Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.11.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: DELUXE [administrator]
11.1.2012 23:50:31
mbam-log-2012-01-11 (23-50-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 153647
Time elapsed: 8 minute(s), 14 second(s)
Memory Processes Detected: 14
C:\WINDOWS\UPDATE.7.1\SVCHOSTDRIVER.EXE (Spyware.Agent) -> 1532 -> Delete on reboot.
C:\WINDOWS\UPDATE.7.1\SVCHOSTDRIVER.EXE (Spyware.Agent) -> 3232 -> Delete on reboot.
C:\WINDOWS\UPDATE.5.0\svchost.exe (Trojan.Downloader) -> 1772 -> Delete on reboot.
C:\WINDOWS\UPDATE.5.0\svchost.exe (Trojan.Downloader) -> 1980 -> Delete on reboot.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 1968 -> Delete on reboot.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 1412 -> Delete on reboot.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 172 -> Delete on reboot.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 1400 -> Delete on reboot.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 1088 -> Delete on reboot.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 1896 -> Delete on reboot.
C:\WINDOWS\SYSDRIVER32.EXE (Trojan.Agent) -> 440 -> Delete on reboot.
C:\WINDOWS\UPDATE.TRAY-2-0\svchost.exe (Trojan.Dropper) -> 1336 -> Delete on reboot.
C:\WINDOWS\UPDATE.TRAY-7-0\svchost.exe (Trojan.Dropper) -> 1404 -> Delete on reboot.
C:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 2476 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 11
HKLM\SYSTEM\CurrentControlSet\Services\ddservice (Spyware.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Dropper.H) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysdriver32.exe (Trojan.Agent) -> Data: "C:\WINDOWS\sysdriver32.exe" rezerv -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tray_ico0 (Trojan.Dropper) -> Data: C:\WINDOWS\update.tray-2-0\svchost.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tray_ico1 (Trojan.Dropper) -> Data: C:\WINDOWS\update.tray-7-0\svchost.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wxpdrv (Trojan.Dropper) -> Data: C:\WINDOWS\services32.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|3864861.exe (Trojan.Agent) -> Data: "C:\WINDOWS\TEMP\3864861.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysdriver32_.exe (Trojan.Agent) -> Data: "C:\WINDOWS\sysdriver32_.exe" rezerv -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|7687806.exe (Trojan.Agent) -> Data: "C:\WINDOWS\TEMP\7687806.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|9342928.exe (Trojan.Dropper.H) -> Data: "C:\WINDOWS\TEMP\9342928.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Services32.exe|close (Trojan.Agent) -> Data: 0 -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\ddservice|ImagePath (Trojan.Agent) -> Data: C:\WINDOWS\update.7.1\svchostdriver.exe srv -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\wxpDrivers|ImagePath (Trojan.Agent) -> Data: C:\WINDOWS\update.1\svchost.exe srv -> Quarantined and deleted successfully.
Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SYSTEM\CurrentControlSet\Control\SAFEBOOT|AlternateShell (Hijack.Altshell) -> Bad: (services32.exe) Good: (cmd.exe) -> Quarantined and repaired successfully.
Folders Detected: 1
C:\WINDOWS\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.
Files Detected: 34
C:\WINDOWS\UPDATE.7.1\SVCHOSTDRIVER.EXE (Spyware.Agent) -> Delete on reboot.
C:\WINDOWS\UPDATE.5.0\svchost.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> Delete on reboot.
C:\WINDOWS\SYSDRIVER32.EXE (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\UPDATE.TRAY-2-0\svchost.exe (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\UPDATE.TRAY-7-0\svchost.exe (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\SERVICES32.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3864861.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSDRIVER32_.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\7687806.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\9342928.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fshutdown.exe (HackTool.Shutdown) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2329118.exe (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\41937_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4536576.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4539938.exe (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4583520.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1747739.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\959372259.EXE (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\BITCOINMINEROPENCL.CL (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
(end)