Jump to content

Recommended Posts

Malwarebytes' Anti-Malware 1.44

Database version: 3603

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/20/2010 1:51:41 PM

mbam-log-2010-01-20 (13-51-41).txt

Scan type: Full Scan (C:\|)

Objects scanned: 200944

Time elapsed: 1 hour(s), 11 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 4

Registry Values Infected: 2

Registry Data Items Infected: 9

Folders Infected: 3

Files Infected: 45

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\helper32.dll (FakeAlert) -> Delete on reboot.

c:\WINDOWS\system32\Iasv32.dll (Backdoor.Bot) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ias (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisdrv (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: c:\windows\system32\kbdsock.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: system32\kbdsock.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\Maximum Software (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\Maximum Software\Bug Doctor (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\helper32.dll (FakeAlert) -> Delete on reboot.

c:\WINDOWS\system32\Iasv32.dll (Backdoor.Bot) -> Delete on reboot.

C:\Documents and Settings\Administrator\Local Settings\Temp\avto1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\avto2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\avto3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\avto4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\gt6sap4v.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\teste1_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\teste2_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\teste3_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\MBWNRUWDCFWB.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\5_odbn0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\60325cahp25caa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP1\A0000073.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP1\A0000075.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\odbn0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\servicelayer.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\vlc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\wdmon.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\ctfmon.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\svw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\svx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\2B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\avto1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\teste1_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\teste2_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\6to4v32.dll (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\diskmgr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kbdsock.dll (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mshlps.dll (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ndisdrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Maximum Software\Bug Doctor\error_list(fixed).log (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\Maximum Software\Bug Doctor\error_list.log (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\4_pinnew.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\5_odbn0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\6_ldry3.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\avto.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\q1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\teste3_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\dfgdgdfgrgdgfdrdfs.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

DDS.txt

Ark.zip

Attach.zip

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.