Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Wersja bazy: 7609 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 6.0.2900.5512 2011-08-30 12:47:07 mbam-log-2011-08-30 (12-47-07).txt Typ skanowania: Pełne skanowanie (C:\|D:\|) Przeskanowano obiektów: 177845 Upłynęło: 7 minut(y), 26 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 10 Zainfekowanych wartości rejestru: 2 Zainfekowane informacje rejestru systemowego: 3 Zainfekowanych folderów: 0 Zainfekowanych plików: 5 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WXPDRIVERS (Trojan.Agent) -> Quarantined and deleted successfully. Zainfekowanych wartości rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully. Zainfekowane informacje rejestru systemowego: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal. Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: c:\_OTL\movedfiles\08302011_114548\c_windows\services32.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\08302011_114548\c_windows\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\08302011_114548\c_windows\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\08302011_114548\c_windows\systemup.exe (Spyware.Agent) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\08302011_114548\c_windows\Temp\20859596-loader2.exe (Trojan.Agent) -> Quarantined and deleted successfully.