Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Wersja bazy: 7546 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 8.0.6001.18702 2011-08-23 19:08:38 mbam-log-2011-08-23 (19-08-38).txt Typ skanowania: Szybkie skanowanie Przeskanowano obiektów: 156897 Upłynęło: 3 minut(y), 25 sekund(y) Zainfekowanych procesów w pamięci: 5 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 7 Zainfekowanych wartości rejestru: 3 Zainfekowane informacje rejestru systemowego: 3 Zainfekowanych folderów: 1 Zainfekowanych plików: 33 Zainfekowanych procesów w pamięci: c:\WINDOWS\systemup.exe (Trojan.Agent.Gen) -> 180 -> Unloaded process successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 1964 -> Unloaded process successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2136 -> Unloaded process successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1760 -> Unloaded process successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1996 -> Unloaded process successfully. Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully. Zainfekowanych wartości rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent.Gen) -> Value: systemup -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4178759.exe (Trojan.Agent) -> Value: 4178759.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully. Zainfekowane informacje rejestru systemowego: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Zainfekowanych folderów: c:\WINDOWS\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully. Zainfekowanych plików: c:\documents and settings\Olenka\Pulpit\flash-player (1).exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\documents and settings\Olenka\Pulpit\flash-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\1054186.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\1322400.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\1451813.exe (Trojan.Agent.H) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\52483_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\7102355.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\80973554.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\systemup.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\1618212.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\2247773.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\2945465.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\4178759.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\4684034.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\5794829.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\9029056.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\154359393.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.