gld Posted December 24, 2010 ID:365132 Share Posted December 24, 2010 Malwarebytes' Anti-Malware 1.44Database version: 3603Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187021/20/2010 1:51:41 PMmbam-log-2010-01-20 (13-51-41).txtScan type: Full Scan (C:\|)Objects scanned: 200944Time elapsed: 1 hour(s), 11 minute(s), 11 second(s)Memory Processes Infected: 0Memory Modules Infected: 2Registry Keys Infected: 4Registry Values Infected: 2Registry Data Items Infected: 9Folders Infected: 3Files Infected: 45Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\helper32.dll (FakeAlert) -> Delete on reboot.c:\WINDOWS\system32\Iasv32.dll (Backdoor.Bot) -> Delete on reboot.Registry Keys Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ias (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisdrv (Trojan.Agent) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: c:\windows\system32\kbdsock.dll -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: system32\kbdsock.dll -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:C:\Program Files\Maximum Software (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Program Files\Maximum Software\Bug Doctor (Rogue.Multiple) -> Quarantined and deleted successfully.C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\system32\helper32.dll (FakeAlert) -> Delete on reboot.c:\WINDOWS\system32\Iasv32.dll (Backdoor.Bot) -> Delete on reboot.C:\Documents and Settings\Administrator\Local Settings\Temp\avto1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\avto2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\avto3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\avto4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\gt6sap4v.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\teste1_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\teste2_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\teste3_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\MBWNRUWDCFWB.exe (Rogue.Installer) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\5_odbn0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\60325cahp25caa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP1\A0000073.exe (Rogue.Installer) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP1\A0000075.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\WINDOWS\odbn0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\WINDOWS\servicelayer.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\WINDOWS\vlc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\WINDOWS\wdmon.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\WINDOWS\ctfmon.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\WINDOWS\svw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\WINDOWS\svx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\2B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\avto1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\teste1_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\teste2_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\WINDOWS\system32\6to4v32.dll (Backdoor.Bot) -> Quarantined and deleted successfully.C:\WINDOWS\system32\diskmgr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\kbdsock.dll (Backdoor.Bot) -> Quarantined and deleted successfully.C:\WINDOWS\system32\mshlps.dll (Backdoor.Bot) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ndisdrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\Program Files\Maximum Software\Bug Doctor\error_list(fixed).log (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Program Files\Maximum Software\Bug Doctor\error_list.log (Rogue.Multiple) -> Quarantined and deleted successfully.C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\4_pinnew.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\5_odbn0.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\6_ldry3.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\avto.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\q1.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\teste3_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temp\dfgdgdfgrgdgfdrdfs.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.DDS.txtArk.zipAttach.zip Link to post Share on other sites More sharing options...
gld Posted December 24, 2010 Author ID:365135 Share Posted December 24, 2010 Sorry old malware log file included -- this is not my problemI will repost please close this one. Link to post Share on other sites More sharing options...
Recommended Posts