Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Wersja bazy: 7279 Windows 5.1.2600 Dodatek Service Pack 2 Internet Explorer 6.0.2900.2180 2011-07-26 11:57:24 mbam-log-2011-07-26 (11-57-24).txt Typ skanowania: Szybkie skanowanie Przeskanowano obiektów: 160464 Upłynęło: 21 minut(y), 20 sekund(y) Zainfekowanych procesów w pamięci: 10 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 24 Zainfekowanych wartości rejestru: 17 Zainfekowane informacje rejestru systemowego: 3 Zainfekowanych folderów: 7 Zainfekowanych plików: 71 Zainfekowanych procesów w pamięci: c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> 760 -> Unloaded process successfully. c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 1352 -> Unloaded process successfully. c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 3492 -> Unloaded process successfully. c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> 3780 -> Unloaded process successfully. c:\WINDOWS\systemup.exe (Trojan.Agent) -> 3808 -> Unloaded process successfully. c:\WINDOWS\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> 3128 -> Unloaded process successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 468 -> Unloaded process successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 1376 -> Unloaded process successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 3680 -> Unloaded process successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1224 -> Unloaded process successfully. Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37B85A21-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37B85A2B-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{EF281620-A3A3-4f08-874F-D68CFC9B7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> Quarantined and deleted successfully. Zainfekowanych wartości rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9670171.exe (Trojan.Agent) -> Value: 9670171.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2843010.exe (Trojan.Agent) -> Value: 2843010.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1384285.exe (Trojan.Agent) -> Value: 1384285.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\49185025-loader2.exe (Trojan.Agent) -> Value: 49185025-loader2.exe -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Value: {37B85A29-692B-4205-9CAD-2626E4993404} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Value: {37B85A29-692B-4205-9CAD-2626E4993404} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Value: {37B85A29-692B-4205-9CAD-2626E4993404} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Value: {37B85A29-692B-4205-9CAD-2626E4993404} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Value: {37B85A29-692B-4205-9CAD-2626E4993404} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Value: {37B85A29-692B-4205-9CAD-2626E4993404} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully. Zainfekowane informacje rejestru systemowego: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Zainfekowanych folderów: c:\WINDOWS\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\program files\myglobalsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. Zainfekowanych plików: c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\systemup.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\WINDOWS\services32.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\documents and settings\Martyna\ustawienia lokalne\Temp\9670171.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\2843010.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\1384285.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\49185025-loader2.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\plugins\NPMyGlSh.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\documents and settings\Martyna\ustawienia lokalne\Temp\icreinstall\flvplayersetup.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\109077.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\3751052.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\4511981.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\53010457.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\5567733.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\7893655.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\8105776.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\8148007.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\9747394.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\marioforever_toolbar_uninstaller_5781.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\1.bin\m9ffxtbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\1.bin\m9ntstbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\0004D667.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\0004D984.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\0005E5F2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\0005E96D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\0005EB71.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\00068724 (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\000813DF (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\00108A21 (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\00118EFE.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\00119577.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\0015B1A6 (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\0015B81E (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\0018BE98 (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\0050BCE2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\00B4766C (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\00F855BB.Q (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\00F86693.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\00F86C11.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\00F870F3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\0251E78D (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\History\Archive.rar (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.