- стартуем uVS(start.exe от имени Администратора), выбираем: текущий пользователь,
- скопировать из браузера содержимое кода в буфер обмена;
- закрываем все браузеры перед выполнением скрипта;
- меню - скрипты - выполнить скрипт из буфера обмена;
Код |
---|
;uVS v4.15.1 [http://dsrt.dyndns.org:8888] ;Target OS: NTv10.0 v400c OFFSGNSAVE zoo %SystemDrive%\PROGRAMDATA\MICROSOFT\DRM\0ZUCTIYAZCW\MASTERDATAB.BAT ;------------------------autoscript--------------------------- delall %SystemDrive%\PROGRAM FILES (X86)\ADWCLEANER\ADWCLEANER.EXE delall %SystemDrive%\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\ADWCLEANER.LNK delall %SystemDrive%\PROGRAMDATA\MICROSOFT\DRM\0ZUCTIYAZCW\MASTERDATAB.BAT delall %SystemDrive%\USERS\USER\APPDATA\LOCAL\UMMY\UMMY.EXE delref %SystemDrive%\PROGRAMDATA\MICROSOFT\DRM\0ZUCTIYAZCW\\GAME.EXE delref SERVICE\WINSERV.EXE zoo %SystemRoot%\SYSWOW64\UNSECAPP.EXE addsgn 1A6E769A552B1E3B8236EFE32D4360156C0186D675489FF2838B3A7AD8D139B3E4ACC1573E559D9B5E870E890EE98FEAAFAC0C7287AFB7A63B3F5BE9D7D4512D 8 Win64/Packed.Themida.L 7 zoo %SystemDrive%\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE addsgn BA6F9BB2BD5149720B9C2D754C2160FBDA75303A4536D3B4490F09709C1ABD80EFDBA531314A19492B80849F0E95A5EA3156FC561953EC08253A97F48B8B7657 21 Win64/CoinMiner.QG 7 zoo %SystemDrive%\PROGRAMDATA\REAITEKHD\TASKHOSTW.EXE zoo %SystemDrive%\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE zoo %SystemDrive%\PROGRAMDATA\WINDOWS TASKS SERVICE\WINSERV.EXE addsgn A7679B19919AF4BAC461AE594CAF9BFACD99D70B7612C9950D3C4E7C50D6714C2317C3573E559D492B80849F461649FA7DDFE87255DAB02C2D77A42FC7062273 9 Win32/RemoteAdmin.RemoteUtilities.V 7 zoo %SystemDrive%\PROGRAMDATA\REAITEKHD\TASKHOST.EXE zoo %SystemDrive%\PROGRAMDATA\MICROSOFT\DRM\0ZUCTIYAZCW\GAME.EXE addsgn 1A76739A5583C28CF42B95BC0C1E5105D7FFFE044A08F67783C3C57FD3B7754CA8D6403636555A082FE8B4DC46D1487E3F9CE8B100515C7AD202ACA436EE2E47 13 Generik.MKWSFH [ESET-NOD32] 7 addsgn 1A76739A5583C28CF42B95BC0C1E5105D7FFFE044A08F67783C3C57FD3B7754CA8D6403636555A082FE8B4DC46D1487E3F9CE8B100515C7AD202ACA436EE2E47 8 BAT/RA-based.FY [ESET-NOD32] 7 chklst delvir delref G:\HISUITEDOWNLOADER.EXE delref H:\HISUITEDOWNLOADER.EXE apply REGT 2 REGT18 deltmp delref %SystemDrive%\PROGRAM FILES\BLUESTACKS_NXT\BLUESTACKSHELPER.EXE delref %SystemRoot%\SYSWOW64\GPSVC.DLL delref %SystemRoot%\SYSWOW64\DRIVERS\TCPIP.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\MRXSMB.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\USBXHCI.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\SRV2.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\HTTP.SYS delref %SystemRoot%\SYSWOW64\UMPOEXT.DLL delref %SystemRoot%\SYSWOW64\DRIVERS\DMVSC.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\SPACEPORT.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\FVEVOL.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\AFD.SYS delref %SystemRoot%\SYSWOW64\LSM.DLL delref %SystemRoot%\SYSWOW64\BLANK.HTM delref {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}\[CLSID] delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID] delref %Sys32%\BLANK.HTM delref %Sys32%\EUGDIDRV.SYS delref %SystemDrive%\PROGRAM FILES\ROCKSTAR GAMES\LAUNCHER\ROCKSTARSERVICE.EXE delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.169.31\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.342\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.175.29\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES\BLUESTACKS_NXT\BSTKPROXYSTUB.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.173.49\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.242\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.173.55\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.152\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES\BLUESTACKS_NXT\HD-PLAYER.EXE delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.272\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.202\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.212\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.175.27\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.332\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.7\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.312\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.292\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\EASEUS\EASEUS PARTITION MASTER\DC\BIN\X64\VSSEASEUSPROVIDER.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.177.11\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES\BLUESTACKS_NXT\BSTKC.DLL delref %SystemDrive%\PROGRAM FILES\BLUESTACKS_NXT\BSTKSVC.EXE delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.173.51\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.173.45\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL delref %SystemRoot%\SYSWOW64\TAPILUA.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.169.31\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.342\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\DRIVERSTORE\FILEREPOSITORY\U0379487.INF_AMD64_69570110508A8108\B379425\AMDHWDECODER_32.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.175.29\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.173.49\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.242\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.173.55\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.152\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\LISTSVC.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.272\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.202\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.212\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\DRIVERSTORE\FILEREPOSITORY\U0379487.INF_AMD64_69570110508A8108\B379425\AMDH265ENC32.DLL delref %SystemRoot%\SYSWOW64\DRIVERSTORE\FILEREPOSITORY\U0379487.INF_AMD64_69570110508A8108\B379425\AMF-MFT-MJPEG-DECODER32.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.175.27\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.332\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.7\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.312\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.292\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.177.11\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.7\GOOGLEUPDATEBROKER.EXE delref %SystemRoot%\SYSWOW64\DRIVERSTORE\FILEREPOSITORY\U0379487.INF_AMD64_69570110508A8108\B379425\AMDH264ENC32.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.173.51\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.173.45\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\IDLISTEN.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAORA.DLL delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\PROGRAMS\BLUESTACKS-SERVICES\BLUESTACKSSERVICES.EXE delref %SystemDrive%\PROGRAM FILES (X86)\EASEUS\EASEUS PARTITION MASTER\BIN\EPMUI.EXE ;------------------------------------------------------------- restart czoo |
перезагрузка, пишем о старых и новых проблемах.
------------
далее,
сделайте логи FRST