API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 13th, 2012
548
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.84 KB | None | 0 0
raw download clone embed print report
  1. Malwarebytes Anti-Malware 1.61.0.1400
  2. www.malwarebytes.org
  3.  
  4. Database version: v2012.04.10.10
  5.  
  6. Windows 7 x64 NTFS
  7. Internet Explorer 9.0.8112.16421
  8. Josh :: JOSHSCOMPUTER [administrator]
  9.  
  10. 4/10/2012 7:33:26 PM
  11. mbam-log-2012-04-10 (19-33-26).txt
  12.  
  13. Scan type: Full scan
  14. Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
  15. Scan options disabled: P2P
  16. Objects scanned: 574315
  17. Time elapsed: 3 hour(s), 19 minute(s), 10 second(s)
  18.  
  19. Memory Processes Detected: 4
  20. C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\IMDCSC.exe (Trojan.RemoteAccess) -> 3104 -> Delete on reboot.
  21. C:\Users\Josh\Documents\DCSCMIN\5s5DJNGCQjwC\IMDCSC.exe (Trojan.RemoteAccess) -> 3132 -> Delete on reboot.
  22. C:\Users\Josh\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> 7004 -> Delete on reboot.
  23. C:\Users\Josh\AppData\Local\Temp\System\igfpers.exe (Trojan.Agent) -> 3900 -> Delete on reboot.
  24.  
  25. Memory Modules Detected: 0
  26. (No malicious items detected)
  27.  
  28. Registry Keys Detected: 2
  29. HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
  30. HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
  31.  
  32. Registry Values Detected: 5
  33. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DarkComet RAT (Trojan.RemoteAccess) -> Data: C:\Users\Josh\Documents\DCSCMIN\5s5DJNGCQjwC\IMDCSC.exe -> Quarantined and deleted successfully.
  34. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NVIDIA User Experience Driver Component (Trojan.Agent) -> Data: C:\Users\Josh\AppData\Local\Temp\System\igfpers.exe -> Quarantined and deleted successfully.
  35. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Essentials (Trojan.Agent) -> Data: C:\Users\Josh\AppData\Roaming\MsMpEng.exe -> Quarantined and deleted successfully.
  36. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows32 (Trojan.Agent) -> Data: C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\dEdn9jg1imf3\IMDCSC.exe -> Quarantined and deleted successfully.
  37. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Backdoor.HMCPol.Gen) -> Data: C:\Users\Josh\AppData\Roaming\install\server.exe -> Quarantined and deleted successfully.
  38.  
  39. Registry Data Items Detected: 0
  40. (No malicious items detected)
  41.  
  42. Folders Detected: 1
  43. C:\Users\Josh\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
  44.  
  45. Files Detected: 52
  46. C:\Users\Josh\AppData\Local\Temp\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
  47. C:\Users\Josh\AppData\Local\Temp\HyperCam.exe (PUP.BundleInstaller.BI) -> No action taken.
  48. C:\Users\Josh\Downloads\PCPerformer_GMD_Setup.exe (PUP.BundleInstaller.IB) -> No action taken.
  49. C:\Users\Josh\Downloads\SoftonicDownloader_for_hypercam.exe (PUP.ToolbarDownloader) -> No action taken.
  50. C:\Users\Josh\Dropbox\Public\RuneDDoS_v1.exe (Trojan.MSIL.Gen) -> No action taken.
  51. C:\Users\Josh\Dropbox\Public\Server.exe (Trojan.Agent) -> No action taken.
  52. C:\Users\Josh\Dropbox\Public\server2.exe (Trojan.MSIL.Gen) -> No action taken.
  53. C:\Users\Josh\Dropbox\Public\Test3.exe (Backdoor.MSIL.PGen) -> No action taken.
  54. C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\IMDCSC.exe (Trojan.RemoteAccess) -> Delete on reboot.
  55. C:\Users\Josh\Documents\DCSCMIN\5s5DJNGCQjwC\IMDCSC.exe (Trojan.RemoteAccess) -> Delete on reboot.
  56. C:\$Recycle.Bin\S-1-5-21-3286413883-1214276327-3053457543-1001\$R7N7NDP.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  57. C:\$Recycle.Bin\S-1-5-21-3286413883-1214276327-3053457543-1001\$R91HM9R.exe (Backdoor.Daromec) -> Quarantined and deleted successfully.
  58. C:\$Recycle.Bin\S-1-5-21-3286413883-1214276327-3053457543-1001\$RPZG8HQ.exe (Riskware.Tool.BK) -> Quarantined and deleted successfully.
  59. C:\$Recycle.Bin\S-1-5-21-3286413883-1214276327-3053457543-1001\$RQUJKAQ.exe (Backdoor.MSIL.PGen) -> Quarantined and deleted successfully.
  60. C:\$Recycle.Bin\S-1-5-21-3286413883-1214276327-3053457543-1001\$RZD80AJ.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
  61. C:\$Recycle.Bin\S-1-5-21-3286413883-1214276327-3053457543-1001\$RZFFRA8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  62. C:\Users\Josh\Desktop\RuneDDoS_v1.exe (Trojan.MSIL.Gen) -> Quarantined and deleted successfully.
  63. C:\Users\Josh\Desktop\Server - Copy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  64. C:\Users\Josh\Desktop\Server.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  65. C:\Users\Josh\Desktop\Blackshades_4.8\KayleeSexyphoto - Copy‮gpj.exe (Trojan.RemoteAccess) -> Quarantined and deleted successfully.
  66. C:\Users\Josh\Desktop\Blackshades_4.8\KayleeSexyphoto.exe (Trojan.RemoteAccess) -> Quarantined and deleted successfully.
  67. C:\Users\Josh\Desktop\Blackshades_4.8\SexyPICCY.exe (Trojan.RemoteAccess) -> Quarantined and deleted successfully.
  68. C:\Users\Josh\Desktop\Blackshades_4.8\Blackshades_4.8\client.exe (Riskware.Tool.BK) -> Quarantined and deleted successfully.
  69. C:\Users\Josh\Desktop\Blackshades_4.8\Blackshades_4.8\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  70. C:\Users\Josh\Desktop\Blackshades_4.8\Blackshades_4.8\data\station.bin (Trojan.Agent) -> Quarantined and deleted successfully.
  71. C:\Users\Josh\Desktop\Blackshades_4.8\Blackshades_4.8\data\stub.bin (Trojan.Agent) -> Quarantined and deleted successfully.
  72. C:\Users\Josh\Desktop\HellaIcons\mysexyphoto.exe (Backdoor.MSIL.P) -> Quarantined and deleted successfully.
  73. C:\Users\Josh\Desktop\New Accident Clone Pack\MyPhoto.exe (Backdoor.MSIL.P) -> Quarantined and deleted successfully.
  74. C:\Users\Josh\Documents\DCSCMIN\IMDCSC.exe (Trojan.RemoteAccess) -> Quarantined and deleted successfully.
  75. C:\Users\Josh\Downloads\bot.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  76. C:\Users\Josh\Downloads\FastDownload.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
  77. C:\Users\Josh\Downloads\RuneDDoS_v1.exe (Trojan.MSIL.Gen) -> Quarantined and deleted successfully.
  78. C:\Users\Josh\Downloads\Unconfirmed 42336.crdownload (Trojan.MSIL.Gen) -> Quarantined and deleted successfully.
  79. C:\Users\Josh\Templates\explorer.exe (Backdoor.MSIL) -> Quarantined and deleted successfully.
  80. C:\Users\Josh\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
  81. C:\Users\Josh\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
  82. C:\Users\Josh\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Delete on reboot.
  83. C:\Users\Josh\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
  84. C:\Users\Josh\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
  85. C:\Users\Josh\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.
  86. C:\Users\Josh\AppData\Local\Temp\System\igfpers.exe (Trojan.Agent) -> Delete on reboot.
  87. C:\Users\Josh\AppData\Roaming\MsMpEng.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  88. C:\Users\Josh\AppData\Roaming\dclogs\2012-03-25-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
  89. C:\Users\Josh\AppData\Roaming\dclogs\2012-03-26-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
  90. C:\Users\Josh\AppData\Roaming\dclogs\2012-03-27-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
  91. C:\Users\Josh\AppData\Roaming\dclogs\2012-03-28-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
  92. C:\Users\Josh\AppData\Roaming\dclogs\2012-03-29-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
  93. C:\Users\Josh\AppData\Roaming\dclogs\2012-04-01-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
  94. C:\Users\Josh\AppData\Roaming\dclogs\2012-04-03-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
  95. C:\Users\Josh\AppData\Roaming\dclogs\2012-04-08-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
  96. C:\Users\Josh\AppData\Roaming\dclogs\2012-04-10-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
  97. C:\Users\Josh\AppData\Roaming\install\server.exe (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
  98.  
  99. (end)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!