Malwarebytes' Anti-Malware 1.40
Database versie: 2715
Windows 5.1.2600 Service Pack 2

30-8-2009 7:00:57
mbam-log-2009-08-30 (07-00-57).txt

Scan type: Snelle Scan
Objecten gescand: 121330
Verstreken tijd: 13 minute(s), 9 second(s)

Geheugenprocessen geīnfecteerd: 0
Geheugenmodulen geīnfecteerd: 0
Registersleutels geīnfecteerd: 9
Registerwaarden geīnfecteerd: 3
Registerdata bestanden geīnfecteerd: 5
Mappen geīnfecteerd: 2
Bestanden geīnfecteerd: 9

Geheugenprocessen geīnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geīnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geīnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{331cf7ad-4ff8-47f8-bbfb-04eed85c4652} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{51c0946f-938e-4909-a128-8a2f688df31a} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f32d7d45-1750-48da-9cac-c6216972bb33} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registerwaarden geīnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{10e42047-deb9-4535-a118-b3f6ec39b807} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.

Registerdata bestanden geīnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdiph.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7505d07e-3c28-4347-b7d0-b5e7c6aaff5b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.100,85.255.112.63 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7505d07e-3c28-4347-b7d0-b5e7c6aaff5b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.100,85.255.112.63 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7505d07e-3c28-4347-b7d0-b5e7c6aaff5b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.100,85.255.112.63 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{de3b8fec-5553-49f7-95c7-f8a2e80e4017}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.100,85.255.112.63 -> Quarantined and deleted successfully.

Mappen geīnfecteerd:
C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\13289844 (Rogue.Multiple) -> Quarantined and deleted successfully.

Bestanden geīnfecteerd:
C:\Crypt.dll (Hacktool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ConTest.dll (Adware.Ascentive) -> Delete on reboot.
C:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\13289844\13289844.glu (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\13289844\pc13289844cnf (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\13289844\pc13289844ins (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\13289844\pc13289844reg (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.