�� wsaudio � icloud

Fri, 14 Jul 2017 20:25:31 +0300

�� wsaudio � icloud Stantinko � �� .
1) � Malwarebytes - �� .
( �� )

2) �� AdwCleaner
http://forum.esetnod32.ru/forum9/topic7084/

�� :
�� Mail.Ru � Yandex �� ( �� )
�� :
�� (Folders) �� Mail.Ru � Yandex �� [V]

�� AdwCleaner �� (Clean), ��
� ��

3) �� FRST: http://forum.esetnod32.ru/forum9/topic2798/
14.07.2017 20:25:31, RP55 RP55.

�� wsaudio � icloud

Fri, 14 Jul 2017 19:43:20 +0300

�� wsaudio � icloud Stantinko � �� .
��
��.txt
14.07.2017 19:43:20, �� .

�� wsaudio � icloud

Fri, 14 Jul 2017 17:32:37 +0300

�� wsaudio � icloud Stantinko � �� .
�� - � �� .
uVS: start.exe, �� , ��, �� - �� .
�� , �� !
�� : �� !

====code====


;uVS v4.0.5 [http://dsrt.dyndns.org]
;Target OS: NTv10.0
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

deldirex %SystemDrive%\PROGRAM FILES (X86)\KINOROOM BROWSER

deldirex %SystemDrive%\USERS\���������\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER

deldirex %SystemDrive%\USERS\���������\APPDATA\LOCAL\AMIGO\APPLICATION\44.4.2403.3

deldirex %SystemDrive%\USERS\���������\APPDATA\LOCAL\AMIGO\APPLICATION

delref %SystemRoot%\SYSWOW64\WSAUDIO.DLL
del %SystemRoot%\SYSWOW64\WSAUDIO.DLL
delall %SystemRoot%\TEMP\CLEARCACHE.DLL
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBGCIFLJFAPBHGIEHKJLCKFJMGEOJIJCB%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DJDFONANKHFNHIHDCPAAGPABBAOCLNJFP%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DLBJJFIIHGFEGNIOLCKPHPNFAOKDKBMDM%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOELPKEPJLGMEHAJEHFEICFBJDIOBDKFJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref %SystemDrive%\USERS\���������\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HANJIAJGNONAOBDLKLNCDJDMPBOMLHOA\3.2.9_0\MUSICSIG VKONTAKTE
delref %SystemDrive%\USERS\���������\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KCKNBENJNKKJKNPHMNIDANJIFBGPHJKE\4.18_0\THE SAFE SURFING
delref %SystemDrive%\USERS\���������\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MOFELBKEMHLIGELPMJMOHGPHHMOGBKNI\3.1.0_0\TEDDY PROTECTION
delref HTTP://MAIL.RU/CNT/10445?GP=802811
delref %SystemDrive%\USERS\���������\APPDATA\LOCAL\YANDEX\YANDEXBROWSER\USER DATA\DEFAULT\EXTENSIONS\MOFELBKEMHLIGELPMJMOHGPHHMOGBKNI\3.1.0_0\TEDDY PROTECTION
delall %SystemDrive%\USERS\8523~1\APPDATA\LOCAL\TEMP\HYD43E3.TMP.1463815205\HTA\3RDPARTY\OCCOMSDK.DLL
delref HTTP://WWW.BING.COM/SEARCH?Q={SEARCHTERMS}&SRC=IE-SEARCHBOX&FORM=IESR02
delref HTTP://GO.MAIL.RU/DISTIB/EP/?Q={SEARCHTERMS}&PRODUCT_ID=%7B118B243E-C9FE-4202-83E3-CA2C7A15E7B2%7D&GP=802861
delref HTTP://WWW.MYPLAYCITY.RU/?UTM_SOURCE=STARTMENUDESKTOPLINK&UTM_MEDIUM=DOWNLOADABLE_WEBSITEICON
delref %SystemDrive%\PROGRAM FILES (X86)\QGNA\QGNA.EXE
delref %SystemDrive%\PROGRAMDATA\KRB UPDATER UTILITY\KRBUPDATER.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\KINOROOM BROWSER\KRBROWSER.EXE
delref %SystemDrive%\PROGRAMDATA\MICROSOFT\MACROMED\FLASH PLAYER\6D26FB13-6529-476D-8465-05D7C58C9E71\4BD4964E-C877-4B31-917A-BFA51A34E99F.EXE
delref {9F2B0085-9218-42A1-88B0-9F0E65851666}\[CLSID]
delref {E984D939-0E00-4DD9-AC3A-7ACA04745521}\[CLSID]
delref {FE285C8C-5360-41C1-A700-045501C740DE}\[CLSID]
delref {9CDA66BE-3271-4723-8D35-DD834C58AD92}\[CLSID]
delref %SystemRoot%\SYSWOW64\MAPSTOASTTASK.DLL
delref %SystemRoot%\SYSWOW64\MAPSUPDATETASK.DLL
delref %SystemRoot%\EHOME\EHPRIVJOB.EXE
delref %SystemRoot%\EHOME\MCUPDATE
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref %SystemRoot%\EHOME\MCUPDATE.EXE
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref %SystemRoot%\EHOME\EHREC
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}\[CLSID]
delref {EA9155A3-8A39-40B4-8963-D3C761B18371}\[CLSID]
delref {DEF03232-9688-11E2-BE7F-B4B52FD966FF}\[CLSID]
delref %SystemRoot%\SYSWOW64\WPCUMI.DLL
delref %SystemRoot%\SYSWOW64\WPCMIG.DLL
delref {E51DFD48-AA36-4B45-BB52-E831F02E8316}\[CLSID]
delref {FF87090D-4A9A-4F47-879B-29A80C355D61}\[CLSID]
delref {45F26E9E-6199-477F-85DA-AF1EDFE067B1}\[CLSID]
delref {7CCA6768-8373-4D28-8876-83E8B4E3A969}\[CLSID]
delref %SystemRoot%\SYSWOW64\COMPMGMTLAUNCHER.EXE
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\APPVETWCLIENTRES.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\MRXSMB.SYS
delref %SystemRoot%\SYSWOW64\W32TIME.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\USBXHCI.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SRV2.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\HTTP.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\WINNAT.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\TCPIP.SYS
delref %SystemRoot%\SYSWOW64\UMPOEXT.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBUSR.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\DMVSC.SYS
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBKMCL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\REFS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SPACEPORT.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\FVEVOL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\AFD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\HVHOSTSVC.DLL
delref %SystemRoot%\SYSWOW64\LSM.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\SYNTH3DVSC.SYS
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {19916E01-B44E-4E31-94A4-4696DF46157B}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref %SystemDrive%\PROGRA~2\BATTLE~1\SONAR\070~1.4\SONARAX.OCX
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}\[CLSID]
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}\[CLSID]
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {6B9228DA-9C15-419E-856C-19E768A13BDC}\[CLSID]
delref %Sys32%\DRIVERS\VMBUSR.SYS
delref {503739D0-4C5E-4CFD-B3BA-D881334F0DF2}\[CLSID]
delref %Sys32%\DRIVERS\IUSB3XHC.SYS
delref %Sys32%\ALTTAB.DLL
delref %Sys32%\GWX\GWX.EXE
delref %Sys32%\DRIVERS\IUSB3HUB.SYS
delref %Sys32%\QAGENTRT.DLL
delref %Sys32%\LOCATIONNOTIFICATIONS.EXE
delref %SystemDrive%\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPDMCCORE.DLL
delref %Sys32%\MCXDRIV.DLL
delref %Sys32%\HOTSTARTUSERAGENT.DLL
delref %Sys32%\DRIVERS\RDPWD.SYS
delref %SystemDrive%\PROGRAM FILES\INTERNET EXPLORER\IEDVTOOL.DLL
delref %Sys32%\P2PHOST.EXE
delref %Sys32%\NAPIPSEC.DLL
delref %Sys32%\OCSETUP.EXE
delref %Sys32%\MSSHA.DLL
delref %Sys32%\APILOGEN.DLL
delref %Sys32%\IPBUSENUM.DLL
delref %Sys32%\DRIVERS\SCMDISK0101.SYS
delref %Sys32%\OOBE\MSOOBEUI.DLL
delref %Sys32%\MCTADMIN.EXE
delref %SystemDrive%\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE
delref %Sys32%\DHCPQEC.DLL
delref %Sys32%\DRIVERS\UMDF\USBCCIDDRIVER.DLL
delref %Sys32%\WWANADVUI.DLL
delref %Sys32%\DSHOWRDPFILTER.DLL
delref %SystemRoot%\INF\UNREGMP2.EXE
delref %Sys32%\BLANK.HTM
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref %Sys32%\DRIVERS\RDPENCDD.SYS
delref RDSESSMGR\[SERVICE]
delref %Sys32%\DRIVERS\SMARTCARDSIMULATOR.SYS
delref %Sys32%\DRIVERS\VIRTUALSMARTCARDREADER.SYS
delref %Sys32%\DRIVERS\WUDFUSBCCIDDRIVER.SYS
delref %Sys32%\PSXSS.EXE
delref D:\BLENDER\BLENDTHUMB64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE_64.DLL
delref %Sys32%\TETHERINGSETTINGHANDLER.DLL
delref %Sys32%\WBEM\WEMSAL_WMIPROVIDER (1).DLL
delref %Sys32%\QUICKACTIONSPS.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES\ADOBE\ADOBE PHOTOSHOP CC 2015\PHOTOSHOP.EXE\AUTOMATION
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE_64.DLL
delref %Sys32%\CHTADVANCEDDS.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\SPEECH_ONECORE\COMMON\SPEECHRUNTIME.EXE
delref %SystemRoot%\SYSWOW64\TAPILUA.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\LOCATIONFRAMEWORK.DLL
delref %SystemRoot%\SYSWOW64\MAPSBTSVCPROXY.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\PERCEPTIONSIMULATIONEXTENSIONS.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\AUTHHOST.EXE
delref %SystemRoot%\SYSWOW64\EAPPCFGUI.DLL
delref %SystemRoot%\SYSWOW64\MAPSCSP.DLL
delref %SystemRoot%\SYSWOW64\RSTRUI.EXE
delref %SystemRoot%\SYSWOW64\LISTSVC.DLL
delref %SystemRoot%\SYSWOW64\AUTHHOSTPROXY.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\OVERWOLF\0.88.101.0\OVERWOLFTSHELPER.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\WBEM\NLMCIM.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\ACRORD32INFO.EXE
delref %SystemRoot%\SYSWOW64\SPEECH_ONECORE\COMMON\SAPI_EXTENSIONS.DLL
delref %SystemRoot%\SYSWOW64\SMARTSCREEN.EXE
delref %SystemRoot%\SYSWOW64\GPSVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\OOVOO\OOVOO.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\IDLISTEN.DLL
delref %SystemRoot%\SYSWOW64\WIFICONFIGSP.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAORA.DLL
delref %SystemRoot%\SYSWOW64\INETSRV\IISRSTAS.EXE
delref %SystemDrive%\GAMES\WORLD_OF_TANKS\WARGAMINGGAMEUPDATER.EXE
delref D:\GAMES\WORLD_OF_TANKS\WARGAMINGGAMEUPDATER.EXE
delref {5A8FF410-F3CE-4844-B31B-F18D911239E8}\[CLSID]
delref {7AEFE841-DCA1-4A95-80CB-BE935D020300}\[CLSID]
delref %SystemRoot%\SYSWOW64\IHCTRL32.DLL
del %SystemRoot%\SYSWOW64\IHCTRL32.DLL
deltmp
restart

=============

+
�� (�� ) �� Malwarebytes
http://forum.esetnod32.ru/forum9/topic10688/

�� : �� .
�� ( � �� ).
�� .txt ( �� )
14.07.2017 17:32:37, RP55 RP55.

�� wsaudio � icloud

Fri, 14 Jul 2017 16:14:42 +0300

�� wsaudio � icloud Stantinko � �� .
�� . �� 10 ��
��-��_2017-07-14_21-00-06.7z
14.07.2017 16:14:42, �� .

����� esetnod32.ru [����: ���������� ���������� wsaudio � icloud]

���������� ���������� wsaudio � icloud

���������� ���������� wsaudio � icloud

���������� ���������� wsaudio � icloud

���������� ���������� wsaudio � icloud

�� esetnod32.ru [��: �� wsaudio � icloud]

�� wsaudio � icloud

�� wsaudio � icloud

�� wsaudio � icloud

�� wsaudio � icloud