Показано с 1 по 15 из 15.

В system32 создаются 32.exe и ему подобные, в моих документах 00.tmp и ему подобные (заявка № 108070)

  1. #1
    Junior Member Репутация
    Регистрация
    30.08.2011
    Сообщений
    7
    Вес репутации
    24

    В system32 создаются 32.exe и ему подобные, в моих документах 00.tmp и ему подобные

    Помогите пожалуйсто вылечить компьютер! В папке system32 создаются различные .exe с цифрами которые иногда запускаются и появляются в процессах и грузят систему (загрузка цп под 100%) при доступе к интернету, без интернета они бездействуют. Также в C:\Documents and Settings\Work\Application Data создаются .tmp с цифрами которые тоже иногда появляются в процессах. Проверял антивирусом AVG и CureIt!, они ничего не находят! При ручном удалении без интернета этих файлов нет но при подключении они снова появляются. Заранее спасибо за помощ!
    Вложения Вложения

  2. Будь в курсе!
    Реклама на VirusInfo

    Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

    Anti-Malware Telegram
     

  3. #2
    Cyber Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Info_bot
    Регистрация
    11.05.2011
    Сообщений
    2,465
    Вес репутации
    343
    Уважаемый(ая) Jingl, спасибо за обращение на наш форум!

    Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос.

    Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.

  4. #3
    Невымерший Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для thyrex
    Регистрация
    07.03.2009
    Адрес
    Soligorsk, Belarus
    Сообщений
    96,565
    Вес репутации
    3022
    Выполните скрипт в AVZ
    Код:
    begin
    ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
    ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    QuarantineFile('C:\WINDOWS\system32\80.exe','');
     QuarantineFile('C:\WINDOWS\system32\74.exe','');
     QuarantineFile('C:\WINDOWS\system32\71.exe','');
     QuarantineFile('C:\WINDOWS\system32\66.exe','');
     QuarantineFile('C:\WINDOWS\system32\65.exe','');
     QuarantineFile('C:\WINDOWS\system32\28.exe','');
     QuarantineFile('C:\WINDOWS\system32\18.exe','');
     QuarantineFile('C:\WINDOWS\system32\15.exe','');
     QuarantineFile('C:\WINDOWS\system32\05.exe','');
     QuarantineFile('C:\WINDOWS\system32\ac32.exe','');
     QuarantineFile('C:\WINDOWS\Fonts\dwdvcwj.exe','');
     QuarantineFile('C:\Documents and Settings\Work\Application Data\27.tmp','');
     QuarantineFile('C:\Documents and Settings\Work\Application Data\1A.tmp','');
     QuarantineFile('C:\Documents and Settings\Work\Application Data\19.tmp','');
     QuarantineFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe','');
     QuarantineFile('C:\WINDOWS\aadrive32.exe','');
     QuarantineFile('C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe','');
     QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe','');
     QuarantineFile('C:\Documents and Settings\Work\Application Data\Vgaeaz.exe','');
     QuarantineFile('C:\Documents and Settings\Work\Application Data\Biaeaf.exe','');
     TerminateProcessByName('c:\windows\jodrive32.exe');
     DeleteFile('c:\windows\jodrive32.exe');
     DeleteFile('C:\Documents and Settings\Work\Application Data\Biaeaf.exe');
     DeleteFile('C:\Documents and Settings\Work\Application Data\Vgaeaz.exe');
     DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe');
     RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','zaber0');
     RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Vgaeaz');
     RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Biaeaf');
     DeleteFile('C:\WINDOWS\aadrive32.exe');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Config Setup');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Config Setup');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Driver Setup');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Driver Setup');
     DeleteFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe');
     DeleteFile('C:\Documents and Settings\Work\Application Data\19.tmp');
     DeleteFile('C:\Documents and Settings\Work\Application Data\1A.tmp');
     DeleteFile('C:\Documents and Settings\Work\Application Data\27.tmp');
     DeleteFile('C:\WINDOWS\Fonts\dwdvcwj.exe');
     DeleteFile('C:\WINDOWS\system32\ac32.exe');
     DeleteFile('C:\WINDOWS\system32\05.exe');
     DeleteFile('C:\WINDOWS\system32\15.exe');
     DeleteFile('C:\WINDOWS\system32\18.exe');
     DeleteFile('C:\WINDOWS\system32\28.exe');
     DeleteFile('C:\WINDOWS\system32\65.exe');
     DeleteFile('C:\WINDOWS\system32\66.exe');
     DeleteFile('C:\WINDOWS\system32\71.exe');
     DeleteFile('C:\WINDOWS\system32\74.exe');
     DeleteFile('C:\WINDOWS\system32\80.exe');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
    RebootWindows(true);
    end.
    Компьютер перезагрузится.

    Пришлите карантин согласно Приложения 3 правил по красной ссылке Прислать запрошенный карантин вверху темы

    Установите все новые обновления для Windows

    Сделайте новые логи

    Сделайте лог полного сканирования МВАМ
    Microsoft MVP 2012-2016 Consumer Security
    Microsoft MVP 2016 Reconnect

  5. Это понравилось:


  6. #4
    Junior Member Репутация
    Регистрация
    30.08.2011
    Сообщений
    7
    Вес репутации
    24
    скрипт выполнил, карантин отправил, винду обновил. Лог MBAM сделаю попозже потомучто какието траблы со скачиванием ее с офф сайта %)
    новые логи:
    Вложения Вложения
    Последний раз редактировалось Jingl; 30.08.2011 в 12:20.

  7. #5
    Невымерший Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для thyrex
    Регистрация
    07.03.2009
    Адрес
    Soligorsk, Belarus
    Сообщений
    96,565
    Вес репутации
    3022
    Ждем лог МВАМ
    Microsoft MVP 2012-2016 Consumer Security
    Microsoft MVP 2016 Reconnect

  8. #6
    Junior Member Репутация
    Регистрация
    30.08.2011
    Сообщений
    7
    Вес репутации
    24
    Извините за задержку. Были проблемы с браузером.
    Вот лог MBAM:
    Вложения Вложения

  9. #7
    Global Moderator Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для миднайт
    Регистрация
    28.03.2009
    Адрес
    Voronezh
    Сообщений
    9,571
    Вес репутации
    740
    Отключите антивирус\фаервол.
    В AVZ выполните скрипт:

    Код:
    begin
    ClearQuarantine;
    ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
    ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     TerminateProcessByName('c:\WINDOWS\jodrive32.exe');
     TerminateProcessByName('c:\WINDOWS\aadrive32.exe');
    QuarantineFile('c:\WINDOWS\jodrive32.exe', 'MBAM: Trojan.Agent');
    QuarantineFile('c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\all users\документы\avz4\Infected\2011-08-29\avz00001.dta', 'MBAM: Trojan.Downloader');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\k[1].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\P43[1].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[10].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[11].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[1].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[2].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[3].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[4].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[5].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[6].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[7].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[8].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[9].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVAPY5KB\h[1].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVAPY5KB\h[2].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVAPY5KB\h[3].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVAPY5KB\h[4].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVAPY5KB\o43[1].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVAPY5KB\P43[1].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVAPY5KB\t[1].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVAPY5KB\t[2].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVAPY5KB\t[3].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVAPY5KB\t[4].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVAPY5KB\t[5].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVAPY5KB\v43[1].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVUDKTEJ\di43[1].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVUDKTEJ\h[1].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVUDKTEJ\k[1].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVUDKTEJ\P43[1].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVUDKTEJ\P43[2].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVUDKTEJ\t[1].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\MVUDKTEJ\t[2].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\h[1].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\h[2].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\h[3].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\h[4].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\k[1].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\P43[1].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\t[1].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\t[2].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\t[3].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\t[4].exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\acms.exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\nhz.exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\10.tmp', 'MBAM: Trojan.Agent');
    QuarantineFile('c:\documents and settings\Work\application data\11.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\12.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\13.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\14.tmp', 'MBAM: Trojan.Agent');
    QuarantineFile('c:\documents and settings\Work\application data\15.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\16.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\17.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\18.tmp', 'MBAM: Trojan.Agent');
    QuarantineFile('c:\documents and settings\Work\application data\19.tmp', 'MBAM: Trojan.Downloader');
    QuarantineFile('c:\documents and settings\Work\application data\1A.tmp', 'MBAM: Trojan.Agent');
    QuarantineFile('c:\documents and settings\Work\application data\1B.tmp', 'MBAM: Trojan.Agent');
    QuarantineFile('c:\documents and settings\Work\application data\1C.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\1D.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\1E.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\1F.tmp', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\Work\application data\20.tmp', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\Work\application data\21.tmp', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\Work\application data\23.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\24.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\25.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\26.tmp', 'MBAM: Trojan.Agent');
    QuarantineFile('c:\documents and settings\Work\application data\28.tmp', 'MBAM: Trojan.Agent');
    QuarantineFile('c:\documents and settings\Work\application data\29.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\2B.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\2C.tmp', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\Work\application data\51.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\52.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\54.tmp', 'MBAM: Trojan.Agent');
    QuarantineFile('c:\documents and settings\Work\application data\7.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\8.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\9.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\A.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\work\application data\vgaeaz.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\Work\application data\B.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\work\application data\biaeaf.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\Work\application data\C.tmp', 'MBAM: Trojan.Agent');
    QuarantineFile('c:\documents and settings\Work\application data\D.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\E.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\application data\F.tmp', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\documents and settings\Work\local settings\temporary internet files\Content.IE5\7LR1D2UE\296172024[1].gif', 'MBAM: Extension.Mismatch');
    QuarantineFile('c:\documents and settings\Work\local settings\temporary internet files\Content.IE5\820WHCAP\2000few[1].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\documents and settings\Work\local settings\temporary internet files\Content.IE5\CJLZR8MU\522464163[1].gif', 'MBAM: Extension.Mismatch');
    QuarantineFile('c:\documents and settings\Work\local settings\temporary internet files\Content.IE5\V2LJFG72\ngk[1].exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\program files\WinRAR\KGWINRAR.EXE', 'MBAM: Trojan.Agent.CK');
    QuarantineFile('c:\RECYCLER\kos-2-3-41-0000010000-0000010000-0000010000-0100\wincache.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\00.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\01.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\03.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\04.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\05.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\07.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\08.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\10.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\12.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\14.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\15.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\16.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\23.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\25.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\26.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\27.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\32.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\33.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\34.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\35.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\36.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\38.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\41.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\42.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\45.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\46.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\50.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\52.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\56.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\57.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\61.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\64.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\67.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\68.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\70.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\73.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\75.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\76.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\78.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\81.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\82.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\83.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\84.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\85.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\87.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\system32\88.exe', 'MBAM: Spyware.BlackShadesNET');
    QuarantineFile('c:\WINDOWS\aadrive32.exe', 'MBAM: Backdoor.IRCBot');
    QuarantineFile('c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe', 'MBAM: Worm.Dorkbot');
    QuarantineFile('c:\WINDOWS\system32\ac32.exe', 'MBAM: Trojan.Agent');
    QuarantineFile('c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\Desktop.ini', 'MBAM: Worm.AutoRun');
    QuarantineFile('c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini', 'MBAM: Worm.AutoRun.Gen');
    QuarantineFile('c:\RECYCLER\kos-2-3-41-0000010000-0000010000-0000010000-0100\Desktop.ini', 'MBAM: Trojan.Palevo');
    DeleteFile('c:\WINDOWS\jodrive32.exe');
    DeleteFile('c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe');
    DeleteFile('c:\documents and settings\all users\документы\avz4\Infected\2011-08-29\avz00001.dta');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\k[1].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\P43[1].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[10].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[11].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[1].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[2].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[3].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\GHEBM7YR\t[4].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\h[2].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\h[3].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\h[4].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\k[1].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\P43[1].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\t[1].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\t[2].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\t[3].exe');
    DeleteFile('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\O18N6LUL\t[4].exe');
    DeleteFile('c:\documents and settings\Work\acms.exe');
    DeleteFile('c:\documents and settings\Work\nhz.exe');
    DeleteFile('c:\documents and settings\Work\application data\10.tmp');
    DeleteFile('c:\documents and settings\Work\application data\11.tmp');
    DeleteFile('c:\documents and settings\Work\application data\12.tmp');
    DeleteFile('c:\documents and settings\Work\application data\13.tmp');
    DeleteFile('c:\documents and settings\Work\application data\14.tmp');
    DeleteFile('c:\documents and settings\Work\application data\15.tmp');
    DeleteFile('c:\documents and settings\Work\application data\16.tmp');
    DeleteFile('c:\documents and settings\Work\application data\17.tmp');
    DeleteFile('c:\documents and settings\Work\application data\18.tmp');
    DeleteFile('c:\documents and settings\Work\application data\19.tmp');
    DeleteFile('c:\documents and settings\Work\application data\1A.tmp');
    DeleteFile('c:\documents and settings\Work\application data\1B.tmp');
    DeleteFile('c:\documents and settings\Work\application data\1C.tmp');
    DeleteFile('c:\documents and settings\Work\application data\1D.tmp');
    DeleteFile('c:\documents and settings\Work\application data\1E.tmp');
    DeleteFile('c:\documents and settings\Work\application data\1F.tmp');
    DeleteFile('c:\documents and settings\Work\application data\20.tmp');
    DeleteFile('c:\documents and settings\Work\application data\21.tmp');
    DeleteFile('c:\documents and settings\Work\application data\23.tmp');
    DeleteFile('c:\documents and settings\Work\application data\24.tmp');
    DeleteFile('c:\documents and settings\Work\application data\25.tmp');
    DeleteFile('c:\documents and settings\Work\application data\26.tmp');
    DeleteFile('c:\documents and settings\Work\application data\28.tmp');
    DeleteFile('c:\documents and settings\Work\application data\29.tmp');
    DeleteFile('c:\documents and settings\Work\application data\2B.tmp');
    DeleteFile('c:\documents and settings\Work\application data\2C.tmp');
    DeleteFile('c:\documents and settings\Work\application data\51.tmp');
    DeleteFile('c:\documents and settings\Work\application data\52.tmp');
    DeleteFile('c:\documents and settings\Work\application data\54.tmp');
    DeleteFile('c:\documents and settings\Work\application data\7.tmp');
    DeleteFile('c:\documents and settings\Work\application data\8.tmp');
    DeleteFile('c:\documents and settings\Work\application data\9.tmp');
    DeleteFile('c:\documents and settings\Work\application data\A.tmp');
    DeleteFile('c:\documents and settings\work\application data\vgaeaz.exe');
    DeleteFile('c:\documents and settings\Work\application data\B.tmp');
    DeleteFile('c:\documents and settings\work\application data\biaeaf.exe');
    DeleteFile('c:\documents and settings\Work\application data\C.tmp');
    DeleteFile('c:\documents and settings\Work\application data\D.tmp');
    DeleteFile('c:\documents and settings\Work\application data\E.tmp');
    DeleteFile('c:\documents and settings\Work\application data\F.tmp');
    DeleteFile('c:\documents and settings\Work\local settings\temporary internet files\Content.IE5\7LR1D2UE\296172024[1].gif');
    DeleteFile('c:\documents and settings\Work\local settings\temporary internet files\Content.IE5\820WHCAP\2000few[1].exe');
    DeleteFile('c:\documents and settings\Work\local settings\temporary internet files\Content.IE5\CJLZR8MU\522464163[1].gif');
    DeleteFile('c:\documents and settings\Work\local settings\temporary internet files\Content.IE5\V2LJFG72\ngk[1].exe');
    DeleteFile('c:\RECYCLER\kos-2-3-41-0000010000-0000010000-0000010000-0100\wincache.exe');
    DeleteFile('c:\WINDOWS\system32\00.exe');
    DeleteFile('c:\WINDOWS\system32\01.exe');
    DeleteFile('c:\WINDOWS\system32\03.exe');
    DeleteFile('c:\WINDOWS\system32\04.exe');
    DeleteFile('c:\WINDOWS\system32\05.exe');
    DeleteFile('c:\WINDOWS\system32\07.exe');
    DeleteFile('c:\WINDOWS\system32\08.exe');
    DeleteFile('c:\WINDOWS\system32\10.exe');
    DeleteFile('c:\WINDOWS\system32\12.exe');
    DeleteFile('c:\WINDOWS\system32\14.exe');
    DeleteFile('c:\WINDOWS\system32\15.exe');
    DeleteFile('c:\WINDOWS\system32\16.exe');
    DeleteFile('c:\WINDOWS\system32\23.exe');
    DeleteFile('c:\WINDOWS\system32\25.exe');
    DeleteFile('c:\WINDOWS\system32\26.exe');
    DeleteFile('c:\WINDOWS\system32\27.exe');
    DeleteFile('c:\WINDOWS\system32\32.exe');
    DeleteFile('c:\WINDOWS\system32\33.exe');
    DeleteFile('c:\WINDOWS\system32\34.exe');
    DeleteFile('c:\WINDOWS\system32\35.exe');
    DeleteFile('c:\WINDOWS\system32\36.exe');
    DeleteFile('c:\WINDOWS\system32\38.exe');
    DeleteFile('c:\WINDOWS\system32\41.exe');
    DeleteFile('c:\WINDOWS\system32\42.exe');
    DeleteFile('c:\WINDOWS\system32\45.exe');
    DeleteFile('c:\WINDOWS\system32\46.exe');
    DeleteFile('c:\WINDOWS\system32\50.exe');
    DeleteFile('c:\WINDOWS\system32\52.exe');
    DeleteFile('c:\WINDOWS\system32\56.exe');
    DeleteFile('c:\WINDOWS\system32\57.exe');
    DeleteFile('c:\WINDOWS\system32\61.exe');
    DeleteFile('c:\WINDOWS\system32\64.exe');
    DeleteFile('c:\WINDOWS\system32\67.exe');
    DeleteFile('c:\WINDOWS\system32\68.exe');
    DeleteFile('c:\WINDOWS\system32\70.exe');
    DeleteFile('c:\WINDOWS\system32\73.exe');
    DeleteFile('c:\WINDOWS\system32\75.exe');
    DeleteFile('c:\WINDOWS\system32\76.exe');
    DeleteFile('c:\WINDOWS\system32\78.exe');
    DeleteFile('c:\WINDOWS\system32\81.exe');
    DeleteFile('c:\WINDOWS\system32\82.exe');
    DeleteFile('c:\WINDOWS\system32\83.exe');
    DeleteFile('c:\WINDOWS\system32\84.exe');
    DeleteFile('c:\WINDOWS\system32\85.exe');
    DeleteFile('c:\WINDOWS\system32\87.exe');
    DeleteFile('c:\WINDOWS\system32\88.exe');
    DeleteFile('c:\WINDOWS\aadrive32.exe');
    DeleteFile('c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe');
    DeleteFile('c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe');
    DeleteFile('c:\WINDOWS\system32\ac32.exe');
    DeleteFile('c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\Desktop.ini');
    DeleteFile('c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini');
    DeleteFile('c:\RECYCLER\kos-2-3-41-0000010000-0000010000-0000010000-0100\Desktop.ini');
    DeleteFileMask('c:\RECYCLER', '*.*', true);
    DeleteFileMask('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5', '*.*', true);
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    ExecuteWizard('TSW',2,2,true);
    RebootWindows(true);
    end.

    После перезагрузки

    Код:
    begin 
    CreateQurantineArchive(GetAVZDirectory+'quarantine.zip'); 
    end.

    Пришлите карантин quarantine.zip по красной ссылке Прислать запрошенный карантин вверху темы.
    Лог mbam повторите.
    Paula rhei.
    Поддержать проект можно тут

  10. Это понравилось:


  11. #8
    Junior Member Репутация
    Регистрация
    30.08.2011
    Сообщений
    7
    Вес репутации
    24
    Отправил карантин

  12. #9
    Невымерший Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для thyrex
    Регистрация
    07.03.2009
    Адрес
    Soligorsk, Belarus
    Сообщений
    96,565
    Вес репутации
    3022
    Новый лог МВАМ где?
    Microsoft MVP 2012-2016 Consumer Security
    Microsoft MVP 2016 Reconnect

  13. #10
    Junior Member Репутация
    Регистрация
    30.08.2011
    Сообщений
    7
    Вес репутации
    24
    Дадада =) просто у меня сканирует час =) я сначало карантин отправил
    Вложения Вложения

  14. #11
    Visiting Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    23.06.2009
    Адрес
    Пермь
    Сообщений
    11,186
    Вес репутации
    528
    - удалите в MBAM
    Код:
    Зараженные параметры в реестре:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.AutoRun) -> Value: Shell -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zaber0 (Worm.Dorkbot) -> Value: zaber0 -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> No action taken.
    
    Объекты реестра заражены:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Worm.Dorkbot) -> Bad: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe) Good: () -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,Explorer.exe) Good: (Explorer.exe) -> No action taken.
    
    Зараженные файлы:
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00001.dta (Trojan.Agent) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00002.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00003.dta (Trojan.Downloader) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00004.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00005.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00006.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00007.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00008.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00009.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00010.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00011.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00012.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00013.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00014.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00015.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00016.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00017.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00018.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00019.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00020.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00021.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00022.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00023.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00024.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00025.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00026.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00027.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00028.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00029.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00030.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00031.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00032.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00033.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00034.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00035.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00036.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00037.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00038.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00039.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00040.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00041.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00042.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00043.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00044.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00045.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00046.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00047.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00048.dta (Trojan.Agent) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00049.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00050.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00051.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00052.dta (Trojan.Agent) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00053.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00054.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00055.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00056.dta (Trojan.Agent) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00057.dta (Trojan.Downloader) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00058.dta (Trojan.Agent) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00059.dta (Trojan.Agent) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00060.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00061.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00062.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00063.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00064.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00065.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00066.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00067.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00068.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00069.dta (Trojan.Agent) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00070.dta (Trojan.Agent) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00071.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00072.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00073.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00074.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00075.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00076.dta (Trojan.Agent) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00077.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00078.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00079.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00080.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00081.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00082.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00083.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00084.dta (Trojan.Agent) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00085.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00086.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00087.dta (Worm.Dorkbot) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00088.dta (Trojan.Agent.CK) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00089.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00090.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00091.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00092.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00093.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00094.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00095.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00096.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00097.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00098.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00099.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00100.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00101.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00102.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00103.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00104.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00105.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00106.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00107.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00108.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00109.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00110.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00111.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00112.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00113.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00114.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00115.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00116.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00117.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00118.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00119.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00120.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00121.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00122.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00123.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\avz00124.dta (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\bcqr00183.dat (Trojan.Agent.CK) -> No action taken.
    c:\documents and settings\all users\документы\avz4\quarantine\2011-09-01\bcqr00184.dat (Trojan.Agent.CK) -> No action taken.
    c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\4895CMV4\k[1].exe (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\4NJUIF02\k[1].exe (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\8VAL6R4R\k[1].exe (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\SPEEIS7A\k[1].exe (Spyware.BlackShadesNET) -> No action taken.
    c:\documents and settings\Work\application data\2D.tmp (Trojan.Downloader) -> No action taken.
    c:\documents and settings\Work\local settings\temporary internet files\Content.IE5\KK82ZY0N\522464163[1].gif (Extension.Mismatch) -> No action taken.
    c:\WINDOWS\system32\67.exe (Spyware.BlackShadesNET) -> No action taken.
    c:\WINDOWS\logfile32.txt (Malware.Trace) -> No action taken.
    c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe (Worm.Dorkbot) -> No action taken.
    - Выполните скрипт в AVZ
    Код:
    begin
     SearchRootkit(true, true);
     SetAVZGuardStatus(True);
     DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
     DeleteFileMask('c:\documents and settings\Work\local settings\temporary internet files\Content.IE5', '*.*', true);
     DeleteFileMask('c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5', '*.*', true);
     DeleteFileMask('c:\documents and settings\all users\документы\avz4\quarantine', '*.*', true);
     ExecuteWizard('TSW', 2, 2, true);
     ExecuteWizard('SCU', 2, 2, true);
     RebootWindows(true);
    end.
    - Сделайте повторный лог MBAM

  15. Это понравилось:


  16. #12
    Junior Member Репутация
    Регистрация
    30.08.2011
    Сообщений
    7
    Вес репутации
    24
    Ох =( спустя какоето время опять закачиваются в system32 эти exe, сейчас выложу лог MBAM.
    И еще лог AVZ на всякий случай.
    Вложения Вложения
    Последний раз редактировалось Jingl; 02.09.2011 в 10:02.

  17. #13
    Невымерший Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для thyrex
    Регистрация
    07.03.2009
    Адрес
    Soligorsk, Belarus
    Сообщений
    96,565
    Вес репутации
    3022
    Цитата Сообщение от Jingl Посмотреть сообщение
    Ох =( спустя какоето время опять закачиваются в system32 эти exe
    Установите все новые обновления для Windows

    Удалите в МВАМ только указанные ниже записи
    Код:
    Зараженные параметры в реестре:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> No action taken.
    
    Объекты реестра заражены:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Worm.AutoRun.Gen) -> Bad: (c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe) Good: () -> No action taken.
    
    Зараженные папки:
    c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) -> No action taken.
    c:\RECYCLER\kos-2-3-41-0000010000-0000010000-0000010000-0100 (Trojan.Palevo) -> No action taken.
    
    Зараженные файлы:
    g:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe (Worm.Dorkbot) -> No action taken.
    c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Worm.AutoRun.Gen) -> No action taken.
    c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe (Worm.AutoRun.Gen) -> No action taken.
    c:\RECYCLER\kos-2-3-41-0000010000-0000010000-0000010000-0100\Desktop.ini (Trojan.Palevo) -> No action taken.
    c:\RECYCLER\kos-2-3-41-0000010000-0000010000-0000010000-0100\wincache.exe (Trojan.Palevo) -> No action taken.
    Microsoft MVP 2012-2016 Consumer Security
    Microsoft MVP 2016 Reconnect

  18. Это понравилось:


  19. #14
    Junior Member Репутация
    Регистрация
    30.08.2011
    Сообщений
    7
    Вес репутации
    24
    Спасибо за помощ мужики =) вроди все нормально, обновил винду еще раз, нашлось аж 77 обновлений %) Вирусы не создаются, левые процессы не запускаются.
    Лог быстрого сканирования, но полное находит тоже самое просто я сохранить его забыл.
    Лог MBAM:
    Вложения Вложения

  20. #15
    Cybernetic Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    29.12.2008
    Сообщений
    48,317
    Вес репутации
    954

    Итог лечения

    Статистика проведенного лечения:
    • Получено карантинов: 3
    • Обработано файлов: 482
    • В ходе лечения обнаружены вредоносные программы:
      1. c:\\documents and settings\\all users\\документы\\avz4\\infected\\2011-08-29\\avz00001.dta - Trojan-Downloader.Win32.Genome.cjwq ( DrWEB: Trojan.DownLoader3.36983, BitDefender: Trojan.Generic.KDV.260229, AVAST4: Win32:Dropper-gen [Drp] )
      2. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\ghebm7yr\\k[1].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.339262, NOD32: Win32/AutoRun.AFQ worm, AVAST4: Win32:Flooder-HQ [Trj] )
      3. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\ghebm7yr\\p43[1].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6645432, AVAST4: Win32:Kolab-JO [Trj] )
      4. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\ghebm7yr\\t[1].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      5. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\ghebm7yr\\t[10].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      6. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\ghebm7yr\\t[11].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      7. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\ghebm7yr\\t[2].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      8. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\ghebm7yr\\t[3].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      9. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\ghebm7yr\\t[4].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      10. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\ghebm7yr\\t[5].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      11. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\ghebm7yr\\t[6].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      12. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\ghebm7yr\\t[7].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      13. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\ghebm7yr\\t[8].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      14. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\ghebm7yr\\t[9].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      15. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvapy5kb\\h[1].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      16. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvapy5kb\\h[2].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      17. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvapy5kb\\h[3].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      18. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvapy5kb\\h[4].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      19. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvapy5kb\\o43[1].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      20. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvapy5kb\\p43[1].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6645432, AVAST4: Win32:Kolab-JO [Trj] )
      21. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvapy5kb\\t[1].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      22. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvapy5kb\\t[2].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      23. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvapy5kb\\t[3].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      24. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvapy5kb\\t[4].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      25. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvapy5kb\\t[5].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      26. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvapy5kb\\v43[1].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.339262, AVAST4: Win32:Flooder-HQ [Trj] )
      27. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvudktej\\di43[1].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      28. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvudktej\\h[1].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      29. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvudktej\\k[1].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.339262, NOD32: Win32/AutoRun.AFQ worm, AVAST4: Win32:Flooder-HQ [Trj] )
      30. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvudktej\\p43[1].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6645432, AVAST4: Win32:Kolab-JO [Trj] )
      31. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvudktej\\p43[2].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6645432, AVAST4: Win32:Kolab-JO [Trj] )
      32. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvudktej\\t[1].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      33. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\mvudktej\\t[2].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      34. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\o18n6lul\\h[1].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      35. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\o18n6lul\\h[2].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      36. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\o18n6lul\\h[3].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      37. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\o18n6lul\\h[4].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      38. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\o18n6lul\\k[1].exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.339262, NOD32: Win32/AutoRun.AFQ worm, AVAST4: Win32:Flooder-HQ [Trj] )
      39. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\o18n6lul\\p43[1].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6645432, AVAST4: Win32:Kolab-JO [Trj] )
      40. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\o18n6lul\\t[1].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      41. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\o18n6lul\\t[2].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      42. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\o18n6lul\\t[3].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      43. c:\\documents and settings\\networkservice\\local settings\\temporary internet files\\content.ie5\\o18n6lul\\t[4].exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6593359, AVAST4: Win32:Kolab-JO [Trj] )
      44. c:\\documents and settings\\work\\acms.exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Gen:Variant.Tofsee.1, AVAST4: Win32:Kolab-JO [Trj] )
      45. c:\\documents and settings\\work\\application data\\a.tmp - Trojan-Downloader.Win32.Injecter.glz ( DrWEB: Win32.HLLW.Autoruner.17766, BitDefender: Trojan.Generic.6739100, AVAST4: Win32:Kolab-JO [Trj] )
      46. c:\\documents and settings\\work\\application data\\biaeaf.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Worm.Generic.347033, AVAST4: Win32:Flooder-HQ [Trj] )
      47. c:\\documents and settings\\work\\application data\\biaeaf.exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Gen:Variant.Tofsee.1, AVAST4: Win32:Kolab-JO [Trj] )
      48. c:\\documents and settings\\work\\application data\\b.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6783785, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Kolab-JO [Trj] )
      49. c:\\documents and settings\\work\\application data\\c.tmp - Trojan.Win32.Jorik.SdBot.qf ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Trojan.Generic.6650918, AVAST4: Win32:Ruskill-CB [Trj] )
      50. c:\\documents and settings\\work\\application data\\d.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6606319, NOD32: Win32/SpamTool.Tedroo.AR trojan, AVAST4: Win32:Kolab-JO [Trj] )
      51. c:\\documents and settings\\work\\application data\\e.tmp - Trojan-Downloader.Win32.Injecter.glz ( DrWEB: Win32.HLLW.Autoruner.17766, BitDefender: Trojan.Generic.6739100, AVAST4: Win32:Kolab-JO [Trj] )
      52. c:\\documents and settings\\work\\application data\\f.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6783785, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Kolab-JO [Trj] )
      53. c:\\documents and settings\\work\\application data\\vgaeaz.exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Gen:Variant.Tofsee.1, NOD32: Win32/Dorkbot.A worm, AVAST4: Win32:Kolab-JO [Trj] )
      54. c:\\documents and settings\\work\\application data\\vgaeaz.exe - Worm.Win32.Ngrbot.bzm ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Worm.Generic.347033, NOD32: Win32/Dorkbot.A worm, AVAST4: Win32:Flooder-HQ [Trj] )
      55. c:\\documents and settings\\work\\application data\\1a.tmp - Backdoor.Win32.IRCBot.vbm ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Gen:Variant.Kazy.35171, NOD32: IRC/SdBot trojan, AVAST4: Win32:Malware-gen )
      56. c:\\documents and settings\\work\\application data\\1a.tmp - Trojan-Downloader.Win32.Genome.cjwq ( DrWEB: Trojan.DownLoader3.36983, BitDefender: Trojan.Generic.KDV.260229, AVAST4: Win32:Dropper-gen [Drp] )
      57. c:\\documents and settings\\work\\application data\\1b.tmp - Backdoor.Win32.IRCBot.vbm ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Gen:Variant.Kazy.35171, AVAST4: Win32:Downloader-JYD [Trj] )
      58. c:\\documents and settings\\work\\application data\\1c.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6783785, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Kolab-JO [Trj] )
      59. c:\\documents and settings\\work\\application data\\1d.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6606319, NOD32: Win32/SpamTool.Tedroo.AR trojan, AVAST4: Win32:Kolab-JO [Trj] )
      60. c:\\documents and settings\\work\\application data\\1e.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6606319, NOD32: Win32/SpamTool.Tedroo.AR trojan, AVAST4: Win32:Kolab-JO [Trj] )
      61. c:\\documents and settings\\work\\application data\\1f.tmp - Trojan-Downloader.Win32.Agent.tbap ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Flooder-HQ [Trj] )
      62. c:\\documents and settings\\work\\application data\\10.tmp - Trojan.Win32.Jorik.SdBot.qf ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Trojan.Generic.6650918, AVAST4: Win32:Ruskill-CB [Trj] )
      63. c:\\documents and settings\\work\\application data\\11.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6606319, NOD32: Win32/SpamTool.Tedroo.AR trojan, AVAST4: Win32:Kolab-JO [Trj] )
      64. c:\\documents and settings\\work\\application data\\12.tmp - Trojan-Downloader.Win32.Injecter.glz ( DrWEB: Win32.HLLW.Autoruner.17766, BitDefender: Trojan.Generic.6739100, AVAST4: Win32:Kolab-JO [Trj] )
      65. c:\\documents and settings\\work\\application data\\13.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6783785, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Kolab-JO [Trj] )
      66. c:\\documents and settings\\work\\application data\\14.tmp - Trojan.Win32.Jorik.SdBot.qf ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Trojan.Generic.6650918, AVAST4: Win32:Ruskill-CB [Trj] )
      67. c:\\documents and settings\\work\\application data\\15.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6606319, NOD32: Win32/SpamTool.Tedroo.AR trojan, AVAST4: Win32:Kolab-JO [Trj] )
      68. c:\\documents and settings\\work\\application data\\16.tmp - Trojan-Downloader.Win32.Injecter.glz ( DrWEB: Win32.HLLW.Autoruner.17766, BitDefender: Trojan.Generic.6739100, AVAST4: Win32:Kolab-JO [Trj] )
      69. c:\\documents and settings\\work\\application data\\17.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6783785, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Kolab-JO [Trj] )
      70. c:\\documents and settings\\work\\application data\\18.tmp - Trojan.Win32.Jorik.SdBot.qf ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Trojan.Generic.6650918, AVAST4: Win32:Ruskill-CB [Trj] )
      71. c:\\documents and settings\\work\\application data\\19.tmp - Trojan-Downloader.Win32.Genome.cjwq ( DrWEB: Trojan.DownLoader3.36983, BitDefender: Trojan.Generic.KDV.260229, AVAST4: Win32:Dropper-gen [Drp] )
      72. c:\\documents and settings\\work\\application data\\2b.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6606319, NOD32: Win32/SpamTool.Tedroo.AR trojan, AVAST4: Win32:Kolab-JO [Trj] )
      73. c:\\documents and settings\\work\\application data\\2c.tmp - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.339262, AVAST4: Win32:Flooder-HQ [Trj] )
      74. c:\\documents and settings\\work\\application data\\20.tmp - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, NOD32: Win32/SpamTool.Tedroo.AR trojan, AVAST4: Win32:Flooder-HQ [Trj] )
      75. c:\\documents and settings\\work\\application data\\21.tmp - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, NOD32: Win32/SpamTool.Tedroo.AR trojan, AVAST4: Win32:Flooder-HQ [Trj] )
      76. c:\\documents and settings\\work\\application data\\23.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6606319, NOD32: Win32/SpamTool.Tedroo.AR trojan, AVAST4: Win32:Kolab-JO [Trj] )
      77. c:\\documents and settings\\work\\application data\\24.tmp - Trojan-Downloader.Win32.Injecter.glz ( DrWEB: Win32.HLLW.Autoruner.17766, BitDefender: Trojan.Generic.6739100, AVAST4: Win32:Kolab-JO [Trj] )
      78. c:\\documents and settings\\work\\application data\\25.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6783785, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Kolab-JO [Trj] )
      79. c:\\documents and settings\\work\\application data\\26.tmp - Trojan.Win32.Jorik.SdBot.qf ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Trojan.Generic.6650918, AVAST4: Win32:Ruskill-CB [Trj] )
      80. c:\\documents and settings\\work\\application data\\27.tmp - Trojan-Downloader.Win32.Genome.cjwq ( DrWEB: Trojan.DownLoader3.36983, BitDefender: Trojan.Generic.KDV.260229, AVAST4: Win32:Dropper-gen [Drp] )
      81. c:\\documents and settings\\work\\application data\\28.tmp - Backdoor.Win32.IRCBot.vbm ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Gen:Variant.Kazy.35171, AVAST4: Win32:Downloader-JYD [Trj] )
      82. c:\\documents and settings\\work\\application data\\29.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6783785, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Kolab-JO [Trj] )
      83. c:\\documents and settings\\work\\application data\\51.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6606319, NOD32: Win32/SpamTool.Tedroo.AR trojan, AVAST4: Win32:Kolab-JO [Trj] )
      84. c:\\documents and settings\\work\\application data\\52.tmp - Trojan-Downloader.Win32.Injecter.glz ( DrWEB: Win32.HLLW.Autoruner.17766, BitDefender: Trojan.Generic.6739100, AVAST4: Win32:Kolab-JO [Trj] )
      85. c:\\documents and settings\\work\\application data\\54.tmp - Trojan.Win32.Jorik.SdBot.qf ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Trojan.Generic.6650918, AVAST4: Win32:Ruskill-CB [Trj] )
      86. c:\\documents and settings\\work\\application data\\7.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6606319, NOD32: Win32/SpamTool.Tedroo.AR trojan, AVAST4: Win32:Kolab-JO [Trj] )
      87. c:\\documents and settings\\work\\application data\\8.tmp - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6606319, NOD32: Win32/SpamTool.Tedroo.AR trojan, AVAST4: Win32:Kolab-JO [Trj] )
      88. c:\\documents and settings\\work\\application data\\9.tmp - Trojan-Downloader.Win32.Injecter.glz ( DrWEB: Win32.HLLW.Autoruner.17766, BitDefender: Trojan.Generic.6739100, AVAST4: Win32:Kolab-JO [Trj] )
      89. c:\\documents and settings\\work\\nhz.exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Gen:Variant.Tofsee.1, NOD32: Win32/Dorkbot.A worm, AVAST4: Win32:Kolab-JO [Trj] )
      90. c:\\recycler\\r-1-5-21-1482476501-1644491937-682003330-1013\\ecleaner.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      91. c:\\recycler\\s-1-5-21-0243556031-888888379-781863308-1413\\syitm.exe - Trojan.Win32.VBKrypt.fvua ( DrWEB: Trojan.VbCrypt.23, BitDefender: Trojan.Generic.6537829, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:IRCBot-DYR [Trj] )
      92. c:\\recycler\\s-1-5-21-0243556031-888888379-781863308-1830\\zaberg.exe - Trojan.Win32.VBKrypt.fwhp ( DrWEB: Trojan.VbCrypt.23, BitDefender: Trojan.Generic.6963985, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:VB-XWE [Trj] )
      93. c:\\recycler\\s-1-5-21-0243556031-888888379-781863308-1830\\zaberg.exe - Trojan.Win32.Inject.bjak ( DrWEB: BackDoor.Ddoser.131, BitDefender: Trojan.Generic.6783785, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Kolab-JO [Trj] )
      94. c:\\windows\\aadrive32.exe - Trojan.Win32.Jorik.SdBot.qf ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Trojan.Generic.6650918, AVAST4: Win32:Ruskill-CB [Trj] )
      95. c:\\windows\\jodrive32.exe - Backdoor.Win32.IRCBot.vbm ( DrWEB: BackDoor.IRC.Bot.166, BitDefender: Gen:Variant.Kazy.35171, NOD32: IRC/SdBot trojan, AVAST4: Win32:Malware-gen )
      96. c:\\windows\\system32\\ac32.exe - Backdoor.Win32.VB.nvf ( DrWEB: Trojan.Click1.59522, BitDefender: Backdoor.Generic.681828, AVAST4: Win32:Malware-gen )
      97. c:\\windows\\system32\\00.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      98. c:\\windows\\system32\\01.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.339262, NOD32: Win32/AutoRun.AFQ worm, AVAST4: Win32:Flooder-HQ [Trj] )
      99. c:\\windows\\system32\\04.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      100. c:\\windows\\system32\\05.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      101. c:\\windows\\system32\\07.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      102. c:\\windows\\system32\\08.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      103. c:\\windows\\system32\\10.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      104. c:\\windows\\system32\\12.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      105. c:\\windows\\system32\\14.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      106. c:\\windows\\system32\\15.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      107. c:\\windows\\system32\\16.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.339262, AVAST4: Win32:Flooder-HQ [Trj] )
      108. c:\\windows\\system32\\18.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      109. c:\\windows\\system32\\23.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      110. c:\\windows\\system32\\25.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      111. c:\\windows\\system32\\26.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      112. c:\\windows\\system32\\27.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      113. c:\\windows\\system32\\28.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      114. c:\\windows\\system32\\32.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.339262, NOD32: Win32/AutoRun.AFQ worm, AVAST4: Win32:Flooder-HQ [Trj] )
      115. c:\\windows\\system32\\33.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      116. c:\\windows\\system32\\34.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      117. c:\\windows\\system32\\36.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      118. c:\\windows\\system32\\38.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      119. c:\\windows\\system32\\41.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      120. c:\\windows\\system32\\42.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      121. c:\\windows\\system32\\45.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      122. c:\\windows\\system32\\50.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.339262, NOD32: Win32/AutoRun.AFQ worm, AVAST4: Win32:Flooder-HQ [Trj] )
      123. c:\\windows\\system32\\52.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      124. c:\\windows\\system32\\56.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      125. c:\\windows\\system32\\57.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      126. c:\\windows\\system32\\64.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      127. c:\\windows\\system32\\65.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      128. c:\\windows\\system32\\66.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      129. c:\\windows\\system32\\67.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      130. c:\\windows\\system32\\68.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      131. c:\\windows\\system32\\71.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      132. c:\\windows\\system32\\73.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      133. c:\\windows\\system32\\74.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      134. c:\\windows\\system32\\76.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      135. c:\\windows\\system32\\80.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      136. c:\\windows\\system32\\81.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      137. c:\\windows\\system32\\84.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      138. c:\\windows\\system32\\85.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      139. c:\\windows\\system32\\87.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )
      140. c:\\windows\\system32\\88.exe - Backdoor.Win32.Ruskill.cxr ( DrWEB: BackDoor.IRC.Bot.896, BitDefender: Trojan.Generic.KD.338465, AVAST4: Win32:Flooder-HQ [Trj] )


  • Уважаемый(ая) Jingl, наши специалисты оказали Вам всю возможную помощь по вашему обращению.

    В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:

     

     

    Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:

     

     

    Anti-Malware VK

     

    Anti-Malware Telegram

     

     

    Надеемся больше никогда не увидеть ваш компьютер зараженным!

     

    Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.

  • Похожие темы

    1. Файл NEW11F.TMP.EXE и ему подобные....
      От Механик в разделе Помогите!
      Ответов: 2
      Последнее сообщение: 20.06.2012, 08:27
    2. aadrive32.exe, jodrive32.exe и тому подобные
      От stydent@gmail в разделе Помогите!
      Ответов: 13
      Последнее сообщение: 28.05.2011, 18:16
    3. msvmiode.exe и 45.exe - подобные
      От vovkalexey в разделе Помогите!
      Ответов: 12
      Последнее сообщение: 23.01.2011, 19:31
    4. 8.tmp и подобные процессы
      От Diverexe в разделе Помогите!
      Ответов: 7
      Последнее сообщение: 25.10.2009, 13:45

    Свернуть/Развернуть Ваши права в разделе

    • Вы не можете создавать новые темы
    • Вы не можете отвечать в темах
    • Вы не можете прикреплять вложения
    • Вы не можете редактировать свои сообщения
    •  
    Page generated in 0.01391 seconds with 17 queries