Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Wersja bazy: 6363 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 8.0.6001.18702 2011-04-14 18:49:47 mbam-log-2011-04-14 (18-49-47).txt Typ skanowania: Pełne skanowanie (C:\|D:\|) Przeskanowano obiektów: 211173 Upłynęło: 22 minut(y), 0 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 1 Zainfekowanych kluczy rejestru: 2 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 3 Zainfekowanych folderów: 0 Zainfekowanych plików: 19 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: c:\WINDOWS\system32\vcmgcd32.dll (Virus.Sality) -> Delete on reboot. Zainfekowanych kluczy rejestru: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully. Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: c:\WINDOWS\system32\vcmgcd32.dll (Virus.Sality) -> Delete on reboot. c:\Documents and Settings\xxx\Ustawienia lokalne\temp\winyhqbu.exe (Trojan.Agent) -> Delete on reboot. c:\cjesii.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\bwik.pif.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\system32\vcmgcd32.dll.vir (Virus.Sality) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\D\tqfy.pif.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\system volume information\_restore{8d3bfcce-9090-4868-b5db-8d77903f9b01}\RP1\A0000972.dll (Virus.Sality) -> Quarantined and deleted successfully. c:\system volume information\_restore{8d3bfcce-9090-4868-b5db-8d77903f9b01}\RP1\A0001361.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\system volume information\_restore{8d3bfcce-9090-4868-b5db-8d77903f9b01}\RP1\A0001378.dll (Virus.Sality) -> Quarantined and deleted successfully. d:\vfqlos.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. d:\xjfau.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully. d:\system volume information\_restore{8d3bfcce-9090-4868-b5db-8d77903f9b01}\RP1\A0001168.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. d:\system volume information\_restore{8d3bfcce-9090-4868-b5db-8d77903f9b01}\RP1\A0001174.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. d:\system volume information\_restore{8d3bfcce-9090-4868-b5db-8d77903f9b01}\RP1\A0001179.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. d:\system volume information\_restore{8d3bfcce-9090-4868-b5db-8d77903f9b01}\RP1\A0001364.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully. d:\system volume information\_restore{8f40566e-f00e-4596-b820-2e9152e1493a}\RP22\A0020417.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. d:\system volume information\_restore{8f40566e-f00e-4596-b820-2e9152e1493a}\RP28\A0020685.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. d:\system volume information\_restore{d7dffda0-7b78-4f9c-a39f-ef10d4d11aa0}\RP4\A0002781.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\system32\vcmgcd32.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.