Вирусы

Printable View

14.10.2008, 14:52
Dimochka

Вложений: 3

Вирусы

Извините, но когда я делал первый запрос, ошибся при выполнении одного из дейстивий. Видимо поэтому вирусы не выличились, ошибки остались. Я все проделал еще раз.
[ATTACH]84516[/ATTACH]

[ATTACH]84517[/ATTACH]

[ATTACH]84518[/ATTACH]
14.10.2008, 16:32
Bratez

Пофиксите в HijackThis:
[code]
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\services.exe,
O2 - BHO: (no name) - {38DFDADF-BA43-4C43-7890-ACAF12375911} - C:\WINDOWS\system32\config32\_0002\wizard.dll
O2 - BHO: (no name) - {38DFDADF-BA43-4C43-7890-ADE6777666BB} - C:\WINDOWS\system32\config32\updater.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Сергей\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [winlogon] C:\Documents and Settings\LocalService\svchost.exe (User 'SYSTEM')
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
[/code]
Выполните скрипт в AVZ:
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\cnbjmod.dll','');
QuarantineFile('C:\WINDOWS\system32\CDDBControliRive.dll','');
QuarantineFile('C:\Documents and Settings\Сергей\Cookies\yptxm.exe','');
QuarantineFile('C:\Documents and Settings\Сергей\Cookies\tejch.exe','');
QuarantineFile('C:\Documents and Settings\Сергей\Cookies\sruvp.exe','');
QuarantineFile('C:\Documents and Settings\Сергей\Cookies\rrwjn.exe','');
QuarantineFile('C:\Documents and Settings\Сергей\Cookies\qtobq.exe','');
QuarantineFile('C:\Documents and Settings\Сергей\Cookies\jfctx.exe','');
QuarantineFile('C:\Documents and Settings\Сергей\Cookies\hynkk.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Cookies\ttykd.exe','');
QuarantineFile('c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\clusap.dll','');
QuarantineFile('C:\WINDOWS\system32\config32\updater.dll','');
QuarantineFile('C:\WINDOWS\system32\drivers\services.exe','');
QuarantineFile('C:\Documents and Settings\Сергей\svchost.exe','');
QuarantineFile('C:\Documents and Settings\Сергей\Application Data\Adobe\Manager.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\svchost.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Adobe\Manager.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\ulm.sys','');
QuarantineFile('F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\PUUVOOSO.sys','');
QuarantineFile('C:\WINDOWS\system32\config32\_0002\wizard.dll','');
DeleteFile('C:\WINDOWS\system32\config32\_0002\wizard.dll');
DeleteFile('C:\WINDOWS\system32\drivers\PUUVOOSO.sys');
DeleteFile('F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015\svchost.exe');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Adobe\Manager.exe');
DeleteFile('C:\Documents and Settings\LocalService\svchost.exe');
DeleteFile('C:\Documents and Settings\Сергей\Application Data\Adobe\Manager.exe');
DeleteFile('C:\Documents and Settings\Сергей\svchost.exe');
DeleteFile('C:\WINDOWS\system32\blphc39rj0e3bp.scr');
DeleteFile('C:\WINDOWS\system32\drivers\services.exe');
DeleteFile('C:\WINDOWS\system32\config32\updater.dll');
DeleteFile('c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015\svchost.exe');
DeleteFile('C:\Documents and Settings\LocalService\Cookies\ttykd.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\hynkk.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\jfctx.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\qtobq.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\rrwjn.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\sruvp.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\tejch.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\yptxm.exe');
DeleteFile('C:\WINDOWS\system32\CDDBControliRive.dll');
DeleteFile('C:\WINDOWS\system32\clusap.dll');
DeleteFile('C:\WINDOWS\system32\cnbjmod.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/code]
Компьютер перезагрузится.
Пришлите карантин согласно приложению 2 правил
(загружать тут: [url]http://virusinfo.info/upload_virus.php?tid=32003[/url]).
Сделайте новые логи (только п.2 и 3 раздела Диагностика).
15.10.2008, 11:45
Dimochka

Вложений: 2

вы просили сделать новые логи

Прикерпляю логи

[ATTACH]84716[/ATTACH]

[ATTACH]84717[/ATTACH]
15.10.2008, 11:51
Dimochka

Вирусы остались

После перезагрузки системы нод32 пишет что на комьютере есть вирус Win32/Kryptik.Z троян
15.10.2008, 11:59
Гриша

[URL="http://virusinfo.info/showthread.php?t=4491"]Пофиксить[/URL]

[CODE]O2 - BHO: (no name) - {45004FDB-96A3-494D-B692-BD5D07637EDE} - C:\WINDOWS\system32\clusap.dll[/CODE]

[URL="http://virusinfo.info/showthread.php?t=7239"]AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
[/URL]

[CODE]begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Documents and Settings\Сергей\Application Data\Adobe\Manager.exe','');
DeleteService('Network Driver Interface');
QuarantineFile('F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015\svchost.exe','');
DeleteFile('F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015\svchost.exe');
DeleteFile('C:\WINDOWS\system32\blphc39rj0e3bp.scr');
DeleteFile('C:\WINDOWS\system32\drivers\services.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015\svchost.exe');
DelCLSID('{08B0E5C0-4FCB-11CF-AAX5-00401C608512}');
DeleteFile('c:\windows\system32\clusap.dll');
DelBHO('{45004FDB-96A3-494D-B692-BD5D07637EDE}');
BC_ImportALL;
ExecuteSysClean;
BC_DeleteSvc('Network Driver Interface');
BC_Activate;
ExecuteRepair(5 );
ExecuteRepair(6 );
RegKeyStrParamWrite('HKEY_USERS','.DEFAULT\Control Panel\Desktop','Wallpaper','');
RebootWindows(true);
end.[/CODE]

Пришлите карантин по правилам и повторите логи...
15.10.2008, 12:23
Dimochka

Вложений: 2

Такого кода не обнаружено

Не удалось профиксить код:
"O2 - BHO: (no name) - {45004FDB-96A3-494D-B692-BD5D07637EDE} - C:\WINDOWS\system32\clusap.dll" По причине отсутствия такогого в списке. В карантине ничего небыло.
Высылаю снова логи.

[ATTACH]84731[/ATTACH]

[ATTACH]84732[/ATTACH]
15.10.2008, 13:37
Гриша

Выполните полную проверку CureIT и повторите логи...
17.10.2008, 08:56
Dimochka

Вложений: 3

[ATTACH]85219[/ATTACH]

[ATTACH]85220[/ATTACH]

[ATTACH]85221[/ATTACH]
17.10.2008, 09:25
V_Bond

[URL="http://www.antirootkit.com/software/IceSword.htm"]скачайте [/URL] C:\WINDOWS\system32\drivers\PUUVOOSO.sys -force delete
выполните скрипт
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DelBHO('{BCE97A72-640B-4DED-923F-8196FC01F76B}');
DelBHO('{40A14385-4558-49C6-A781-0A79F98E3931}');
QuarantineFile('C:\WINDOWS\system32\cbXPgedD.dll','');
QuarantineFile('C:\WINDOWS\system32\drivers\services.exe','');
DeleteService('PUUVOOSO');
DeleteService('Network Driver Interface');
QuarantineFile('F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\PUUVOOSO.sys','');
QuarantineFile('C:\WINDOWS\system32\pmnnnkIA.dll','');
QuarantineFile('C:\WINDOWS\system32\mylsaqqh.dll','');
DeleteFile('C:\WINDOWS\system32\mylsaqqh.dll');
DeleteFile('C:\WINDOWS\system32\pmnnnkIA.dll');
DeleteFile('C:\WINDOWS\system32\drivers\PUUVOOSO.sys');
DeleteFile('F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015\svchost.exe');
DeleteFile('C:\WINDOWS\system32\blphc39rj0e3bp.scr');
DeleteFile('pmnnnkIA.dll');
DeleteFile('C:\WINDOWS\system32\drivers\services.exe');
DeleteFile('C:\WINDOWS\system32\cbXPgedD.dll');
DeleteFile('C:\Documents and Settings\LocalService\Cookies\ttykd.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\acmzg.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\asesf.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\bgfxt.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\cdoju.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\cqfmc.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\dcgly.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\equsf.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\esodk.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\frcrw.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\ghqba.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\gkdzz.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\gsgyv.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\gvakh.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\hynkk.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\ibcaf.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\jfctx.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\jpwyy.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\kbuyf.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\kccix.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\kgpop.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\kquku.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\kuhrz.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\mysyo.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\nbakv.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\nozce.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\oacpw.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\orbcl.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\otnln.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\pclqi.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\pvhlr.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\qduto.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\qkdkr.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\qtobq.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\rrwjn.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\sruvp.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\sviph.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\sxbyn.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\teapc.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\tejch.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\tmwxq.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\toqud.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\uhfwz.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\uiixs.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\ururx.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\utwqp.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\uxbrn.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\uxjtc.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\uzugt.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\vgrzp.exe');
DeleteFile('C:\Documents and Settings\Сергей\Cookies\vstxs.exe');
DeleteFileMask('%Tmp%', '*.*', true);
DeleteFileMask('C:\Documents and Settings\Сергей\Cookies\', '*.*', true);
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/code]
пришлите карантин согласно приложения 3 правил
повторите логи
17.10.2008, 10:20
Dimochka

Вложений: 2

Вирусы остались

Файл, который вы просили удалить я в списке не нашел...

[ATTACH]85248[/ATTACH]

[ATTACH]85249[/ATTACH]
17.10.2008, 10:33
V_Bond

выполните скрипт из поста 9 в safe mode ...
17.10.2008, 11:24
Dimochka

Вложений: 2

Вроде бы стало на много лучше, антивирус уже не ругается. Но возможно остались ошибки. Не могу помянять фон рабочего стала (синий цвет). Запустил сканер нод, обнаружил один вирус. Выкладываю логи

[ATTACH]85271[/ATTACH]

[ATTACH]85272[/ATTACH]
17.10.2008, 11:59
V_Bond

выполните скрипт
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('c:\windows\system32\clusap.dll ');
DelBHO('{BCE97A72-640B-4DED-923F-8196FC01F76B}');
DelBHO('{625E5A65-EEDB-4CC6-AA61-17C8C0D19E84}');
DeleteFile('pmnnnkIA.dll');
DeleteFile('C:\WINDOWS\system32\cbXPgedD.dll');
DeleteFile('C:\WINDOWS\system32\pmnnnkIA.dll');
BC_ImportDeletedList;
ExecuteRepair(6);
ExecuteRepair(5);
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/code]
повторите логи
22.02.2009, 08:39
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]2[/B][*]Обработано файлов: [B]81[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\\documents and settings\\localservice\\cookies\\ttykd.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\acmzg.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\asesf.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\bgfxt.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\cdoju.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\cqfmc.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\dcgly.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\dwkia.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\egokg.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\equsf.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\esodk.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\ezafr.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\frcrw.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\ghqba.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\gkdzz.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\gsgyv.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\gvakh.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\hynkk.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\ibcaf.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\jfctx.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\jpwyy.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\kbuyf.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\kccix.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\kgpop.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\kquku.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\kuhrz.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\mysyo.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\nbakv.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\nozce.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\oacpw.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\orbcl.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\otnln.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\pclqi.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\pvhlr.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\qduto.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\qkdkr.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\qtobq.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\rrwjn.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\sruvp.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\sviph.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\sxbyn.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\teapc.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\tejch.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\tmwxq.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\toqud.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\uhfwz.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\uiixs.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\ururx.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\utwqp.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\uxbrn.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\uxjtc.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\uzugt.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\vgrzp.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\vstxs.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\webis.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\wyybq.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\yibek.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\ymzok.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\yptxm.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\zbuks.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\zctpu.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\zoqvv.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\documents and settings\\сергей\\cookies\\zxeze.exe - [B]Trojan.Win32.Agent.agvi[/B] (DrWEB: BackDoor.Minirem.90)[*] c:\\windows\\system32\\bthc.dll - [B]Trojan.Win32.BHO.hbz[/B] (DrWEB: Trojan.DownLoad.7649)[*] c:\\windows\\system32\\cddbcontrolirive.dll - [B]Trojan.Win32.BHO.hbz[/B] (DrWEB: Trojan.DownLoad.7649)[*] c:\\windows\\system32\\clusap.dll - [B]Trojan.Win32.BHO.hbz[/B] (DrWEB: Trojan.DownLoad.7649)[*] c:\\windows\\system32\\cnbjmod.dll - [B]Trojan.Win32.BHO.hbz[/B] (DrWEB: Trojan.DownLoad.7649)[*] c:\\windows\\system32\\mylsaqqh.dll - [B]Trojan.Win32.Monder.uhn[/B] (DrWEB: Trojan.Virtumod.569)[/LIST][/LIST]