Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.04.

08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 -_- :: ALA [administrator] Protection: Enabled 4/26/2012 3:27:56 PM mbam-log-2012-04-26 (15-27-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Ext ra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 226308 Time elapsed: 9 minute(s), 25 second(s) Memory Processes Detected: 1 C:\WINDOWS\csdrive32.exe (Trojan.Agent.MSGen) -> 120 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 5 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|zaber0 (Worm.Autorun.B) -> Da ta: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe -> Quara ntined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Worm.AutoRun) -> Data: explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\z aberg.exe,Explorer.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Trojan.Agent ) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe > Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Microsoft D river Setup (Trojan.Agent.MSGen) -> Data: C:\WINDOWS\csdrive32.exe -> Quarantine d and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Driver Setup (Troja n.Agent.MSGen) -> Data: C:\WINDOWS\csdrive32.exe -> Quarantined and deleted succ essfully. Registry Data Items Detected: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Worm.Autorun .B) -> Bad: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe ) Good: () -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\z aberg.exe,Explorer.exe) Good: (Explorer.exe) -> Quarantined and repaired success fully. Folders Detected: 2 C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830 (Worm.AutoRun) -> Quara

(end) .tmp (Trojan.tmp (Trojan. C:\Documents and Settings\-_-\Application Data\8.Generic) -> Quarant ined and deleted successfully.exe (Trojan. C:\Documents and Settings\-_-\Application Data\spoolsv. C:\Documents and Settings\-_-\Application Data\3. C:\Documents and Settings\-_-\Application Data\2. C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\Desktop.tmp (Trojan.Agent) -> Qua rantined and deleted successfully.tmp (Trojan.Generic) -> Quarant ined and deleted successfully.B) -> Quarantined and deleted successfully.MSGen) -> Delete on reboot.tmp (Trojan. C:\Documents and Settings\-_-\Application Data\9.tmp (Trojan.Generic) -> Quarant ined and deleted successfully.Generic) -> Quarant ined and deleted successfully.exe (PUP.AutoR un) -> Quarantined and deleted successfully. C:\Documents and Settings\-_-\bm2.tmp (Trojan. C:\Documents and Settings\-_-\Application Data\1. Files Detected: 18 C:\Documents and Settings\-_-\My Documents\Downloads\etypesetup.BI) -> No action taken. C:\WINDOWS\csdrive32.ntined and deleted successfully.ini (Worm. C:\Documents and Settings\-_-\Application Data\6.exe (Worm. C:\Documents and Settings\-_-\Application Data\4. C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.Gen) -> Quarantined and deleted successfully.exe (PUP.Autoru n.Generic) -> Quarant ined and deleted successfully.exe (Trojan.Generic) -> Quarant ined and deleted successfully.tmp (Trojan. C:\Documents and Settings\-_-\Application Data\5.Generic) -> Quarant ined and deleted successfully.Generic) -> Quarant ined and deleted successfully.BitMiner) -> Quarantined and deleted successfully.tmp (Trojan.Agent.B) -> Quarantined and deleted successfully. C:\Documents and Settings\-_-\Application Data\7.BitMiner) -> Quarantined a nd deleted successfully. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\Desktop.Generic) -> Quarant ined and deleted successfully.exe (Worm. C:\Documents and Settings\NetworkService\bm2.Aut orun.exe (PUP.ini (Worm.Auto Run.BundleI nstaller. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.

Sign up to vote on this title
UsefulNot useful