Infected EeePC
I have to clean a netbook by one of my friends and it is highly infected and I am frustrated.
Avira is blocked,uninstall or install do not work either.
Malwarebyte does find some things but can't remove them.
DDS can not run, both versions.
Spybot does not start after installation
hi stine1,
Your post is a few days old. If you still need help reply back.
How Can I Reduce My Risk?
Yes, I still need help.
My biggest problem is, that I do not know the BIOS password and the guy I have this netbook from and who wants me to clean is, does not respond. Very nice guy... Without this, I can't get into the secured mode to scan deeper or make the darn thing boot from a flash drive to format it :-(
See if you can get a copy of malwarebytes and combofix on there.
If they wont run after a normal boot up you can try running them in safe mode.
to reach safe mode you woudl tap the f8 key during a computer restart, chose the first option form the list: safe mode.
There is a guide to read first before using combofix, use it first then malwarebytes:
Guide to using Combofix
Please download the free version of Malwarebytes to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
How Can I Reduce My Risk?
hi, thank you very much for your answer.
I did use both programs, but could not close Avira Antivir for Combofix. It does not show on the taskbar and task manager is blocked, only available for administrator - I do not have the password *sigh*
safe mode did work.
Combofix log:
ComboFix 11-01-02.04 - User 03.01.2011 17:39:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.2039.1707 [GMT 1:00]
ausgeführt von:: f:\dokumente und einstellungen\User\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *Enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
f:\windows\Alcmtr.exe
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
((((((((((((((((((((((( Dateien erstellt von 2010-12-03 bis 2011-01-03 ))))))))))))))))))))))))))))))
.
2011-01-03 16:24 . 2011-01-03 16:24 -------- dc----w- f:\programme\MSXML 4.0
2010-12-29 17:09 . 2006-08-21 09:14 23040 -c----w- f:\windows\system32\dllcache\fltmc.exe
2010-12-29 17:09 . 2006-08-21 09:14 128896 -c----w- f:\windows\system32\dllcache\fltmgr.sys
2010-12-29 16:24 . 2010-12-29 16:24 -------- dc----w- f:\dokumente und einstellungen\User\Anwendungsdaten\Media Player Classic
2010-12-29 16:00 . 2010-12-31 15:55 -------- dc----w- f:\programme\Spybot - Search & Destroy
2010-12-29 13:43 . 2009-11-21 16:37 470528 -c----w- f:\windows\system32\dllcache\aclayers.dll
2010-12-29 13:43 . 2010-06-14 14:30 743936 -c----w- f:\windows\system32\dllcache\helpsvc.exe
2010-12-29 13:39 . 2010-02-12 10:03 367104 -c----w- f:\windows\system32\browserchoice.exe
2010-12-29 12:51 . 2010-12-29 12:51 -------- dc----w- f:\dokumente und einstellungen\User\Anwendungsdaten\Malwarebytes
2010-12-29 12:47 . 2010-12-20 17:09 38224 -c--a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 12:47 . 2010-12-29 12:47 -------- dc----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-12-29 12:47 . 2010-12-20 17:08 20952 -c--a-w- f:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"="f:\programme\EeePC\ACPI\AsTray.exe" [2008-03-27 180224]
"AsusACPIServer"="f:\programme\EeePC\ACPI\AsAcpiSvr.exe" [2008-03-20 700416]
"IgfxTray"="f:\windows\system32\igfxtray.exe" [2006-10-08 167936]
"HotKeysCmds"="f:\windows\system32\hkcmd.exe" [2006-10-08 188416]
"Persistence"="f:\windows\system32\igfxpers.exe" [2006-10-08 176128]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"l:\\Skype\\Phone\\Skype.exe"=
"k:\\FirefoxPortable\\FirefoxPortable.exe"=
"f:\\WINDOWS\\RTHDCPL.EXE"=
"f:\\WINDOWS\\system32\\wuauclt.exe"=
"l:\\Programme\\Malwarebytes' Anti-Malware\\mbam.exe"=
"f:\\WINDOWS\\system32\\igfxext.exe"=
"f:\\WINDOWS\\system32\\igfxpers.exe"=
"f:\\WINDOWS\\system32\\WgaTray.exe"=
"f:\\Programme\\EeePC\\ACPI\\AsAcpiSvr.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\bwkah.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\acit.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\w77c52.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\msex.exe"=
R1 avfwot;avfwot;f:\windows\system32\drivers\avfwot.sys [27.03.2009 22:40 97608]
R3 avfwim;AvFw Packet Filter Miniport;f:\windows\system32\drivers\avfwim.sys [27.03.2009 22:40 69632]
S1 SBRE;SBRE;\??\f:\windows\system32\drivers\SBREdrv.sys --> f:\windows\system32\drivers\SBREdrv.sys [?]
S2 AntiVirFirewallService;Avira Firewall;f:\programme\Avira\AntiVir Desktop\avfwsvc.exe [27.03.2009 22:40 388865]
S2 AntiVirMailService;Avira AntiVir MailGuard;f:\programme\Avira\AntiVir Desktop\avmailc.exe [27.03.2009 22:40 194817]
S2 AntiVirSchedulerService;Avira AntiVir Planer;f:\programme\Avira\AntiVir Desktop\sched.exe [27.03.2009 22:40 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;f:\programme\Avira\AntiVir Desktop\avwebgrd.exe [27.03.2009 22:40 434945]
S3 brfilt;Brother MFC-Filtertreiber;f:\windows\system32\drivers\BrFilt.sys [04.03.2009 19:53 2944]
S3 BrSerWDM;Brother-Treiber (seriell);f:\windows\system32\drivers\BrSerWdm.sys [04.03.2009 19:53 60416]
S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);f:\windows\system32\drivers\BrUsbMdm.sys [04.03.2009 19:53 11008]
S3 cjusb;REINER SCT cyberJack pinpad/e-com USB;f:\windows\system32\drivers\cjusb.sys [10.04.2009 08:19 23040]
S3 hwusbdev;Huawei DataCard USB PNP Device;f:\windows\system32\DRIVERS\ewusbdev.sys --> f:\windows\system32\DRIVERS\ewusbdev.sys [?]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - ABP470N5
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: f:\programme\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - f:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\co6so1uy.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-QuickTime Task - f:\programme\QuickTime\QTTask.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-03 17:54
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'lsass.exe'(748)
f:\programme\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(2568)
f:\windows\system32\shdoclc.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
f:\windows\System32\SCardSvr.exe
f:\windows\RTHDCPL.EXE
f:\windows\system32\igfxsrvc.exe
f:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
f:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
f:\windows\system32\igfxext.exe
f:\windows\system32\NOTEPAD.EXE
f:\dokume~1\User\LOKALE~1\Temp\bwkah.exe
f:\dokume~1\User\LOKALE~1\Temp\acit.exe
f:\dokume~1\User\LOKALE~1\Temp\w77c52.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-03 18:04:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-01-03 17:04
Vor Suchlauf: 320.647.168 Bytes frei
Nach Suchlauf: 231.641.088 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3950B805F18CB302E93E5F942B6CE854
MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5415
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180
03.01.2011 18:54:34
mbam-log-2011-01-03 (18-54-34).txt
Art des Suchlaufs: Vollständiger Suchlauf (F:\|K:\|L:\|)
Durchsuchte Objekte: 147491
Laufzeit: 30 Minute(n), 12 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
ok so far so good.
Malware does this via a registry hacktask manager is blocked, only available for administrator
should be ok now:
In safe mode or after a normal boot up:Policies\System\DisableTaskMgr
go to run>start and type in the run box:
%temp%
click ok or enter, delete whats in the temp folder
are you able to boot the computer normally now? If so: check malwarebytes for updates then do another scan with it.
Can you get DDS to produce a log?
How Can I Reduce My Risk?
DDS does work now, here the log and attachment. I will do MBAM scan now and reply again.
I can start normally now but it is still strange.
I connect to the internet via wi-fi now. But sometimes a window for dial-uo connection pops up.
Before I had started this thread, I had a programme called CounterSpy installed and when such a pop up came, it warned about a Trojan - 3 times with 3 different .exe files. Stupid me did not note down the file names.
I am telling you this as I still get the dial up pop ups
DDS (Ver_10-12-12.02) - NTFSx86
Run by User at 18:55:02,76 on 05.01.2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.2039.1642 [GMT 1:00]
AV: AntiVir Desktop *Enabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *Enabled*
============== Running Processes ===============
F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Programme\EeePC\ACPI\AsTray.exe
F:\Programme\EeePC\ACPI\AsAcpiSvr.exe
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\igfxpers.exe
F:\WINDOWS\RTHDCPL.EXE
F:\WINDOWS\system32\igfxsrvc.exe
F:\WINDOWS\system32\igfxext.exe
svchost.exe
F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Programme\Mozilla Firefox\firefox.exe
F:\DOKUME~1\User\LOKALE~1\Temp\vfuxux.exe
F:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dds.scr
F:\DOKUME~1\User\LOKALE~1\Temp\cqdamb.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mRun: [AsusTray] f:\programme\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] f:\programme\eeepc\acpi\AsAcpiSvr.exe
mRun: [IgfxTray] f:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] f:\windows\system32\hkcmd.exe
mRun: [Persistence] f:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] f:\windows\system32\CTFMON.EXE
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: f:\programme\avira\antivir desktop\avsda.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - f:\programme\gemeinsame dateien\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - f:\dokume~1\user\anwend~1\mozilla\firefox\profiles\co6so1uy.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programme\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
============= SERVICES / DRIVERS ===============
R1 avfwot;avfwot;f:\windows\system32\drivers\avfwot.sys [2009-3-27 97608]
R1 avgio;avgio;f:\programme\avira\antivir desktop\avgio.sys [2009-3-27 11608]
R2 avgntflt;avgntflt;f:\windows\system32\drivers\avgntflt.sys [2009-3-27 55640]
R3 abp470n5;abp470n5;\??\f:\windows\system32\drivers\gihnfo.sys --> f:\windows\system32\drivers\gihnfo.sys [?]
R3 avfwim;AvFw Packet Filter Miniport;f:\windows\system32\drivers\avfwim.sys [2009-3-27 69632]
S1 SBRE;SBRE;\??\f:\windows\system32\drivers\sbredrv.sys --> f:\windows\system32\drivers\SBREdrv.sys [?]
S2 AntiVirFirewallService;Avira Firewall;f:\programme\avira\antivir desktop\avfwsvc.exe [2009-3-27 388865]
S2 AntiVirMailService;Avira AntiVir MailGuard;f:\programme\avira\antivir desktop\avmailc.exe [2009-3-27 194817]
S2 AntiVirSchedulerService;Avira AntiVir Planer;f:\programme\avira\antivir desktop\sched.exe [2009-3-27 108289]
S2 AntiVirService;Avira AntiVir Guard;f:\programme\avira\antivir desktop\avguard.exe [2009-3-27 185089]
S2 AntiVirWebService;Avira AntiVir WebGuard;f:\programme\avira\antivir desktop\avwebgrd.exe [2009-3-27 434945]
S3 brfilt;Brother MFC-Filtertreiber;f:\windows\system32\drivers\BrFilt.sys [2009-3-4 2944]
S3 BrSerWDM;Brother-Treiber (seriell);f:\windows\system32\drivers\BrSerWdm.sys [2009-3-4 60416]
S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);f:\windows\system32\drivers\BrUsbMdm.sys [2009-3-4 11008]
S3 cjusb;REINER SCT cyberJack pinpad/e-com USB;f:\windows\system32\drivers\cjusb.sys [2009-4-10 23040]
S3 hwusbdev;Huawei DataCard USB PNP Device;f:\windows\system32\drivers\ewusbdev.sys --> f:\windows\system32\drivers\ewusbdev.sys [?]
=============== Created Last 30 ================
2011-01-03 16:36:17 -------- dcsha-r- F:\cmdcons
2011-01-03 16:33:12 98816 -c--a-w- f:\windows\sed.exe
2011-01-03 16:33:12 89088 -c--a-w- f:\windows\MBR.exe
2011-01-03 16:33:12 256512 -c--a-w- f:\windows\PEV.exe
2011-01-03 16:33:12 161792 -c--a-w- f:\windows\SWREG.exe
2011-01-03 16:24:37 -------- dc----w- f:\programme\MSXML 4.0
2010-12-29 17:09:55 23040 -c----w- f:\windows\system32\dllcache\fltmc.exe
2010-12-29 17:09:54 128896 -c----w- f:\windows\system32\dllcache\fltmgr.sys
2010-12-29 16:00:07 -------- dc----w- f:\programme\Spybot - Search & Destroy
2010-12-29 13:43:26 470528 -c----w- f:\windows\system32\dllcache\aclayers.dll
2010-12-29 13:43:13 743936 -c----w- f:\windows\system32\dllcache\helpsvc.exe
2010-12-29 13:39:40 367104 -c----w- f:\windows\system32\browserchoice.exe
2010-12-29 12:51:50 -------- dc----w- f:\dokume~1\user\anwend~1\Malwarebytes
2010-12-29 12:47:38 38224 -c--a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 12:47:35 -------- dc----w- f:\dokume~1\alluse~1\anwend~1\Malwarebytes
2010-12-29 12:47:32 20952 -c--a-w- f:\windows\system32\drivers\mbam.sys
==================== Find3M ====================
============= FINISH: 19:02:08,93 ===============
Forgot attachment
MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5464
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
05.01.2011 19:43:13
mbam-log-2011-01-05 (19-43-08).txt
Art des Suchlaufs: Vollständiger Suchlauf (F:\|K:\|L:\|)
Durchsuchte Objekte: 148996
Laufzeit: 8 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
ok lets get another download to use. Its called combofix, there is a guide to read first before you use it. Read through the guide then apply the directions on your own machine. Post the combofix log.
Guide to using Combofix
This is a windows popup trying to get your old school modem to dial out a connection?I still get the dial up pop ups
How Can I Reduce My Risk?
Posting Permissions
