Помогите побороть aadrive32.exe

Printable View

11.09.2011, 13:24
GVS

Вложений: 3

Помогите побороть aadrive32.exe

Не могу справиться с этим вирусом, очень живучий, антивирусы не берут, даже формат винта не помог. Вся надежда на вас... Вот логи:
11.09.2011, 13:25
Info_bot

Уважаемый(ая) [B]GVS[/B], спасибо за обращение на наш форум!

Помощь при заражении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос.

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
11.09.2011, 13:35
Шапельский Александр

Выполните скрипт в AVZ (AVZ, Меню Файл\Выполнить скрипт. [URL="http://virusinfo.info/showthread.php?t=7239"]Подробнее...[/URL]):
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\windows\system32\smsc.exe');
TerminateProcessByName('c:\documents and settings\admin\application data\d4.tmp');
TerminateProcessByName('c:\docume~1\admin\locals~1\temp\ctfmon.exe');
TerminateProcessByName('c:\windows\aadrive32.exe');
SetServiceStart('PrtSmanm', 4);
StopService('PrtSmanm');
QuarantineFile('C:\WINDOWS\system32\16.exe','');
QuarantineFile('C:\WINDOWS\system32\02.exe','');
QuarantineFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7888\ldw08.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3487\s523ll5pu6s1.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0953\klmqm122y.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Sscecw.exe','');
QuarantineFile('C:\DOCUME~1\Admin\LOCALS~1\Temp\msmgr.exe','');
QuarantineFile('c:\windows\system32\smsc.exe','');
QuarantineFile('c:\documents and settings\admin\application data\d4.tmp','');
QuarantineFile('c:\docume~1\admin\locals~1\temp\ctfmon.exe','');
QuarantineFile('c:\windows\aadrive32.exe','');
DeleteFile('c:\documents and settings\admin\application data\d4.tmp');
Deletefilemask('c:\documents and settings\admin\application data','*.tmp',true);
DeleteFile('c:\windows\system32\smsc.exe');
DeleteFile('C:\DOCUME~1\Admin\LOCALS~1\Temp\ctfmon.exe');
DeleteFile('C:\DOCUME~1\Admin\LOCALS~1\Temp\msmgr.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Sscecw.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0953\klmqm122y.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3487\s523ll5pu6s1.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7888\ldw08.exe');
DeleteFile('C:\WINDOWS\aadrive32.exe');
DeleteFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe');
Deletefilemask('c:\RECYCLER','*.*',true);
DeleteFile('C:\WINDOWS\system32\02.exe');
DeleteFile('C:\WINDOWS\system32\16.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','msmgr');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Sscecw');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','klmq122y');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Tnaww');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','zaber0');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','s523ll5pu6s1');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ldw88');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Driver Setup');
DeleteService('PrtSmanm');
DeleteService('ittsvoatqymb');
BC_ImportAll;
ExecuteSysClean;
RegKeyParamDel('HKEY_LOCAL_MACHINE',' Software\Microsoft\Windows NT\CurrentVersion\Winlogon',' Taskman');
Executerepair(11);
RegKeyIntParamWrite('HKLM', 'SYSTEM\CurrentControlSet\Control', 'WaitToKillServiceTimeout', '20000');
BC_Activate;
ExecuteWizard('TSW',2,3,true);
RebootWindows(true);
end.
[/code]
После выполнения скрипта компьютер перезагрузится.
закачайте карантин по ссылке [B][COLOR=Red]Прислать запрошенный карантин[/COLOR][/B] в шапке Вашей темы (Приложение 3 правил).
Повторите действия, описанные в п. 1 - 3 Диагностики и новые логи прикрепите к новому сообщению.

Сделайте лог [URL="http://virusinfo.info/showpost.php?p=457118&postcount=1"] полного сканирования МВАМ[/URL]
11.09.2011, 14:21
GVS

Вложений: 4

карантин выслал...
11.09.2011, 15:27
миднайт

В AVZ выполните скрипт:

[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('c:\documents and settings\Admin\ngh.exe', 'MBAM: Trojan.Inject');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\13.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\1c.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\83.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\e.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\2c.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\34.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\41.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\44.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\8d.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\1d.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\38.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\3c.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\7a.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\7c.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\80.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\5c.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\60.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\a3.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\c2.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\50.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\19.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\6c.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\97.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\f.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\58.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\ca.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\ce.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\Temp\d3.tmp.exe', 'MBAM: Trojan.Agent');
QuarantineFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\0CV4YER0\nga[1].exe', 'MBAM: Backdoor.Bot');
QuarantineFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\0CV4YER0\ngv[1].exe', 'MBAM: Trojan.Inject');
QuarantineFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\0CV4YER0\ngv[2].exe', 'MBAM: Trojan.Inject');
QuarantineFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\6785A0V0\ngg[1].exe', 'MBAM: Backdoor.Bot');
QuarantineFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\6785A0V0\ngo[1].exe', 'MBAM: Backdoor.Bot');
QuarantineFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\LOK3IUTK\dqs[1].exe', 'MBAM: Backdoor.Bot');
QuarantineFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\LOK3IUTK\ngc[1].exe', 'MBAM: Backdoor.Bot');
QuarantineFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\LOK3IUTK\ngp[1].exe', 'MBAM: Backdoor.Bot');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\8PONEL78\a[1].exe', 'MBAM: Backdoor.Bot');
QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\LG5XENRM\k[1].exe', 'MBAM: Spyware.BlackShadesNET');
QuarantineFile('c:\WINDOWS\innounp.exe', 'MBAM: Malware.Packer.Gen');
QuarantineFile('e:\RECYCLER\e5188982.exe', 'MBAM: Spyware.BlackShadesNET');
QuarantineFile('e:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe', 'MBAM: Backdoor.Bot');
QuarantineFile('c:\WINDOWS\system32\drivers\str.sys', 'MBAM: Rootkit.Agent');
DeleteFile('c:\documents and settings\Admin\ngh.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\13.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\1c.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\83.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\e.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\2c.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\34.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\41.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\44.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\8d.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\1d.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\38.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\3c.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\7a.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\7c.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\80.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\5c.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\60.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\a3.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\c2.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\50.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\19.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\6c.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\97.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\f.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\58.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\ca.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\ce.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\Temp\d3.tmp.exe');
DeleteFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\0CV4YER0\nga[1].exe');
DeleteFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\0CV4YER0\ngv[1].exe');
DeleteFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\0CV4YER0\ngv[2].exe');
DeleteFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\6785A0V0\ngg[1].exe');
DeleteFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\6785A0V0\ngo[1].exe');
DeleteFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\LOK3IUTK\dqs[1].exe');
DeleteFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\LOK3IUTK\ngc[1].exe');
DeleteFile('c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\LOK3IUTK\ngp[1].exe');
DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\8PONEL78\a[1].exe');
DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\LG5XENRM\k[1].exe');
DeleteFileMask('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5', '*.*', true);
DeleteFile('e:\RECYCLER\e5188982.exe');
DeleteFile('e:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe');
DeleteFile('E:\autorun.inf');
DeleteFile('E:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe');
ExecuteWizard('TSW',2,2,true);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/code]

После перезагрузки

[code]
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
[/code]

Пришлите карантин [b]quarantine.zip[/b] по красной ссылке [B][COLOR="Red"][U]Прислать запрошенный карантин[/U][/COLOR][/B] вверху темы.

Пролечитесь [url]http://support.kaspersky.ru/faq/?qid=208639606[/url]
Лог утилиты предоставьте.
Повторите логи avz + mbam
11.09.2011, 16:06
GVS

Вложений: 4

ага, готово, карантин тоже выслал
11.09.2011, 16:31
миднайт

Зловредов у Вас мы наловили вагон и тележку.
Удалите в mbam

[CODE]Зараженные папки:
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) -> No action taken.[/CODE]

[url=http://virusinfo.info/showthread.php?t=7239]Выполните в AVZ скрипт[/url] из файла [URL=http://dataforce.ru/~kad/ScanVuln.txt]ScanVuln.txt[/URL] откройте файл avz_log.txt из под-папки log.
Пройдитесь по ссылкам из файла avz_log.txt и установите обновления. (Обратите внимание, при установке сервис паков, обновлении ОС, может потребоваться повторная активация Windows)
Перезагрузите компьютер.
Повторите выполнение скрипта, чтобы убедиться, что уязвимости устранены.
Что с проблемами теперь?
11.09.2011, 17:04
GVS

Спасибо огромное, вроде всё)) Не первый раз меня выручаете, эту хню подцепил через чужую флешку, распространил на 3 своих компа, этот был самым первым, на тех быстро вылечил, а этим не пользовался долго, вот он и разросся... Ща разберусь с киппером закину помощь сайту, спасибо ещё раз!
12.09.2011, 17:04
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]3[/B][*]Обработано файлов: [B]172[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\\documents and settings\\admin\\application data\\d4.tmp - [B]Packed.Win32.TDSS.c[/B] ( DrWEB: Trojan.Inject.56069, BitDefender: Trojan.Generic.KDV.350373, NOD32: Win32/SpamTool.Tedroo.AR trojan, AVAST4: Win32:Dropper-gen [Drp] )[*] c:\\documents and settings\\admin\\application data\\sscecw.exe - [B]Worm.Win32.Ngrbot.bzm[/B] ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Worm.Generic.347033, NOD32: Win32/Dorkbot.A worm, AVAST4: Win32:Flooder-HQ [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\a3.tmp.exe - [B]Trojan.Win32.Yakes.ckt[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.351248, AVAST4: Win32:Downloader-KDI [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\ca.tmp.exe - [B]Trojan.Win32.FraudST.ast[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.6650974, AVAST4: Win32:Kryptik-ESL [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\ce.tmp.exe - [B]Trojan.Win32.FraudST.ast[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.6650974, AVAST4: Win32:Kryptik-ESL [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\c2.tmp.exe - [B]Trojan.Win32.Yakes.ckt[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.351248, AVAST4: Win32:Downloader-KDI [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\d3.tmp.exe - [B]Trojan.Win32.FraudST.ast[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.6650974, AVAST4: Win32:Kryptik-ESL [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\e.tmp.exe - [B]Trojan.Win32.Yakes.ccx[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Gen:Variant.Kazy.35502, AVAST4: Win32:Kryptik-ELP [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\f.tmp.exe - [B]Trojan.Win32.Yakes.ccx[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Gen:Variant.Kazy.35502, AVAST4: Win32:Kryptik-ELP [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temporary internet files\\content.ie5\\lok3iutk\\dqs[1].exe - [B]Packed.Win32.TDSS.c[/B] ( DrWEB: Trojan.Inject.57546, BitDefender: Trojan.Generic.KDV.347794, NOD32: Win32/Dorkbot.A worm, AVAST4: Win32:Trojan-gen )[*] c:\\documents and settings\\admin\\local settings\\temporary internet files\\content.ie5\\lok3iutk\\ngc[1].exe - [B]Packed.Win32.TDSS.c[/B] ( DrWEB: Trojan.Inject.57546, BitDefender: Trojan.Generic.KDV.347783, NOD32: Win32/Dorkbot.A worm, AVAST4: Win32:Trojan-gen )[*] c:\\documents and settings\\admin\\local settings\\temporary internet files\\content.ie5\\lok3iutk\\ngp[1].exe - [B]Packed.Win32.TDSS.c[/B] ( DrWEB: Trojan.Inject.56069, BitDefender: Trojan.Generic.KDV.350373, AVAST4: Win32:Dropper-gen [Drp] )[*] c:\\documents and settings\\admin\\local settings\\temporary internet files\\content.ie5\\0cv4yer0\\nga[1].exe - [B]Packed.Win32.TDSS.c[/B] ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.KDV.346780, NOD32: Win32/Dorkbot.A worm, AVAST4: Win32:Alureon-AJU [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temporary internet files\\content.ie5\\0cv4yer0\\ngv[1].exe - [B]Backdoor.Win32.Ruskill.dlc[/B] ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.KDV.346147, NOD32: Win32/Dorkbot.A worm, AVAST4: Win32:Dropper-gen [Drp] )[*] c:\\documents and settings\\admin\\local settings\\temporary internet files\\content.ie5\\0cv4yer0\\ngv[2].exe - [B]Backdoor.Win32.Ruskill.dlc[/B] ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.KDV.346147, NOD32: Win32/Dorkbot.A worm, AVAST4: Win32:Dropper-gen [Drp] )[*] c:\\documents and settings\\admin\\local settings\\temporary internet files\\content.ie5\\6785a0v0\\ngg[1].exe - [B]Packed.Win32.TDSS.c[/B] ( DrWEB: Trojan.Inject.56069, BitDefender: Trojan.Generic.KDV.350373, NOD32: Win32/Dorkbot.A worm, AVAST4: Win32:Dropper-gen [Drp] )[*] c:\\documents and settings\\admin\\local settings\\temporary internet files\\content.ie5\\6785a0v0\\ngo[1].exe - [B]Packed.Win32.TDSS.c[/B] ( DrWEB: Trojan.Inject.56069, BitDefender: Trojan.Generic.KDV.350373, NOD32: Win32/Dorkbot.A worm, AVAST4: Win32:Dropper-gen [Drp] )[*] c:\\documents and settings\\admin\\local settings\\temp\\1c.tmp.exe - [B]Trojan.Win32.Yakes.cgk[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.340367, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KAO [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\1d.tmp.exe - [B]Trojan.Win32.Yakes.cgk[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.340367, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KAO [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\13.tmp.exe - [B]Trojan.Win32.Yakes.ccx[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Gen:Variant.Kazy.35502, AVAST4: Win32:Kryptik-ELP [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\19.tmp.exe - [B]Trojan.Win32.Yakes.cgk[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.340367, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KAO [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\2c.tmp.exe - [B]Trojan.Win32.Yakes.cgk[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.340367, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KAO [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\3c.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\34.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\38.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\41.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\44.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\5c.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\50.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\58.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\6c.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\60.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\7a.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\7c.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\8d.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\80.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\83.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\local settings\\temp\\97.tmp.exe - [B]Trojan.Win32.Yakes.cik[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KD.342911, NOD32: Win32/Rootkit.BlackEnergy.AC trojan, AVAST4: Win32:Downloader-KBV [Trj] )[*] c:\\documents and settings\\admin\\ngh.exe - [B]Trojan.Win32.Midgare.azpm[/B] ( DrWEB: Trojan.Inject1.99, BitDefender: Trojan.Generic.7315904, NOD32: Win32/Dorkbot.A worm, AVAST4: Win32:Dropper-gen [Drp] )[*] c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\lg5xenrm\\k[1].exe - [B]Backdoor.Win32.Ruskill.cxr[/B] ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.339262, NOD32: Win32/AutoRun.AFQ worm, AVAST4: Win32:Flooder-HQ [Trj] )[*] c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\8ponel78\\a[1].exe - [B]Packed.Win32.TDSS.c[/B] ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.KDV.346786, AVAST4: Win32:Alureon-AJT [Trj] )[*] c:\\docume~1\\admin\\locals~1\\temp\\ctfmon.exe - [B]Trojan.Win32.Yakes.ckt[/B] ( DrWEB: BackDoor.BlackEnergy.1, BitDefender: Trojan.Generic.KDV.592319, AVAST4: Win32:Downloader-KDI [Trj] )[*] c:\\docume~1\\admin\\locals~1\\temp\\msmgr.exe - [B]Trojan.Win32.VBKrypt.fvub[/B] ( DrWEB: Trojan.VbCrypt.23, BitDefender: Trojan.Generic.KD.339197, NOD32: IRC/SdBot trojan, AVAST4: Win32:IRCBot-DYR [Trj] )[*] c:\\recycler\\r-1-5-21-1482476501-1644491937-682003330-1013\\ecleaner.exe - [B]Packed.Win32.TDSS.c[/B] ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.KDV.346786, AVAST4: Win32:Alureon-AJT [Trj] )[*] c:\\recycler\\s-1-5-21-0243556031-888888379-781863308-0953\\klmqm122y.exe - [B]Trojan.Win32.Inject.bjak[/B] ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6783785, AVAST4: Win32:Kolab-JO [Trj] )[*] c:\\recycler\\s-1-5-21-0243556031-888888379-781863308-1413\\syitm.exe - [B]Trojan.Win32.VBKrypt.ghlr[/B] ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Trojan.Generic.6793890, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Dropper-IFX [Drp] )[*] c:\\recycler\\s-1-5-21-0243556031-888888379-781863308-1830\\zaberg.exe - [B]Trojan.Win32.VBKrypt.ghll[/B] ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Trojan.Generic.6793890, AVAST4: Win32:Dropper-IFX [Drp] )[*] c:\\recycler\\s-1-5-21-0243556031-888888379-781863308-3487\\s523ll5pu6s1.exe - [B]Trojan.Win32.Inject.bjak[/B] ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6783785, AVAST4: Win32:Kolab-JO [Trj] )[*] c:\\recycler\\s-1-5-21-0243556031-888888379-781863308-7888\\ldw08.exe - [B]Trojan.Win32.Jorik.Lethic.q[/B] ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.6630076, AVAST4: Win32:Kolab-JO [Trj] )[*] c:\\windows\\aadrive32.exe - [B]Trojan.Win32.VBKrypt.ghlm[/B] ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Trojan.Generic.6702605, NOD32: IRC/SdBot trojan, AVAST4: Win32:Dropper-IFX [Drp] )[*] c:\\windows\\system32\\smsc.exe - [B]Net-Worm.Win32.Kolab.anen[/B] ( DrWEB: BackDoor.IRC.Sdbot.15765, BitDefender: Trojan.Generic.6522059, AVAST4: Win32:AutoRun-CUD [Trj] )[*] c:\\windows\\system32\\02.exe - [B]Backdoor.Win32.Ruskill.cxr[/B] ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.339262, NOD32: Win32/AutoRun.AFQ worm, AVAST4: Win32:Flooder-HQ [Trj] )[*] c:\\windows\\system32\\16.exe - [B]Packed.Win32.TDSS.c[/B] ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.KDV.346786, AVAST4: Win32:Alureon-AJT [Trj] )[*] e:\\recycler\\e5188982.exe - [B]Worm.Win32.Ngrbot.bzm[/B] ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Worm.Generic.347033, NOD32: Win32/Dorkbot.A worm, AVAST4: Win32:Flooder-HQ [Trj] )[*] e:\\recycler\\r-1-5-21-1482476501-1644491937-682003330-1013\\ecleaner.exe - [B]Packed.Win32.TDSS.c[/B] ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.KDV.346786, AVAST4: Win32:Alureon-AJT [Trj] )[/LIST][/LIST]