�� esetnod32.ru [��: �� Win32/Spy.Zbot.ZR, Win32/Agent.OBA]

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

Fri, 18 Apr 2014 13:14:22 +0400

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA � �� .
� �� 10:15, �� . �� 12. �� .
PC1_2014-04-18_12-59-39.7z
18.04.2014 13:14:22, kiri.

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

Fri, 18 Apr 2014 12:33:27 +0400

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA � �� .

====quote====
18.04.2014 10:15:55 �� , �� = C:\WINDOWS\system32\svchost.exe �� Win32/Agent.OBA �� PC1\Admin
18.04.2014 10:13:50 �� , �� = C:\WINDOWS\system32\svchost.exe �� Win32/Agent.OBA �� PC1\Admin

=============
�� , ��-�� .

�� , �� .
18.04.2014 12:33:27, santy.

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

Fri, 18 Apr 2014 12:12:23 +0400

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA � �� .
�� .
log new.txt
18.04.2014 12:12:23, kiri.

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

Thu, 17 Apr 2014 16:08:07 +0400

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA � �� .

====quote====
17.04.2014 14:42:07 �� , �� = C:\WINDOWS\system32\svchost.exe �� Win32/Agent.OBA �� PC1\Admin
17.04.2014 13:50:24 �� , �� = C:\WINDOWS\system32\svchost.exe �� Win32/Agent.OBA �� PC1\Admin

=============
� �� , ��

====quote====
Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),,[78eeb8737efde6506dab130e927230d0]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[333363c8611a65d1ab6e4dd4986cd927]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,[3036eb40b3c8ea4cf91e7ea310f41ce4]

=============

�� ,
� ��
17.04.2014 16:08:07, santy.

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

Thu, 17 Apr 2014 16:02:48 +0400

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA � �� .
.
��.txt
log.txt
17.04.2014 16:02:48, kiri.

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

Thu, 17 Apr 2014 15:48:50 +0400

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA � �� .
��
(�� copy to clipboard)

+
��
http://forum.esetnod32.ru/forum9/topic1408/
17.04.2014 15:48:50, santy.

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

Thu, 17 Apr 2014 15:26:54 +0400

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA � �� .
�� .
�� = C:\WINDOWS\system32\svchost.exe - �� Win32/Agent.OBA.
�� , �� F1-F12(�� ). �� . �� , �� 10 �� - �� . [FILE ID=94470]

17.04.2014 15:26:54, kiri.

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

Thu, 17 Apr 2014 14:22:10 +0400

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v3.82.3 [http://dsrt.dyndns.org]
;Target OS: NTv5.1

OFFSGNSAVE
zoo %SystemDrive%\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\UCENUR\EMUR.EXE
addsgn 9A486EDA5582BC8DF42BAEB164C81205158AFCF6C9FA1F7885C3C5BC6E3257A7088FED1CA9FD3C6D86FAFCDD461649FA7DDFE97255DAB02C2D77A42F8F475114 8 Zbot

zoo %SystemDrive%\DOCUMENTS AND SETTINGS\ADMIN\PTKOQXBL.EXE
addsgn 9A7043DB5582A28DF42BAEB164C81205158AFCF6C9FA1F7885C3C5BC55A75E9EAFA34D15A34EF69F393CDADA461649FA7DDFE97255DA831A1F7AAE698C674C07 8 Zbot

hide %SystemDrive%\PROGRAM FILES\AIMP2\AIMP2.EXE
bl 6F4F7828C700710E210CCB84475BCF63 266789
bl E8ACA9645192F7C08B4D18CC1AAAE3D3 38416384
;------------------------autoscript---------------------------

chklst
delvir

; McAfee Security Scan Plus
exec C:\Program Files\McAfee Security Scan\uninstall.exe

; Java(TM) 6 Update 25
exec MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF} /quiet

deltmp
delnfr
;-------------------------------------------------------------
czoo
restart

=============
��, �� .
�� uVS (�� : ZOO_2012-12-31_23-59-59.rar/7z) �� sendvirus2011@gmail.com, support@esetnod32.ru
------------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
17.04.2014 14:22:10, santy.

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

Thu, 17 Apr 2014 14:08:31 +0400

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA � �� .
��, �� .
�� = explorer.exe(776) - �� Win32/Spy.Zbot.ZR
�� = C:\WINDOWS\system32\svchost.exe - �� Win32/Agent.OBA
PC1_2014-04-17_13-58-54.7z
17.04.2014 14:08:31, kiri.

����� esetnod32.ru [����: ���������������� Win32/Spy.Zbot.ZR, Win32/Agent.OBA]

���������������� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

���������������� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

���������������� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

���������������� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

���������������� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

���������������� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

���������������� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

���������������� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

���������������� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

�� esetnod32.ru [��: �� Win32/Spy.Zbot.ZR, Win32/Agent.OBA]

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA

�� Win32/Spy.Zbot.ZR, Win32/Agent.OBA