Мой компьютер заражен рекламными вирусами и спамом. Помогите! [Trojan-Downloader.Win32.Agent.heqj, not-a-virus:AdWare.Win32.MultiPlug.oaxk ]

Printable View

30.05.2015, 14:45
BAHEKization

Мой компьютер заражен рекламными вирусами и спамом. Помогите! [Trojan-Downloader.Win32.Agent.heqj, not-a-virus:AdWare.Win32.MultiPlug.oaxk ]

Здравствуйте, у меня такая проблема. При работе в браузере на любой вкладке часто вылазиет рекламные банеры и предложения почистить компьютер. Сам компьютер работает очень медленно, хотя процессор вроде нормальный.
30.05.2015, 14:46
Info_bot

Уважаемый(ая) [B]BAHEKization[/B], спасибо за обращение на наш форум!

Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в [URL="http://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
30.05.2015, 17:58
thyrex

Выполните скрипт в AVZ
[code]begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\WINDOWS\system32\Drivers\nethfdrv.sys','');
QuarantineFile('C:\WINDOWS\system32\nethtsrv.exe','');
QuarantineFile('C:\WINDOWS\system32\hfnapi.dll','');
QuarantineFile('C:\Program Files\videoMediaPlusPlayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-7.exe','');
QuarantineFile('C:\Program Files\videoMediaPlusPlayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-6.exe','');
QuarantineFile('C:\Program Files\videoMediaPlusPlayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-5.exe','');
QuarantineFile('C:\Program Files\videoMediaPlusPlayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-4.exe','');
QuarantineFile('C:\Program Files\videoMediaPlusPlayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-3.exe','');
QuarantineFile('C:\Program Files\videoMediaPlusPlayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-11.exe','');
QuarantineFile('C:\Program Files\videoMediaPlusPlayersv2.2\videoMediaPlusPlayersv2.2-codedownloader.exe','');
DelBHO('{46494fe4-bafa-43bd-a4ee-3ebda6fa4008}');
DelBHO('{5ABBD498-91FA-3D53-5E7B-A8DD407C3350}');
DelBHO('{769a91da-209f-47fe-88b9-b0321b0982c8}');
DelBHO('{8026f255-6477-439c-9eb2-75d23b77f848}');
DelBHO('{a24c3b1d-ce95-496f-861b-2401e13d4fcd}');
DelBHO('{A34086BD-3E28-066E-F12A-36DCFEC4811F}');
DelBHO('{A64E97BF-509A-06F8-8274-579CDD917188}');
DelBHO('{ad2fedfc-3793-42e2-bccc-f1bf9488ded8}');
DelBHO('{b608cc98-54de-4775-96c9-097de398500c}');
DelBHO('{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}');
DelBHO('{f203a10c-5639-424a-b060-d0fbe07e934b}');
DelBHO('{f6eef67e-7de4-4389-accc-261b0e6bb767}');
DelBHO('{ccb24e92-62c4-4c53-95d2-65f9eed476bc}');
DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}');
QuarantineFile('C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha4444\ie\TrustMediaViewerV1alpha4444.dll','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\surfkeepit\vRT1fYxOQKYH37.dll','');
QuarantineFile('C:\Program Files\mystarttb\mystartDx.dll','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\PriceFountain\PriceFountainIE.dll','');
QuarantineFile('C:\Program Files\RichMediaViewV1\RichMediaViewV1release3289\ie\RichMediaViewV1release3289.dll','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\ClickFForSale\2uUZ0J3.dll','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\saverneta\QcwZQ6GXQ.dll','');
QuarantineFile('C:\Program Files\MediaBuzzV1\MediaBuzzV1mode1596\ie\MediaBuzzV1mode1596.dll','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\FineDeaeleSOft\h8Jb4bUG2iLuHB.dll','');
QuarantineFile('C:\Program Files\NetCrawl\NetCrawlBHO.dll','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\BetterPriceChhec\I1RwsPA7.dll','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\easytOshoP\h79VoN3a6BS091.dll','');
DelBHO('{11111111-1111-1111-1111-110611491169}');
DelBHO('{2AA32B69-A6A0-EED0-4E03-153D4F8E88FB}');
DelBHO('{2FFED08B-08EA-F20D-8294-1A37A1CC699C}');
DelBHO('{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}');
QuarantineFile('C:\Program Files\SupTab\SupTab.dll','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\LuckySHopapeer\zQKrERIY.dll','');
QuarantineFile('C:\Program Files\ver8TheBestDeals\182.dll','');
QuarantineFile('C:\Program Files\videoMediaPlusPlayersv2.2\videoMediaPlusPlayersv2.2-bho.dll','');
QuarantineFile('c:\documents and settings\admin\local settings\application data\genesis_11072019\genesis_11072019.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\PriceFountain\pricefountainw.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\ConvertAd\ConvertAd.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\eTranslator\eTranslator.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\desktopy.ru\desktopy.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Pay-By-Ads\Yahoo!','');
DeleteService('bd0001');
DeleteService('bd0002');
DeleteService('bd0004');
DeleteService('BDSafeBrowser');
SetServiceStart('{f916f162-d4e9-413b-95d2-589769dc98ff}t', 4);
DeleteService('{f916f162-d4e9-413b-95d2-589769dc98ff}t');
SetServiceStart('{cfbbf934-a234-4282-8ef3-310abb84c3e4}t', 4);
DeleteService('{cfbbf934-a234-4282-8ef3-310abb84c3e4}t');
SetServiceStart('{cb987b80-b481-4623-9e86-1b830e33479a}t', 4);
DeleteService('{cb987b80-b481-4623-9e86-1b830e33479a}t');
SetServiceStart('{b7f87806-4a32-46e7-ad9b-12f73fb810a9}t', 4);
DeleteService('{b7f87806-4a32-46e7-ad9b-12f73fb810a9}t');
SetServiceStart('{b66d62b0-ebea-42c8-88c7-71cdab32919e}t', 4);
DeleteService('{b66d62b0-ebea-42c8-88c7-71cdab32919e}t');
SetServiceStart('{a00759f4-8f6e-4f04-880d-18a7306588c3}t', 4);
DeleteService('{a00759f4-8f6e-4f04-880d-18a7306588c3}t');
SetServiceStart('{9a9b956a-1677-4d20-830c-6c34a0594e62}t', 4);
DeleteService('{9a9b956a-1677-4d20-830c-6c34a0594e62}t');
SetServiceStart('{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}t', 4);
DeleteService('{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}t');
SetServiceStart('{6fcd6092-9615-4f7f-8898-8df53980e5d2}t', 4);
DeleteService('{6fcd6092-9615-4f7f-8898-8df53980e5d2}t');
SetServiceStart('{6191cc23-5db4-4079-aaac-546c45b08af1}t', 4);
DeleteService('{6191cc23-5db4-4079-aaac-546c45b08af1}t');
SetServiceStart('{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}t', 4);
DeleteService('{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}t');
SetServiceStart('{44b76908-31ad-4fdd-90ce-abbdbb78f175}t', 4);
DeleteService('{44b76908-31ad-4fdd-90ce-abbdbb78f175}t');
SetServiceStart('{3c9eada7-386c-4a04-ab1e-4eb122397ced}t', 4);
DeleteService('{3c9eada7-386c-4a04-ab1e-4eb122397ced}t');
SetServiceStart('{38fc16c9-a7b4-4377-b565-cc5a76f2c89f}t', 4);
DeleteService('{38fc16c9-a7b4-4377-b565-cc5a76f2c89f}t');
SetServiceStart('{1de0dec0-675e-482f-a756-fd24c6796c8e}t', 4);
DeleteService('{1de0dec0-675e-482f-a756-fd24c6796c8e}t');
SetServiceStart('{0c6ad4fc-d56b-44cb-a06e-debba12bf68a}t', 4);
DeleteService('{0c6ad4fc-d56b-44cb-a06e-debba12bf68a}t');
SetServiceStart('UpdaterSvcNetCrawl', 4);
DeleteService('UpdaterSvcNetCrawl');
SetServiceStart('MaintainerSvc2.04.9173792', 4);
DeleteService('MaintainerSvc2.04.9173792');
QuarantineFile('C:\WINDOWS\system32\drivers\{fb1fd2ab-8c82-40a8-8da5-f16b29c789b4}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{f916f162-d4e9-413b-95d2-589769dc98ff}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{cb987b80-b481-4623-9e86-1b830e33479a}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{b7f87806-4a32-46e7-ad9b-12f73fb810a9}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{b66d62b0-ebea-42c8-88c7-71cdab32919e}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{a00759f4-8f6e-4f04-880d-18a7306588c3}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{9a9b956a-1677-4d20-830c-6c34a0594e62}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{44b76908-31ad-4fdd-90ce-abbdbb78f175}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{38fc16c9-a7b4-4377-b565-cc5a76f2c89f}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{0c6ad4fc-d56b-44cb-a06e-debba12bf68a}t.sys','');
TerminateProcessByName('c:\program files\netcrawl\updater.exe');
QuarantineFile('c:\program files\netcrawl\updater.exe','');
TerminateProcessByName('c:\programdata\schedule\timetasks.exe');
QuarantineFile('c:\programdata\schedule\timetasks.exe','');
TerminateProcessByName('c:\documents and settings\all users\application data\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe');
QuarantineFile('c:\documents and settings\all users\application data\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe','');
DeleteFile('c:\documents and settings\all users\application data\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe','32');
DeleteFile('c:\programdata\schedule\timetasks.exe','32');
DeleteFile('c:\program files\netcrawl\updater.exe','32');
DeleteFile('C:\WINDOWS\system32\drivers\{0c6ad4fc-d56b-44cb-a06e-debba12bf68a}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{38fc16c9-a7b4-4377-b565-cc5a76f2c89f}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{44b76908-31ad-4fdd-90ce-abbdbb78f175}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{9a9b956a-1677-4d20-830c-6c34a0594e62}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{a00759f4-8f6e-4f04-880d-18a7306588c3}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{b66d62b0-ebea-42c8-88c7-71cdab32919e}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{b7f87806-4a32-46e7-ad9b-12f73fb810a9}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{cb987b80-b481-4623-9e86-1b830e33479a}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{f916f162-d4e9-413b-95d2-589769dc98ff}t.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{fb1fd2ab-8c82-40a8-8da5-f16b29c789b4}t.sys','32');
DeleteFile('C:\WINDOWS\system32\DRIVERS\bd0001.sys','32');
DeleteFile('C:\WINDOWS\system32\DRIVERS\bd0002.sys','32');
DeleteFile('C:\WINDOWS\system32\DRIVERS\bd0004.sys','32');
DeleteFile('C:\WINDOWS\system32\DRIVERS\BDSafeBrowser.sys','32');
DeleteFile('C:\Documents and Settings\Admin\AppData\Local\Baidu\Baidu\1.3.1.157\BaiduUpdate.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Pay-By-Ads\Yahoo!','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\desktopy.ru\desktopy.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\eTranslator\eTranslator.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\newnext.me\nengine.dll','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\ConvertAd\ConvertAd.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\PriceFountain\pricefountainw.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','pricefountainw.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ConvertAd');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','NextLive');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','eTranslator Update');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','desktopy');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Yahoo! Search');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','BRBrowserInst');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','pcket_x86');
DeleteFile('C:\Program Files\BaiduEx\uninit.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','pcket_x64');
DeleteFile('C:\Program Files\Mobogenie\Mobogenie.exe','32');
DeleteFile('C:\Program Files\RCP\RegCleanPro.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Schedule');
DeleteFile('C:\Program Files\Twilight Tech\Pretty Search\dummyDlg.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Super Optimizer');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Optimizer Pro');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','genesis_11072019');
DeleteFile('c:\documents and settings\admin\local settings\application data\genesis_11072019\genesis_11072019.exe','32');
DeleteFile('C:\Program Files\videoMediaPlusPlayersv2.2\videoMediaPlusPlayersv2.2-bho.dll','32');
DeleteFile('C:\Program Files\ver8TheBestDeals\182.dll','32');
DeleteFile('C:\Documents and Settings\All Users\Application Data\LuckySHopapeer\zQKrERIY.dll','32');
DeleteFile('C:\Program Files\SupTab\SupTab.dll','32');
DeleteFile('C:\Documents and Settings\All Users\Application Data\easytOshoP\h79VoN3a6BS091.dll','32');
DeleteFile('C:\Documents and Settings\All Users\Application Data\BetterPriceChhec\I1RwsPA7.dll','32');
DeleteFile('C:\Program Files\NetCrawl\NetCrawlBHO.dll','32');
DeleteFile('C:\Documents and Settings\All Users\Application Data\FineDeaeleSOft\h8Jb4bUG2iLuHB.dll','32');
DeleteFile('C:\Program Files\MediaBuzzV1\MediaBuzzV1mode1596\ie\MediaBuzzV1mode1596.dll','32');
DeleteFile('C:\Documents and Settings\All Users\Application Data\saverneta\QcwZQ6GXQ.dll','32');
DeleteFile('C:\Documents and Settings\All Users\Application Data\ClickFForSale\2uUZ0J3.dll','32');
DeleteFile('C:\Program Files\RichMediaViewV1\RichMediaViewV1release3289\ie\RichMediaViewV1release3289.dll','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\PriceFountain\PriceFountainIE.dll','32');
DeleteFile('C:\Program Files\mystarttb\mystartDx.dll','32');
DeleteFile('C:\Documents and Settings\All Users\Application Data\surfkeepit\vRT1fYxOQKYH37.dll','32');
DeleteFile('C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha4444\ie\TrustMediaViewerV1alpha4444.dll','32');
DeleteFile('C:\Program Files\videoMediaPlusPlayersv2.2\videoMediaPlusPlayersv2.2-codedownloader.exe','32');
DeleteFile('C:\WINDOWS\Tasks\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-1.job','32');
DeleteFile('C:\WINDOWS\Tasks\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-11.job','32');
DeleteFile('C:\Program Files\videoMediaPlusPlayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-11.exe','32');
DeleteFile('C:\Program Files\videoMediaPlusPlayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-3.exe','32');
DeleteFile('C:\WINDOWS\Tasks\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-3.job','32');
DeleteFile('C:\Program Files\videoMediaPlusPlayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-4.exe','32');
DeleteFile('C:\WINDOWS\Tasks\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-4.job','32');
DeleteFile('C:\WINDOWS\Tasks\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-5.job','32');
DeleteFile('C:\Program Files\videoMediaPlusPlayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-5.exe','32');
DeleteFile('C:\Program Files\videoMediaPlusPlayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-6.exe','32');
DeleteFile('C:\WINDOWS\Tasks\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-6.job','32');
DeleteFile('C:\WINDOWS\Tasks\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-7.job','32');
DeleteFile('C:\Program Files\videoMediaPlusPlayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-7.exe','32');
DeleteFile('C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job','32');
DeleteFile('C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job','32');
DeleteFile('C:\WINDOWS\system32\hfnapi.dll','32');
DeleteFile('C:\WINDOWS\system32\nethtsrv.exe','32');
DeleteFile('C:\WINDOWS\system32\Drivers\nethfdrv.sys','32');
DeleteFile('C:\Program Files\google\chrome\application\googleupdate.dll','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.[/code]Компьютер перезагрузится.

Пришлите карантин согласно [B]Приложения 2[/B] правил по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] над первым сообщением в Вашей теме.

[B][COLOR="Blue"]Сделайте новые логи по правилам[/COLOR][/B]
31.05.2015, 12:49
BAHEKization

Я выполнил, скрипт и логи. Реклама которая у меня постоянно вылазиет от "ADVERTISEMENT | Powered by videosMediaPlayers"
31.05.2015, 13:07
thyrex

Скачайте [url=http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/][b]Farbar Recovery Scan Tool[/b][/url] [img]http://i.imgur.com/NAAC5Ba.png[/img] и сохраните на Рабочем столе.

[b]Примечание[/b]: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
[list][*]Запустите программу двойным щелчком. Когда программа запустится, нажмите [b]Yes[/b] для соглашения с предупреждением.[*]Убедитесь, что в окне [b]Optional Scan[/b] отмечены [i]"List BCD"[/i] и [i]"Driver MD5"[/i].
[img]http://i.imgur.com/B92LqRQ.png[/img][*]Нажмите кнопку [b]Scan[/b].[*]После окончания сканирования будет создан отчет ([b]FRST.txt[/b]) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении.[*]Если программа была запущена в первый раз, будет создан отчет ([b]Addition.txt[/b]). Пожалуйста, прикрепите его в следующем сообщении.[/list]
31.05.2015, 13:41
BAHEKization

Выполнил
31.05.2015, 18:40
thyrex

[QUOTE]CoolSaLeCCooupon
GetTheDiscount
GreatGreatSavings
MyPC Backup
OffersWizard Network System Driver
PPricueDownloader
RoyalShopperrApp
surfkeepit
Trust Media Viewe
videoMediaPlusPlayersv2.2[/QUOTE]попробуйте удалить через Установку программ

Скопируйте приведенный ниже текст в Блокнот и сохраните файл как [b]fixlist.txt[/b] в ту же папку, откуда была запущена утилита Farbar Recovery Scan Tool:
[code]
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSERT1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1415391754&from=tugs&uid=WDCXWD1600JS-60MHB1_WD-WCANM251250412504&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1415391754&from=tugs&uid=WDCXWD1600JS-60MHB1_WD-WCANM251250412504
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1415391754&from=tugs&uid=WDCXWD1600JS-60MHB1_WD-WCANM251250412504&q={searchTerms}
HKU\S-1-5-21-1801674531-1343024091-2147098553-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSERT1
HKU\S-1-5-21-1801674531-1343024091-2147098553-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1415391754&from=tugs&uid=WDCXWD1600JS-60MHB1_WD-WCANM251250412504
HKU\S-1-5-21-1801674531-1343024091-2147098553-500\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=ru-RU&Src=MSRT&Tid=80033373&OHP=http%3A%2F%2Fwww.mystart.com%2F%3Fpr%3Dvmn%26id%3Dmystarttb%26v%3D5%5F4%26ent%3Dhp%5F5131%26src%3D5131,http%3A%2F%2Fwww.yandex.ru%2F%3Fwin%3D131%26clid%3D2139469&OSP=http%3A%2F%2Fwww.mystart.com%2Fresults.php%3Fgen%3Dms%26pr%3Dvmn%26id%3Dmystarttb%26v%3D5%5F4%26ent%3Dch%5F5131%26q%3D%7BsearchTerms%7D
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://rts.dsrlte.com/?m=tab&affID=na" <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1801674531-1343024091-2147098553-500 -> {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1415391754&from=tugs&uid=WDCXWD1600JS-60MHB1_WD-WCANM251250412504&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1415391754&from=tugs&uid=WDCXWD1600JS-60MHB1_WD-WCANM251250412504
FF NewTab: user_pref("browser.newtab.url","hxxp://rts.dsrlte.com/?m=tab&affID=na");
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\dsrlte.xml [2014-11-06]
FF Extension: videoMediaPlusPlayersv2.2 - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\[email protected] [2014-11-07]
FF Extension: savefiletomozdevorg - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\[email protected] [2014-11-13]
FF Extension: Desktopy - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{71238372-3743-33ab-8a9f-93722af74c97} [2014-02-16]
FF Extension: PriceFountain - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2014-12-30]
FF Extension: Trust Media Viewer - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha4444\ff [2014-06-28]
FF HKU\S-1-5-21-1801674531-1343024091-2147098553-500\...\Firefox\Extensions: [{2B53F911-BDAF-9584-FCA0-DF0030122803}] - C:\Program Files\ver8TheBestDeals\182.xpi
FF Extension: TheBestDeals - C:\Program Files\ver8TheBestDeals\182.xpi [2014-11-07]
FF Extension: No Name - C:\Program Files\MediaViewV1\MediaViewV1alpha5534\ff [not found]
FF Extension: No Name - C:\Program Files\MediaViewV1\MediaViewV1alpha8743\ff [not found]
FF Extension: No Name - C:\Program Files\MediaWatchV1\MediaWatchV1home3510\ff [not found]
FF Extension: No Name - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode1596\ff [not found]
FF Extension: No Name - C:\Program Files\RichMediaViewV1\RichMediaViewV1release3289\ff [not found]
FF Extension: PriceFountain - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2014-12-30]
CHR Extension: (saverneta) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cefedahdaoijgamfoflbpficpgbfnhgn [2014-03-08]
CHR Extension: (New Tab Search) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dghncoeocefmhkhiphdgikkamjeglbfh [2015-04-16]
CHR Extension: (TheBestDeals) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkbdiccechhapgjppofkjpglhhpceaf [2014-11-07]
CHR Extension: (Desktopy) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hffpndpljemgdfjjkijcidbhadeiillo [2014-02-16]
CHR Extension: (LuckyCeoupon) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idiehhjbmminfpfhkggcbleaonbcfmci [2014-05-21]
CHR Extension: (ilgkaggfllbomabebbgkibkmbloibgfd) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilgkaggfllbomabebbgkibkmbloibgfd [2014-11-13]
CHR Extension: (Desktopy) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgdekeoahkmbjkokoeifljdijgfnkbll [2014-05-21]
CHR Extension: (videoMediaPlusPlayersv2.2) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjpifmjicccpbkfjdkehimhgklfkbanh [2014-11-07]
CHR Extension: (LouCkyShOapper) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kmhcpbgfegdlekbinkbebohpbppgdppa [2014-03-17]
CHR Extension: (Currency Converter) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lncdobdbibdgoiohgnflmjajfphcnakg [2014-09-01]
CHR Extension: (Trust Media Viewer) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obklkbmpkkcjkpoadgkpboheoahcobhe [2014-06-28]
CHR Extension: (NetCrawl) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfhnkainfgebjkhaoadlkjgjhhgpbohg [2014-09-29]
CHR Extension: (saveitkkeEp..) - C:\Documents and Settings\All Users\Application Data\egeadanjakdojkkjlcibolgeajkgemni\ []
CHR Extension: (SaveorAddon) - C:\Documents and Settings\All Users\Application Data\kmnbhjlloaikiflafhdfenalppjegjfe\ []
CHR HKLM\...\Chrome\Extension: [ddlbpmochigebndelmeknmahlgfhebie] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [hcncjpganfocbfoenaemagjjopkkindp] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [hffpldllephcbpeijcplmkfkgpjmbhii] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [jgicfmfphjkmhblfgihapaialcjpecmh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [kkjlhllimbghnmkaodckmmfkglgnanpe] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [lpnmgflofkhlnmbalgekaijkdhmffmjf] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [nkcpopggjcjkiicpenikeogioednjeac] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [obklkbmpkkcjkpoadgkpboheoahcobhe] - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha4444\ch\TrustMediaViewerV1alpha4444.crx [2014-06-26]
StartMenuInternet: chrome.exe - C:\Program Files\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=sc&ts=1415391754&from=tugs&uid=WDCXWD1600JS-60MHB1_WD-WCANM251250412504
OPR Extension: (Everysale.Net) - C:\Documents and Settings\Admin\Application Data\Opera Software\Opera Stable\Extensions\iapdadaeaebaoigieglfababneoaifnf [2014-11-19]
OPR Extension: (videoMediaPlusPlayersv2.2) - C:\Documents and Settings\Admin\Application Data\Opera Software\Opera Stable\Extensions\kjpifmjicccpbkfjdkehimhgklfkbanh [2014-11-07]
OPR Extension: (PhoenixGuard - бесплатный антивирусный тулбар) - C:\Documents and Settings\Admin\Application Data\Opera Software\Opera Stable\Extensions\pleoihkpdomoijdpaibdciidfoeedamm [2014-11-19]
2015-05-31 12:19 - 2014-11-07 23:24 - 00000000 ____D () C:\Program Files\videoMediaPlusPlayersv2.2
2015-05-31 12:19 - 2014-07-01 20:59 - 00000000 ____D () C:\Program Files\NetCrawl
2015-05-31 12:19 - 2014-05-21 19:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ClickFForSale
2015-05-31 12:19 - 2014-03-17 18:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\BetterPriceChhec
2015-05-31 11:53 - 2014-10-29 15:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4
2015-05-30 19:05 - 2014-12-30 16:53 - 00000000 ____D () C:\Documents and Settings\Admin\Главное меню\Программы\PriceFountain
2015-05-30 19:05 - 2014-11-21 17:07 - 00000000 ____D () C:\Documents and Settings\Admin\Главное меню\Программы\AnyProtect PC Backup
2015-05-30 19:05 - 2014-11-07 23:23 - 00000000 ____D () C:\Documents and Settings\All Users\Главное меню\Программы\FastPlayer
2015-05-30 19:05 - 2014-11-07 23:23 - 00000000 ____D () C:\Documents and Settings\Admin\Главное меню\Программы\VOPackage
2015-05-30 19:05 - 2014-02-17 19:26 - 00000000 ____D () C:\Documents and Settings\All Users\Главное меню\Программы\Optimizer Pro v3.2
2015-05-30 18:50 - 2014-01-26 12:10 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\systweak
2014-11-07 23:27 - 2014-11-07 23:27 - 1490848 _____ (enter) C:\Documents and Settings\Admin\Application Data\OW.exe
2014-11-07 23:25 - 2014-11-07 23:25 - 1977248 _____ (enter) C:\Documents and Settings\Admin\Application Data\RZKISQTJ.exe
C:\Documents and Settings\Admin\an.bat
C:\Documents and Settings\Admin\sd.bat
Reboot:
[/code]
[list][*]Запустите FRST, нажмите один раз на кнопку [b]Fix[/b] и подождите. Программа создаст лог-файл ([b]Fixlog.txt[/b]). Пожалуйста, прикрепите его в следующем сообщении![*]Обратите внимание, что компьютер будет [b]перезагружен[/b].[/list]
31.05.2015, 20:55
BAHEKization

Что мне нужно выбрать!? это выдало при перезагрузке компа, после fix`а.
01.06.2015, 15:48
thyrex

Ну так это Ваш антивирус работает. Нажмите ESC
01.06.2015, 21:15
BAHEKization

[QUOTE=thyrex;1278116]Ну так это Ваш антивирус работает. Нажмите ESC[/QUOTE]

вы хотите сказать, что мы без проблем удалим все вирусы и без антивируса?

[COLOR="silver"]- - - - -Добавлено - - - - -[/COLOR]

Выполнил
01.06.2015, 21:40
thyrex

Что с проблемой?
02.06.2015, 16:46
BAHEKization

Спасибо, банеров больше нету
02.06.2015, 16:56
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]137[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\documents and settings\all users\application data\clickfforsale\2uuz0j3.dll - [B]not-a-virus:AdWare.Win32.MultiPlug.bfk[/B] ( BitDefender: Application.Generic.645804 )[*] c:\documents and settings\all users\application data\finedeaelesoft\h8jb4bug2iluhb.dll - [B]not-a-virus:AdWare.Win32.MultiPlug.oaxk[/B] ( DrWEB: Trojan.Crossrider.55121 )[*] c:\program files\netcrawl\updater.exe - [B]not-a-virus:AdWare.Win32.SwiftBrowse.o[/B] ( DrWEB: Trojan.Yontoo.1741, BitDefender: Adware.SwiftBrowse.AQ )[*] c:\program files\videomediaplusplayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-11.exe - [B]Trojan.NSIS.GoogUpdate.dp[/B] ( DrWEB: Trojan.Crossrider1.25393, BitDefender: Gen:Application.Heur.4v1@k427IwmO )[*] c:\program files\videomediaplusplayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-3.exe - [B]Trojan.NSIS.GoogUpdate.dp[/B] ( DrWEB: Trojan.Crossrider1.25393, BitDefender: Gen:Application.Heur.4v1@k427IwmO )[*] c:\program files\videomediaplusplayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-4.exe - [B]Trojan.NSIS.GoogUpdate.dp[/B] ( DrWEB: Trojan.Crossrider1.25393, BitDefender: Gen:Application.Heur.Av1@kKbcIYfO )[*] c:\program files\videomediaplusplayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-5.exe - [B]Trojan.NSIS.GoogUpdate.dp[/B] ( DrWEB: Trojan.Crossrider1.25393, BitDefender: Gen:Application.Heur.ev1@kWEkF0aO )[*] c:\program files\videomediaplusplayersv2.2\bb126bdd-cc95-4a36-91b1-fec35d22fa1e-7.exe - [B]Trojan.NSIS.GoogUpdate.dp[/B] ( DrWEB: Trojan.Crossrider1.25393, BitDefender: Gen:Application.Heur.cv1@k8YZocpO )[*] c:\program files\videomediaplusplayersv2.2\videomediaplusplayersv2.2-codedownloader.exe - [B]Trojan.NSIS.GoogUpdate.dp[/B] ( DrWEB: Trojan.Crossrider1.25393, BitDefender: Gen:Application.Heur.cv1@k8YZocpO )[*] c:\programdata\schedule\timetasks.exe - [B]not-a-virus:Downloader.Win32.ZxrLoader.d[/B] ( DrWEB: Trojan.DownLoad3.34005, BitDefender: Gen:Variant.Zusy.107268 )[*] c:\windows\system32\drivers\{a00759f4-8f6e-4f04-880d-18a7306588c3}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1741, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{b66d62b0-ebea-42c8-88c7-71cdab32919e}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1734, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{b7f87806-4a32-46e7-ad9b-12f73fb810a9}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1734, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{cb987b80-b481-4623-9e86-1b830e33479a}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1734, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1741, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{fb1fd2ab-8c82-40a8-8da5-f16b29c789b4}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1734, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{f916f162-d4e9-413b-95d2-589769dc98ff}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1741, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{0c6ad4fc-d56b-44cb-a06e-debba12bf68a}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1741, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1734, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1741, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{38fc16c9-a7b4-4377-b565-cc5a76f2c89f}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1741, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{44b76908-31ad-4fdd-90ce-abbdbb78f175}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1741, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1741, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}t.sys - [B]not-a-virus:AdWare.Win64.Yotoon.k[/B] ( DrWEB: Trojan.Yontoo.1741 )[*] c:\windows\system32\drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1741, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1741, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\drivers\{9a9b956a-1677-4d20-830c-6c34a0594e62}t.sys - [B]not-a-virus:RiskTool.Win32.NetFilter.q[/B] ( DrWEB: Trojan.Yontoo.1734, BitDefender: Adware.NetFilter.J )[*] c:\windows\system32\hfnapi.dll - [B]Trojan-Downloader.Win32.Agent.heqj[/B] ( DrWEB: Trojan.DownLoader11.19028, BitDefender: Gen:Variant.Adware.Netfilter.2, AVAST4: Win32:Agent-AVTY [Trj] )[*] c:\windows\system32\nethtsrv.exe - [B]not-a-virus:AdWare.Win32.Amonetize.fak[/B] ( DrWEB: Adware.Downware.6304, BitDefender: Gen:Variant.Adware.Netfilter.2, AVAST4: Win32:Evo-gen [Susp] )[/LIST][/LIST]