Hi guys. Today my pc got infected with Trojan horse Crypt.AQLW . I did a search and found your forum. I have completed all steps in "UPDATED 5-step Viruses/Spyware/Malware Preliminary Removal Instructions" and here are the logs. Thank you very much in advance :
From Malwarebytes' Anti-Malware :
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.12.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Vladimir :: VLADIMIR-PC [administrator]
Protection: Enabled
12/03/2012 23:14:42
mbam-log-2012-03-12 (23-14-42).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220921
Time elapsed: 9 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKCR\CLSID\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TBSB00393.TBSB00393.3 (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TBSB00393.TBSB00393 (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Vladimir\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
(end)
_______________________________________________________
From GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-12 23:32:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0041
Running: 453z5h26.exe; Driver: C:\Users\Vladimir\AppData\Local\Temp\pgldqkob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
From Malwarebytes' Anti-Malware :
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.12.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Vladimir :: VLADIMIR-PC [administrator]
Protection: Enabled
12/03/2012 23:14:42
mbam-log-2012-03-12 (23-14-42).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220921
Time elapsed: 9 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKCR\CLSID\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TBSB00393.TBSB00393.3 (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TBSB00393.TBSB00393 (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Vladimir\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
(end)
_______________________________________________________
From GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-12 23:32:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0041
Running: 453z5h26.exe; Driver: C:\Users\Vladimir\AppData\Local\Temp\pgldqkob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----