Witam, dzisiaj kiedy oglądałem na youtube recenzje kompani braci (goldenboxa.pl) nagle zablokowała się myszka i klawiatura i wyskoczył jakiś gif.. musiałem restartować komputer aby odzyskać sterowanie. Zrobiłem skan antywirusem Malwarebytes' Anti-Malware.
tutaj jest plik log, chciałbym widzieć, czy mi coś grozi, antywirusa którego używam nazywa się a-squared Anti-Malware. oto plik:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Wersja bazy: 4052
Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 6.0.2900.5512
2010-06-18 22:18:08
mbam-log-2010-06-18 (22-18-08).txt
Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)
Przeskanowano obiektów: 299764
Upłynęło: 49 minut(y), 57 sekund(y)
Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 1
Zainfekowanych wartości rejestru: 4
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 55
Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych kluczy rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{iyv1wju1-r63i-8ck4-1b21-rljj6113bpcu} (Generic.Bot.H) -> Quarantined and deleted successfully.
Zainfekowanych wartości rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.Bot) -> Quarantined and deleted successfully.
Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)
Zainfekowanych folderów:
(Nie znaleziono zagrożeń)
Zainfekowanych plików:
C:\WINDOWS\system32\Winlog\Winlogon.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\usero\Ustawienia lokalne\Temp\1.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\usero\Ustawienia lokalne\Temp\Crypted.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP124\A0117596.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP124\A0118785.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP124\A0119249.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP124\A0119922.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP124\A0119984.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP127\A0120915.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP127\A0121009.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP127\A0121829.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP127\A0122719.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP127\A0123689.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP128\A0124953.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP128\A0125113.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP128\A0126024.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP129\A0126868.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP129\A0128052.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP129\A0128961.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP130\A0129798.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP130\A0130631.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP130\A0131307.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP130\A0132081.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP130\A0132164.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP131\A0133016.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP132\A0133924.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP132\A0134925.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP132\A0135786.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Cookie\Cookie.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\isliju.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
E:\Crysis\#readme#\Crysis_keygen_keychanger\rzr-crys_keygen.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP124\A0117997.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP124\A0118866.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP124\A0119325.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP124\A0120077.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP127\A0121084.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP127\A0121918.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP127\A0122892.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP127\A0123806.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP128\A0125004.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP128\A0125231.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP128\A0126079.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP129\A0126965.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP129\A0128144.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP130\A0129052.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP130\A0129888.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP130\A0130734.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP130\A0131411.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP130\A0132242.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP131\A0133119.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{0E22BEF8-84B9-4518-8A4D-1AF27E6989B4}\RP132\A0135021.exe (Backdoor.Graybird) -> Quarantined and deleted successfully.
C:\Documents and Settings\usero\Ustawienia lokalne\Temp\IELOGIN.abc (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\usero\Dane aplikacji\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\usero\Ustawienia lokalne\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.
Z góry dziękuje.
EDIT: Bym zapomniał, to chyba 3 dziwna rzecz dzisiaj, 2 pozostałe:
nagle wyłączenie opery i masa errorów przy niej
nagłe wylogowanie.
C:\Documents and Settings\usero\Dane aplikacji\Winlog\Winlogon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
[ Dodano: 2010-06-27, 18:22 ]
nikt nie wie/nie interesuje się?
Dzieją się dziwne rzeczy..
Rozpoczęty przez forumHelper5, 18 cze 2010 21:31
Brak odpowiedzi do tego tematu
Użytkownicy przeglądający ten temat: 2
0 użytkowników, 2 gości, 0 anonimowych