Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Версия базы данных: 5772 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 16.02.2011 16:54:59 mbam-log-2011-02-16 (16-54-59).txt Тип сканирования: Полное сканирование (C:\|F:\|) Просканированные объекты: 217606 Времени прошло: 19 минут, 18 секунд Заражённые процессы в памяти: 3 Заражённые модули в памяти: 0 Заражённые ключи в реестре: 0 Заражённые параметры в реестре: 6 Объекты реестра заражены: 2 Заражённые папки: 2 Заражённые файлы: 30 Заражённые процессы в памяти: c:\documents and settings\администратор\serv.exe (Trojan.Downloader) -> 1356 -> Unloaded process successfully. c:\documents and settings\администратор\serv.exe (Trojan.Downloader) -> 848 -> Unloaded process successfully. c:\WINDOWS\ggdrive32.exe (Worm.Palevo) -> 2604 -> Unloaded process successfully. Заражённые модули в памяти: (Вредоносных программ не обнаружено) Заражённые ключи в реестре: (Вредоносных программ не обнаружено) Заражённые параметры в реестре: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced HTTPL Enable (Trojan.Downloader) -> Value: Advanced HTTPL Enable -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup (Worm.Palevo) -> Value: Microsoft Driver Setup -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Worm.Palevo) -> Value: Microsoft Driver Setup -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Tnaww (Spyware.Passwords.XGen) -> Value: Tnaww -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.Palevo) -> Value: Shell -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Worm.Palevo) -> Value: Taskman -> Delete on reboot. Объекты реестра заражены: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Autorun) -> Bad: (c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe) Good: () -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. Заражённые папки: c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413 (Worm.AutoRun) -> Quarantined and deleted successfully. c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) -> Delete on reboot. Заражённые файлы: c:\documents and settings\администратор\serv.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\ggdrive32.exe (Worm.Palevo) -> Quarantined and deleted successfully. c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe (Trojan.Autorun) -> Delete on reboot. c:\xdx.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\APIZS6VA\udv[1].exe (Trojan.Autorun) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\WA3OMWAV\tzlbxb[1].bmp (Extension.Mismatch) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\X3WPG3S3\q96[1].exe (Worm.Palevo) -> Quarantined and deleted successfully. c:\documents and settings\администратор\dq.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\documents and settings\администратор\ms.exe (Worm.Palevo) -> Quarantined and deleted successfully. c:\documents and settings\администратор\local settings\temporary internet files\Content.IE5\50GQZ32Q\udv[1].exe (Trojan.Autorun) -> Quarantined and deleted successfully. c:\documents and settings\администратор\local settings\temporary internet files\Content.IE5\50GQZ32Q\udv[2].exe (Worm.Palevo) -> Quarantined and deleted successfully. c:\documents and settings\администратор\local settings\temporary internet files\Content.IE5\K860WQDQ\udv[1].exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully. c:\documents and settings\администратор\local settings\temporary internet files\Content.IE5\K860WQDQ\dq[1].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\documents and settings\администратор\local settings\temporary internet files\Content.IE5\K860WQDQ\ms[1].exe (Worm.Palevo) -> Quarantined and deleted successfully. c:\documents and settings\администратор\local settings\temporary internet files\Content.IE5\YPN6N1D0\serv8[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\system volume information\_restore{cf8fe3f1-0443-4832-8a8d-469fb45262d4}\RP1\A0000004.exe (Trojan.Autorun) -> Quarantined and deleted successfully. c:\system volume information\_restore{cf8fe3f1-0443-4832-8a8d-469fb45262d4}\RP2\A0000027.exe (Worm.Palevo) -> Quarantined and deleted successfully. c:\system volume information\_restore{cf8fe3f1-0443-4832-8a8d-469fb45262d4}\RP2\A0000042.exe (Worm.Palevo) -> Quarantined and deleted successfully. c:\system volume information\_restore{cf8fe3f1-0443-4832-8a8d-469fb45262d4}\RP2\A0000043.exe (Worm.Palevo) -> Quarantined and deleted successfully. c:\system volume information\_restore{cf8fe3f1-0443-4832-8a8d-469fb45262d4}\RP2\A0000044.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\system volume information\_restore{cf8fe3f1-0443-4832-8a8d-469fb45262d4}\RP2\A0000046.exe (Worm.Palevo) -> Quarantined and deleted successfully. c:\WINDOWS\system32\74.exe (Worm.Palevo) -> Quarantined and deleted successfully. c:\WINDOWS\system32\wsdazavh.dll (Worm.Conficker) -> Delete on reboot. f:\dmailersync_v9_0_16292.exe (Malware.PGen) -> Quarantined and deleted successfully. f:\system volume information\_restore{c9e0e5b0-6f7f-452f-979f-d4f8fa6f4930}\RP86\A0114124.dll (Malware.Packer.T) -> Quarantined and deleted successfully. f:\system volume information\_restore{c9e0e5b0-6f7f-452f-979f-d4f8fa6f4930}\RP86\A0114189.dll (Spyware.Banker) -> Quarantined and deleted successfully. f:\system volume information\_restore{3ad0915f-74ab-4aa6-b29a-c007820be225}\RP1\A0003220.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully. c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Worm.AutoRun.Gen) -> Quarantined and deleted successfully.