Temp\Low\uxptar-update.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Users\Kenneth\AppData\Local\Temp\Low\emBKjPAnBZ.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Kenneth\AppData\Local\Temp\Low\WHSIXoYuhZ.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\PRAGMAwifexrpqtc\pragmabbr.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Windows\PRAGMAwifexrpqtc\PRAGMAc.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Windows\PRAGMAwifexrpqtc\PRAGMAcfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Windows\PRAGMAwifexrpqtc\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Windows\PRAGMAwifexrpqtc\pragmaserf.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Windows\PRAGMAwifexrpqtc\PRAGMAsrcr.dat (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\ProgramData\pragmamfeklnmal.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Users\Kenneth\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Kenneth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Defense Center.LNK (Rogue.DefenseCenter) -> Quarantined and deleted successfully. C:\Users\Kenneth\AppData\Local\Temp\PRAGMA6308.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Users\Kenneth\AppData\Local\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. Lenke til kommentar
ilpostino Skrevet 13. juli 2010 Del Skrevet 13. juli 2010 Da TS har laget flere emner om det samme stenges denne tråden.inholdet i førsteposten er limt inn i denne tråden. Lenke til kommentar
Anbefalte innlegg