Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/05/2010 21:18:53 mbam-log-2010-05-11 (21-18-53).txt Scantype: Snelle scan Objecten gescand: 179078 Verstreken tijd: 41 minuut/minuten, 44 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 28 Registerwaarden geïnfecteerd: 3 Registerdata geïnfecteerd: 3 Mappen geïnfecteerd: 12 Bestanden geïnfecteerd: 14 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d0661233-42d4-f7f1-80e1-8a9e0e99e71d} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4a78d29-52b1-4a7b-bac0-1471bedf9836} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ezLife (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mlkhffsys (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yaabyvsys (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yaabyvsys (Trojan.Vundo) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Documents and Settings\All Users\Application Data\84748637 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.5.0 (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Thomas\Application Data\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Documents and Settings\Thomas\Application Data\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Documents and Settings\Joan\Application Data\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Documents and Settings\Joan\Application Data\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Program Files\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Program Files\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Program Files\ezLife\ezLife\1.5.5.0 (Adware.EzLife) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\RECYCLER\S-1-5-21-9157053959-5697696399-344383891-7404\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\pcxvih.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\Temp\gtk26.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Joan\Local Settings\Temporary Internet Files\Content.IE5\0VEEDGUI\hypwhc[2].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Joan\Local Settings\Temporary Internet Files\Content.IE5\KKFMUHO1\loaderadv600[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.5.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Thomas\Application Data\ezLife\ezLife\log.xml (Adware.EzLife) -> Quarantined and deleted successfully. C:\Documents and Settings\Joan\Application Data\ezLife\ezLife\log.xml (Adware.EzLife) -> Quarantined and deleted successfully. C:\Program Files\ezLife\ezLife\1.5.5.0\uninstall.exe (Adware.EzLife) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Documents and Settings\Joan\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Thomas\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.