Logi z malwersa:
(szybki skan)
Malwarebytes’ Anti-Malware 1.35
Wersja bazy definicji: 1937
Windows 5.1.2600 Dodatek Service Pack 2
2009-04-03 16:45:44
mbam-log-2009-04-03 (16-45-44).txt
Typ skanowania: Szybkie skanowanie
Przeskanowane obiekty: 87494
Upłynęło: 10 minute(s), 47 second(s)
Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 12
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 2
Zainfekowane foldery: 0
Zainfekowane pliki: 8
Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)
Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)
Zainfekowane klucze rejestru:
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.
Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)
Zainfekowane pliki rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
Zainfekowane foldery:
(Nie wykryto groźnych plików)
Zainfekowane pliki:
C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ksi32sk.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN1.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN6.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN8.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BNE.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michał\Ustawienia lokalne\Temp\ie3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
(pełny skan)
Malwarebytes’ Anti-Malware 1.35
Wersja bazy definicji: 1937
Windows 5.1.2600 Dodatek Service Pack 2
2009-04-03 18:52:04
mbam-log-2009-04-03 (18-52-04).txt
Typ skanowania: Pełne skanowanie (C:|D:|G:|)
Przeskanowane obiekty: 285360
Upłynęło: 2 hour(s), 0 minute(s), 54 second(s)
Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 1
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 2
Zainfekowane foldery: 0
Zainfekowane pliki: 4
Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)
Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)
Zainfekowane klucze rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> Quarantined and deleted successfully.
Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)
Zainfekowane pliki rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
Zainfekowane foldery:
(Nie wykryto groźnych plików)
Zainfekowane pliki:
C:\Qoobox\Quarantine\C\Documents and Settings\Michał\Michał.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\crypts.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv261238422083.exe (Trojan.Agent) -> Quarantined and deleted successfully.