Oli toimintaa sunnutaina ja maanantaina
_ad_
Malwarebytes' Anti-Malware 1.36
Tietokantaversio: 2013
Windows 5.1.2600 Service Pack 2
20.4.2009 22:30:07
mbam-log-2009-04-20 (22-30-07).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 163025
Kulunut aika: 2 hour(s), 4 minute(s), 55 second(s)
Saastuneita muistiprosesseja: 2
Saastuneita muistimoduuleja: 1
Saastuneita rekisteriavaimia: 3
Saastuneita rekisteriarvoja: 12
Saastuneita rekisterikohteita: 14
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 20
Saastuneita muistiprosesseja:
C:\WINDOWS\ctfmon.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\servicelayer.exe (Backdoor.Bot) -> Unloaded process successfully.
Saastuneita muistimoduuleja:
C:\Documents and Settings\Tytti\Local Settings\Temp\wndutl32.dll (Trojan.FakeAlert) -> Delete on reboot.
Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\CLSID\{020487cc-fc04-4b1e-863f-d9801796230b} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{020487cc-fc04-4b1e-863f-d9801796230b} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateWin (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateWin (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servicelayer (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Trojan.Agent) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Tytti\Application Data\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Saastuneita hakemistoja:
C:\Documents and Settings\Tytti\Application Data\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
Saastuneita tiedostoja:
C:\Documents and Settings\Tytti\Local Settings\Temp\wndutl32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Tytti\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tytti\Application Data\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tytti\Local Settings\Temp\6_ldr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tytti\Local Settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tytti\Local Settings\Temp\60325cahp25caa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tytti\Local Settings\Temp\q2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tytti\Local Settings\Temp\q3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tytti\Local Settings\Temp\q7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tytti\Local Settings\Temp\q8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tytti\Local Settings\Temp\q9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tytti\Local Settings\Temp\teste1_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tytti\Local Settings\Temp\teste2_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tytti\Local Settings\Temp\teste3_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\advpack.dllz.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\servicelayer.exe (Backdoor.Bot) -> Delete on reboot.
C:\Program Files\MsnHandWriting.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tytti\Application Data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tytti\Application Data\~tmp.html (Malware.Trace) -> Quarantined and deleted successfully.