Win32/Stantinko

Mon, 05 Jun 2017 12:45:23 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
�� !
�� .
ESET ��!
�� !
05.06.2017 12:45:23, �� .

Win32/Stantinko

Sun, 04 Jun 2017 22:30:21 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
2 �� :
C:\WINDOWS\SysWOW64\bstreamsvc.dll
C:\WINDOWS\SysWOW64\vp9core.dll

��
https://eset.ua/ru/support/send_virus_sample

�� , �� FRST
�� FIX
�� , ��.

[FILE ID=100133]
fixlist.txt
04.06.2017 22:30:21, ��.

Win32/Stantinko

Sun, 04 Jun 2017 21:35:37 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
�� FRST
http://forum.esetnod32.ru/forum9/topic2798/
04.06.2017 21:35:37, ��.

Win32/Stantinko

Sun, 04 Jun 2017 13:00:37 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
��, �� DNS � �� , �� .
� �� -�� .
�� .

�� ,
�� ,
�� - �� .
04.06.2017 13:00:37, santy.

Win32/Stantinko

Sun, 04 Jun 2017 09:42:11 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
�� Cisco2901. � �� ?
04.06.2017 09:42:11, �� .

Win32/Stantinko

Sat, 03 Jun 2017 02:15:18 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
�� ?
��
03.06.2017 02:15:18, santy.

Win32/Stantinko

Fri, 02 Jun 2017 14:26:58 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
Chrome �� , �� .
02.06.2017 14:26:58, �� .

Win32/Stantinko

Fri, 02 Jun 2017 13:17:22 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
�� Stantinko �� Chrome, �� Chrome.
(�� )

====quote====
CHR Extension: (Tampermonkey) - C:\Users\prokhorenkov-Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-24]
CHR Extension: (Basecamp) - C:\Users\prokhorenkov-Pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hipkjbffbhgnghdhedbeepdmehkfdkjd [2017-04-06]
CHR Extension: (friGate Light) - C:\Users\prokhorenkov-Pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdnmhbnbebabimcjggckeoibchhckemm [2017-05-29]
CHR Extension: (Ubiquiti Device Discovery Tool) - C:\Users\prokhorenkov-Pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\omnnjjhhchmmhcogdmnglfkdpobnpofh [2017-05-29]

=============

02.06.2017 13:17:22, santy.

Win32/Stantinko

Fri, 02 Jun 2017 12:56:32 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
�� Chrome. �� , �.�. �� . �� ESET ,�� .
02.06.2017 12:56:32, �� .

Win32/Stantinko

Fri, 02 Jun 2017 12:46:35 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
�� ? (� �� ?)
�� , �� ?
02.06.2017 12:46:35, santy.

Win32/Stantinko

Fri, 02 Jun 2017 11:45:15 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
�� ...
FRST_02-06-2017 11.41.29.txt
Addition_02-06-2017 11.41.29.txt
AdwCleaner[C0].txt
AdwCleaner[S0].txt
02.06.2017 11:45:15, �� .

Win32/Stantinko

Fri, 02 Jun 2017 10:40:35 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
��,
3.��
http://forum.esetnod32.ru/forum9/topic7084/

*****
4.� ��, �� ,
� �� �� �� mail.ru, yandex (�� )
�� ��
��,

5.�� FRST
http://forum.esetnod32.ru/forum9/topic2798/
02.06.2017 10:40:35, santy.

Win32/Stantinko

Fri, 02 Jun 2017 10:18:01 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
� �� . Malware �� ...
malware.txt
02.06.2017 10:18:01, �� .

Win32/Stantinko

Thu, 01 Jun 2017 18:24:49 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v4.0.5 [http://dsrt.dyndns.org]
;Target OS: NTv10.0
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

deldirex %SystemDrive%\USERS\PROKHORENKOV-PC\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBHJHNAFPIILPFFHGLAJCAEPJBNBJEMCI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEIODDFAEPDOEIFBHJPHFEFGIPCJCDIEO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEPGJFMBLHACACPHALJKDCJLLKOMDCJPC%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DHCADGIJMEDBFGCIEGJOMFPJCDCHLHNIF%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DIFLPPBJNPNEIIGCBDFJPNKEBIDMKJMOI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPPOILMFKBPCKODOIFDLKMKEPCAJFJMHL%26INSTALLSOURCE%3DONDEMAND%26UC
delref %SystemDrive%\USERS\PROKHORENKOV-PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EIODDFAEPDOEIFBHJPHFEFGIPCJCDIEO\5.0.1_0\����� MAIL.RU
delref %SystemDrive%\USERS\PROKHORENKOV-PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\BHJHNAFPIILPFFHGLAJCAEPJBNBJEMCI\12.0.23_0\����� MAIL.RU
delref %SystemDrive%\USERS\PROKHORENKOV-PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\EIODDFAEPDOEIFBHJPHFEFGIPCJCDIEO\5.0.1_0\����� MAIL.RU
delref HTTP://SEARCH.QIP.RU/SEARCH?QUERY={SEARCHTERMS}&FROM=IE
delref HTTP://SEARCH.QIP.RU/IE
apply

deltmp
delref %SystemDrive%\USERS\PROKHO~1\APPDATA\LOCAL\TEMP\WCT3A55.TMP
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE15\OLICENSEHEARTBEAT.EXE
delref {35EF4182-F900-4632-B072-8639E4478A61}\[CLSID]
delref %SystemRoot%\SYSWOW64\MAPSTOASTTASK.DLL
delref %SystemRoot%\SYSWOW64\MAPSUPDATETASK.DLL
delref {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}\[CLSID]
delref {5AA199A0-1CED-43A5-9B85-3226086738A3}\[CLSID]
delref {EA9155A3-8A39-40B4-8963-D3C761B18371}\[CLSID]
delref {EBF00FCB-0769-4B81-9BEC-6C05514111AA}\[CLSID]
delref {E51DFD48-AA36-4B45-BB52-E831F02E8316}\[CLSID]
delref {FF87090D-4A9A-4F47-879B-29A80C355D61}\[CLSID]
delref {45F26E9E-6199-477F-85DA-AF1EDFE067B1}\[CLSID]
delref {7CCA6768-8373-4D28-8876-83E8B4E3A969}\[CLSID]
delref {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}\[CLSID]
delref {1B1F472E-3221-4826-97DB-2C2324D389AE}\[CLSID]
delref %Sys32%\AUTOWORKPLACE.EXE
delref %SystemDrive%\USERS\PROKHORENKOV-PC\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\17.3.6517.0809\ONEDRIVESTANDALONEUPDATER.EXE
delref %SystemRoot%\SYSWOW64\COMPMGMTLAUNCHER.EXE
delref %SystemRoot%\SYSWOW64\DRIVERS\MRXSMB.SYS
delref %SystemRoot%\SYSWOW64\W32TIME.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\USBXHCI.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SRV2.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\HTTP.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\TCPIP.SYS
delref %SystemRoot%\SYSWOW64\UMPOEXT.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBUSR.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\DMVSC.SYS
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBKMCL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SPACEPORT.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\FVEVOL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\AFD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\HVHOSTSVC.DLL
delref %SystemRoot%\SYSWOW64\LSM.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\SYNTH3DVSC.SYS
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {19916E01-B44E-4E31-94A4-4696DF46157B}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\TP-LINK\USB PRINTER CONTROLLER\USB PRINTER CONTROLLER.EXE -MINI
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\58.0.3029.81\INSTALLER\CHRMSTP.EXE
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}\[CLSID]
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref %Sys32%\IGFXPPH.DLL
delref %Sys32%\BLANK.HTM
delref %Sys32%\DRIVERS\VMBUSR.SYS
delref %Sys32%\NVINITX.DLL
delref %Sys32%\DRIVERS\REFS.SYS
delref %Sys32%\ALTTAB.DLL
delref %Sys32%\GWX\GWX.EXE
delref %Sys32%\WDFRES.DLL
delref %Sys32%\RASCLUSTERRES.DLL
delref %Sys32%\IME\IMESC\IMSCCORE.DLL
delref %Sys32%\QAGENTRT.DLL
delref %SystemRoot%\WINSTORE\WINSTOREUI.DLL
delref %Sys32%\SYSTEMSETTINGSDATABASE.DLL
delref %Sys32%\LOCATIONNOTIFICATIONS.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\CISCO\CISCO LEAP MODULE\CISCOEAPLEAP.DLL
delref %Sys32%\SYNCENGINE.DLL
delref %Sys32%\IME\SHARED\IMEROAMING.DLL
delref %Sys32%\HOTSTARTUSERAGENT.DLL
delref %SystemDrive%\PROGRAM FILES\INTERNET EXPLORER\IEDVTOOL.DLL
delref %Sys32%\NAPIPSEC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\CISCO\CISCO EAP-FAST MODULE\CISCOEAPFAST.DLL
delref %SystemRoot%\FILEMANAGER\FILEMANAGERAPP.DLL
delref %Sys32%\WINDOWS.DEVICES.GEOLOCATION.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\CISCO\CISCO PEAP MODULE\CISCOEAPPEAP.DLL
delref %SystemRoot%\FILEMANAGER\DATAMODEL.DLL
delref %Sys32%\OCSETUP.EXE
delref %Sys32%\MSSHA.DLL
delref %Sys32%\IME\IMESC\IMSCTIP.DLL
delref %Sys32%\GEOFENCEMONITORSERVICE.DLL
delref %Sys32%\IME\IMESC\IMSCDICCOMPILER.EXE
delref %Sys32%\WINDOWSANYTIMEUPGRADERESULTS.EXE
delref %Sys32%\DRIVERS\BTHLEENUM.SYS
delref %Sys32%\DHCPQEC.DLL
delref %Sys32%\WWANADVUI.DLL
delref %SystemRoot%\INF\UNREGMP2.EXE
delref FTSHELLCONTEXT EXTENSION\[CLSID]
delref APPMGMT\[SERVICE]
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref BROWSER\[SERVICE]
delref MESSENGER\[SERVICE]
delref %Sys32%\DRIVERS\RDPENCDD.SYS
delref RDSESSMGR\[SERVICE]
delref %Sys32%\DRIVERS\SMARTCARDSIMULATOR.SYS
delref %Sys32%\DRIVERS\VIRTUALSMARTCARDREADER.SYS
delref %Sys32%\DRIVERS\WUDFUSBCCIDDRIVER.SYS
delref %Sys32%\DRIVERS\CH341.SYS
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\JAVA\JRE1.8.0_121\BIN\JP2IEXP.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\JAVA\JRE1.8.0_45\BIN\JP2IEXP.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\PSMACHINE_64.DLL
delref %Sys32%\IGFXSRVC.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE_64.DLL
delref %Sys32%\MSMIRADISP.DLL
delref %Sys32%\IGFXDO.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE_64.DLL
delref %Sys32%\IGFXTMM.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.11\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.23.9\PSMACHINE_64.DLL
delref %Sys32%\IGFXDEV.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.7\PSMACHINE_64.DLL
delref %Sys32%\IGFXCFG.EXE
delref %Sys32%\TETHERINGSETTINGHANDLER.DLL
delref %Sys32%\QUICKACTIONSPS.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE_64.DLL
delref %Sys32%\IGFXSRVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.15\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\ADOBE\SHOCKWAVE 12\SWHELPER_1200112.EXE
delref %SystemRoot%\CAPICOM.DLL
delref %SystemRoot%\SYSWOW64\SPEECH_ONECORE\COMMON\SPEECHRUNTIME.EXE
delref %SystemRoot%\SYSWOW64\TAPILUA.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\LOCATIONFRAMEWORK.DLL
delref %SystemRoot%\SYSWOW64\MAPSBTSVCPROXY.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %SystemDrive%\USERS\PROKHORENKOV-PC\DOWNLOADS\SETUP INSTALLER (RIGHT CLICK AND SELECT EXTRACT) (1)\_INSTALLER_(RIGHT CLICK AND SELECT EXTRACT)+\SETUP INSTALLER\SETUP INSTALLER\SETUP INSTALLER__7123_IL6586.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.22.5\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\IME\SHARED\IMEROAMING.DLL
delref %SystemRoot%\SYSWOW64\ADOBE\DIRECTOR\SWDNLD.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\THUNDERBIRD.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\AUTHHOST.EXE
delref %SystemRoot%\SYSWOW64\EAPPCFGUI.DLL
delref %SystemRoot%\SYSWOW64\MAPSCSP.DLL
delref %SystemRoot%\SYSWOW64\RSTRUI.EXE
delref %SystemRoot%\SYSWOW64\LISTSVC.DLL
delref %SystemRoot%\SYSWOW64\SAERHDLR.DLL
delref %SystemRoot%\SYSWOW64\AUTHHOSTPROXY.DLL
delref %SystemRoot%\SYSWOW64\SAIMGFLT.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\MAPIPROXY_INUSE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.5\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\WBEM\NLMCIM.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.11\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.23.9\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.7\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\SMARTSCREEN.EXE
delref %SystemRoot%\SYSWOW64\SASEGFLT.DLL
delref %SystemRoot%\SYSWOW64\GPSVC.DLL
delref %SystemRoot%\SYSWOW64\CONNECTEDSTORAGESERVICE.PROXYSTUB.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\SAMINDRV.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\IDLISTEN.DLL
delref %SystemRoot%\SYSWOW64\WIFICONFIGSP.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRA~2\QIP201~1\QIP.EXE
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAORA.DLL
delref %Sys32%\SPOOL\DRIVERS\X64\3\E_YATIPRE.EXE
;-------------------------------------------------------------

restart

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
01.06.2017 18:24:49, santy.

Win32/Stantinko

Thu, 01 Jun 2017 17:46:36 +0300

Win32/Stantinko �� Win32/Stantinko � �� .
�� !
�� Win32/Stantinko (�� ).
�� ?

� ��, ��.
POCHKINPC_2017-06-01_17-21-43.7z

01.06.2017 17:46:36, �� .

����� esetnod32.ru [����: Win32/Stantinko]

Win32/Stantinko

Win32/Stantinko

Win32/Stantinko

Win32/Stantinko

Win32/Stantinko

Win32/Stantinko

Win32/Stantinko

Win32/Stantinko

Win32/Stantinko

Win32/Stantinko

Win32/Stantinko

Win32/Stantinko

Win32/Stantinko

Win32/Stantinko

Win32/Stantinko

Win32/Stantinko

�� esetnod32.ru [��: Win32/Stantinko]