Тормозит интернет

Printable View

05.01.2011, 21:46
Armanio

Тормозит интернет

Тормозит интернет и многие exe файлы вышли из строя:sad:
05.01.2011, 21:53
thyrex

Выполните скрипт в AVZ
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\zkvrm8ijfk.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\y65q1ghm.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\xdj0afwrr.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\x6ypp86g.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\uvwrm3i2jk.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\tt66k81wh.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\o81almhn60p.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\m1iejfvg.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\l2c0d03e.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\fvb66s86e81.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\ek5fbwxc85.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\eafvb60djtp.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\bb66s81e3.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\949.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\936.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\934.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\926.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\925.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\888.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\81alc1s.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\747.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\739.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\736.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\725.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\70nj1uq.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\665.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\5ek5fbw.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\569.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\567.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\531.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\521.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\442.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\3wrx91o.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\3gbrsnd.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\316.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\283.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\26wrrss.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\1ufgbh6.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\154.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\145.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\143.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\045.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\023.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\020.exe','');
QuarantineFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\016.exe','');
QuarantineFile('C:\DOCUME~1\Armaxa\LOCALS~1\Temp\Gn12MzS1.sys','');
TerminateProcessByName('c:\documents and settings\armaxa\application data\lsass.exe');
QuarantineFile('c:\documents and settings\armaxa\application data\lsass.exe','');
DeleteFile('c:\documents and settings\armaxa\application data\lsass.exe');
DeleteFile('C:\DOCUME~1\Armaxa\LOCALS~1\Temp\Gn12MzS1.sys');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Local Security Authentication Server');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\016.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\020.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\023.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\045.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\143.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\145.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\154.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\1ufgbh6.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\26wrrss.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\283.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\316.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\3gbrsnd.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\3wrx91o.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\442.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\521.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\531.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\567.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\569.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\5ek5fbw.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\665.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\70nj1uq.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\725.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\736.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\739.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\747.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\81alc1s.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\888.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\925.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\926.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\934.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\936.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\949.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\bb66s81e3.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\eafvb60djtp.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\ek5fbwxc85.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\fvb66s86e81.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\l2c0d03e.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\m1iejfvg.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\o81almhn60p.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\tt66k81wh.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\uvwrm3i2jk.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\x6ypp86g.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\xdj0afwrr.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\y65q1ghm.exe');
DeleteFile('C:\Documents and Settings\Armaxa\DoctorWeb\Quarantine\zkvrm8ijfk.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021817.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021819.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021821.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021823.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021825.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021827.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021829.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021831.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021833.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021836.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021837.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021838.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021839.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021840.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021841.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021842.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021843.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021844.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021845.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021846.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021847.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021848.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021849.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021850.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021851.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021852.exe');
DeleteFile('C:\System Volume Information\_restore{3A0CB424-4BB5-4377-8EFF-7666A3DFEA48}\RP34\A0021853.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end. [/code]Компьютер перезагрузится.

Пришлите карантин согласно [B]Приложения 3[/B] правил по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] вверху темы

Сделайте новые логи

Сделайте лог [url="http://virusinfo.info/showpost.php?p=457118&postcount=1"]полного сканирования МВАМ[/url]
05.01.2011, 23:18
Armanio

Готово
05.01.2011, 23:35
polword

Отключите[B][COLOR="Red"]Системное восстановление!!![/COLOR][/B][URL="http://avptool.ru/ru/AVPTool_helpdesk_sysrestore.htm"] как- посмотреть можно тут[/URL]
- [URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в AVZ[/URL]
[CODE]
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon','UserInit', GetEnvironmentVariable ('WinDir')+'\System32\userinit.exe,');
QuarantineFile('c:\documents and settings\Armaxa\local settings\Temp\701.exe','');
QuarantineFile('c:\documents and settings\Armaxa\doctorweb\quarantine\juzjf.exe','');
QuarantineFile('c:\documents and settings\Armaxa\local settings\Temp\4244.exe','');
DeleteFile('c:\documents and settings\Armaxa\local settings\Temp\701.exe');
DeleteFile('c:\documents and settings\Armaxa\local settings\Temp\4244.exe');
DeleteFile('c:\documents and settings\Armaxa\doctorweb\quarantine\juzjf.exe');
QuarantineFile('c:\documents and settings\localservice\application data\microsoft\vydefaqu.exe','');
QuarantineFile('c:\documents and settings\localservice\application data\microsoft\segyvol.exe','');
DeleteFile('c:\documents and settings\localservice\application data\microsoft\segyvol.exe');
DeleteFile('c:\documents and settings\localservice\application data\microsoft\vydefaqu.exe');
DeleteFileMask('c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5', '*.*', true);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/CODE]

После перезагрузки:
- выполните такой скрипт
[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]
- Файл [B][COLOR="Red"]quarantine.zip[/COLOR][/B] из папки AVZ загрузите по ссылке [B][COLOR="Red"]Прислать запрошенный карантин[/COLOR][/B] вверху темы

- [URL="http://virusinfo.info/showpost.php?p=493584&postcount=2"]удалите[/URL] в [B]MBAM[/B], что останется из этого
[CODE]
Заражённые ключи в реестре:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Заражённые файлы:
c:\documents and settings\Armaxa\doctorweb\quarantine\292372.exe (Trojan.LVBP) -> No action taken.
c:\documents and settings\Armaxa\doctorweb\quarantine\777.exe (Trojan.LVBP) -> No action taken.
c:\documents and settings\Armaxa\doctorweb\quarantine\juzjf.exe (Trojan.LVBP) -> No action taken.
c:\documents and settings\Armaxa\local settings\Temp\4244.exe (Trojan.FakeMS) -> No action taken.
c:\documents and settings\Armaxa\local settings\Temp\701.exe (Trojan.FakeMS) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\8TA7OXYR\4k[1] (Trojan.LVBP) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\8TA7OXYR\4k[2] (Trojan.LVBP) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\8TA7OXYR\4k[4] (Trojan.LVBP) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\8TA7OXYR\ck[1] (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\8TA7OXYR\ck[2] (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\8TA7OXYR\ck[3] (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\8TA7OXYR\ck[4] (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\C12VCLEZ\dwjmkn[1].txt (Worm.Autorun) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\C12VCLEZ\edwkjojm[1].txt (Worm.Autorun) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\C12VCLEZ\cewcwq[1].txt (Trojan.Refroso) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\C12VCLEZ\cfdwqdwq[1].txt (Trojan.Ddox) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\C12VCLEZ\soc[1].exe (Trojan.FakeMS) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\C12VCLEZ\dcwqedwq5[1].txt (Trojan.Refroso) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\C12VCLEZ\install[1].48767.exe (Rootkit.Agent) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\C12VCLEZ\vrededwww[1].txt (Trojan.Ddox) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\CH6BGDAJ\4k[1] (Trojan.LVBP) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\CH6BGDAJ\4k[2] (Trojan.LVBP) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\CH6BGDAJ\4k[3] (Trojan.LVBP) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\CH6BGDAJ\4k[4] (Trojan.LVBP) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\CH6BGDAJ\cvdscsa[1].txt (Trojan.Ddox) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\CH6BGDAJ\cfewfcwe[1].txt (Trojan.Refroso) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\CH6BGDAJ\cfewwqe[1].txt (Worm.Autorun) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\CH6BGDAJ\ck[1] (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\CH6BGDAJ\ck[2] (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\CH6BGDAJ\ck[3] (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\O9YJOXUV\dwqdcwq[1].txt (Trojan.Ddox) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\O9YJOXUV\4k[1] (Trojan.LVBP) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\O9YJOXUV\4k[2] (Trojan.LVBP) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\O9YJOXUV\install[1].48767.exe (Rootkit.Agent) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\O9YJOXUV\cwcwwq[1].txt (Trojan.Refroso) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\O9YJOXUV\ck[1] (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\O9YJOXUV\ck[2] (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\Armaxa\local settings\temporary internet files\Content.IE5\O9YJOXUV\vcewwfqc[1].txt (Worm.Autorun) -> No action taken.
c:\documents and settings\localservice\application data\microsoft\segyvol.exe (Trojan.LVBP) -> No action taken.
c:\documents and settings\localservice\application data\microsoft\vydefaqu.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP32\A0020652.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP32\A0020654.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP32\A0020655.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP32\A0020677.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP32\A0020679.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP32\A0020680.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP32\A0020721.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP32\A0020723.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP32\A0020724.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP32\A0020725.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP32\A0020729.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP32\A0020731.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP32\A0020732.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP32\A0020741.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP33\A0020747.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP33\A0020751.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP33\A0020752.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP33\A0020753.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP33\A0021748.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP33\A0021749.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP33\A0021752.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP33\A0021753.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021757.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021759.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021760.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021764.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021765.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021766.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021788.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021790.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021793.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021796.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021797.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021808.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021809.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021810.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021814.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021815.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021857.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021789.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP34\A0021835.exe (Trojan.LVBP) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021949.exe (Trojan.FakeMS) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021950.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021951.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021952.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021953.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021954.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021955.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021956.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021957.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021958.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021959.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021960.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021962.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021963.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021964.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021965.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021966.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021967.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021968.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021969.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021970.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021971.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021972.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021973.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021974.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021975.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021976.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021977.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021978.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021980.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021981.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021982.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021983.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021984.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021985.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021986.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021987.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021988.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021989.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021990.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021991.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021992.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021993.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021994.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021961.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{3a0cb424-4bb5-4377-8eff-7666a3dfea48}\RP35\A0021979.exe (Trojan.Refroso) -> No action taken.
c:\documents and settings\Armaxa\secupdat.dat (Worm.Autorun) -> No action taken.
[/CODE]
- Сделайте повторные логи по [URL="http://virusinfo.info/pravila_old.html"]правилам[/URL] п.2 и 3 раздела Диагностика.([COLOR="Blue"]virusinfo_syscheck.zip;hijackthis.log[/COLOR])
- Сделайте лог [URL="http://virusinfo.info/showpost.php?p=457118&postcount=1"][COLOR="Blue"][B]MBAM[/B][/COLOR][/URL]
06.01.2011, 00:09
thyrex

А также ([B]перед повторными логами[/B])

[color="#FF0000"][b]Внимание![/b][/color] Официальная поддержка (и выпуск обновлений) для Windows XP SP2 [b]прекращена[/b]

Установите [url="http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=ru"]SP3[/url] (может потребоваться активация) + все [url="http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=ru"]новые обновления[/url] для Windows
Установите [url="http://www.microsoft.com/rus/windows/internet-explorer/default.aspx"]Internet Explorer 8[/url] (даже если им не пользуетесь)
06.01.2011, 01:15
Armanio

Вроде бы все чисто стало..
06.01.2011, 01:33
thyrex

Сообщение №5 прочтите и выполните.

Иначе червь скоро снова приползет
07.01.2011, 01:33
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]140[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\\documents and settings\\armaxa\\application data\\lsass.exe - [B]Worm.Win32.AutoRun.bypy[/B] ( DrWEB: Trojan.Packed.21318, BitDefender: Trojan.Generic.5335738, NOD32: Win32/Agent.OUF trojan, AVAST4: Win32:Inject-ABQ [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\bb66s81e3.exe - [B]Trojan-Downloader.Win32.Pher.haq[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\eafvb60djtp.exe - [B]Trojan-Downloader.Win32.Refroso.cbp[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\ek5fbwxc85.exe - [B]Trojan-Downloader.Win32.Pher.hao[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\fvb66s86e81.exe - [B]Trojan-Downloader.Win32.Pher.hao[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\l2c0d03e.exe - [B]Trojan-Downloader.Win32.Pher.hgl[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\m1iejfvg.exe - [B]Trojan-Downloader.Win32.Refroso.cbq[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\o81almhn60p.exe - [B]Trojan-Downloader.Win32.Refroso.cbp[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\tt66k81wh.exe - [B]Trojan-Downloader.Win32.Refroso.cbr[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\uvwrm3i2jk.exe - [B]Trojan-Downloader.Win32.Refroso.cbr[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\xdj0afwrr.exe - [B]Trojan-Downloader.Win32.Refroso.cbs[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\x6ypp86g.exe - [B]Trojan-Downloader.Win32.Refroso.cbp[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\y65q1ghm.exe - [B]Trojan-Downloader.Win32.Refroso.cbs[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\zkvrm8ijfk.exe - [B]Trojan-Downloader.Win32.Pher.haq[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\016.exe - [B]Trojan-Downloader.Win32.Pher.hao[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\020.exe - [B]Trojan-Downloader.Win32.Pher.hao[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\023.exe - [B]Trojan-Downloader.Win32.Refroso.cbp[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\045.exe - [B]Trojan-Downloader.Win32.Refroso.cbp[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\1ufgbh6.exe - [B]Trojan-Downloader.Win32.Pher.hao[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\143.exe - [B]Trojan-Downloader.Win32.Refroso.cbr[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\145.exe - [B]Trojan-Downloader.Win32.Pher.hao[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\154.exe - [B]Trojan-Downloader.Win32.Pher.hgl[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\26wrrss.exe - [B]Trojan-Downloader.Win32.Pher.haq[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\283.exe - [B]Trojan-Downloader.Win32.Pher.haq[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\3gbrsnd.exe - [B]Trojan-Downloader.Win32.Pher.hao[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\3wrx91o.exe - [B]Trojan-Downloader.Win32.Refroso.cbq[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\316.exe - [B]Trojan-Downloader.Win32.Refroso.cbs[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\442.exe - [B]Trojan-Downloader.Win32.Refroso.cbp[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\5ek5fbw.exe - [B]Trojan-Downloader.Win32.Refroso.cbp[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\521.exe - [B]Trojan-Downloader.Win32.Refroso.cbq[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\531.exe - [B]Trojan-Downloader.Win32.Refroso.cbp[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\567.exe - [B]Trojan-Downloader.Win32.Pher.haq[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\569.exe - [B]Trojan-Downloader.Win32.Pher.hgl[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\665.exe - [B]Trojan-Downloader.Win32.Refroso.cbr[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\70nj1uq.exe - [B]Trojan-Downloader.Win32.Pher.hgl[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\725.exe - [B]Trojan-Downloader.Win32.Pher.hgl[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\736.exe - [B]Trojan-Downloader.Win32.Refroso.cbp[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\739.exe - [B]Trojan-Downloader.Win32.Refroso.cbr[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\747.exe - [B]Trojan-Downloader.Win32.Refroso.cbs[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\81alc1s.exe - [B]Trojan-Downloader.Win32.Pher.hgl[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\888.exe - [B]Trojan-Downloader.Win32.Refroso.cbs[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\925.exe - [B]Trojan-Downloader.Win32.Pher.hao[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\926.exe - [B]Trojan-Downloader.Win32.Refroso.cbq[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\934.exe - [B]Trojan-Downloader.Win32.Refroso.cbq[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.6976251, NOD32: Win32/Lethic.AA trojan, AVAST4: Win32:Lethic-B [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\936.exe - [B]Trojan-Downloader.Win32.Pher.haq[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, AVAST4: Win32:Refroso-DC [Trj] )[*] c:\\documents and settings\\armaxa\\doctorweb\\quarantine\\949.exe - [B]Trojan-Downloader.Win32.Pher.hgl[/B] ( DrWEB: Trojan.Packed.21230, BitDefender: Trojan.Generic.6818452, AVAST4: Win32:Refroso-DC [Trj] )[/LIST][/LIST]