Подозрение на вирус

Здравствуйте.
На компьютере наблюдаются такие пробемы:
-Долгая загрузка
-Непонятные процессы запускаемые в системе
-Иногда появляются вирусы которые не удаляются

Заранее спасибо за помощ

Выполните скрипт в AVZ
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Documents and Settings\9н@4k@\ctfmon.exe','');
QuarantineFile('C:\WINDOWS\system32\msconfig.exe','');
QuarantineFile('c:\windows\explorer.exe:userini.exe:$DATA','');
QuarantineFile('c:\windows\system32\svchost.exe:exe.exe:$DATA','');
QuarantineFile('C:\WINDOWS\system32\userini.exe','');
QuarantineFile('C:\Documents and Settings\9н@4k@\Application Data\vgdoqo.exe,explorer.exe,C:\Documents and Settings\9н@4k@\ctfmon.exe','');
QuarantineFile('C:\Documents and Settings\9н@4k@\Application Data\vgdoqo.exe','');
QuarantineFile('C:\WINDOWS\System32\drivers\rjc1945.sys','');
DeleteService('rjc1945');
SetServiceStart('oht27ca', 4);
DeleteService('oht27ca');
SetServiceStart('ngs3d46', 4);
DeleteService('ngs3d46');
SetServiceStart('mer50df', 4);
DeleteService('mer50df');
SetServiceStart('aqcesjgp', 4);
DeleteService('aqcesjgp');
QuarantineFile('C:\Documents and Settings\9н@4k@\Application Data\Microsoft\wukyrivav.exe','');
DeleteService('jayeyoeux');
QuarantineFile('C:\Documents and Settings\9н@4k@\Application Data\Microsoft\rousofu.exe','');
DeleteService('ay6ye6wy1lyl');
QuarantineFile('C:\WINDOWS\System32\drivers\oht27ca.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\ngs3d46.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\mer50df.sys','');
QuarantineFile('C:\WINDOWS\system32\Drivers\aqcesjgp.sys','');
TerminateProcessByName('wukyrivav.exe');
QuarantineFile('wukyrivav.exe','');
TerminateProcessByName('c:\windows\temp\wpv831275552989.exe');
QuarantineFile('c:\windows\temp\wpv831275552989.exe','');
TerminateProcessByName('c:\windows\services.exe');
QuarantineFile('c:\windows\services.exe','');
TerminateProcessByName('c:\windows\system32\fittali.exe');
QuarantineFile('c:\windows\system32\fittali.exe','');
TerminateProcessByName('capujec.exe');
QuarantineFile('capujec.exe','');
DeleteFile('capujec.exe');
DeleteFile('c:\windows\system32\fittali.exe');
DeleteFile('c:\windows\services.exe');
DeleteFile('c:\windows\temp\wpv831275552989.exe');
DeleteFile('wukyrivav.exe');
DeleteFile('C:\WINDOWS\system32\Drivers\aqcesjgp.sys');
DeleteFile('C:\WINDOWS\System32\drivers\mer50df.sys');
DeleteFile('C:\WINDOWS\System32\drivers\ngs3d46.sys');
DeleteFile('C:\WINDOWS\System32\drivers\oht27ca.sys');
DeleteFile('C:\Documents and Settings\9н@4k@\Application Data\Microsoft\rousofu.exe');
DeleteFile('C:\Documents and Settings\9н@4k@\Application Data\Microsoft\wukyrivav.exe');
DeleteFile('C:\WINDOWS\System32\drivers\rjc1945.sys');
DeleteFile('C:\Documents and Settings\9н@4k@\Application Data\vgdoqo.exe');
DeleteFile('C:\Documents and Settings\9н@4k@\Application Data\vgdoqo.exe,explorer.exe,C:\Documents and Settings\9н@4k@\ctfmon.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','services');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gejicij');
DeleteFile('C:\WINDOWS\system32\userini.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','userini');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','userini');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','userini');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','userini');
DeleteFile('c:\windows\system32\svchost.exe:exe.exe:$DATA');
DeleteFile('c:\windows\explorer.exe:userini.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{9E40C983-FC23-4534-9203-EA77CD575C13}\RP37\A0010816.exe:exe.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{9E40C983-FC23-4534-9203-EA77CD575C13}\RP37\A0010832.exe:exe.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{9E40C983-FC23-4534-9203-EA77CD575C13}\RP38\A0010859.exe:exe.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{9E40C983-FC23-4534-9203-EA77CD575C13}\RP38\A0010876.exe:exe.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{9E40C983-FC23-4534-9203-EA77CD575C13}\RP38\A0010891.exe:exe.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{9E40C983-FC23-4534-9203-EA77CD575C13}\RP38\A0010910.exe:exe.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{9E40C983-FC23-4534-9203-EA77CD575C13}\RP38\A0010927.exe:exe.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{9E40C983-FC23-4534-9203-EA77CD575C13}\RP38\A0010941.exe:exe.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{9E40C983-FC23-4534-9203-EA77CD575C13}\RP38\A0011968.exe:exe.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{9E40C983-FC23-4534-9203-EA77CD575C13}\RP38\A0011984.exe:exe.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{9E40C983-FC23-4534-9203-EA77CD575C13}\RP38\A0011998.exe:exe.exe:$DATA');
DeleteFile('C:\System Volume Information\_restore{9E40C983-FC23-4534-9203-EA77CD575C13}\RP39\A0013145.exe:exe.exe:$DATA');
DeleteFile('C:\WINDOWS\system32\msconfig.exe');
DeleteFile('C:\Documents and Settings\9н@4k@\ctfmon.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end. [/code]Компьютер перезагрузится.

Пришлите карантин согласно [B]Приложения 3[/B] правил по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] вверху темы

Сделайте новые логи + лог [url]http://virusinfo.info/showpost.php?p=457118&postcount=1[/url]

вот сделал все написанное

а карантин где? Диск H -это флешка?

Да, Н это флешка, Карантин сайчас загружу, ошибку страница выдала

[size="1"][color="#666686"][B][I]Добавлено через 1 минуту[/I][/B][/color][/size]

Все карантин загружен

1. Профиксите в HijackThis [URL="http://virusinfo.info/showthread.php?t=4491"]как "профиксить в HiJackThis"[/URL]
[CODE]
O4 - HKCU\..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKLM\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe
[/CODE]
2.[URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в AVZ[/URL]
[CODE]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon','UserInit', GetEnvironmentVariable ('WinDir')+'\System32\userinit.exe,');
QuarantineFile('C:\WINDOWS\Temp\wpv741275552789.exe','');
QuarantineFile('C:\Temp\~TM51D.tmp','');
QuarantineFile('C:\Temp\~TM524.tmp','');
QuarantineFile('C:\Temp\~TM534.tmp ','');
QuarantineFile('C:\Temp\~TM536.tmp','');
QuarantineFile('C:\Temp\~TM537.tmp','');
QuarantineFile('C:\Temp\~TM53A.tmp','');
QuarantineFile('C:\Temp\~TM53D.tmp','');
QuarantineFile('C:\WINDOWS\system32\wbem\grpconv.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv391275311461.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv401275029571.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv411275029474.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv451275029513.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv501275059006.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv541275058946.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv561275391294.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv251275553417.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv311274771144.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv851275037067.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv891274703468.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv951275029296.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv971274703313.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv991275552831.exe','');
QuarantineFile('C:\Documents and Settings\9н@4k@\Local Settings\Temporary Internet Files\Content.IE5\NN5RZH88\3[1].exe','');
QuarantineFile('C:\Documents and Settings\9н@4k@\Local Settings\Temporary Internet Files\Content.IE5\NN5RZH88\3[3].exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv911275391392.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv121275553493.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv111275029417.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv801275036761.exe ','');
QuarantineFile('C:\WINDOWS\Temp\wpv801274948816.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv801274792264.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv651275327332.exe','');
QuarantineFile('C:\WINDOWS\Temp\wpv601275029355.exe','');
QuarantineFile('H:\autorun.inf','');
DeleteFile('C:\WINDOWS\Temp\wpv741275552789.exe');
DeleteFile('C:\Temp\~TM51D.tmp');
DeleteFile('C:\Temp\~TM524.tmp');
DeleteFile('C:\Temp\~TM534.tmp ');
DeleteFile('C:\Temp\~TM536.tmp');
DeleteFile('C:\Temp\~TM537.tmp');
DeleteFile('C:\Temp\~TM53A.tmp');
DeleteFile('C:\Temp\~TM53D.tmp');
DeleteFile('C:\WINDOWS\system32\wbem\grpconv.exe');
DeleteFile('C:\WINDOWS\Temp\wpv391275311461.exe');
DeleteFile('C:\WINDOWS\Temp\wpv401275029571.exe');
DeleteFile('C:\WINDOWS\Temp\wpv411275029474.exe');
DeleteFile('C:\WINDOWS\Temp\wpv451275029513.exe');
DeleteFile('C:\WINDOWS\Temp\wpv501275059006.exe');
DeleteFile('C:\WINDOWS\Temp\wpv541275058946.exe');
DeleteFile('C:\WINDOWS\Temp\wpv561275391294.exe');
DeleteFile('C:\WINDOWS\Temp\wpv601275029355.exe');
DeleteFile('C:\WINDOWS\Temp\wpv651275327332.exe');
DeleteFile('C:\WINDOWS\Temp\wpv801274792264.exe');
DeleteFile('C:\WINDOWS\Temp\wpv801274948816.exe');
DeleteFile('C:\WINDOWS\Temp\wpv801275036761.exe ');
DeleteFile('C:\WINDOWS\Temp\wpv111275029417.exe');
DeleteFile('C:\WINDOWS\Temp\wpv121275553493.exe');
DeleteFile('C:\WINDOWS\Temp\wpv251275553417.exe');
DeleteFile('C:\WINDOWS\Temp\wpv311274771144.exe');
DeleteFile('C:\WINDOWS\Temp\wpv851275037067.exe');
DeleteFile('C:\WINDOWS\Temp\wpv891274703468.exe');
DeleteFile('C:\WINDOWS\Temp\wpv911275391392.exe');
DeleteFile('C:\WINDOWS\Temp\wpv951275029296.exe');
DeleteFile('C:\WINDOWS\Temp\wpv971274703313.exe');
DeleteFile('C:\WINDOWS\Temp\wpv991275552831.exe');
DeleteFile('C:\Documents and Settings\9н@4k@\Local Settings\Temporary Internet Files\Content.IE5\NN5RZH88\3[1].exe');
DeleteFile('C:\Documents and Settings\9н@4k@\Local Settings\Temporary Internet Files\Content.IE5\NN5RZH88\3[3].exe');
DeleteFile('C:\WINDOWS\Temp\wpv741275552789.exe');
DeleteFile('C:\WINDOWS\explorer.exe:userini.exe');
DeleteFileMask('C:\Documents and Settings\9н@4k@\Рабочий стол\avz4\avz4\Infected', '*.*', true);
DeleteFileMask('C:\Documents and Settings\9н@4k@\Рабочий стол\avz4\avz4\Quarantine', '*.*', true);
DeleteFileMask('C:\Documents and Settings\9н@4k@\Local Settings\Temporary Internet Files\Content.IE5', '*.*', true);
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW', 2, 2, true);
ExecuteRepair(12);
ExecuteWizard('SCU', 2, 2, true);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
BC_DeleteSvc('ICF');
BC_Activate;
RebootWindows(true);
end.[/CODE]

После перезагрузки:
- удалите в MBAM
[CODE]
Зараженные процессы в памяти:
C:\WINDOWS\Temp\wpv741275552789.exe (Trojan.Dropper) -> No action taken.

Зараженные ключи в реестре:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Fci (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ICF (Rootkit.Agent) -> No action taken.

Зараженные параметры в реестре:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> No action taken.


Зараженные файлы:
C:\Documents and Settings\9н@4k@\Application Data\wiaservg.log (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\9н@4k@\secupdat.dat (Worm.Autorun) -> No action taken.

[/CODE]

- выполните такой скрипт
[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]
- Файл [B][COLOR="Red"]quarantine.zip[/COLOR][/B] из папки AVZ загрузите по ссылке [B][COLOR="Red"]Прислать запрошенный карантин[/COLOR][/B] вверху темы
- Сделайте повторный лог [URL="http://virusinfo.info/showthread.php?t=53070"]MBAM[/URL]
- Сделайте повторный лог hijackthis.log;

Сделал все перечисленное, логи приложил

Ничего плохого не видно. Проблема решена?

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]2[/B][*]Обработано файлов: [B]133[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\documents and settings\9н@4k@\application data\microsoft\wukyrivav.exe - [B]Trojan-Dropper.Win32.Vidro.aym[/B] ( DrWEB: Trojan.WinSpy.711, BitDefender: Gen:Variant.Zbot.7, AVAST4: Win32:Bamital-T [Drp] )[*] c:\documents and settings\9н@4k@\application data\vgdoqo.exe - [B]Trojan.Win32.Inject.aqru[/B] ( DrWEB: BackDoor.Butter.23, BitDefender: Trojan.Agent.Delf.RLZ, AVAST4: Win32:Delfcrypt-C [Drp] )[*] c:\documents and settings\9н@4k@\ctfmon.exe - [B]P2P-Worm.Win32.Palevo.fuc[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Trojan.Heur.GZ.hmGfbyM8e5ec )[*] c:\system volume information\_restore{9e40c983-fc23-4534-9203-ea77cd575c13}\rp37\a0010816.exe:exe.exe:$data - [B]Trojan.Win32.Agent.edqj[/B] ( DrWEB: Trojan.Spambot.6760, BitDefender: Gen:Variant.Fakealert.8, NOD32: Win32/Obfuscated.NCY trojan, AVAST4: Win32:FakeAlert-MG [Trj] )[*] c:\system volume information\_restore{9e40c983-fc23-4534-9203-ea77cd575c13}\rp37\a0010832.exe:exe.exe:$data - [B]Trojan.Win32.Agent.edqj[/B] ( DrWEB: Trojan.Spambot.6760, BitDefender: Gen:Variant.Fakealert.8, NOD32: Win32/Obfuscated.NCY trojan, AVAST4: Win32:FakeAlert-MG [Trj] )[*] c:\system volume information\_restore{9e40c983-fc23-4534-9203-ea77cd575c13}\rp38\a0010859.exe:exe.exe:$data - [B]Trojan.Win32.Agent.edqj[/B] ( DrWEB: Trojan.Spambot.6760, BitDefender: Gen:Variant.Fakealert.8, NOD32: Win32/Obfuscated.NCY trojan, AVAST4: Win32:FakeAlert-MG [Trj] )[*] c:\system volume information\_restore{9e40c983-fc23-4534-9203-ea77cd575c13}\rp38\a0010876.exe:exe.exe:$data - [B]Trojan.Win32.Agent.edqj[/B] ( DrWEB: Trojan.Spambot.6760, BitDefender: Gen:Variant.Fakealert.8, NOD32: Win32/Obfuscated.NCY trojan, AVAST4: Win32:FakeAlert-MG [Trj] )[*] c:\system volume information\_restore{9e40c983-fc23-4534-9203-ea77cd575c13}\rp38\a0010891.exe:exe.exe:$data - [B]Trojan.Win32.Agent.edqj[/B] ( DrWEB: Trojan.Spambot.6760, BitDefender: Gen:Variant.Fakealert.8, NOD32: Win32/Obfuscated.NCY trojan, AVAST4: Win32:FakeAlert-MG [Trj] )[*] c:\system volume information\_restore{9e40c983-fc23-4534-9203-ea77cd575c13}\rp38\a0010910.exe:exe.exe:$data - [B]Trojan.Win32.Agent.edqj[/B] ( DrWEB: Trojan.Spambot.6760, BitDefender: Gen:Variant.Fakealert.8, NOD32: Win32/Obfuscated.NCY trojan, AVAST4: Win32:FakeAlert-MG [Trj] )[*] c:\system volume information\_restore{9e40c983-fc23-4534-9203-ea77cd575c13}\rp38\a0010927.exe:exe.exe:$data - [B]Trojan.Win32.Agent.edqj[/B] ( DrWEB: Trojan.Spambot.6760, BitDefender: Gen:Variant.Fakealert.8, NOD32: Win32/Obfuscated.NCY trojan, AVAST4: Win32:FakeAlert-MG [Trj] )[*] c:\system volume information\_restore{9e40c983-fc23-4534-9203-ea77cd575c13}\rp38\a0010941.exe:exe.exe:$data - [B]Trojan.Win32.Agent.edqj[/B] ( DrWEB: Trojan.Spambot.6760, BitDefender: Gen:Variant.Fakealert.8, NOD32: Win32/Obfuscated.NCY trojan, AVAST4: Win32:FakeAlert-MG [Trj] )[*] c:\system volume information\_restore{9e40c983-fc23-4534-9203-ea77cd575c13}\rp38\a0011968.exe:exe.exe:$data - [B]Trojan.Win32.Agent.edqj[/B] ( DrWEB: Trojan.Spambot.6760, BitDefender: Gen:Variant.Fakealert.8, NOD32: Win32/Obfuscated.NCY trojan, AVAST4: Win32:FakeAlert-MG [Trj] )[*] c:\system volume information\_restore{9e40c983-fc23-4534-9203-ea77cd575c13}\rp38\a0011984.exe:exe.exe:$data - [B]Trojan.Win32.Agent.edqj[/B] ( DrWEB: Trojan.Spambot.6760, BitDefender: Gen:Variant.Fakealert.8, NOD32: Win32/Obfuscated.NCY trojan, AVAST4: Win32:FakeAlert-MG [Trj] )[*] c:\system volume information\_restore{9e40c983-fc23-4534-9203-ea77cd575c13}\rp38\a0011998.exe:exe.exe:$data - [B]Trojan.Win32.Agent.edqj[/B] ( DrWEB: Trojan.Spambot.6760, BitDefender: Gen:Variant.Fakealert.8, NOD32: Win32/Obfuscated.NCY trojan, AVAST4: Win32:FakeAlert-MG [Trj] )[*] c:\system volume information\_restore{9e40c983-fc23-4534-9203-ea77cd575c13}\rp39\a0013145.exe:exe.exe:$data - [B]Trojan.Win32.Agent.edqj[/B] ( DrWEB: Trojan.Spambot.6760, BitDefender: Gen:Variant.Fakealert.8, NOD32: Win32/Obfuscated.NCY trojan, AVAST4: Win32:FakeAlert-MG [Trj] )[*] c:\windows\explorer.exe:userini.exe:$data - [B]Email-Worm.Win32.Joleee.evi[/B] ( DrWEB: Trojan.Spambot.6788, BitDefender: Trojan.Bredolab.BV, AVAST4: Win32:Bredolab-DH [Trj] )[*] c:\windows\services.exe - [B]Email-Worm.Win32.Joleee.evn[/B] ( DrWEB: Trojan.Spambot.3531, BitDefender: Trojan.Bredolab.BX, AVAST4: Win32:Malware-gen )[*] c:\windows\system32\svchost.exe:exe.exe:$data - [B]Trojan.Win32.Agent.edqj[/B] ( DrWEB: Trojan.Spambot.6760, BitDefender: Gen:Variant.Fakealert.8, NOD32: Win32/Obfuscated.NCY trojan, AVAST4: Win32:FakeAlert-MG [Trj] )[*] c:\windows\system32\userini.exe - [B]Email-Worm.Win32.Joleee.ewc[/B] ( DrWEB: Trojan.Spambot.6788, BitDefender: Gen:Variant.Bredo.2, AVAST4: Win32:Bredolab-DI [Trj] )[*] c:\windows\temp\wpv831275552989.exe - [B]Email-Worm.Win32.Joleee.ewc[/B] ( DrWEB: Trojan.Spambot.6788, BitDefender: Gen:Variant.Bredo.2, AVAST4: Win32:Bredolab-DI [Trj] )[*] h:\autorun.inf - [B]Trojan.Win32.AutoRun.aln[/B][/LIST][/LIST]