Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Wersja bazy: 7538 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 6.0.2900.5512 2011-08-22 22:30:26 mbam-log-2011-08-22 (22-30-26).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Przeskanowano obiektów: 216002 Upłynęło: 11 minut(y), 1 sekund(y) Zainfekowanych procesów w pamięci: 9 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 11 Zainfekowanych wartości rejestru: 14 Zainfekowane informacje rejestru systemowego: 3 Zainfekowanych folderów: 1 Zainfekowanych plików: 53 Zainfekowanych procesów w pamięci: c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> 656 -> Unloaded process successfully. c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> 1796 -> Unloaded process successfully. c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> 1064 -> Unloaded process successfully. c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 1532 -> Unloaded process successfully. c:\WINDOWS\systemup.exe (Trojan.Agent.Gen) -> 676 -> Unloaded process successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 492 -> Unloaded process successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2708 -> Unloaded process successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 240 -> Unloaded process successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1668 -> Unloaded process successfully. Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TNod (Trojan.Agent.CK) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> Quarantined and deleted successfully. Zainfekowanych wartości rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TNOD UP (Trojan.Agent.CK) -> Value: TNOD UP -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7124995.exe (Trojan.Agent) -> Value: 7124995.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7341759.exe (Trojan.Agent) -> Value: 7341759.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8367257.exe (Trojan.Agent) -> Value: 8367257.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\55180480-loader2.exe (Trojan.Agent) -> Value: 55180480-loader2.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent.Gen) -> Value: systemup -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7538469.exe (Trojan.Agent) -> Value: 7538469.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Backdoor.Agent) -> Value: wxpdrv -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully. Zainfekowane informacje rejestru systemowego: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Zainfekowanych folderów: c:\WINDOWS\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully. Zainfekowanych plików: c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\program files\tnod user & password finder\TNODUP.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\documents and settings\aaaa\ustawienia lokalne\Temp\7124995.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\7341759.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\8367257.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\55180480-loader2.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\8286016.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\4496938.exe (Trojan.Agent.H) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\1154740.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\95079949.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\1340936.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\8299_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\WINDOWS\update.tray-3-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\program files\tnod user & password finder\uninst-tnod.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\system volume information\_restore{74b282bc-a9b3-4412-85b6-cebfc7ecc5ff}\RP1\A0001027.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\system volume information\_restore{74b282bc-a9b3-4412-85b6-cebfc7ecc5ff}\RP1\A0001038.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\system volume information\_restore{74b282bc-a9b3-4412-85b6-cebfc7ecc5ff}\RP1\A0007033.exe (Trojan.Agent.H) -> Quarantined and deleted successfully. d:\Install\nero.8.113m\keymaker.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully. d:\Install\eset.smart.security.4.2.40.10 x86&x64 pl\tnod_1.4.0.15_setup_www.przeklej.pl.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. d:\Install\eset.nt32&64_plk\tnod_1.4.0.15_setup_www.przeklej.pl.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. d:\Install\eset.nt32&64_plk\tnod 32 user & password finder 1.4.0.17\TNODUP.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. d:\moje dokumenty\pobieranie\Zwinky.exe (Adware.FunWeb) -> Quarantined and deleted successfully. c:\WINDOWS\systemup.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\5857720.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\9899035.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\9345973.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\4421471.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\4326260.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\7308834.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\4295430.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\7538469.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\5055438.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\351370604.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.