Помогите! Браузер постоянно открывает какие-то окна, работать возможно, грузит комп. [not-a-virus:AdWare.Win32.Agent.kdip, Trojan.Python.Agent.aa ]

Printable View

22.11.2017, 18:53
vknyaz

Помогите! Браузер постоянно открывает какие-то окна, работать возможно, грузит комп. [not-a-virus:AdWare.Win32.Agent.kdip, Trojan.Python.Agent.aa ]

Помогите! Браузер постоянно открывает какие-то окна, работать не возможно, грузит комп. Все время происходит какая-то напряженная работа - винт шуршит. Лезет в интернет открывает десятки окон. короче компу не до пользователя. Логи прилагаю. Спасите.
22.11.2017, 18:55
Info_bot

Уважаемый(ая) [B]vknyaz[/B], спасибо за обращение на наш форум!

Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в [URL="https://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

[INFORMATION]Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом [URL="https://virusinfo.info/content.php?r=613-sub_pomogite"]Помогите+[/URL].[/INFORMATION]

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="https://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
22.11.2017, 21:19
Vvvyg

[url="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в AVZ[/url]:[code]begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('c:\program files (x86)\hpwhale\hpwhalesrv.exe');
TerminateProcessByName('c:\program files (x86)\hpwhale\whalestarter.exe');
TerminateProcessByName('c:\program files (x86)\onesystemcare\cleanupconsole.exe');
TerminateProcessByName('C:\Program Files (x86)\WeatherInspect\WeatherInspect.exe');
TerminateProcessByName('c:\program files (x86)\yeadesktop\yeadesktop.exe');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-1r8bq.tmp\mvskhwbmxtx.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-24i1p.tmp\vgmgy5z0jit.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-325al.tmp\yapdkt3njmm.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-4pl32.tmp\gswe2myg2hx.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-5s30g.tmp\p4l5bvazpgs.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-86cgc.tmp\0eklo52zyg1.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-86muq.tmp\kytua0yxcal.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-8qp4f.tmp\npcfouc4et2.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-9c2ji.tmp\l2qk3tfuxb2.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-9p39p.tmp\4hsrrodf45c.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-b1e4g.tmp\rw3z3bfhq00.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-b6fsc.tmp\htk22gbnkc5.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-bftra.tmp\2nartk5i4ea.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-cnqig.tmp\vx51r351z25.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-crc50.tmp\3yoh0qh1uv2.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-d354p.tmp\3icnuhg1emi.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-fdiqj.tmp\wcdeh5n5ocf.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-gu3d0.tmp\kp4zz1rk5is.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-h8rio.tmp\1cqnvsqvmid.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-h99fd.tmp\n40dwzhavqy.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-jbu5e.tmp\evct1mqxrkd.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-kcndl.tmp\vcfzzrked5p.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-kmots.tmp\b5mzwwgqbd2.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-luu3v.tmp\qsglzcz1luv.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-mog52.tmp\evqwfmixbwc.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-mv6s4.tmp\lbn5zub3oel.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-nr75a.tmp\4kddqiqxsz5.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-o0g7c.tmp\hle0c3t4fzm.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-oe8dt.tmp\auh1ihzurca.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-p3mps.tmp\ywqxr3osr2r.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-pafge.tmp\0zvdaq0gzoa.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-r182f.tmp\1mhezm2zvad.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-t0hvc.tmp\hdokcleeyoz.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-tfap0.tmp\xjvhq1imfik.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-u1e1s.tmp\gx1rreclay5.tmp');
TerminateProcessByName('c:\users\7c19~1\appdata\local\temp\is-vo6jt.tmp\bnxsf0p2qjy.tmp');
TerminateProcessByName('c:\users\работа\appdata\roaming\cpuzapp4\cpuzapp.exe');
StopService('HPWhale Service');
QuarantineFile('C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE', '');
QuarantineFile('c:\program files (x86)\hpwhale\hpwhalesrv.exe', '');
QuarantineFile('c:\program files (x86)\hpwhale\whalestarter.exe', '');
QuarantineFile('C:\Program Files (x86)\JIdcnntTvnKU2\hnnOBndBNlIpm.dll', '');
QuarantineFile('C:\Program Files (x86)\kqEuPYMaU\nOnBlp.dll', '');
QuarantineFile('c:\program files (x86)\onesystemcare\cleanupconsole.exe', '');
QuarantineFile('C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe', '');
QuarantineFile('C:\Program Files (x86)\WeatherInspect\WeatherInspect.exe', '');
QuarantineFile('C:\Program Files (x86)\WeatherInspect\XF38N.exe', '');
QuarantineFile('c:\program files (x86)\yeadesktop\yeadesktop.exe', '');
QuarantineFile('C:\Program Files (x86)\ZfJRwqLPhIE\kBoflUE.dll', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-1r8bq.tmp\mvskhwbmxtx.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-24i1p.tmp\vgmgy5z0jit.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-325al.tmp\yapdkt3njmm.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-4pl32.tmp\gswe2myg2hx.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-5s30g.tmp\p4l5bvazpgs.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-86cgc.tmp\0eklo52zyg1.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-86muq.tmp\kytua0yxcal.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-8qp4f.tmp\npcfouc4et2.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-9c2ji.tmp\l2qk3tfuxb2.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-9p39p.tmp\4hsrrodf45c.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-b1e4g.tmp\rw3z3bfhq00.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-b6fsc.tmp\htk22gbnkc5.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-bftra.tmp\2nartk5i4ea.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-cnqig.tmp\vx51r351z25.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-crc50.tmp\3yoh0qh1uv2.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-d354p.tmp\3icnuhg1emi.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-fdiqj.tmp\wcdeh5n5ocf.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-gu3d0.tmp\kp4zz1rk5is.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-h8rio.tmp\1cqnvsqvmid.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-h99fd.tmp\n40dwzhavqy.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-jbu5e.tmp\evct1mqxrkd.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-kcndl.tmp\vcfzzrked5p.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-kmots.tmp\b5mzwwgqbd2.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-luu3v.tmp\qsglzcz1luv.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-mog52.tmp\evqwfmixbwc.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-mv6s4.tmp\lbn5zub3oel.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-nr75a.tmp\4kddqiqxsz5.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-o0g7c.tmp\hle0c3t4fzm.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-oe8dt.tmp\auh1ihzurca.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-pafge.tmp\0zvdaq0gzoa.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-r182f.tmp\1mhezm2zvad.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-t0hvc.tmp\hdokcleeyoz.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-tfap0.tmp\xjvhq1imfik.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-u1e1s.tmp\gx1rreclay5.tmp', '');
QuarantineFile('c:\users\7c19~1\appdata\local\temp\is-vo6jt.tmp\bnxsf0p2qjy.tmp', '');
QuarantineFile('C:\Users\7C19~1\AppData\Local\Temp\System32\Logs\ShellExperienceHost.exe', '');
QuarantineFile('c:\users\работа\appdata\local\adservice\adservice.dll', '');
QuarantineFile('C:\Users\работа\AppData\Local\Amigo\Application\amigo.exe', '');
QuarantineFile('C:\Users\работа\AppData\Local\Hostinstaller\478067544_monster.exe', '');
QuarantineFile('C:\Users\работа\AppData\Local\PCBooster\booster.exe', '');
QuarantineFile('C:\Users\работа\AppData\Roaming\appsvc.exe', '');
QuarantineFile('c:\users\работа\appdata\roaming\cpuzapp4\cpuzapp.exe', '');
QuarantineFile('C:\Users\работа\AppData\Roaming\Horoscope\app.py', '');
QuarantineFile('C:\Users\работа\AppData\Roaming\Horoscope\ml2.py', '');
QuarantineFile('C:\Users\работа\AppData\Roaming\okagncigkfokplmopeninonbibkmpogi\ml.py', '');
DeleteFile('C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE', '32');
DeleteFile('C:\PROGRA~2\ONESYS~1\SYSTEM~1.EXE', '32');
DeleteFile('c:\program files (x86)\hpwhale\hpwhalesrv.exe', '32');
DeleteFile('c:\program files (x86)\hpwhale\whalestarter.exe', '32');
DeleteFile('C:\Program Files (x86)\JIdcnntTvnKU2\hnnOBndBNlIpm.dll', '32');
DeleteFile('C:\Program Files (x86)\kqEuPYMaU\nOnBlp.dll', '32');
DeleteFile('c:\program files (x86)\onesystemcare\cleanupconsole.exe', '32');
DeleteFile('C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe', '32');
DeleteFile('C:\Program Files (x86)\WeatherInspect\WeatherInspect.exe', '32');
DeleteFile('C:\Program Files (x86)\WeatherInspect\XF38N.exe', '32');
DeleteFile('c:\program files (x86)\yeadesktop\yeadesktop.exe', '32');
DeleteFile('C:\Program Files (x86)\ZfJRwqLPhIE\kBoflUE.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-0DPFO.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-0RBNN.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-1r8bq.tmp\mvskhwbmxtx.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-24i1p.tmp\vgmgy5z0jit.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-325al.tmp\yapdkt3njmm.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-3NGIC.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-42G2A.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-4pl32.tmp\gswe2myg2hx.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-5159U.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-5J6J9.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-5Q637.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-5s30g.tmp\p4l5bvazpgs.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-6HL1I.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-705J6.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-86cgc.tmp\0eklo52zyg1.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-86muq.tmp\kytua0yxcal.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-8qp4f.tmp\npcfouc4et2.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-9c2ji.tmp\l2qk3tfuxb2.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-9p39p.tmp\4hsrrodf45c.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-9V0H0.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-A7930.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-b1e4g.tmp\rw3z3bfhq00.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-b6fsc.tmp\htk22gbnkc5.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-B7SCK.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-bftra.tmp\2nartk5i4ea.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-cnqig.tmp\vx51r351z25.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-crc50.tmp\3yoh0qh1uv2.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-d354p.tmp\3icnuhg1emi.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-fdiqj.tmp\wcdeh5n5ocf.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-G4QLK.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-G8SE9.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-GDDF6.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-GSVEN.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-gu3d0.tmp\kp4zz1rk5is.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-h8rio.tmp\1cqnvsqvmid.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-h99fd.tmp\n40dwzhavqy.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-IEGAA.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-J8HB4.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-jbu5e.tmp\evct1mqxrkd.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-JPKMC.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-JQFRQ.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-kcndl.tmp\vcfzzrked5p.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-kmots.tmp\b5mzwwgqbd2.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-LBRCN.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-LPC60.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-luu3v.tmp\qsglzcz1luv.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-mog52.tmp\evqwfmixbwc.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-mv6s4.tmp\lbn5zub3oel.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-nr75a.tmp\4kddqiqxsz5.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-o0g7c.tmp\hle0c3t4fzm.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-oe8dt.tmp\auh1ihzurca.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-OGVLP.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-OMCG0.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-p3mps.tmp\ywqxr3osr2r.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-P7JVI.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-pafge.tmp\0zvdaq0gzoa.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-QMSUJ.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-r182f.tmp\1mhezm2zvad.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-R8NEI.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-SLN98.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-SM9LP.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-t0hvc.tmp\hdokcleeyoz.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-tfap0.tmp\xjvhq1imfik.tmp', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-u1e1s.tmp\gx1rreclay5.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-U2EB2.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-U3M8C.tmp\idp.dll', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\is-V7BIA.tmp\idp.dll', '32');
DeleteFile('c:\users\7c19~1\appdata\local\temp\is-vo6jt.tmp\bnxsf0p2qjy.tmp', '32');
DeleteFile('C:\Users\7C19~1\AppData\Local\Temp\System32\Logs\ShellExperienceHost.exe', '32');
DeleteFile('c:\users\работа\appdata\local\adservice\adservice.dll', '32');
DeleteFile('C:\Users\работа\AppData\Local\Amigo\Application\amigo.exe', '32');
DeleteFile('C:\Users\работа\AppData\Local\Hostinstaller\478067544_monster.exe', '32');
DeleteFile('C:\Users\работа\AppData\Local\PCBooster\booster.exe', '32');
DeleteFile('C:\Users\работа\AppData\Roaming\appsvc.exe', '32');
DeleteFile('c:\users\работа\appdata\roaming\cpuzapp4\cpuzapp.exe', '32');
DeleteFile('C:\Users\работа\AppData\Roaming\Horoscope\app.py', '32');
DeleteFile('C:\Users\работа\AppData\Roaming\Horoscope\ml2.py', '32');
DeleteFile('C:\Users\работа\AppData\Roaming\okagncigkfokplmopeninonbibkmpogi\ml.py', '32');
DeleteFile('PjDfytumxbayONn.job', '64');
ExecuteFile('schtasks.exe', '/delete /TN "{7D7E0547-087A-7809-0F11-0A0C0B08117A}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "FastDataX Task" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Horoscope" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Horoscope2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "okagncigkfokplmopeninonbibkmpogi" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "One System Care Monitor" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "One System Care Run Delay" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "OneSystemCare Task" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "PjDfytumxbayONn" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "PjDfytumxbayONn2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Soft installer" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "zjwPaeaadZaNwF" /F', 0, 15000, true);
DeleteService('HPWhale Service');
DeleteFileMask('c:\progra~2\fastda~1', '*', true);
DeleteFileMask('c:\progra~2\onesys~1', '*', true);
DeleteFileMask('c:\program files (x86)\hpwhale', '*', true);
DeleteFileMask('c:\program files (x86)\jidcnnttvnku2', '*', true);
DeleteFileMask('c:\program files (x86)\kqeupymau', '*', true);
DeleteFileMask('c:\program files (x86)\onesystemcare', '*', true);
DeleteFileMask('c:\program files (x86)\weatherinspect', '*', true);
DeleteFileMask('c:\program files (x86)\yeadesktop', '*', true);
DeleteFileMask('c:\program files (x86)\zfjrwqlphie', '*', true);
DeleteFileMask('c:\users\7c19~1\appdata\local\temp\system32\logs', '*', true);
DeleteFileMask('c:\users\работа\appdata\local\adservice', '*', true);
DeleteFileMask('c:\users\работа\appdata\local\amigo', '*', true);
DeleteFileMask('c:\users\работа\appdata\local\hostinstaller', '*', true);
DeleteFileMask('c:\users\работа\appdata\local\pcbooster', '*', true);
DeleteFileMask('c:\users\работа\appdata\roaming\cpuzapp4', '*', true);
DeleteFileMask('c:\users\работа\appdata\roaming\horoscope', '*', true);
DeleteDirectory('c:\progra~2\fastda~1');
DeleteDirectory('c:\progra~2\onesys~1');
DeleteDirectory('c:\program files (x86)\hpwhale');
DeleteDirectory('c:\program files (x86)\jidcnnttvnku2');
DeleteDirectory('c:\program files (x86)\kqeupymau');
DeleteDirectory('c:\program files (x86)\onesystemcare');
DeleteDirectory('c:\program files (x86)\weatherinspect');
DeleteDirectory('c:\program files (x86)\yeadesktop');
DeleteDirectory('c:\program files (x86)\zfjrwqlphie');
DeleteDirectory('c:\users\7c19~1\appdata\local\temp\system32\logs');
DeleteDirectory('c:\users\работа\appdata\local\adservice');
DeleteDirectory('c:\users\работа\appdata\local\amigo');
DeleteDirectory('c:\users\работа\appdata\local\hostinstaller');
DeleteDirectory('c:\users\работа\appdata\local\pcbooster');
DeleteDirectory('c:\users\работа\appdata\roaming\cpuzapp4');
DeleteDirectory('c:\users\работа\appdata\roaming\horoscope');
DelBHO('{C0D38E5A-7CF8-4105-8FE8-31B81443A114}');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '7BADSHBNCO0X971');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'amigo');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'CpuzApp');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Horoscope');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'okagncigkfokplmopeninonbibkmpogi');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'YeaDesktop');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'booster');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'WeatherInspect');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'WhaleStarter');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\AdsService\Parameters', 'ServiceDll');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteRepair(23);
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(true);
end.[/code]Компьютер перезагрузится.

В папке с AVZ появится архив карантина quarantine.zip, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.

Перетащите лог Check_Browsers_LNK.log из папки Autologger на [url=http://dragokas.com/tools/ClearLNK.zip]утилиту ClearLNK[/url]. Отчёт о работе прикрепите.

Скачайте утилиту Universal Virus Sniffer [URL="https://yadi.sk/d/6A65LkI1WEuqC"]отсюда[/URL] и [url=http://virusinfo.info/showthread.php?t=121767]сделайте полный образ автозапуска uVS[/url].
23.11.2017, 13:07
vknyaz

Карантин загрузил. Логи тоже
23.11.2017, 22:31
Vvvyg

Скопируйте скрипт ниже в буфер обмена (выделить и нажать Ctrl-C):[code];uVS v4.0.10 [http://dsrt.dyndns.org]
;Target OS: NTv6.3
v400c
OFFSGNSAVE
addsgn A7679B19919E1F245C3CF8299237FAA89E7C031EBD32E9876D140D4AAF3E2BB2D5E82B3A52A262A1FBEE7360AE31C70D8237D287A2255819998F5BC79B5ADB8C 11 Variant AdWare.Win32.Agent.kdip [Kasp] 7
addsgn A7679B1991AE1F245CE76E3821389B40F962327C7605F7AD193C3A5434498EB3CB1063A8C1BD3BF6D47F6C8EAFE9B6120535178D661AE544E4DBE42FA3F91217 8 AdWare.Win32.Agent.kdip [Kaspersky] 7
addsgn 1AF29D9A5583338CF42BC4A10CB0E8492562595789FA2C8E0CB621352536F839DF2CB64743471604237FD18BCD5345FB38D7AEFB203E5BC51EB7E4A682E6E536 16 W32.HfsAdware.B4AD [Bkav] 7
zoo %SystemDrive%\USERS\РАБОТА\APPDATA\LOCAL\MAIL.RU\GOCHROMIUMNATIVEHOST\NATIVE_HOST_APP.EXE
zoo %SystemDrive%\USERS\РАБОТА\APPDATA\ROAMING\ZGZMZJSV0BQ\4KHNRSQI41D.EXE

chklst
delvir

delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASC.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASCSERVICE.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASCTRAY.EXE
deldir %SystemDrive%\USERS\РАБОТА\APPDATA\ROAMING\OKAGNCIGKFOKPLMOPENINONBIBKMPOGI\PYTHON
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 8\ASCEXTMENU_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
deldir %SystemDrive%\PROGRAM FILES (X86)\MAIL.RU
delref %SystemDrive%\USERS\РАБОТА\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HCADGIJMEDBFGCIEGJOMFPJCDCHLHNIF\12.0.28_0\ДОМАШНЯЯ СТРАНИЦА MAIL.RU
delref %SystemDrive%\USERS\РАБОТА\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BHJHNAFPIILPFFHGLAJCAEPJBNBJEMCI\12.0.23_0\ПОИСК MAIL.RU
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBHJHNAFPIILPFFHGLAJCAEPJBNBJEMCI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DHCADGIJMEDBFGCIEGJOMFPJCDCHLHNIF%26INSTALLSOURCE%3DONDEMAND%26UC
delref %SystemDrive%\PROGRAM FILES (X86)\ONESYSTEMCARE\ONESYSTEMCARE.EXE
deldir %SystemDrive%\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\YEADESKTOP
uidel C:\Program Files (x86)\YeaDesktop\BearUnInstall.exe
uidel "C:\Program Files (x86)\IObit\Advanced SystemCare 8\unins000.exe"
uidel C:\Program Files (x86)\ExtensionDefenderPlaff\uninstaller.exe
uidel C:\Users\работа\AppData\Roaming\okagncigkfokplmopeninonbibkmpogi\uninstall.exe
uidel "C:\Program Files (x86)\OneSystemCare\unins000.exe" /VERYSILENT
uidel C:\Program Files (x86)\PQwick1.1\Uninstall.exe
uidel C:\Program Files (x86)\SearchPageDefender\uninstaller.exe
uidel C:\Users\работа\AppData\Roaming\urlopener\uninstall.exe
uidel C:\Program Files (x86)\WeatherInspect\uninstaller.exe
uidel C:\Program Files (x86)\zTWnHlzwjSUn\KlLdWXBmBt.exe
uidel "C:\Program Files (x86)\Zaxar\unins000.exe"
uidel "C:\Users\работа\AppData\Local\Amigo\Application\58.0.3029.150\Installer\setup.exe" --uninstall
uidel C:\Users\работа\AppData\Local\Mail.Ru\MailRuUpdater.exe uninstall
delref %SystemDrive%\USERS\РАБОТА\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KNMNOPFMCCCHNNFDOIDDBIHBCBOEEDLL\1.0.4_0\БЛОКИРОВЩИК РЕКЛАМЫ ДЛЯ ЮТУБА™
delref HTTP:\\WWW.MAIL.RU
del %SystemRoot%\WINSXS\WOW64_MICROSOFT-WINDOWS-I..ETEXPLORER-OPTIONAL_31BF3856AD364E35_11.0.9600.18817_NONE_A693168AC54A3F41\IEXPLORE.EXE
delref %SystemDrive%\USERS\РАБОТА\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OKAGNCIGKFOKPLMOPENINONBIBKMPOGI\18.6226.219_0\INTERESTING TEST ALWAYS ON TRUETEST
delref %SystemRoot%\SOFTWAREDISTRIBUTION\DOWNLOAD\F4F0641EAB4187111BFDB80987226A27\56816C5257A3FE942C70B10C96DA3CAA2A7AE1EB
delref %SystemDrive%\PROGRAMDATA\B6483A96-43E7-1\B6483A96-43E7-1.D
delref %SystemDrive%\PROGRAMDATA\B6483A96-4CF7-0\B6483A96-4CF7-0.D
delref %SystemDrive%\PROGRAMDATA\59A9C572-3A47-1\59A9C572-3A47-1.D
delref %SystemDrive%\PROGRAMDATA\59A9C572-0191-0\59A9C572-0191-0.D
delref %SystemDrive%\PROGRAM FILES (X86)\ZFJRWQLPHIE\TN6O8W1.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\ZFJRWQLPHIE\KBOFLUE.DLL
delref %SystemDrive%\PROGRA~1\COMMON~1\MCAFEE\OOBE\MCOOBESV.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\INTEL SECURITY\PEF\CORE\PEFWEBOBJECTS.DLL
delref %SystemDrive%\PROGRA~1\COMMON~1\MCAFEE\PLATFORM\MCPLAT~1.DLL
delref %SystemDrive%\PROGRA~1\MCAFEE\MPF\MPFSVCPS.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\INTEL SECURITY\PEF\CORE\PEFUPDATENOTIFY.DLL
delref %SystemDrive%\PROGRA~1\MCAFEE\VIRUSS~1\MCAVTSUB.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MCAFEE\CLIENTANALYTICS\MCCLIENTANALYTICS.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\ZFJRWQLPHIE\SRFCXAYTRA.EXE
delref %SystemDrive%\PROGRAM FILES\T5UTXPIH23\T5UTXPIH2.EXE
delref %SystemDrive%\PROGRAM FILES\P285RLB1OR\W5WRRO7LI.EXE
delref %SystemDrive%\PROGRAM FILES\PXSQ4RQRYY\FB5KKP2TW.EXE
delref %SystemDrive%\PROGRAM FILES\HCND9MJEKS\HCND9MJEK.EXE
delref %SystemDrive%\PROGRAM FILES\BDMA225RWE\BDMA225RW.EXE
delref %SystemDrive%\PROGRAM FILES\24LSGWCAK0\24LSGWCAK.EXE
delref %SystemDrive%\PROGRAM FILES\ALUBK7F82B\UEOCSAHSV.EXE
delref %SystemDrive%\PROGRAM FILES\WBX5CBSAR1\TTZLSD0WK.EXE
delref %SystemDrive%\PROGRAM FILES\12KWEZT90O\DRQBMY0A0.EXE
delref %SystemDrive%\PROGRAM FILES\GE8A0ZX2Q6\OKMFVA6DZ.EXE
delref %SystemDrive%\PROGRAM FILES\NMCOFUL4NB\NMCOFUL4N.EXE
delref %SystemDrive%\PROGRAM FILES\E8K8XH4CEP\E8K8XH4CE.EXE
delref %SystemDrive%\PROGRAM FILES\P5CLYARDDJ\P5CLYARDD.EXE
delref %SystemDrive%\PROGRAM FILES\9Y7M6DTY6V\9Y7M6DTY6.EXE
delref %SystemDrive%\PROGRAM FILES\CANHWNO9ZQ\CANHWNO9Z.EXE
delref %SystemDrive%\PROGRAM FILES\68FYN5RKB6\68FYN5RKB.EXE
delref %SystemDrive%\PROGRAM FILES\83H5OM2E3I\YHUZ4LEG2.EXE
delref %SystemDrive%\PROGRAM FILES\WMYYXD6Y6I\WMYYXD6Y6.EXE
delref %SystemDrive%\PROGRAM FILES\QD7QU7C531\XGVCUA8PX.EXE
delref %SystemDrive%\PROGRAM FILES\GGKURCEK9V\T6R9ZBKK9.EXE
delref %SystemDrive%\PROGRAM FILES\G4VSP76HXW\IOR3DL4B1.EXE
delref %SystemDrive%\PROGRAM FILES\Z8TTLPHJQJ\Z8TTLPHJQ.EXE
delref %SystemDrive%\PROGRAM FILES\SN2YE8L0QR\SN2YE8L0Q.EXE
delref %SystemDrive%\PROGRAM FILES\UR1VWBCEGO\UR1VWBCEG.EXE
delref %SystemDrive%\PROGRAM FILES\OTR2XSUDSP\OTR2XSUDS.EXE
delref %SystemDrive%\PROGRAM FILES\H961SCRCKB\H961SCRCK.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\YEADESKTOP\UNINS000.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\YEADESKTOP\YEADESKTOP.EXE
deltmp
czoo
restart[/code]
Запустите файл start.exe из папки с uVS, выберите "Запустить под текущим пользователем", в главном меню программы - Скрипты -> выполнить скрипт из буфера обмена.
Компьютер перезагрузится.

В папке с uVS появится архив ZIP с именем, начинающимся с ZOO_ и далее из даты и времени, отправьте этот файл по ссылке "Прислать запрошенный карантин" над над первым сообщением в теме.

В папке с UVS будет лог выполнения скрипта, текстовый файл с именем из даты и времени выполнения, прикрепите его с своему сообщению.

Сделайте лог [URL="http://virusinfo.info/showthread.php?t=146192&p=1041844&viewfull=1#post1041844"]Malwarebytes AdwCleaner[/URL].
23.11.2017, 22:41
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]39[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\program files (x86)\hpwhale\hpwhalesrv.exe - [B]not-a-virus:AdWare.Win32.Hpdefender.wav[/B][*] c:\program files (x86)\yeadesktop\yeadesktop.exe - [B]HEUR:Trojan.Win32.Generic[/B][*] c:\users\работа\appdata\roaming\cpuzapp4\cpuzapp.exe - [B]not-a-virus:AdWare.Win32.Hpdefender.vzw[/B][*] c:\users\работа\appdata\roaming\horoscope\ml2.py - [B]Trojan.Python.Agent.aa[/B][*] c:\users\7c19~1\appdata\local\temp\is-bftra.tmp\2nartk5i4ea.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-b1e4g.tmp\rw3z3bfhq00.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-b6fsc.tmp\htk22gbnkc5.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-cnqig.tmp\vx51r351z25.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-crc50.tmp\3yoh0qh1uv2.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-d354p.tmp\3icnuhg1emi.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-gu3d0.tmp\kp4zz1rk5is.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-h8rio.tmp\1cqnvsqvmid.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-h99fd.tmp\n40dwzhavqy.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-jbu5e.tmp\evct1mqxrkd.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-kcndl.tmp\vcfzzrked5p.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-kmots.tmp\b5mzwwgqbd2.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-luu3v.tmp\qsglzcz1luv.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-mog52.tmp\evqwfmixbwc.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-mv6s4.tmp\lbn5zub3oel.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-nr75a.tmp\4kddqiqxsz5.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-oe8dt.tmp\auh1ihzurca.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-o0g7c.tmp\hle0c3t4fzm.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-pafge.tmp\0zvdaq0gzoa.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-tfap0.tmp\xjvhq1imfik.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-u1e1s.tmp\gx1rreclay5.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-24i1p.tmp\vgmgy5z0jit.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-325al.tmp\yapdkt3njmm.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-4pl32.tmp\gswe2myg2hx.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-5s30g.tmp\p4l5bvazpgs.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-8qp4f.tmp\npcfouc4et2.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-86cgc.tmp\0eklo52zyg1.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-86muq.tmp\kytua0yxcal.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-9c2ji.tmp\l2qk3tfuxb2.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][*] c:\users\7c19~1\appdata\local\temp\is-9p39p.tmp\4hsrrodf45c.tmp - [B]not-a-virus:AdWare.Win32.Agent.kdip[/B][/LIST][/LIST]