PPRuNe Forums - View Single Post - Computer shutdown
Thread: Computer shutdown
View Single Post
Old 25th January 2010 | 00:59
  #10 (permalink)  
a&dcat
 
Joined: Sep 2004
Posts: 11
Likes: 0
From: Australia
MBAM report
Malwarebytes' Anti-Malware 1.44
Database version: 3623
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

24/01/2010 17:24:01
mbam-log-2010-01-24 (17-24-01).txt

Scan type: Quick Scan
Objects scanned: 126040
Time elapsed: 10 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersio n\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersio n\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersio n\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127 ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8 cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6 cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (CWINDOWS\system32\userinit.exe,CWINDOWS\system32\sdra64 .exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
CWINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
CDocuments and Settings\XXXXXXX XXXXXXX\My Documents\downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
CWINDOWS\Temp\8.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
CDocuments and Settings\XXXXXXX XXXXXXX\Local Settings\Temp\~TM13.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
CDocuments and Settings\XXXXXXX XXXXXXX\Local Settings\Temp\~TM3D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
CDocuments and Settings\XXXXXXX XXXXXXX\Local Settings\Temp\~TME.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
CWINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
CWINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
CDocuments and Settings\XXXXXXX XXXXXXX\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
Last edited by a&dcat; 25th January 2010 at 01:01. Reason: Forgot address: For Tarq57
a&dcat is offline  
Reply
0