-
Junior Member
- Вес репутации
- 53
пропадает интернет
уже где то месяц мучаюсь
проблемы постоянно разные
началось все с того что выдавало ошибку некого svchost
если нажать ок то интернет перестовал работать
я просто отодвигал в сторону и интернет работал,все было нормально.
на данный момент эта ошибка не вылазеет а попросту через некоторое время вырубается интернет. причем интернет соеденение остается активным. просто не открываются интернет страницы,и разьеденяются isq агент и.т.д.
-
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
-
Отключите восстановление системы!
Выполните скрипт в AVZ (AVZ, Меню Файл\Выполнить скрипт. Подробнее...):
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
TerminateProcessByName('f:\documents and settings\localservice\local settings\temporary internet files\content.ie5\mhqj8zql\feng2009[1].exe');
TerminateProcessByName('f:\docume~1\елшнкч\local settings\temp\track.exe');
TerminateProcessByName('f:\documents and settings\localservice\local settings\temporary internet files\content.ie5\ev8boj61\1[1].exe');
TerminateProcessByName('f:\windows\system32\sdace.exe');
QuarantineFile('D:\autorun.wsh','');
QuarantineFile('F:\Documents and Settings\оо\Local Settings\Temp\8293828_xeex.exe','');
QuarantineFile('F:\WINDOWS\system\ming9b090423.exe','');
QuarantineFile('F:\WINDOWS\system32\es.dll','');
QuarantineFile('F:\WINDOWS\system32\RmmjtmC.dll','');
QuarantineFile('F:\WINDOWS\system32\6to4.dll','');
QuarantineFile('F:\WINDOWS\System32\smlogsvc.exe','');
QuarantineFile('F:\WINDOWS\System32\rastls.dll','');
QuarantineFile('F:\WINDOWS\System32\rasmans.dll','');
QuarantineFile('F:\WINDOWS\System32\dhcpcsvc.dll','');
DeleteService('windows_svcname');
DeleteService('lang12397007.3322.org');
DeleteService('fyddos_svcname');
DeleteService('360cn_svcname');
DeleteService('sdace');
QuarantineFile('f:\windows\system32\xmlprov.dll','');
QuarantineFile('f:\windows\system32\schedsvc.dll','');
QuarantineFile('f:\docume~1\елшнкч\local settings\temp\track.exe','');
QuarantineFile('f:\windows\system32\sdace.exe','');
QuarantineFile('f:\documents and settings\localservice\local settings\temporary internet files\content.ie5\mhqj8zql\feng2009[1].exe','');
QuarantineFile('f:\documents and settings\localservice\local settings\temporary internet files\content.ie5\ev8boj61\1[1].exe','');
DeleteFileMask('%Tmp%', '*.*', true);
DeleteFileMask('F:\Documents and Settings\оо\Local Settings\Temp\', '*.*', true);
BC_ImportAll;
ExecuteRepair(9);
ExecuteSysclean;
BC_Activate;
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.
После перезагрузки пришлите попавшие в карантин файлы согласно правилам (для отправки файлов следует воспользоваться ссылкой "Прислать запрошенные файлы" над первым сообщением темы).
Подготовьте 3 лога по правилам.
-
-
Junior Member
- Вес репутации
- 53
все сделал как вы сказали, только вот это не понял...
Сообщение от
Белый Сокол
-
Раздел "Диагностика", там все есть о логах AVZ и HjT, которые требуются.
-
-
Junior Member
- Вес репутации
- 53
-
Ухх, еле осилил!
Выполните скрипт в AVZ:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('F:\WINDOWS\system\ming9b090423.exe','');
QuarantineFile('F:\WINDOWS\system32\servises.exe','');
QuarantineFile('F:\WINDOWS\system32\Widp32.exe','');
QuarantineFile('F:\WINDOWS\system32\dferp2.exe','');
QuarantineFile('F:\WINDOWS\system32\sdace.exe','');
QuarantineFile('F:\WINDOWS\system32\iffic.exe','');
QuarantineFile('F:\WINDOWS\system32\spool\drivers\NetworkAgentServices.exe','');
QuarantineFile('F:\WINDOWS\fasdx.exe','');
QuarantineFile('F:\WINDOWS\system32\spool\drivers\Distributed.exe','');
QuarantineFile('F:\WINDOWS\system32\pxvzh.exe','');
QuarantineFile('F:\WINDOWS\System32\BtSrv.exe','');
QuarantineFile('F:\WINDOWS\Atds.exe','');
QuarantineFile('F:\WINDOWS\system32\Termina.exe','');
QuarantineFile('F:\WINDOWS\TEMP\LiTdi.sys','');
QuarantineFile('f:\windows\system32\ntmssvc.dll','');
QuarantineFile('F:\WINDOWS\system32\iexplorer.exe','');
QuarantineFile('f:\windows\system32\browser.dll','');
QuarantineFile('f:\windows\system32\appmgmts.dll','');
DeleteFile('F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MHQJ8ZQL\feng2009[1].exe');
DeleteFile('F:\WINDOWS\system32\iexplorer.exe');
DeleteFile('f:\windows\system32\schedsvc.dll');
DeleteFile('f:\windows\system32\xmlprov.dll');
DeleteFile('F:\WINDOWS\TEMP\LiTdi.sys');
DeleteFile('F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MXFXMQEO\1019ds[1].exe');
DeleteFile('F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U7S5MNA7\1019er2[1].exe');
DeleteFile('F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EV8BOJ61\1[1].exe');
DeleteFile('F:\WINDOWS\system32\Termina.exe');
DeleteFile('F:\WINDOWS\Atds.exe');
DeleteFile('F:\WINDOWS\System32\BtSrv.exe');
DeleteFile('F:\WINDOWS\system32\pxvzh.exe');
DeleteFile('F:\WINDOWS\system32\spool\drivers\Distributed.exe');
DeleteFile('F:\WINDOWS\fasdx.exe');
DeleteFile('F:\WINDOWS\system32\iffic.exe');
DeleteFile('F:\WINDOWS\system32\sdace.exe');
DeleteFile('F:\WINDOWS\system32\dferp2.exe');
DeleteFile('F:\WINDOWS\system32\Widp32.exe');
DeleteFile('F:\WINDOWS\system32\smlogsvc.exe');
DeleteFile('F:\WINDOWS\system32\RmmjtmC.dll');
DeleteFile('F:\WINDOWS\system32\servises.exe');
DeleteFile('F:\WINDOWS\system\ming9b090423.exe');
DeleteFile('F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MXFXMQEO\ge[1].exe');
DeleteFile('F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U7S5MNA7\ge2009[1].exe');
DeleteFile('F:\Documents and Settings\елшнкч\Local Settings\Temporary Internet Files\Content.IE5\G3O1EWDK\dh2TT[1].exe');
DeleteFile('F:\Documents and Settings\елшнкч\Local Settings\Temporary Internet Files\Content.IE5\G3O1EWDK\sxTT[1].exe');
DeleteFile('F:\Documents and Settings\елшнкч\Local Settings\Temporary Internet Files\Content.IE5\RBCEMVKP\dnfTT[1].exe');
DeleteFile('F:\Documents and Settings\елшнкч\Local Settings\Temporary Internet Files\Content.IE5\RBCEMVKP\qqhxTT[1].exe');
DeleteFile('F:\Documents and Settings\елшнкч\Local Settings\Temporary Internet Files\Content.IE5\RBCEMVKP\yxdTT[1].exe');
DeleteFile('F:\Documents and Settings\елшнкч\Local Settings\Temporary Internet Files\Content.IE5\SCMFO63Z\muTT[1].exe');
DeleteFile('F:\Documents and Settings\елшнкч\Local Settings\Temporary Internet Files\Content.IE5\SCMFO63Z\MXDTT[1].exe');
DeleteFile('F:\Documents and Settings\елшнкч\Local Settings\Temporary Internet Files\Content.IE5\SCMFO63Z\wdTT[1].exe');
DeleteFile('F:\Documents and Settings\елшнкч\Local Settings\Temporary Internet Files\Content.IE5\SCMFO63Z\wlTT[1].exe');
DeleteFile('F:\Documents and Settings\елшнкч\Local Settings\Temporary Internet Files\Content.IE5\SCMFO63Z\zuTT[1].exe');
DeleteFile('F:\Documents and Settings\елшнкч\Local Settings\Temporary Internet Files\Content.IE5\ZDXL05UV\jzTT[1].exe');
DeleteFile('F:\Documents and Settings\елшнкч\Local Settings\Temporary Internet Files\Content.IE5\ZDXL05UV\smTT[1].exe');
DeleteFile('F:\Documents and Settings\елшнкч\Local Settings\Temporary Internet Files\Content.IE5\ZDXL05UV\ztTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\23P05AU4\mhxuTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\23P05AU4\sxTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\23P05AU4\tlTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\23P05AU4\xcTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\3JHZWNE3\dh2TT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\3JHZWNE3\dnfTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\3JHZWNE3\MXDTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\3JHZWNE3\mxsTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\3JHZWNE3\wlTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\3JHZWNE3\zuTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\5ZJV2QXS\muTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\5ZJV2QXS\wdTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\5ZJV2QXS\yxdTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\B0C0SAWC\jzTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\B0C0SAWC\qq3gTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\B0C0SAWC\qqhxTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\B0C0SAWC\smTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\B0C0SAWC\wmgjTT[1].exe');
DeleteFile('F:\Documents and Settings\оо\Local Settings\Temporary Internet Files\Content.IE5\B0C0SAWC\ztTT[1].exe');
DeleteFile('D:\autorun.wsh');
DeleteFileMask('F:\Documents and Settings\елшнкч\Local Settings\Temp', '*.*', true);
BC_ImportALL;
ExecuteSysClean;
BC_DeleteSvc('S3chipid');
BC_DeleteSvc('WinHelp32');
BC_DeleteSvc('SysmonLog');
BC_DeleteSvc('Switsdfer');
BC_DeleteSvc('sdfever');
BC_DeleteSvc('sdace');
BC_DeleteSvc('s');
BC_DeleteSvc('NetworkAgentServices');
BC_DeleteSvc('fasfd');
BC_DeleteSvc('Distributed Agent Services');
BC_DeleteSvc('DefWatchs');
BC_DeleteSvc('BitSrv');
BC_DeleteSvc('Atdx');
BC_DeleteSvc('Wsdddsssdb');
BC_DeleteSvc('windows_svcname');
BC_DeleteSvc('lang12397007.3322.org');
BC_DeleteSvc('fyddos_svcname');
BC_DeleteSvc('360cn_svcname');
BC_Activate;
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Eventlog\Application\Bonjour Service','EventMessageFile');
ExecuteRepair(9);
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите новый карантин согласно приложению 3 правил.
Очистите временные файлы IE через Свойства обозревателя
для каждого пользователя системы.
Сделайте новые логи по правилам + дополнительно лог gmer.
I am not young enough to know everything...
-
-
Junior Member
- Вес репутации
- 53
после выполнения скрина windows отказала загружатся..
синий экран с английскими надписями,не знаю что там было написано я в английском не шарю. но там часто упоминалось "скрин".
нажал в меню F8 "загрузка с последними работаспособными параметрами" или что-то такое там,уже точно не помню.
Добавлено через 6 минут
все равно присылать карантин?
Добавлено через 7 минут
прислал
Добавлено через 42 минуты
черт!запускаю gmer ,жму сканировать,через некоторое время ошибка приложения.
и gmer закрывается
Последний раз редактировалось nikita-y; 22.10.2009 в 14:36.
Причина: Добавлено
-
Сделайте хотя бы стандартные логи для начала.
I am not young enough to know everything...
-
-
Junior Member
- Вес репутации
- 53
вот стандартные,а gmer все никак(((
-
Junior Member
- Вес репутации
- 53
не знаю надо нет,вот что нашел dr.web в ходе быстрой проверки...
-
Отключив интернет и антивирус, выполните скрипт в AVZ:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('F:\WINDOWS\TEMP\NtHid.sys','');
QuarantineFile('F:\DOCUME~1\оо\Local Settings\Temp\kwlirpod.sys','');
DeleteFile('f:\windows\system32\appmgmts.dll');
DeleteFile('f:\windows\system32\browser.dll');
DeleteFile('f:\windows\system32\ntmssvc.dll');
DeleteFile('f:\windows\system32\xmlprov.dll');
DeleteFile('F:\DOCUME~1\оо\Local Settings\Temp\kwlirpod.sys');
DeleteFile('F:\WINDOWS\TEMP\NtHid.sys');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Eventlog\Application\Bonjour Service','EventMessageFile');
DeleteFile('F:\WINDOWS\system32\RmmjtmC.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Mfeaysv\Parameters','ServiceDll');
BC_ImportALL;
ExecuteSysClean;
BC_DeleteSvc('S3chipid');
BC_DeleteSvc('Wsdddsssdb');
BC_DeleteSvc('WinHelp32');
BC_DeleteSvc('windows_svcname');
BC_DeleteSvc('SysmonLog');
BC_DeleteSvc('Switsdfer');
BC_DeleteSvc('sdfever');
BC_DeleteSvc('sdace');
BC_DeleteSvc('s');
BC_DeleteSvc('NetworkAgentServices');
BC_DeleteSvc('lang12397007.3322.org');
BC_DeleteSvc('fyddos_svcname');
BC_DeleteSvc('fasfd');
BC_DeleteSvc('Distributed Agent Services');
BC_DeleteSvc('DefWatchs');
BC_DeleteSvc('BitSrv');
BC_DeleteSvc('Atdx');
BC_DeleteSvc('360cn_svcname');
BC_Activate;
ExecuteRepair(9);
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите новый карантин согласно приложению 3 правил.
Повторите п.2 Диагностики.
И еще раз попробуйте сделать лог gmer.
I am not young enough to know everything...
-
-
Junior Member
- Вес репутации
- 53
карантин прислал. п.2 диогностики повторил щас пришлю лог. а вот gmer....
..gmer... через некоторое время пишет------fmnfr6mp.exe - ошибка приложения
инструкция по адресу "0x0040c4b2" обратиламь к памяти по адресу "0xf88aa308" память не может быть "read".
-
Junior Member
- Вес репутации
- 53
Последний раз редактировалось nikita-y; 23.10.2009 в 14:03.
-
Заразы в логах больше не видно.
Выполните скрипт в AVZ:
Код:
begin
SetServiceStart('Alerter', 4);
SetServiceStart('RemoteRegistry', 4);
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Eventlog\Application\SysmonLog','EventMessageFile');
end.
Рекомендуется установить SP3 и последующие обновления.
I am not young enough to know everything...
-
-
Junior Member
- Вес репутации
- 53
скрипт выполнил. sp3 потом на досуге утсановлю. интернет работает. ОГРОМНОЕ спасибо вам, и
этому сайту!
-
Итог лечения
Статистика проведенного лечения:
- Получено карантинов: 3
- Обработано файлов: 110
- В ходе лечения обнаружены вредоносные программы:
- f:\documents and settings\localservice\local settings\temporary internet files\content.ie5\ev8boj61\1[1].exe - Backdoor.Win32.Xyligan.fu ( DrWEB: BackDoor.Fyd.40, BitDefender: Backdoor.Generic.220024, AVAST4: Win32:Malware-gen )
- f:\documents and settings\localservice\local settings\temporary internet files\content.ie5\mhqj8zql\feng2009[1].exe - Backdoor.Win32.Xyligan.fu ( DrWEB: BackDoor.Fyd.40, BitDefender: Backdoor.Generic.219126, AVAST4: Win32:Malware-gen )
- f:\documents and settings\localservice\local settings\temporary internet files\content.ie5\mxfxmqeo\ge[1].exe - Backdoor.Win32.Hupigon.pv ( DrWEB: BackDoor.Bifrost.1258, BitDefender: Trojan.Generic.IS.521639, NOD32: Win32/Hupigon trojan, AVAST4: Win32:Hupigon-EA [Trj] )
- f:\documents and settings\localservice\local settings\temporary internet files\content.ie5\u7s5mna7\ge2009[1].exe - Backdoor.Win32.Hupigon.pv ( DrWEB: BackDoor.Bifrost.1258, BitDefender: Trojan.Generic.IS.524237, NOD32: Win32/Hupigon trojan, AVAST4: Win32:Hupigon-EA [Trj] )
- f:\documents and settings\елшнкч\local settings\temporary internet files\content.ie5\g3o1ewdk\dh2tt[1].exe - Trojan-Dropper.Win32.Agent.ayqa ( DrWEB: Trojan.PWS.Wsgame.12654, BitDefender: Generic.Onlinegames.14.C1FA3FA6, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Spyware-gen [Spy] )
- f:\documents and settings\елшнкч\local settings\temporary internet files\content.ie5\g3o1ewdk\sxtt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Generic.Onlinegames.14.776ACB03, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temporary internet files\content.ie5\rbcemvkp\dnftt[1].exe - Trojan-GameThief.Win32.Magania.cmgm ( DrWEB: Trojan.PWS.Wsgame.13178, BitDefender: Generic.Onlinegames.14.81A3B2A5, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Malware-gen )
- f:\documents and settings\елшнкч\local settings\temporary internet files\content.ie5\rbcemvkp\qqhxtt[1].exe - Trojan-GameThief.Win32.Magania.bkii ( DrWEB: Trojan.PWS.Wsgame.12058, BitDefender: Generic.Onlinegames.14.7A0FE21C, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temporary internet files\content.ie5\rbcemvkp\yxdtt[1].exe - Trojan-GameThief.Win32.Magania.bwyr ( DrWEB: Trojan.PWS.Wsgame.13097, BitDefender: Generic.Onlinegames.14.CEB3A8D5, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Malware-gen )
- f:\documents and settings\елшнкч\local settings\temporary internet files\content.ie5\scmfo63z\mutt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.PWS.Onlinegames.KCWV, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temporary internet files\content.ie5\scmfo63z\mxdtt[1].exe - Trojan-Dropper.Win32.Agent.ayqa ( DrWEB: Trojan.PWS.Wsgame.12654, BitDefender: Generic.Onlinegames.14.C9A2C345, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temporary internet files\content.ie5\scmfo63z\wdtt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Application.Generic.236076, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temporary internet files\content.ie5\scmfo63z\wltt[1].exe - Trojan-GameThief.Win32.Magania.bwxz ( DrWEB: Trojan.PWS.Wsgame.12325, BitDefender: Trojan.Generic.2540642, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temporary internet files\content.ie5\scmfo63z\zutt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.PWS.Onlinegames.KCWV, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temporary internet files\content.ie5\zdxl05uv\jztt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.PWS.Onlinegames.KCWV, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temporary internet files\content.ie5\zdxl05uv\smtt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.PWS.Onlinegames.KCWV, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temporary internet files\content.ie5\zdxl05uv\zttt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.PWS.Onlinegames.KCWV, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temp\270140_xeex.exe - Trojan-GameThief.Win32.Magania.cmgm ( DrWEB: Trojan.PWS.Wsgame.13178, BitDefender: Generic.Onlinegames.14.81A3B2A5, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Malware-gen )
- f:\documents and settings\елшнкч\local settings\temp\497703_xeex.exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Application.Generic.236076, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temp\515250_xeex.exe - Trojan-Dropper.Win32.Agent.ayqa ( DrWEB: Trojan.PWS.Wsgame.12654, BitDefender: Generic.Onlinegames.14.C1FA3FA6, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Spyware-gen [Spy] )
- f:\documents and settings\елшнкч\local settings\temp\525562_xeex.exe - Trojan-GameThief.Win32.Magania.bkii ( DrWEB: Trojan.PWS.Wsgame.12058, BitDefender: Generic.Onlinegames.14.7A0FE21C, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temp\533453_xeex.exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.PWS.Onlinegames.KCWV, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temp\540515_xeex.exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.PWS.Onlinegames.KCWV, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temp\564015_xeex.exe - Trojan-GameThief.Win32.Magania.bwxz ( DrWEB: Trojan.PWS.Wsgame.12325, BitDefender: Trojan.Generic.2540642, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temp\600718_xeex.exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.PWS.Onlinegames.KCWV, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temp\643531_xeex.exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Generic.Onlinegames.14.776ACB03, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temp\650125_xeex.exe - Trojan-GameThief.Win32.Magania.bwyr ( DrWEB: Trojan.PWS.Wsgame.13097, BitDefender: Generic.Onlinegames.14.CEB3A8D5, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Malware-gen )
- f:\documents and settings\елшнкч\local settings\temp\657390_xeex.exe - Trojan-Dropper.Win32.Agent.ayqa ( DrWEB: Trojan.PWS.Wsgame.12654, BitDefender: Generic.Onlinegames.14.C9A2C345, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temp\664671_xeex.exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.PWS.Onlinegames.KCWV, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\елшнкч\local settings\temp\696125_xeex.exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.PWS.Onlinegames.KCWV, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\b0c0sawc\jztt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.PWS.Onlinegames.KCWV, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\b0c0sawc\qqhxtt[1].exe - Trojan-GameThief.Win32.Magania.bkii ( DrWEB: Trojan.PWS.Wsgame.12058, BitDefender: Generic.Onlinegames.14.7A0FE21C, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\b0c0sawc\qq3gtt[1].exe - Trojan-GameThief.Win32.Magania.cmtq ( DrWEB: Trojan.PWS.Wsgame.12654, BitDefender: Generic.Onlinegames.14.BDC1151C, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\b0c0sawc\smtt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.PWS.Onlinegames.KCWV, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\b0c0sawc\wmgjtt[1].exe - Trojan-GameThief.Win32.Magania.cmsr ( DrWEB: Trojan.PWS.Wsgame.12056, BitDefender: Trojan.Generic.2552560, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\b0c0sawc\zttt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.PWS.Onlinegames.KCWV, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\23p05au4\mhxutt[1].exe - Trojan-Dropper.Win32.Agent.ayqa ( DrWEB: Trojan.PWS.Wsgame.13128, BitDefender: Generic.Onlinegames.14.B76834C0, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\23p05au4\sxtt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Generic.Onlinegames.14.776ACB03, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\23p05au4\tltt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.Generic.2517255, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\23p05au4\xctt[1].exe - Trojan-GameThief.Win32.Magania.biht ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Generic.Onlinegames.14.BFE6F418, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\3jhzwne3\dh2tt[1].exe - Trojan-Dropper.Win32.Agent.ayqa ( DrWEB: Trojan.PWS.Wsgame.12654, BitDefender: Generic.Onlinegames.14.C1FA3FA6, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Spyware-gen [Spy] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\3jhzwne3\dnftt[1].exe - Trojan-GameThief.Win32.Magania.cmgm ( DrWEB: Trojan.PWS.Wsgame.13178, BitDefender: Generic.Onlinegames.14.81A3B2A5, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Malware-gen )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\3jhzwne3\mxdtt[1].exe - Trojan-Dropper.Win32.Agent.ayqa ( DrWEB: Trojan.PWS.Wsgame.12654, BitDefender: Generic.Onlinegames.14.C9A2C345, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\3jhzwne3\mxstt[1].exe - Trojan-Dropper.Win32.Agent.ayqa ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Trojan.Agent.ANQC, NOD32: Win32/PSW.OnLineGames.ONQ trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\3jhzwne3\wltt[1].exe - Trojan-GameThief.Win32.Magania.bwxz ( DrWEB: Trojan.PWS.Wsgame.12325, BitDefender: Trojan.Generic.2540642, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\3jhzwne3\zutt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Trojan.PWS.Onlinegames.KCWV, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\5zjv2qxs\mutt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13115, BitDefender: Generic.Onlinegames.14.8D7F6C6B, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\5zjv2qxs\wdtt[1].exe - Trojan-GameThief.Win32.Magania.bwsr ( DrWEB: Trojan.PWS.Wsgame.13092, BitDefender: Application.Generic.236076, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\documents and settings\оо\local settings\temporary internet files\content.ie5\5zjv2qxs\yxdtt[1].exe - Trojan-GameThief.Win32.Magania.bwyr ( DrWEB: Trojan.PWS.Wsgame.13097, BitDefender: Generic.Onlinegames.14.CEB3A8D5, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Malware-gen )
- f:\program files\drweb\infected.!!!\dh2tt[1].exe - Trojan-Dropper.Win32.Agent.ayqa ( DrWEB: Trojan.PWS.Wsgame.12654, BitDefender: Generic.Onlinegames.14.C1FA3FA6, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Spyware-gen [Spy] )
- f:\program files\drweb\infected.!!!\122b901e.dll - Trojan-GameThief.Win32.Magania.bfsl ( DrWEB: Trojan.PWS.Wsgame.12116, BitDefender: Trojan.Generic.2255377, NOD32: Win32/PSW.OnLineGames.NRD trojan, AVAST4: Win32:Agent-ACMH [Drp] )
- f:\windows\system32\appmgmts.dll - Trojan-Downloader.Win32.Small.anty ( DrWEB: Trojan.DownLoad.54853, NOD32: Win32/KillAV.NFV trojan )
- f:\windows\system32\browser.dll - Trojan-Downloader.Win32.Small.anty ( DrWEB: Trojan.DownLoad.54853, NOD32: Win32/KillAV.NFV trojan )
- f:\windows\system32\dferp2.exe - Trojan-Dropper.Win32.Agent.bggc ( BitDefender: Trojan.Agent.ANCD, AVAST4: Win32:Agent-AERY [Trj] )
- f:\windows\system32\ntmssvc.dll - Trojan-Downloader.Win32.Small.anty ( DrWEB: Trojan.DownLoad.54853, NOD32: Win32/KillAV.NFV trojan )
- f:\windows\system32\pxvzh.exe - Trojan.Win32.Scar.abkg
- f:\windows\system32\schedsvc.dll - Trojan-Downloader.Win32.Small.anty ( DrWEB: Trojan.DownLoad.54853, NOD32: Win32/KillAV.NFV trojan )
- f:\windows\system32\smlogsvc.exe - Backdoor.Win32.Hupigon.iktp ( DrWEB: BackDoor.Pigeon.21851, BitDefender: Gen:Trojan.Heur.rmKdrDnXYmfbk, AVAST4: Win32:Hupigon-KAN [Trj] )
- f:\windows\system32\termina.exe - Trojan.Win32.Scar.aert ( BitDefender: Trojan.Agent.ANCD, AVAST4: Win32:Dogrobot [Drp] )
- f:\windows\system32\widp32.exe - Trojan.Win32.Scar.aazn ( DrWEB: BackDoor.Darkshell.96, BitDefender: Trojan.Generic.2508747, AVAST4: Win32:Agent-AERY [Trj] )
- f:\windows\system32\xmlprov.dll - Net-Worm.Win32.Piloyd.n ( DrWEB: Win32.HLLW.Autoruner.8265, BitDefender: Trojan.Generic.2595444, NOD32: Win32/AutoRun.AntiAV.P worm, AVAST4: Win32:Piloyd [Wrm] )
-