تقرير
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
Database version: v2013.09.24.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP :: HP-49CD5491BF5C [administrator]
Protection: Enabled
20/11/1434 07:45:34 م
mbam-log-2013-09-24 (19-45-34).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262752
Time elapsed: 32 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 13
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055AF109-DE93-4160-BCFC-7DA70ECAA020} (PUP.Optional.Diamonddata) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055AF109-DE93-4160-BCFC-7DA70ECAA020} (PUP.Optional.Diamonddata) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C135DE8C-91A1-CEC8-46F6-1A40AC07A1AB} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKCU\Software\BobyLyrics (PUP.Optional.BobyLyrics.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 4
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Bad: (c:\progra~1\ssd8e3~1.hel\sprote~1.dll) Good: () -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 5
C:\Documents and Settings\HP\Application Data\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP\Application Data\OpenCandy\BC30131FBDEF4BABA93C0EF0F403B070 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP\Application Data\OpenCandy\DDD805E55AD14FA7B824D30AE570E4C9 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP\Application Data\OpenCandy\DE019109C2CB4238843A229749CABB26 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
Files Detected: 41
C:\Program Files\Ss.Helper\sprotector.dll (PUP.Optional.SProtect.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\InstallMate\{7FADFCCB-E854-4418-A6F3-A076A44EDE3D}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\InstallMate\{7FADFCCB-E854-4418-A6F3-A076A44EDE3D}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP\Application Data\OpenCandy\BC30131FBDEF4BABA93C0EF0F403B070\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP\Local Settings\Application Data\Conduit\CT1561552\Hotspot_ShieldAutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files\GTA San Andreas\GTA San Andreas\trainer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Hotspot_Shield\Hotspot_ShieldToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP10\A0002539.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP10\A0002507.exe (PUP.Optional.YourfileDownloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP10\A0002535.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP10\A0002536.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP10\A0002537.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP10\A0002538.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP10\A0002544.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP12\A0002657.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP12\A0002815.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP15\A0006725.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP15\A0006726.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP15\A0006727.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP15\A0006728.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP15\A0006729.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP15\A0006734.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP15\A0006744.exe (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP15\A0006745.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP15\A0006746.exe (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP15\A0007167.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP17\A0008641.exe (PUP.Optional.AdLyrics) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP17\A0008644.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP17\A0008649.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP17\A0008650.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP17\A0008651.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP17\A0008652.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP17\A0008654.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP17\A0008703.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP17\A0008704.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP9\A0002371.exe (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CFFE93F5-0B4D-4797-9FA8-AE802FE92E27}\RP9\A0002326.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP\Application Data\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\YourFile DownloaderUpdate.job (PUP.Optional.YourfileDownloader.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP\Application Data\OpenCandy\DDD805E55AD14FA7B824D30AE570E4C9\speedupmypcROW.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP\Application Data\OpenCandy\DE019109C2CB4238843A229749CABB26\PC_Faster_Setup_Mini_S04_S.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
(end)
