Вирусы атаковали

Printable View

13.04.2010, 17:34
1Tseman

Вирусы атаковали

Dr.Web обновленный почему то не справляется, обнаруживает их каждый раз...

прилагаю логи
13.04.2010, 18:13
thyrex

Выполните скрипт в AVZ
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('C:\RECYCLER\S-1-5-21-0049525393-2027911346-805001232-5370\syscr.exe');
TerminateProcessByName('c:\windows\system32\qtplugin.exe');
TerminateProcessByName('c:\windows\system32\wmsrvc.exe');
TerminateProcessByName('c:\windows\temp\tmp1298.exe');
TerminateProcessByName('\Device\HarddiskVolume1\DOCUME~1\test\LOCALS~1\Temp\RarSFX0\s42asxp.exe');
QuarantineFile('C:\RECYCLER\S-1-5-21-0049525393-2027911346-805001232-5370\syscr.exe','');
QuarantineFile('C:\WINDOWS\system32\dllcache\wstpager.ax:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\wiasf.ax:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\daxctle.ocx:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\cnfgprts.ocx:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\asctrls.ocx:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\appwiz.cpl:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\wfp6.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\usb.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\syssetup.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\oem0.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\Nokia6830Bluetooth.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\nokia6822IrDA.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\nokia6610iIrDA.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\netsla30.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\netsis.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\netlm.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\netcem33.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\mstask.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\mfsocket.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\mdmosi.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\mdmlasno.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\mdmbug3.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\mdmadc.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\iereset.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\usrlogon.cmd:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\pubprn.vbs:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\nwc.cpl:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\netsetup.cpl:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\msscds32.ax:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\ksxbar.ax:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\irprops.cpl:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\ieuinit.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\hhctrl.ocx:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\inf\brmfcsto.inf:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\Help\windows.chm:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\Help\taskbar.chm:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\Help\soundrec.chm:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\Help\msmqconcepts.chm:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\Help\joy.chm:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\Help\freecell.chm:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\Help\drwtsn32.chm:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\Help\datetime.chm:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\Help\colormgt.chm:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\Help\ciadmin.htm:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\Help\apps.chm:Wxzs+vE:$DATA','');
QuarantineFile('C:\WINDOWS\system32\qtplugin.exe','');
QuarantineFile('C:\WINDOWS\system32\sdra64.exe','');
QuarantineFile('C:\WINDOWS\system32\ctndxvpv.exe','');
QuarantineFile('C:\Documents and Settings\NetworkService\ufbeqqaf.exe','');
QuarantineFile('C:\Documents and Settings\NetworkService\mii.exe','');
QuarantineFile('C:\Documents and Settings\NetworkService\Application Data\Microsoft\kigudou.exe','');
QuarantineFile('c:\windows\system32\wmsrvc.exe','');
QuarantineFile('c:\windows\temp\tmp1298.exe','');
QuarantineFile('\Device\HarddiskVolume1\DOCUME~1\test\LOCALS~1\Temp\RarSFX0\s42asxp.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-0049525393-2027911346-805001232-5370\syscr.exe');
DeleteFile('\Device\HarddiskVolume1\DOCUME~1\test\LOCALS~1\Temp\RarSFX0\s42asxp.exe');
DeleteFile('c:\windows\temp\tmp1298.exe');
DeleteFile('c:\windows\system32\wmsrvc.exe');
DeleteFile('C:\Documents and Settings\NetworkService\Application Data\Microsoft\kigudou.exe');
DeleteFile('C:\Documents and Settings\NetworkService\mii.exe');
DeleteFile('C:\Documents and Settings\NetworkService\ufbeqqaf.exe');
DeleteFile('C:\WINDOWS\system32\ctndxvpv.exe');
DeleteFile('C:\WINDOWS\system32\sdra64.exe');
DeleteFile('C:\WINDOWS\system32\qtplugin.exe');
DeleteFile('C:\WINDOWS\Help\apps.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\ciadmin.htm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\colormgt.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\datetime.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\drwtsn32.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\freecell.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\joy.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\msmqconcepts.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\soundrec.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\taskbar.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\Help\windows.chm:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\brmfcsto.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\hhctrl.ocx:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\ieuinit.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\irprops.cpl:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\ksxbar.ax:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\msscds32.ax:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\nwc.cpl:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\pubprn.vbs:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\usrlogon.cmd:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\iereset.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mdmadc.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mdmbug3.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mdmlasno.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mdmosi.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mfsocket.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\mstask.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\netcem33.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\netlm.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\netsis.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\netsla30.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\nokia6610iIrDA.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\nokia6822IrDA.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\Nokia6830Bluetooth.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\oem0.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\syssetup.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\usb.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\inf\wfp6.inf:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\appwiz.cpl:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\asctrls.ocx:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\cnfgprts.ocx:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\daxctle.ocx:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\wiasf.ax:Wxzs+vE:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\wstpager.ax:Wxzs+vE:$DATA');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','MSConfig');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','MSConfig');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','sazymmoo');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','sazymmoo');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','CFmon');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','AutoStart');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','autoruns');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','RegistryMonitor1');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Generic Host for Win32 Services');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(9);
ExecuteRepair(13);
ExecuteRepair(16);
RegKeyIntParamWrite('HKLM', 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum', '{BDEADF00-C265-11D0-BCED-00A0C90AB50F}', 1);
RebootWindows(true);
end. [/code]Компьютер перезагрузится

Пришлите карантин согласно [B]Приложения 3[/B] правил по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] вверху темы

[B]Обновите базы AVZ[/B]
Сделайте новые логи
13.04.2010, 18:51
1Tseman

карантин выслал, правда когда шло выполнения вашего скрипта, Dr.Web удалял из папки avz файлы )
логи прилагаю.
13.04.2010, 19:27
thyrex

Логи старые

Антивирус нужно отключать на время выполнения скрипта
14.04.2010, 19:27
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]45[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\windows\help\apps.chm:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\help\ciadmin.htm:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\help\colormgt.chm:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\help\datetime.chm:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\help\drwtsn32.chm:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\help\freecell.chm:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\help\joy.chm:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\help\msmqconcepts.chm:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\help\soundrec.chm:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\help\taskbar.chm:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\help\windows.chm:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\brmfcsto.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\iereset.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\mdmadc.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\mdmbug3.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\mdmlasno.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\mdmosi.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\mfsocket.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\mstask.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\netcem33.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\netlm.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\netsis.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\netsla30.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\nokia6610iirda.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\nokia6822irda.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\nokia6830bluetooth.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\oem0.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\syssetup.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\usb.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\inf\wfp6.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\appwiz.cpl:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\asctrls.ocx:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\dllcache\cnfgprts.ocx:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\dllcache\daxctle.ocx:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\dllcache\wiasf.ax:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\dllcache\wstpager.ax:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\hhctrl.ocx:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\ieuinit.inf:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\irprops.cpl:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\ksxbar.ax:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\msscds32.ax:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\netsetup.cpl:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\nwc.cpl:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\pubprn.vbs:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[*] c:\windows\system32\usrlogon.cmd:wxzs+ve:$data - [B]Packed.Win32.Krap.w[/B] ( DrWEB: Trojan.Packed.19647, BitDefender: Gen:Heur.Krypt.11, AVAST4: Win32:Bredolab-BR [Trj] )[/LIST][/LIST]