Jump to content

Recommended Posts

bump

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6923

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/22/2011 8:08:26 PM

mbam-log-2011-06-22 (20-08-26).txt

Scan type: Quick scan

Objects scanned: 187475

Time elapsed: 24 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 13

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 30

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SwPrv32 (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImapiService3232 (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALERTER32 (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CRYPTSVC32 (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DMADMIN32 (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANMANSERVER32 (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MESSENGER32 (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHAREDACCESS32 (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WZCSVC32 (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter32 (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmadmin32 (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess32 (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC32 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Charles\local settings\temp\B.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Charles\0.2103136366736159.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Charles\0.28396032448789355.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\mstime32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\02000000e78c1c1e1270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\02000000e78c1c1e1270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\02000000e78c1c1e1270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\02000000e78c1c1e1270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000e78c1c1e1270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000e78c1c1e1270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000e78c1c1e1270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000e78c1c1e1270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\ils32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\rdpcfgex32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

c:\documents and settings\Charles\0.08753668837054296.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Charles\0.13552645010050812.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Charles\0.1656529678143519.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Charles\0.17372819953798224.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Charles\0.22099884072221387.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Charles\0.362001586628632.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Charles\0.4164673302716948.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Charles\0.5005961193816204.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Charles\0.6874927359345754.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Charles\0.8961080021303759.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Charles\0.9349583254752583.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Charles\0.9698223417942378.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\licwmi32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\ocmanage32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\ir32_3232.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\wpd_ci32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.