Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4097 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 13-5-2010 20:04:48 mbam-log-2010-05-13 (20-04-48).txt Scantype: Snelle scan Objecten gescand: 120251 Verstreken tijd: 14 minuut/minuten, 53 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 3 Registersleutels geïnfecteerd: 25 Registerwaarden geïnfecteerd: 4 Registerdata geïnfecteerd: 2 Mappen geïnfecteerd: 13 Bestanden geïnfecteerd: 24 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\oofkubjfdurv.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\system32\jsslgjtg.dll (Adware.SmartAds) -> Delete on reboot. C:\WINDOWS\system32\zoytglcv.dll (Adware.SmartAds) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{c0da76eb-0f3e-489d-8ee1-b7a2e972cd1f} (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c0da76eb-0f3e-489d-8ee1-b7a2e972cd1f} (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c0da76eb-0f3e-489d-8ee1-b7a2e972cd1f} (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{de24bcfe-bc24-4648-b287-e31a84ce8590} (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{de24bcfe-bc24-4648-b287-e31a84ce8590} (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\unikorn (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ezLife (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\joricmcxrl (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezlife (Adware.EZlife) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-3270184745-2194114917-899239533-0579\mgrls32.exe,C:\RECYCLER\S-1-5-21-4008830967-8035956207-313710372-6157\yv8g67.exe,C:\Documents and Settings\Badloe\Application Data\ufxw.exe,explorer.exe,C:\RECYCLER\S-1-5-21-3246664153-3506108470-483299351-9037\yv8g67.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.5.0 (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions\SmartAds\1.6.0.0 (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Application Data\Smart-Ads-Solutions\SmartAds\download (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Application Data\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Application Data\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Program Files\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Program Files\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Program Files\ezLife\ezLife\1.5.5.0 (Adware.EzLife) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\oofkubjfdurv.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\system32\jsslgjtg.dll (Adware.SmartAds) -> Delete on reboot. C:\WINDOWS\system32\zoytglcv.dll (Adware.SmartAds) -> Delete on reboot. C:\WINDOWS\cidrive32.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.B) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-3270184745-2194114917-899239533-0579\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hpvxdtge.dll (Adware.SmartAds) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\hhmseah.sys (Rootkit.Agent) -> Delete on reboot. C:\Documents and Settings\Badloe\Local Settings\Temp\odyot.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Local Settings\Temp\273.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Local Settings\Temp\rasoemcnwx.tmp (Rogue.APManager.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Local Settings\Temp\rknfl.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Local Settings\Temp\341.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Local Settings\Temp\RarSFX0\howi410.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Local Settings\Temporary Internet Files\Content.IE5\6J97ANOA\msall[1].data (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Local Settings\Temporary Internet Files\Content.IE5\J29RS65D\pr3xy[1].data (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Local Settings\Temporary Internet Files\Content.IE5\V060J6KA\loaderadv600[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.5.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions\SmartAds\1.6.0.0\smart_upgrd_1600.exe (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions\SmartAds\1.6.0.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Application Data\Smart-Ads-Solutions\SmartAds\download\bndl_1600.exe (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Badloe\Application Data\ezLife\ezLife\log.xml (Adware.EzLife) -> Quarantined and deleted successfully. C:\Program Files\ezLife\ezLife\1.5.5.0\uninstall.exe (Adware.EzLife) -> Quarantined and deleted successfully.