Посмотрите, пожалуйста

Printable View

15.08.2009, 14:39
RaYKeX

Вложений: 3

Посмотрите, пожалуйста

Найдено много вирусов, троянов, червяков и не устанавливается Symantec Antivirus 10.0.1.1000 Corporate. Логи прилагаются.
15.08.2009, 15:07
Bratez

Уфф, еле осилил... Знатный зверинец! ;)

[b]Отключите восстановление системы![/b]
Пофиксите в HijackThis:
[code]
O2 - BHO: (no name) - {dfbeb35b-444d-4f25-8d7d-eb2683c206ec} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Regedit32] C:\windows\system32\regedit.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\windows\system32\Isass.exe
O4 - HKLM\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Policies\Explorer\Run: [ming9bstart] C:\windows\system\ming9b090423.exe
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
[/code]
Выполните скрипт в AVZ:
[code]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\windows\system\ming9b090423.exe','');
QuarantineFile('C:\windows\system32\regedit.exe','');
QuarantineFile('C:\windows\system32\08223B03.dll','');
QuarantineFile('C:\WINDOWS\system32\userinit.exe','');
QuarantineFile('C:\WINDOWS\services.exe','');
QuarantineFile('C:\WINDOWS\system32\wtesk.exe','');
QuarantineFile('C:\WINDOWS\system32\jbqhic.exe','');
QuarantineFile('C:\WINDOWS\system32\i\J002.exe','');
QuarantineFile('C:\WINDOWS\system32\S3DR5EKF7Z\J001.exe','');
QuarantineFile('C:\WINDOWS\system32\i\J001.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\62.exe','');
QuarantineFile('C:\WINDOWS\system32\kstesk.exe','');
QuarantineFile('C:\WINDOWS\system32\i\I001.exe','');
QuarantineFile('C:\WINDOWS\system32\C3TIMHZX2P\J002.exe','');
QuarantineFile('C:\WINDOWS\clfdle.exe','');
QuarantineFile('C:\WINDOWS\system32\bstesk.exe','');
QuarantineFile('C:\WINDOWS\system32\6QYME7T991\J001.exe','');
QuarantineFile('C:\windows\UtilG15.exe','');
QuarantineFile('C:\windows\system32\drivers\WmiSvc.sys','');
QuarantineFile('C:\windows\system32\Drivers\Ntfs.sys','');
QuarantineFile('C:\windows\TEMP\tmp.tmp','');
QuarantineFile('C:\windows\system32\z5WRXqHagksJxWt.dll','');
QuarantineFile('C:\windows\system32\Y4npJWJNr.dll','');
QuarantineFile('C:\windows\system32\WcCtgJ4zcxHF.dll','');
QuarantineFile('C:\windows\system32\w7uds3zyayg9.dll','');
QuarantineFile('C:\windows\system32\Va7SpUWgCA5f.dll','');
QuarantineFile('c:\windows\system32\uffpvkupjdk.dll','');
QuarantineFile('C:\windows\system32\SCEVFJRCmaB7.dll','');
QuarantineFile('C:\windows\system32\rfpz9wwyy2np.dll','');
QuarantineFile('C:\windows\system32\Qh6xX7VN48sVPnK.dll','');
QuarantineFile('C:\windows\system32\Q9q2MHJ3uTBErM7wc.dll','');
QuarantineFile('C:\windows\system32\ndxq9awMc.dll','');
QuarantineFile('c:\windows\system32\mspmsnsv.dll','');
QuarantineFile('C:\windows\system32\mFr9FPruEFZ9VNdrveJunw3.dll','');
QuarantineFile('C:\windows\system32\jY8sGUnWqbZb3x2BPhY.dll','');
QuarantineFile('C:\windows\system32\JBn2ypqY23vWX.dll','');
QuarantineFile('C:\windows\system32\Isass.exe','');
QuarantineFile('C:\windows\system32\GU6f5sW42mdc.dll','');
QuarantineFile('C:\windows\system32\eNyN5X48HrtXc.dll','');
QuarantineFile('C:\windows\system32\EMPPpCCSA8GtjURjn.dll','');
QuarantineFile('C:\windows\system32\emHnPuBAaF7XjuXBbdxSg.dll','');
QuarantineFile('C:\windows\system32\EmfVcSFcRkARFbbTQW5V5.dll','');
QuarantineFile('C:\windows\system32\ed78ab9.dll','');
QuarantineFile('C:\windows\system32\dhDhwS7fFW.dll','');
QuarantineFile('C:\windows\system32\cRsAQd4hw.dll','');
QuarantineFile('C:\windows\system32\COMRes.dll','');
QuarantineFile('C:\windows\system32\CDuAUVkGy9.dll','');
QuarantineFile('C:\windows\system32\BtmBAnd89jc9PsPq5EKNj.dll','');
QuarantineFile('C:\windows\system32\BMsg6pdMD4ht.dll','');
QuarantineFile('c:\windows\system32\appmgmts.dll','');
QuarantineFile('C:\windows\system32\76B9BA7A.dll','');
QuarantineFile('C:\windows\system32\704C3595.dll','');
QuarantineFile('c:\windows\system32\6to4.dll','');
QuarantineFile('C:\windows\system32\2EF0D734.dll','');
QuarantineFile('C:\windows\fonts\vds9ae5G5FmED.fon','');
QuarantineFile('C:\windows\fonts\NPPVWvYEyCe8H.fon','');
QuarantineFile('C:\windows\fonts\jUxfqJDwmfQEHcy2.fon','');
QuarantineFile('C:\windows\fonts\bQgc5yHMSD4yd.fon','');
QuarantineFile('C:\windows\fonts\A97CRaCB.fon','');
QuarantineFile('C:\Recycler\lWyjsIms.Dll','');
DeleteFile('C:\Recycler\lWyjsIms.Dll');
DeleteFile('C:\windows\fonts\A97CRaCB.fon');
DeleteFile('C:\windows\fonts\bQgc5yHMSD4yd.fon');
DeleteFile('C:\windows\fonts\jUxfqJDwmfQEHcy2.fon');
DeleteFile('C:\windows\fonts\NPPVWvYEyCe8H.fon');
DeleteFile('C:\windows\fonts\vds9ae5G5FmED.fon');
DeleteFile('C:\windows\system32\2EF0D734.dll');
DeleteFile('c:\windows\system32\6to4.dll');
DeleteFile('C:\windows\system32\704C3595.dll');
DeleteFile('C:\windows\system32\76B9BA7A.dll');
DeleteFile('C:\windows\system32\BMsg6pdMD4ht.dll');
DeleteFile('C:\windows\system32\BtmBAnd89jc9PsPq5EKNj.dll');
DeleteFile('C:\windows\system32\CDuAUVkGy9.dll');
DeleteFile('C:\windows\system32\cRsAQd4hw.dll');
DeleteFile('C:\windows\system32\dhDhwS7fFW.dll');
DeleteFile('C:\windows\system32\ed78ab9.dll');
DeleteFile('C:\windows\system32\EmfVcSFcRkARFbbTQW5V5.dll');
DeleteFile('C:\windows\system32\emHnPuBAaF7XjuXBbdxSg.dll');
DeleteFile('C:\windows\system32\EMPPpCCSA8GtjURjn.dll');
DeleteFile('C:\windows\system32\eNyN5X48HrtXc.dll');
DeleteFile('C:\windows\system32\GU6f5sW42mdc.dll');
DeleteFile('C:\windows\system32\Isass.exe');
DeleteFile('C:\windows\system32\JBn2ypqY23vWX.dll');
DeleteFile('C:\windows\system32\jY8sGUnWqbZb3x2BPhY.dll');
DeleteFile('C:\windows\system32\mFr9FPruEFZ9VNdrveJunw3.dll');
DeleteFile('c:\windows\system32\mspmsnsv.dll');
DeleteFile('C:\windows\system32\ndxq9awMc.dll');
DeleteFile('C:\windows\system32\Q9q2MHJ3uTBErM7wc.dll');
DeleteFile('C:\windows\system32\Qh6xX7VN48sVPnK.dll');
DeleteFile('C:\windows\system32\rfpz9wwyy2np.dll');
DeleteFile('C:\windows\system32\SCEVFJRCmaB7.dll');
DeleteFile('c:\windows\system32\uffpvkupjdk.dll');
DeleteFile('C:\windows\system32\Va7SpUWgCA5f.dll');
DeleteFile('C:\windows\system32\w7uds3zyayg9.dll');
DeleteFile('C:\windows\system32\WcCtgJ4zcxHF.dll');
DeleteFile('C:\windows\system32\Y4npJWJNr.dll');
DeleteFile('C:\windows\system32\z5WRXqHagksJxWt.dll');
DeleteFile('C:\windows\TEMP\tmp.tmp');
DeleteFile('C:\windows\UtilG15.exe');
DeleteFile('C:\WINDOWS\system32\6QYME7T991\J001.exe');
DeleteFile('C:\WINDOWS\system32\bstesk.exe');
DeleteFile('C:\WINDOWS\clfdle.exe');
DeleteFile('C:\WINDOWS\system32\C3TIMHZX2P\J002.exe');
DeleteFile('C:\WINDOWS\system32\i\I001.exe');
DeleteFile('C:\WINDOWS\system32\kstesk.exe');
DeleteFile('C:\WINDOWS\system32\drivers\62.exe');
DeleteFile('C:\WINDOWS\system32\i\J001.exe');
DeleteFile('C:\WINDOWS\system32\S3DR5EKF7Z\J001.exe');
DeleteFile('C:\WINDOWS\system32\i\J002.exe');
DeleteFile('C:\WINDOWS\system32\jbqhic.exe');
DeleteFile('C:\WINDOWS\system32\wtesk.exe');
DeleteFile('C:\WINDOWS\services.exe');
DeleteFile('C:\windows\system32\08223B03.dll');
DeleteFile('C:\windows\system32\regedit.exe');
DeleteFile('C:\windows\system\ming9b090423.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_DeleteSvc('wuauservMSDTC');
BC_DeleteSvc('wtesk');
BC_DeleteSvc('WmdmPmSNxmlprov');
BC_DeleteSvc('WmdmPmSNNetDDEdsdm');
BC_DeleteSvc('WebClientDnscache');
BC_DeleteSvc('vrgv');
BC_DeleteSvc('ttesk');
BC_DeleteSvc('Themesxmlprov');
BC_DeleteSvc('tdgfv');
BC_DeleteSvc('tdfgrsh');
BC_DeleteSvc('stesk');
BC_DeleteSvc('Servicev2.0');
BC_DeleteSvc('rtgt');
BC_DeleteSvc('rgt');
BC_DeleteSvc('rg');
BC_DeleteSvc('RasManRasAuto');
BC_DeleteSvc('NlaCryptSvc');
BC_DeleteSvc('MDMNetDDEdsdm');
BC_DeleteSvc('ktesk');
BC_DeleteSvc('kstesk');
BC_DeleteSvc('jhfg');
BC_DeleteSvc('IrmonStarWindService');
BC_DeleteSvc('helpsvcMessenger');
BC_DeleteSvc('gjunj');
BC_DeleteSvc('ferer');
BC_DeleteSvc('EventSystemMDM');
BC_DeleteSvc('EventlogTlntSvr');
BC_DeleteSvc('dmadminWmdmPmSN');
BC_DeleteSvc('dmadminTermService');
BC_DeleteSvc('dcafd');
BC_DeleteSvc('cldos');
BC_DeleteSvc('bstesk');
BC_DeleteSvc('Ati2evxp');
BC_DeleteSvc('aspnet_stateWmdmPmSN');
BC_DeleteSvc('aefre');
BC_DeleteSvc('Network DDE');
BC_Activate;
RebootWindows(true);
end.[/code]
Компьютер перезагрузится.
Пришлите карантин согласно приложению 3 правил
(загружать тут: [url]http://virusinfo.info/upload_virus.php?tid=52152[/url]).
Сделайте новые логи.
16.08.2009, 11:59
RaYKeX

Ответ

сейчас ПК поражен спамботом - по команде netstat -a показывается множественные подключения по протоколу смтп на разные адреса
16.08.2009, 13:35
light59

Всё это уже детектится.
Повторите логи.
17.08.2009, 13:35
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]47[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\windows\fonts\a97cracb.fon - [B]Trojan-GameThief.Win32.Magania.brwo[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.F34496E2, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\fonts\bqgc5yhmsd4yd.fon - [B]Trojan-GameThief.Win32.Magania.bouf[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.40386ADD, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\fonts\juxfqjdwmfqehcy2.fon - [B]Trojan-GameThief.Win32.Magania.bnpn[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.F6F584CD, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\fonts\nppvwvyeyce8h.fon - [B]Trojan-GameThief.Win32.Magania.bprl[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.32D6B462, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\fonts\vds9ae5g5fmed.fon - [B]Trojan-GameThief.Win32.Magania.boul[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.46D7722E, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system\ming9b090423.exe - [B]Worm.Win32.AutoRun.afcb[/B] ( DrWEB: Trojan.PWS.Gamania.19081, BitDefender: Generic.Malware.SP!g.C3EBC8E8, NOD32: Win32/Spy.Pophot.NAO trojan, AVAST4: Win32:AutoRun-AXT [Wrm] )[*] c:\windows\system32\appmgmts.dll - [B]Trojan-Downloader.Win32.Agent.clwc[/B] ( BitDefender: Generic.Malware.P!dld.F67ECA79, NOD32: Win32/KillAV.NER trojan, AVAST4: Win32:Trojan-gen {Other} )[*] c:\windows\system32\bmsg6pdmd4ht.dll - [B]Trojan-GameThief.Win32.Magania.buzp[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Lmir.888759BE, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\btmband89jc9pspq5eknj.dll - [B]Trojan-GameThief.Win32.Magania.butb[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.961B471C, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\cduauvkgy9.dll - [B]Trojan-GameThief.Win32.Magania.bhmy[/B] ( DrWEB: Trojan.PWS.Wsgame.12115, BitDefender: Generic.Onlinegames.14.C385D75E, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\comres.dll - [B]Trojan-GameThief.Win32.Magania.bueq[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.DC3F0B1A, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\crsaqd4hw.dll - [B]Trojan-GameThief.Win32.Magania.btsz[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.87738A57, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\dhdhws7ffw.dll - [B]Trojan-GameThief.Win32.Magania.bskk[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.FFC1A7FB, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\drivers\ntfs.sys - [B]Virus.Win32.Protector.c[/B] ( DrWEB: BackDoor.Bulknet.404, BitDefender: Gen:Rootkit.Heur.LmW@fSiHyto, AVAST4: Win32:Cutwail-Y [Trj] )[*] c:\windows\system32\drivers\wmisvc.sys - [B]Rootkit.Win32.Agent.nil[/B] ( DrWEB: Win32.HLLW.Autoruner.7210, BitDefender: Rootkit.Agent.AJAQ, NOD32: Win32/Agent.PNI trojan, AVAST4: Win32:Trojan-gen {Other} )[*] c:\windows\system32\ed78ab9.dll - [B]Trojan-GameThief.Win32.Magania.blxa[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.8D6D6245, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\emfvcsfcrkarfbbtqw5v5.dll - [B]Trojan-GameThief.Win32.Magania.buvg[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.E84C34B4, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\emhnpubaaf7xjuxbbdxsg.dll - [B]Trojan-GameThief.Win32.Magania.bueq[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.DC3F0B1A, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\empppccsa8gtjurjn.dll - [B]Trojan-GameThief.Win32.Magania.bouk[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.DA46ACC0, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\enyn5x48hrtxc.dll - [B]Trojan-GameThief.Win32.Magania.btwy[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.498874C7, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\gu6f5sw42mdc.dll - [B]Trojan-GameThief.Win32.Magania.bfuy[/B] ( DrWEB: Trojan.PWS.Wsgame.12109, BitDefender: Generic.Onlinegames.14.8FE6167B, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\isass.exe - [B]Backdoor.Win32.Nepoe.jn[/B] ( DrWEB: BackDoor.IRC.Sdbot.945, BitDefender: Backdoor.IRCBot.ACTN, NOD32: IRC/SdBot trojan, AVAST4: Win32:Delf-MKW [Drp] )[*] c:\windows\system32\jbn2ypqy23vwx.dll - [B]Trojan-GameThief.Win32.Magania.bmst[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.E005BFCF, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\jy8sgunwqbzb3x2bphy.dll - [B]Trojan-GameThief.Win32.Magania.bsuw[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.C91FC1F8, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\mfr9fpruefz9vndrvejunw3.dll - [B]Trojan-GameThief.Win32.Magania.bunv[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.457DFB51, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\mspmsnsv.dll - [B]Trojan-Downloader.Win32.Agent.clwc[/B] ( BitDefender: Generic.Malware.P!dld.F67ECA79, NOD32: Win32/KillAV.NER trojan, AVAST4: Win32:Trojan-gen {Other} )[*] c:\windows\system32\ndxq9awmc.dll - [B]Trojan-GameThief.Win32.Magania.bmbr[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.2B5853EE, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\qh6xx7vn48svpnk.dll - [B]Trojan-GameThief.Win32.Magania.btww[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.5E75D776, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\q9q2mhj3utberm7wc.dll - [B]Trojan-GameThief.Win32.Magania.btzn[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.96BADEA5, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\rfpz9wwyy2np.dll - [B]Trojan-GameThief.Win32.OnLineGames.bmnx[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.A9AB0DF0, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\scevfjrcmab7.dll - [B]Trojan-GameThief.Win32.Magania.bsov[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.0A2CE808, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\s3dr5ekf7z\j001.exe - [B]Backdoor.Win32.Agent.ajqs[/B] ( DrWEB: BackDoor.Fanchi, BitDefender: Trojan.Rincux.AW, AVAST4: Win32:Rincux-C [Trj] )[*] c:\windows\system32\uffpvkupjdk.dll - [B]Trojan.Win32.Agent2.chlv[/B] ( DrWEB: Trojan.DownLoad.43949, AVAST4: Win32:Trojan-gen {Other} )[*] c:\windows\system32\userinit.exe - [B]Trojan-Downloader.Win32.Small.jmn[/B] ( DrWEB: Trojan.MulDrop.32667, BitDefender: Trojan.Crypt.CY, NOD32: Win32/Agent.PBD trojan, AVAST4: Win32:Trojan-gen {Other} )[*] c:\windows\system32\va7spuwgca5f.dll - [B]Trojan-GameThief.Win32.Magania.birm[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Trojan.PWS.OnlineGames.KCPP, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\wcctgj4zcxhf.dll - [B]Trojan-GameThief.Win32.Magania.bmec[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.59921689, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\w7uds3zyayg9.dll - [B]Trojan-GameThief.Win32.Magania.bumi[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.80A8EDC3, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\y4npjwjnr.dll - [B]Trojan-GameThief.Win32.Magania.bogc[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Trojan.PWS.OnlineGames.KCRW, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\z5wrxqhagksjxwt.dll - [B]Trojan-GameThief.Win32.Magania.bsyl[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.54BBB07D, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\08223b03.dll - [B]Trojan-GameThief.Win32.Magania.bsdj[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.BD0B5F3E, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\2ef0d734.dll - [B]Trojan-GameThief.Win32.Magania.bgjv[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.140AE7CD, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\6qyme7t991\j001.exe - [B]Trojan-Downloader.Win32.Agent.cmaj[/B] ( DrWEB: BackDoor.Fanchi, BitDefender: Trojan.Rincux.AW, AVAST4: Win32:Rincux-C [Trj] )[*] c:\windows\system32\6to4.dll - [B]Worm.Win32.AutoRun.ghr[/B] ( DrWEB: Win32.HLLW.Autoruner.7210, BitDefender: Trojan.Agent.ANLB, NOD32: Win32/AutoRun.Agent.NZ worm, AVAST4: Win32:Katusha-BC [Trj] )[*] c:\windows\system32\704c3595.dll - [B]Trojan-GameThief.Win32.Magania.bfux[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.2CD9ACE9, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\system32\76b9ba7a.dll - [B]Trojan-GameThief.Win32.Magania.bfva[/B] ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.0A29A451, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )[*] c:\windows\temp\tmp.tmp - [B]Trojan-GameThief.Win32.OnLineGames.abrf.a[/B] ( DrWEB: Trojan.DownLoad.40413, BitDefender: Trojan.Crypt.CY, NOD32: Win32/TrojanDownloader.Small.ONW trojan, AVAST4: Win32:Trojan-gen {Other} )[*] c:\windows\utilg15.exe - [B]Backdoor.Win32.Hupigon.htef[/B] ( DrWEB: BackDoor.Pigeon.17279, BitDefender: GenPack:Backdoor.Hupigon.ZUW, AVAST4: Win32:Rootkit-gen [Rtk] )[/LIST][/LIST]