Небольшой зоопарк вирусов

[URL="http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/"]AVPTool[/URL] не справился. Лечит, потом перезагружается, потом опять находит лечит, опять перезагружается и так до бесконечности.
Спасибо за помощь.

Добрый день!

[b]-Отключите восстановление системы![/b]

[url=http://virusinfo.info/showthread.php?t=7239]В AVZ выполните скрипт:[/url]
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\windows\system32\roryjotab.exe');
TerminateProcessByName('c:\documents and settings\localservice.nt authority.000\application data\microsoft\pilogoh.exe');
TerminateProcessByName('c:\docume~1\tanya\locals~1\temp\sjlfhflodqhh3e693efe.tmp');
QuarantineFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\locybiry.exe','');
QuarantineFile('c:\documents and settings\localservice.nt authority.000\application data\microsoft\pilogoh.exe','');
QuarantineFile('C:\Program Files\PGXP\Samples\VbWiz\VbWiz.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temporary Internet Files\Content.IE5\AOVIJ229\l[1].exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\926.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\916.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\902.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\899.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\880.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\861637.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\8219.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\798.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\77849.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\603.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\570.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\566.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\534.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\500.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\447.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\4307.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\403.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\325.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\258.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\178.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\095.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\059.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Local Settings\Temp\02980.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\vrmhntja.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\kv3rs79jfq.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\9s1ozvg.exe','');
QuarantineFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\3ezpqlb.exe','');
QuarantineFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\roryjotab.exe','');
QuarantineFile('C:\WINDOWS\system32\symmovune.exe','');
QuarantineFile('c:\docume~1\tanya\locals~1\temp\sjlfhflodqhh3e693efe.tmp','');
QuarantineFile('c:\windows\system32\roryjotab.exe','');
DeleteService('dyat5iakvm');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','dyfel');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','dyfel');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','dyfel');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','tyce');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','tyce');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','tyce');
DeleteFile('c:\documents and settings\localservice.nt authority.000\application data\microsoft\pilogoh.exe');
DeleteFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\locybiry.exe');
DeleteFile('c:\docume~1\tanya\locals~1\temp\sjlfhflodqhh3e693efe.tmp');
DeleteFile('C:\WINDOWS\system32\symmovune.exe');
DeleteFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\roryjotab.exe');
DeleteFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\3ezpqlb.exe');
DeleteFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\9s1ozvg.exe');
DeleteFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\kv3rs79jfq.exe');
DeleteFile('C:\Documents and Settings\Tanya\Start Menu\Programs\Startup\vrmhntja.exe');
DeleteFile('C:\WINDOWS\system32\roryjotab.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\02980.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\059.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\095.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\178.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\258.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\325.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\403.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\4307.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\447.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\500.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\534.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\566.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\570.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\603.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\77849.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\798.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\8219.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\861637.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\880.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\899.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\902.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\916.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temp\926.exe');
DeleteFile('C:\Documents and Settings\Tanya\Local Settings\Temporary Internet Files\Content.IE5\AOVIJ229\l[1].exe');
DeleteFileMask('C:\Documents and Settings\Tanya\Local Settings\Temp', '*.*', true);
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('dyat5iakvm');
BC_Activate;
RebootWindows(true);
end.[/code]
Компьютер перезагрузится.

Загрузите карантин согласно приложению 3 [url=http://virusinfo.info/pravila.html]правил помощи.[/url]

Повторите логи AVZ и HiJackThis + лог [url=http://virusinfo.info/showpost.php?p=457118&postcount=1]MBAM[/url]

Сделал.
Сначала сканировал MBAM, а потом AVZ и HiJackThis (если порядок важен)

[B]-Отключите все защитное ПО[/B]

[url=http://virusinfo.info/showthread.php?t=7239]В AVZ выполните скрипт:[/url]
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
TerminateProcessByName('c:\documents and settings\localservice.nt authority.000\application data\microsoft\vykoufapo.exe');
TerminateProcessByName('c:\windows\temp\sjlfhflodqhh3e693efe.tmp');
StopService('zx1hyyooai7a5');
QuarantineFile('c:\WINDOWS\system32\ftp.exe','');
BC_DeleteFile('c:\windows\temp\sjlfhflodqhh3e693efe.tmp');
BC_DeleteFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\vykoufapo.exe');
BC_DeleteFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\roryjotab.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','tyce');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','tyce');
DeleteFileMask('c:\windows\temp', '*.*', true);
ExecuteSysClean;
BC_DeleteSvc('zx1hyyooai7a5');
BC_Activate;
SetAVZPMStatus(true);
RebootWindows(true);
end.[/code]

Компьютер перезагрузится.
Загрузите карантин согласно приложению 3 [url=http://virusinfo.info/pravila.html]правил помощи.[/url]

[url=http://virusinfo.info/showpost.php?p=493584&postcount=2]Удалите в MBAM[/url]
[code]Заражённые папки:
c:\RESTORE\k-1-3542-4232123213-7676767-8888886 (Trojan.Agent) -> No action taken.

Заражённые файлы:
c:\documents and settings\localservice.nt authority.000\local settings\temporary internet files\Content.IE5\BCB0LST2\test1[1].gif (Extension.Mismatch) -> No action taken.
c:\documents and settings\localservice.nt authority.000\local settings\temporary internet files\Content.IE5\ERD9TBQT\test1[1].gif (Extension.Mismatch) -> No action taken.
c:\documents and settings\localservice.nt authority.000\local settings\temporary internet files\Content.IE5\ERD9TBQT\test1[2].gif (Extension.Mismatch) -> No action taken.
c:\documents and settings\localservice.nt authority.000\local settings\temporary internet files\Content.IE5\JO5NTIL8\test1[1].gif (Extension.Mismatch) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00003.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00004.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00005.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00006.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00007.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00008.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00009.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00010.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00011.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00012.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00013.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00014.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00015.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00016.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00017.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00018.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00019.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00020.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00021.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00022.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00023.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00024.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00025.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00026.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00027.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00028.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00029.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\Desktop\avz4\quarantine\2011-03-26\avz00030.dta (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tanya\local settings\temporary internet files\Content.IE5\AOVIJ229\malin[1].exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\Tanya\local settings\temporary internet files\Content.IE5\AOVIJ229\zu[1].exe (Trojan.Refroso) -> No action taken.
c:\documents and settings\Tanya\local settings\temporary internet files\Content.IE5\G5KQXR7G\server1[1].exe (Trojan.Agent) -> No action taken.
c:\RESTORE\k-1-3542-4232123213-7676767-8888886\Desktop.ini (Trojan.Agent) -> No action taken.[/code]

[b][color="#FF0000"]Внимание![/color][/b] Официальная поддержка (и выпуск обновлений) для Windows XP SP2 [B]прекращена[/B]

Установите [url="http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=ru"]SP3[/url] (может потребоваться активация) + все [url="http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=ru"]новые обновления[/url] для Windows

затем,

Повторите логи AVZ + лог [url=http://virusinfo.info/showpost.php?p=457118&postcount=1]MBAM[/url]

Готово.
Спасибо за оперативную помощь.

[B]- Отключите все защитное ПО[/B]

[url=http://virusinfo.info/showthread.php?t=7239]В AVZ выполните скрипт:[/url]
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('dyat5iakvm');
DeleteService('dyat5iakvm');
DeleteFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\symmovune.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-1292428093-2139871995-839522115-1003\Dc746.htm');
DeleteFile('C:\RECYCLER\S-1-5-21-1292428093-2139871995-839522115-1003\Dc753\urchin.js');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('dyat5iakvm');
BC_DeleteFile('C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\symmovune.exe');
BC_Activate;
RebootWindows(true);
end.[/code]
Компьютер перезагрузится.

Повторите логи AVZ + лог [url=http://virusinfo.info/showpost.php?p=457118&postcount=1]MBAM[/url] ([B]полное сканирование[/B]!)

Уже вроде бы чисто.
[URL="http://virusinfo.info/showpost.php?p=457118&postcount=1"]MBAM[/URL] удалил последний вирус, бэкап которого сделал устаовщик SP3.

А карантин почему в прошлый раз не загрузили? :)

[url=http://virusinfo.info/showpost.php?p=493584&postcount=2]Удалите в MBAM[/url]
[code]Заражённые файлы:
c:\WINDOWS\$ntservicepackuninstall$\ftp.exe (Trojan.Agent.Gen) -> No action taken.[/code]

Далее зайдите в AVZ - пункт AVZPM - Удалить и выгрузить драйвер расширенного монитора процессов.

В логе более зловредов не наблюдается.

[QUOTE=Nexus;778100]А карантин почему в прошлый раз не загрузили? :)
[/QUOTE]
Забыл :pardon:

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]2[/B][*]Обработано файлов: [B]35[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\\documents and settings\\localservice.nt authority.000\\application data\\microsoft\\locybiry.exe - [B]IM-Worm.Win32.Yahos.aht[/B] ( DrWEB: Trojan.DownLoader2.24522, BitDefender: Worm.Generic.321395, NOD32: Win32/Agent.ONH trojan, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\localservice.nt authority.000\\application data\\microsoft\\roryjotab.exe - [B]IM-Worm.Win32.Yahos.aht[/B] ( DrWEB: Trojan.DownLoader2.24522, BitDefender: Worm.Generic.321395, NOD32: Win32/Agent.ONH trojan, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temporary internet files\\content.ie5\\aovij229\\l[1].exe - [B]Trojan.Win32.Refroso.deft[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.5724534, AVAST4: Win32:Inject-AFM [Trj] )[*] c:\\documents and settings\\tanya\\local settings\\temp\\02980.exe - [B]Trojan.Win32.Refroso.deft[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.5724534, AVAST4: Win32:Inject-AFM [Trj] )[*] c:\\documents and settings\\tanya\\local settings\\temp\\059.exe - [B]Trojan.Win32.Ddox.afi[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\095.exe - [B]Trojan.Win32.Ddox.afj[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\178.exe - [B]Trojan.Win32.Ddox.afj[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\258.exe - [B]Trojan.Win32.Inject.bcmu[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\325.exe - [B]Trojan.Win32.Ddox.afj[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\403.exe - [B]Trojan.Win32.Inject.bcmu[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\4307.exe - [B]Trojan.Win32.Refroso.deft[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.5724534, AVAST4: Win32:Inject-AFM [Trj] )[*] c:\\documents and settings\\tanya\\local settings\\temp\\447.exe - [B]Trojan.Win32.Inject.bcmu[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\500.exe - [B]Trojan.Win32.Ddox.afj[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\534.exe - [B]Trojan.Win32.Inject.bcmu[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\566.exe - [B]Trojan.Win32.Inject.bcmu[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\570.exe - [B]Trojan.Win32.Ddox.afj[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\603.exe - [B]Trojan.Win32.Ddox.afi[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\77849.exe - [B]Trojan.Win32.Refroso.deft[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.5724534, AVAST4: Win32:Inject-AFM [Trj] )[*] c:\\documents and settings\\tanya\\local settings\\temp\\798.exe - [B]Trojan.Win32.Inject.bcmu[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\8219.exe - [B]Trojan.Win32.Refroso.deft[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.5724534, AVAST4: Win32:Inject-AFM [Trj] )[*] c:\\documents and settings\\tanya\\local settings\\temp\\861637.exe - [B]Trojan.Win32.Refroso.deft[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.5724534, AVAST4: Win32:Inject-AFM [Trj] )[*] c:\\documents and settings\\tanya\\local settings\\temp\\880.exe - [B]Trojan.Win32.Refroso.deft[/B] ( DrWEB: Trojan.DownLoader1.37726, BitDefender: Trojan.Generic.5724534, AVAST4: Win32:Inject-AFM [Trj] )[*] c:\\documents and settings\\tanya\\local settings\\temp\\899.exe - [B]Trojan.Win32.Ddox.afj[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\902.exe - [B]Trojan.Win32.Inject.bcmu[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\916.exe - [B]Trojan.Win32.Ddox.afj[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\local settings\\temp\\926.exe - [B]Trojan.Win32.Ddox.afj[/B] ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Gen:Variant.Graftor.13584, AVAST4: Win32:Malware-gen )[*] c:\\documents and settings\\tanya\\start menu\\programs\\startup\\kv3rs79jfq.exe - [B]Trojan.Win32.Menti.hyq[/B] ( DrWEB: Trojan.MulDrop2.17500, BitDefender: Trojan.Generic.6119965, AVAST4: Win32:Inject-AFM [Trj] )[*] c:\\documents and settings\\tanya\\start menu\\programs\\startup\\vrmhntja.exe - [B]Trojan.Win32.Menti.hyq[/B] ( DrWEB: Trojan.MulDrop2.17500, BitDefender: Trojan.Generic.6119965, AVAST4: Win32:Inject-AFM [Trj] )[*] c:\\documents and settings\\tanya\\start menu\\programs\\startup\\3ezpqlb.exe - [B]Trojan.Win32.Menti.hyq[/B] ( DrWEB: Trojan.MulDrop2.17500, BitDefender: Trojan.Generic.6119965, AVAST4: Win32:Inject-AFM [Trj] )[*] c:\\documents and settings\\tanya\\start menu\\programs\\startup\\9s1ozvg.exe - [B]Trojan.Win32.Menti.hyq[/B] ( DrWEB: Trojan.MulDrop2.17500, BitDefender: Trojan.Generic.6119965, AVAST4: Win32:Inject-AFM [Trj] )[*] c:\\docume~1\\tanya\\locals~1\\temp\\sjlfhflodqhh3e693efe.tmp - [B]Trojan-Downloader.Win32.Agent.gblp[/B] ( DrWEB: Trojan.Spambot.9958, BitDefender: Backdoor.Generic.610880, AVAST4: Win32:Malware-gen )[*] c:\\windows\\system32\\roryjotab.exe - [B]IM-Worm.Win32.Yahos.aht[/B] ( DrWEB: Trojan.DownLoader2.24522, BitDefender: Worm.Generic.321395, NOD32: Win32/Agent.ONH trojan, AVAST4: Win32:Malware-gen )[*] c:\\windows\\system32\\symmovune.exe - [B]IM-Worm.Win32.Yahos.aht[/B] ( DrWEB: Trojan.DownLoader2.24522, BitDefender: Worm.Generic.321395, NOD32: Win32/Agent.ONH trojan, AVAST4: Win32:Malware-gen )[/LIST][/LIST]