fb vir
Napsal: 28 črc 2011 18:18
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verze databáze: 7035
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
28.7.2011 19:04:09
mbam-log-2011-07-28 (19-04-09).txt
Typ: Rychlá kontrola
Kontrolované objekty: 167957
Uplynulý čas: 8 minut, 57 sekund
Infikované procesy v paměti: 18
Infikované moduly v paměti: 0
Infikované klíče v registru: 6
Infikované hodnoty v registru: 7
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 21
Infikované procesy v paměti:
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 1428 -> Unloaded process successfully.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 3732 -> Unloaded process successfully.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 5496 -> Unloaded process successfully.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> 3512 -> Unloaded process successfully.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> 5524 -> Unloaded process successfully.
c:\Windows\systemup.exe (Trojan.Agent) -> 2132 -> Unloaded process successfully.
c:\Windows\systemup.exe (Trojan.Agent) -> 5676 -> Unloaded process successfully.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> 2324 -> Unloaded process successfully.
c:\Windows\update.tray-8-0-lnk\svchost.exe (Trojan.Dropper) -> 1104 -> Unloaded process successfully.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 3780 -> Unloaded process successfully.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 5668 -> Unloaded process successfully.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 464 -> Unloaded process successfully.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 3772 -> Unloaded process successfully.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 5576 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 1848 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2584 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1820 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1868 -> Unloaded process successfully.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\systemup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-8-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\notes\AppData\Local\Temp\2277041.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\224324.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\2605843.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\5472785.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\5583770.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\7532544.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\notes\downloads\potrestanie.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
c:\Users\Verča\downloads\flash-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\130393860.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\621064698.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
www.malwarebytes.org
Verze databáze: 7035
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
28.7.2011 19:04:09
mbam-log-2011-07-28 (19-04-09).txt
Typ: Rychlá kontrola
Kontrolované objekty: 167957
Uplynulý čas: 8 minut, 57 sekund
Infikované procesy v paměti: 18
Infikované moduly v paměti: 0
Infikované klíče v registru: 6
Infikované hodnoty v registru: 7
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 21
Infikované procesy v paměti:
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 1428 -> Unloaded process successfully.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 3732 -> Unloaded process successfully.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 5496 -> Unloaded process successfully.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> 3512 -> Unloaded process successfully.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> 5524 -> Unloaded process successfully.
c:\Windows\systemup.exe (Trojan.Agent) -> 2132 -> Unloaded process successfully.
c:\Windows\systemup.exe (Trojan.Agent) -> 5676 -> Unloaded process successfully.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> 2324 -> Unloaded process successfully.
c:\Windows\update.tray-8-0-lnk\svchost.exe (Trojan.Dropper) -> 1104 -> Unloaded process successfully.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 3780 -> Unloaded process successfully.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 5668 -> Unloaded process successfully.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 464 -> Unloaded process successfully.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 3772 -> Unloaded process successfully.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 5576 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 1848 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2584 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1820 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1868 -> Unloaded process successfully.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\systemup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-8-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\notes\AppData\Local\Temp\2277041.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\224324.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\2605843.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\5472785.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\5583770.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\7532544.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\notes\downloads\potrestanie.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
c:\Users\Verča\downloads\flash-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\130393860.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\621064698.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.