santy (Все сообщения пользователя) - Форум технической поддержки ESET NOD32

файлы зашифрованы с расширением *.NO_MORE_RANSOM, * .crypted000007, Filecoder.ED / Encoder.858/ Ransom.Shade; r/n: readme*.txt

Сообщений: 17977

Баллов: 28762

Регистрация: 16.03.2010

Размещено 11.08.2017 15:24:42

Давид Давидов,
по очистке системы выполните скрипт в uVS

выполняем скрипт в uVS:
- скопировать содержимое кода в буфер обмена;
- стартуем uVS(start.exe), далее выбираем: текущий пользователь, меню - скрипты - выполнить скрипт из буфера обмена;
- закрываем все браузеры перед выполнением скрипта;
при деинсталляции программ - соглашаемся на деинсталляцию_удаление подтверждаем "да"

Код
;uVS v4.0.9 [http://dsrt.dyndns.org] ;Target OS: NTv6.3 v400c OFFSGNSAVE ;------------------------autoscript--------------------------- sreg deldirex %SystemDrive%\USERS\USER\APPDATA\ROAMING\ISTARTSURF deldirex %SystemDrive%\PROGRAM FILES (X86)\BAIDU\BAIDUSD\3.0.0.4605 deldirex %SystemDrive%\PROGRAM FILES (X86)\COMMON FILES\BAIDU\BDDOWNLOAD\109 deldirex %SystemDrive%\USERS\USER\APPDATA\LOCAL\SKINAPP delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEOFCBNMAJMJMPLFLAPAOJJNIHCJKIGCK%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGOMEKMIDLODGLBBMALCNEEGIEACBDMKI%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DLIFBCIBLLHKDHOAFPJFNLHFPFGNPLDFL%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPGAIDLFGJKMEENDHKNAFAHPPLLBNIEJM%26INSTALLSOURCE%3DONDEMAND%26UC delref %SystemDrive%\PROGRAMDATA\VKSAVER\VKSAVER.EXE del %SystemDrive%\PROGRAMDATA\VKSAVER\VKSAVER.EXE delref %Sys32%\DRIVERS\BDMWRENCH_X64.SYS del %Sys32%\DRIVERS\BDMWRENCH_X64.SYS delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AOJOECKCMJGHLCHNNENFKBFLNDBEPJPK\8.22.5_0\ПОИСК И СТАРТОВАЯ — ЯНДЕКС delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\YANDEX\YANDEXBROWSER\USER DATA\DEFAULT\EXTENSIONS\AOJOECKCMJGHLCHNNENFKBFLNDBEPJPK\8.22.5_0\ПОИСК И СТАРТОВАЯ — ЯНДЕКС delref %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER (4).EXE del %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER (4).EXE delref %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER (3).EXE del %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER (3).EXE delref %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER (2).EXE del %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER (2).EXE delref %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER.EXE del %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER.EXE apply regt 27 deltmp delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\TEMP\CHROME_BITS_21900_2667\26.0.0.151_WIN_PEPPERFLASHPLAYER.CRX3 delref A9A33436-678B-4C9C-A211-7CC38785E79D\[CLSID] delref 752073A1-23F2-4396-85F0-8FDB879ED0ED\[CLSID] delref %SystemDrive%\USERS\USER\APPDATA\ROAMING\ISTARTSURF\UNINSTALLMANAGER.EXE delref %SystemDrive%\PROGRAM FILES (X86)\BAIDU\BAIDUSD\3.0.0.4605\UNINST.EXE delref %SystemRoot%\SYSWOW64\COMPMGMTLAUNCHER.EXE delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL delref %SystemRoot%\SYSWOW64\DRIVERS\MRXSMB.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\USBXHCI.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\SRV2.SYS delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL delref %SystemRoot%\SYSWOW64\DRIVERS\HTTP.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\TCPIP.SYS delref %SystemRoot%\SYSWOW64\UMPOEXT.DLL delref %SystemRoot%\SYSWOW64\DRIVERS\DMVSC.SYS delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL delref %SystemRoot%\SYSWOW64\CSCSVC.DLL delref %SystemRoot%\SYSWOW64\DRIVERS\FVEVOL.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\AFD.SYS delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS delref %SystemRoot%\SYSWOW64\LSM.DLL delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID] delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID] delref {19916E01-B44E-4E31-94A4-4696DF46157B}\[CLSID] delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID] delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID] delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID] delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID] delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID] delref {DFEAF541-F3E1-4C24-ACAC-99C30715084A}\[CLSID] delref %SystemRoot%\SYSWOW64\BLANK.HTM delref {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}\[CLSID] delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID] delref {00890530-6A9F-4BE2-B1BB-73F01E2BB986}\[CLSID] delref {AF8FA9C9-9907-463E-BDC3-4CC1200D6310}\[CLSID] delref %Sys32%\BLANK.HTM delref HELPSVC\[SERVICE] delref SACSVR\[SERVICE] delref TBS\[SERVICE] delref VMMS\[SERVICE] delref MESSENGER\[SERVICE] delref RDSESSMGR\[SERVICE] delref %SystemDrive%\PROGRAM FILES (X86)\BAIDU\BAIDUSD\3.0.0.4605\BAIDUSDSVC.EXE delref %SystemDrive%\USERS\POSTGRES\APPDATA\LOCAL\MAIL.RU\GAMECENTER\NPDETECTOR.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.5\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\TAPILUA.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\AEPROAM.DLL delref %SystemRoot%\SYSWOW64\RSTRUI.EXE delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.165\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\LISTSVC.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.5\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\WBEM\NLMCIM.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\WPCCPL.DLL delref %SystemRoot%\SYSWOW64\GPSVC.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\IDLISTEN.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAORA.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL delref F:\SETUP.EXE delref {32683183-48A0-441B-A342-7C2A440A9478}\[CLSID] delref %SystemDrive%\PROGRAM FILES (X86)\BAIDU\BAIDUSD\3.0.0.4605\DESKTOPTOAST.EXE delref E:\GAMESMAILRU\COUNTER-STRIKE\HL.EXE delref E:\GAMESMAILRU\COUNTER-STRIKE\UNINSTALL.EXE delref E:\GAMESMAILRU\STEAM.EXE delref D:\DEAD\STEAM.EXE areg ;-------------------------------------------------------------

Код


;uVS v4.0.9 [http://dsrt.dyndns.org]
;Target OS: NTv6.3
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

sreg

deldirex %SystemDrive%\USERS\USER\APPDATA\ROAMING\ISTARTSURF

deldirex %SystemDrive%\PROGRAM FILES (X86)\BAIDU\BAIDUSD\3.0.0.4605

deldirex %SystemDrive%\PROGRAM FILES (X86)\COMMON FILES\BAIDU\BDDOWNLOAD\109

deldirex %SystemDrive%\USERS\USER\APPDATA\LOCAL\SKINAPP

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEOFCBNMAJMJMPLFLAPAOJJNIHCJKIGCK%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGOMEKMIDLODGLBBMALCNEEGIEACBDMKI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DLIFBCIBLLHKDHOAFPJFNLHFPFGNPLDFL%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPGAIDLFGJKMEENDHKNAFAHPPLLBNIEJM%26INSTALLSOURCE%3DONDEMAND%26UC
delref %SystemDrive%\PROGRAMDATA\VKSAVER\VKSAVER.EXE
del %SystemDrive%\PROGRAMDATA\VKSAVER\VKSAVER.EXE
delref %Sys32%\DRIVERS\BDMWRENCH_X64.SYS
del %Sys32%\DRIVERS\BDMWRENCH_X64.SYS
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AOJOECKCMJGHLCHNNENFKBFLNDBEPJPK\8.22.5_0\ПОИСК И СТАРТОВАЯ — ЯНДЕКС
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\YANDEX\YANDEXBROWSER\USER DATA\DEFAULT\EXTENSIONS\AOJOECKCMJGHLCHNNENFKBFLNDBEPJPK\8.22.5_0\ПОИСК И СТАРТОВАЯ — ЯНДЕКС
delref %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER (4).EXE
del %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER (4).EXE
delref %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER (3).EXE
del %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER (3).EXE
delref %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER (2).EXE
del %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER (2).EXE
delref %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER.EXE
del %SystemDrive%\USERS\USER\DOWNLOADS\POKKIINSTALLER.EXE
apply

regt 27
deltmp
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\TEMP\CHROME_BITS_21900_2667\26.0.0.151_WIN_PEPPERFLASHPLAYER.CRX3
delref A9A33436-678B-4C9C-A211-7CC38785E79D\[CLSID]
delref 752073A1-23F2-4396-85F0-8FDB879ED0ED\[CLSID]
delref %SystemDrive%\USERS\USER\APPDATA\ROAMING\ISTARTSURF\UNINSTALLMANAGER.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\BAIDU\BAIDUSD\3.0.0.4605\UNINST.EXE
delref %SystemRoot%\SYSWOW64\COMPMGMTLAUNCHER.EXE
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\MRXSMB.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\USBXHCI.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SRV2.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\HTTP.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\TCPIP.SYS
delref %SystemRoot%\SYSWOW64\UMPOEXT.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\DMVSC.SYS
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\FVEVOL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\AFD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.DLL
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {19916E01-B44E-4E31-94A4-4696DF46157B}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {DFEAF541-F3E1-4C24-ACAC-99C30715084A}\[CLSID]
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}\[CLSID]
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {00890530-6A9F-4BE2-B1BB-73F01E2BB986}\[CLSID]
delref {AF8FA9C9-9907-463E-BDC3-4CC1200D6310}\[CLSID]
delref %Sys32%\BLANK.HTM
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %SystemDrive%\PROGRAM FILES (X86)\BAIDU\BAIDUSD\3.0.0.4605\BAIDUSDSVC.EXE
delref %SystemDrive%\USERS\POSTGRES\APPDATA\LOCAL\MAIL.RU\GAMECENTER\NPDETECTOR.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\TAPILUA.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\AEPROAM.DLL
delref %SystemRoot%\SYSWOW64\RSTRUI.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.165\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\LISTSVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.5\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\WBEM\NLMCIM.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\WPCCPL.DLL
delref %SystemRoot%\SYSWOW64\GPSVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\IDLISTEN.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAORA.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL
delref F:\SETUP.EXE
delref {32683183-48A0-441B-A342-7C2A440A9478}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\BAIDU\BAIDUSD\3.0.0.4605\DESKTOPTOAST.EXE
delref E:\GAMESMAILRU\COUNTER-STRIKE\HL.EXE
delref E:\GAMESMAILRU\COUNTER-STRIKE\UNINSTALL.EXE
delref E:\GAMESMAILRU\STEAM.EXE
delref D:\DEAD\STEAM.EXE
areg

;-------------------------------------------------------------

перезагрузка, пишем о старых и новых проблемах.
------------
по расшифровке файлов crypted000007 не поможем.
сохраните зашифрованный документы на отдельный носитель, возможно решение когда нибудь будет.

[ Как создать образ автозапуска? ]

Перейти

Зашифровано с расширением: ..au1crypt; .blcrypt; .726; .crypt; FIX; .GUST; .sambuka; .decoder, GlobeImposter v2/Filecoder.FV; r/n: how_to_back_files.html

Сообщений: 17977

Баллов: 28762

Регистрация: 16.03.2010

Размещено 11.08.2017 12:25:32

судя по образу уже все чисто,
судя по записке о выкупе - это GlobeImposter v2, расшифровки по нему на текущий момент нет:

Цитата
Identified by ransomnote_filename: how_to_back_files.html custom_rule: victim ID format

следите за этой темой
https://www.bleepingcomputer.com/forums/t/644166/globeimposter-20-fix-extension-ransomware-support-topic/

проверьте возможность восстановить документы из теневых копий.

+
информация с форума bleepingcomputer.com

Цитата
Lawrence Abrams discovered a new GlobeImposter targeting Russian victims. This variant uses the emails [email protected] & and [email protected] and appends the .crypt extension to encrypted files.

https://mobile.twitter.com/LawrenceAbrams/status/894594448201535488

[ Как создать образ автозапуска? ]

Перейти

Зашифровано с расширением: ..au1crypt; .blcrypt; .726; .crypt; FIX; .GUST; .sambuka; .decoder, GlobeImposter v2/Filecoder.FV; r/n: how_to_back_files.html

Сообщений: 17977

Баллов: 28762

Регистрация: 16.03.2010

Размещено 11.08.2017 11:21:10

Андрей,
добавьте записку о выкупе, если есть такая,
+
добавьте образ автозапуска системы для проверки.
возможно остались тела шифратора.

[ Как создать образ автозапуска? ]

Перейти

[ Закрыто] Угроза безопасности, nsacve-2017-0144_EternalBlue

Сообщений: 17977

Баллов: 28762

Регистрация: 16.03.2010

Размещено 11.08.2017 05:11:14

судя по образу - чисто.
антивир в данном случае блокирует загрузку вредносных программ
а после установки патча MS-2017-010, уязвимость закрыта, и не может эксплуатироваться с помощью сетевых атак.

[ Как создать образ автозапуска? ]

Перейти

[ Закрыто] Блокируется update.icloudsrv.info, Stantinko

Сообщений: 17977

Баллов: 28762

Регистрация: 16.03.2010

Размещено 09.08.2017 13:40:04

выполняем скрипт в uVS:
- скопировать содержимое кода в буфер обмена;
- стартуем uVS(start.exe), далее выбираем: текущий пользователь, меню - скрипты - выполнить скрипт из буфера обмена;
- закрываем все браузеры перед выполнением скрипта;
при деинсталляции программ - соглашаемся на деинсталляцию_удаление подтверждаем "да"

Код
;uVS v4.0.9 [http://dsrt.dyndns.org] ;Target OS: NTv6.1 v400c OFFSGNSAVE ;------------------------autoscript--------------------------- zoo %SystemRoot%\SYSWOW64\IHCTRL32.DLL addsgn 79132211B9E9317E0AA1AB5979841205DAFFF47DC4EA942D892B2942AF292811E11BC3DCC10016A5A0D588C9CD6341AD7269EEFF1D65F6AFD46ED32C44C6027C 64 Stantinko 6 chklst delvir deldirex %SystemDrive%\PROGRAM FILES (X86)\CIPLUS-4.5VV05.09 deldirex %SystemDrive%\USERS\ZOTOVICHUP\APPDATA\ROAMING\MYSTARTSEARCH delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBGBGNHMFBCIFPKJOFOOJFPLMFKMAIADN%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBPGANGMFFJCOFIKNIBCMFJIONICOHFGJ%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DILAMGBDAEBKBPKKMFMMFBNAAMKHIJDEK%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DNBIFDKMDOJGMPMOPDEBNJCOBEKGDONCN%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOFDGAFMDEGFKHFDFKMLLFEFMCMCJLLEC%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPNOOFFJHCLKOCPLOPFFDBCDGHMIFFHJI%26INSTALLSOURCE%3DONDEMAND%26UC delref %SystemRoot%\SYSWOW64\WSAUDIO.DLL del %SystemRoot%\SYSWOW64\WSAUDIO.DLL apply regt 27 deltmp delref %SystemRoot%\TEMP\SKY77FC.TMP delref %SystemRoot%\TEMP\GUR447E.EXE delref %SystemDrive%\USERS\ZOTOVI~1\APPDATA\LOCAL\TEMP\CHROME_BITS_4692_26763\463_ALL_STHSET.CRX2 delref %SystemDrive%\PROGRAM FILES (X86)\CIPLUS-4.5VV05.09\AE301C69-2769-4F74-97E5-84A02776C760-10.EXE delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID] delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID] delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID] delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID] delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE delref %SystemDrive%\USERS\ZOTOVICHUP\APPDATA\ROAMING\OURSURFING\UNINSTALLMANAGER.EXE delref %SystemDrive%\PROGRAM FILES (X86)\ADOBE\ADOBE AUDITION 3.0\UNINSTALL\UNINSTALL.EXE delref %SystemDrive%\PROGRAM FILES (X86)\ADOBE\ADOBE AUDITION 3.0\UNINSTALL\UNINSTALL.XML delref %SystemDrive%\USERS\ZOTOVICHUP\APPDATA\ROAMING\MYSTARTSEARCH\UNINSTALLMANAGER.EXE delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS delref %SystemRoot%\SYSWOW64\UMPO.DLL delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL delref %SystemRoot%\SYSWOW64\CSCSVC.DLL delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS delref %SystemRoot%\SYSWOW64\LSM.EXE delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID] delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID] delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID] delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID] delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID] delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID] delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID] delref {D27CDB6E-AE6D-11CF-96B8-444553540000}\[CLSID] delref %SystemRoot%\SYSWOW64\WIN32K.SYS delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID] delref {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}\[CLSID] delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\57.0.2987.133\INSTALLER\CHRMSTP.EXE delref %SystemRoot%\SYSWOW64\BLANK.HTM delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID] delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL delref %Sys32%\BLANK.HTM delref {F764812A-132C-4013-9960-5CBBEB408A0E}\[CLSID] delref HELPSVC\[SERVICE] delref SACSVR\[SERVICE] delref TBS\[SERVICE] delref VMMS\[SERVICE] delref MESSENGER\[SERVICE] delref RDSESSMGR\[SERVICE] delref F:\CDRIVER64.SYS delref %SystemDrive%\PROGRAM FILES (X86)\MSI\CONTROLCENTER\NTIOLIB_X64.SYS delref F:\NTIOLIB_X64.SYS delref %Sys32%\PSXSS.EXE delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE_64.DLL delref %Sys32%\SHAREMEDIACPL.CPL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL delref {10921475-03CE-4E04-90CE-E2E7EF20C814}\[CLSID] delref F:\SOFTWARE\PHSETUP.EXE delref {2670000A-7350-4F3C-8081-5663EE0C6C49}\[CLSID] delref {92780B25-18CC-41C8-B9BE-3C9C571A8263}\[CLSID] delref D:\TOTAL COMMANDER\TOTALCMD.EXE delref D:\СТАРЫЙ КОМП. ДИСК С\СНТ РАДАМИР\SPU_ORB.EXE delref %SystemDrive%\PROGRAM FILES (X86)\PALIHA\TELEPORT 11\VPHONE.EXE delref %SystemDrive%\PROGRAM FILES (X86)\OPERA\LAUNCHER.EXE delref D:\TOTAL COMMANDER\УДАЛИТЬ TOTALCMD.EXE ;------------------------------------------------------------- restart

Код


;uVS v4.0.9 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

zoo %SystemRoot%\SYSWOW64\IHCTRL32.DLL
addsgn 79132211B9E9317E0AA1AB5979841205DAFFF47DC4EA942D892B2942AF292811E11BC3DCC10016A5A0D588C9CD6341AD7269EEFF1D65F6AFD46ED32C44C6027C 64 Stantinko 6

chklst
delvir

deldirex %SystemDrive%\PROGRAM FILES (X86)\CIPLUS-4.5VV05.09

deldirex %SystemDrive%\USERS\ZOTOVICHUP\APPDATA\ROAMING\MYSTARTSEARCH

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBGBGNHMFBCIFPKJOFOOJFPLMFKMAIADN%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBPGANGMFFJCOFIKNIBCMFJIONICOHFGJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DILAMGBDAEBKBPKKMFMMFBNAAMKHIJDEK%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DNBIFDKMDOJGMPMOPDEBNJCOBEKGDONCN%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOFDGAFMDEGFKHFDFKMLLFEFMCMCJLLEC%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPNOOFFJHCLKOCPLOPFFDBCDGHMIFFHJI%26INSTALLSOURCE%3DONDEMAND%26UC
delref %SystemRoot%\SYSWOW64\WSAUDIO.DLL
del %SystemRoot%\SYSWOW64\WSAUDIO.DLL
apply

regt 27
deltmp
delref %SystemRoot%\TEMP\SKY77FC.TMP
delref %SystemRoot%\TEMP\GUR447E.EXE
delref %SystemDrive%\USERS\ZOTOVI~1\APPDATA\LOCAL\TEMP\CHROME_BITS_4692_26763\463_ALL_STHSET.CRX2
delref %SystemDrive%\PROGRAM FILES (X86)\CIPLUS-4.5VV05.09\AE301C69-2769-4F74-97E5-84A02776C760-10.EXE
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
delref %SystemDrive%\USERS\ZOTOVICHUP\APPDATA\ROAMING\OURSURFING\UNINSTALLMANAGER.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\ADOBE\ADOBE AUDITION 3.0\UNINSTALL\UNINSTALL.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\ADOBE\ADOBE AUDITION 3.0\UNINSTALL\UNINSTALL.XML
delref %SystemDrive%\USERS\ZOTOVICHUP\APPDATA\ROAMING\MYSTARTSEARCH\UNINSTALLMANAGER.EXE
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\UMPO.DLL
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.EXE
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {D27CDB6E-AE6D-11CF-96B8-444553540000}\[CLSID]
delref %SystemRoot%\SYSWOW64\WIN32K.SYS
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\57.0.2987.133\INSTALLER\CHRMSTP.EXE
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL
delref %Sys32%\BLANK.HTM
delref {F764812A-132C-4013-9960-5CBBEB408A0E}\[CLSID]
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref F:\CDRIVER64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\MSI\CONTROLCENTER\NTIOLIB_X64.SYS
delref F:\NTIOLIB_X64.SYS
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE_64.DLL
delref %Sys32%\SHAREMEDIACPL.CPL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL
delref {10921475-03CE-4E04-90CE-E2E7EF20C814}\[CLSID]
delref F:\SOFTWARE\PHSETUP.EXE
delref {2670000A-7350-4F3C-8081-5663EE0C6C49}\[CLSID]
delref {92780B25-18CC-41C8-B9BE-3C9C571A8263}\[CLSID]
delref D:\TOTAL COMMANDER\TOTALCMD.EXE
delref D:\СТАРЫЙ КОМП. ДИСК С\СНТ РАДАМИР\SPU_ORB.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\PALIHA\TELEPORT 11\VPHONE.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\OPERA\LAUNCHER.EXE
delref D:\TOTAL COMMANDER\УДАЛИТЬ TOTALCMD.EXE
;-------------------------------------------------------------

restart

перезагрузка, пишем о старых и новых проблемах.
------------
далее,
сделайте дополнительно быструю проверку системы в малваребайт
http://forum.esetnod32.ru/forum9/topic10688/

[ Как создать образ автозапуска? ]

Перейти

[ Закрыто] Вирус wsaudiо и icloudsrv, Stantinko

Сообщений: 17977

Баллов: 28762

Регистрация: 16.03.2010

Размещено 09.08.2017 04:27:33

сделайте таки проверку в малваребайт

Цитата
сделайте дополнительно быструю проверку системы в малваребайт http://forum.esetnod32.ru/forum9/topic10688/

[ Как создать образ автозапуска? ]

Перейти

[ Закрыто] Рекламный вирус 12котов.ру

Сообщений: 17977

Баллов: 28762

Регистрация: 16.03.2010

Размещено 08.08.2017 14:59:09

пропустите проверку в AdwCleaner
и далее
5.сделайте проверку в FRST
http://forum.esetnod32.ru/forum9/topic2798/

[ Как создать образ автозапуска? ]

Перейти

[ Закрыто] Вирус wsaudiо и icloudsrv, Stantinko

Сообщений: 17977

Баллов: 28762

Регистрация: 16.03.2010

Размещено 08.08.2017 14:57:24

Код
;uVS v4.0.9 [http://dsrt.dyndns.org] ;Target OS: NTv6.3 v400c OFFSGNSAVE ;------------------------autoscript--------------------------- deldirex %SystemDrive%\USERS\OST\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER deldirex %SystemDrive%\PROGRAM FILES (X86)\COMMON FILES\TENCENT\TXSSO\1.2.2.37\BIN deldirex %SystemDrive%\PROGRAM FILES (X86)\COMMON FILES\TENCENT\QQVIPDOWNLOADER\124 delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE del %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE delref {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\[CLSID] delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DAONEDLCHKBICMHEPIMIAHFALHEEDJGBH%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBEJNPNKHFGFKCPGIKIINOJLMDCJIMOBI%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DFHEOGGKFDFCHFPHCEEIFDBEPAOOICAHO%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGEIDJEEFDDHGEFEPLHDLEGOLDLGIODON%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DICANJJKADCEEBMHANPEKKOFDHCLNOIJL%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DILHAPDFJLMHFDGDBEFPINEBIJMHJIJPN%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOELPKEPJLGMEHAJEHFEICFBJDIOBDKFJ%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD%26INSTALLSOURCE%3DONDEMAND%26UC delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPJFKGJLNOCFAKOHEOAPICNKNOGLIPAPD%26INSTALLSOURCE%3DONDEMAND%26UC delref {10921475-03CE-4E04-90CE-E2E7EF20C814}\[CLSID] delref %Sys32%\TESSAFE.SYS del %Sys32%\TESSAFE.SYS delref %SystemDrive%\USERS\OST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CPEGCOPCFAJIIIBIDLAELHJJBLPEFBJK\2.0.4.11_1\СТАРТОВАЯ — ЯНДЕКС delref %SystemDrive%\USERS\OST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD\12.0.11_0\ПОИСК MAIL.RU delref %SystemDrive%\USERS\OST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PJFKGJLNOCFAKOHEOAPICNKNOGLIPAPD\2.0.1.11_1\СТАРТОВАЯ — ЯНДЕКС delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCCFIFBOJENKENPKMNBNNDEADPFDIFFOF%26INSTALLSOURCE%3DONDEMAND%26UC apply deltmp delref %SystemDrive%\USERS\1\APPDATA\LOCAL\MATH PROBLEM SOLVER\CPU\SOLVE.EXE delref %SystemDrive%\USERS\1\APPDATA\ROAMING\ICE-PICK LODGE\CACHES\MDM delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE15\OLICENSEHEARTBEAT.EXE delref A9A33436-678B-4C9C-A211-7CC38785E79D\[CLSID] delref {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}\[CLSID] delref 752073A1-23F2-4396-85F0-8FDB879ED0ED\[CLSID] delref {E51DFD48-AA36-4B45-BB52-E831F02E8316}\[CLSID] delref {FF87090D-4A9A-4F47-879B-29A80C355D61}\[CLSID] delref {45F26E9E-6199-477F-85DA-AF1EDFE067B1}\[CLSID] delref {7CCA6768-8373-4D28-8876-83E8B4E3A969}\[CLSID] delref D:\GAMES\BNSCHINA\QQPCMGR\8.11.11347.801\UNINST.EXE delref %SystemRoot%\SYSWOW64\COMPMGMTLAUNCHER.EXE delref %SystemRoot%\SYSWOW64\DRIVERS\MRXSMB.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\USBXHCI.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\SRV2.SYS delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL delref %SystemRoot%\SYSWOW64\DRIVERS\HTTP.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\TCPIP.SYS delref %SystemRoot%\SYSWOW64\UMPOEXT.DLL delref %SystemRoot%\SYSWOW64\DRIVERS\DMVSC.SYS delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL delref %SystemRoot%\SYSWOW64\DRIVERS\SPACEPORT.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\FVEVOL.SYS delref %SystemRoot%\SYSWOW64\DRIVERS\AFD.SYS delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS delref %SystemRoot%\SYSWOW64\LSM.DLL delref %SystemDrive%\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAUTOREACTIVATOR64.EXE delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID] delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID] delref {19916E01-B44E-4E31-94A4-4696DF46157B}\[CLSID] delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID] delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID] delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID] delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID] delref %SystemDrive%\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\PLUGINS\NPFOXITREADERPLUGIN.DLL delref %SystemDrive%\PROGRA~2\MCAFEE\MSC\NPMCSN~1.DLL delref %SystemDrive%\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID] delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\58.0.3029.81\INSTALLER\CHRMSTP.EXE delref %SystemRoot%\SYSWOW64\BLANK.HTM delref {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}\[CLSID] delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID] delref {DD230880-495A-11D1-B064-008048EC2FC5}\[CLSID] delref {472083B0-C522-11CF-8763-00608CC02F24}\[CLSID] delref {3EF5086B-5478-4598-A054-786C45D75692}\[CLSID] delref {5513F07E-936B-4E52-9B00-067394E91CC5}\[CLSID] delref %SystemDrive%\PROGRAM FILES\AVAST SOFTWARE\AVAST\ASWWEBREPIE64.DLL delref %SystemDrive%\PROGRA~1\MCAFEE\MSC\NPMCSN~1.DLL delref %Sys32%\BLANK.HTM delref FTSHELLCONTEXT EXTENSION\[CLSID] delref APPMGMT\[SERVICE] delref HELPSVC\[SERVICE] delref SACSVR\[SERVICE] delref TBS\[SERVICE] delref VMMS\[SERVICE] delref MESSENGER\[SERVICE] delref RDSESSMGR\[SERVICE] delref %Sys32%\DRIVERS\BGOEYORW.SYS delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\LIVEUPDATE\LIVEUPDATE.EXE delref %SystemDrive%\PROGRAM FILES\NVIDIA CORPORATION\GEFORCE EXPERIENCE SERVICE\NVWIRELESSCONTROLLER.EXE delref D:\GAMES\BNSCHINA\QQPCMGR\8.11.11347.801\QMUDISK64.SYS delref %Sys32%\PSXSS.EXE delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES\AVAST SOFTWARE\AVAST\ASWWRCIEBROKER64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.11\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.23.9\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.7\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.5\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.15\PSMACHINE_64.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\TAPILUA.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.22.5\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\AEPROAM.DLL delref %SystemRoot%\SYSWOW64\RSTRUI.EXE delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.165\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\LISTSVC.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\WBEM\NLMCIM.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.11\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.23.9\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\WPCCPL.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.7\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES\NVIDIA CORPORATION\INSTALLER2\INSTALLER.{AE87D6C4-F252-4200-BE45-38F1A4B136DD}\NVI2.DLL delref %SystemRoot%\SYSWOW64\GPSVC.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL delref %SystemRoot%\SYSWOW64\IDLISTEN.DLL delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAORA.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.22.3\PSMACHINE.DLL delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.15\PSMACHINE.DLL delref D:\GAMES\UPLAY\UBISOFT GAME LAUNCHER\GAMES\FAR CRY 3 BLOOD DRAGON\FCBD.BAT delref G:\SETUP.EXE delref %SystemDrive%\USERS\1\APPDATA\LOCAL\MAIL.RU\GAMECENTER\NPDETECTOR.DLL delref %SystemDrive%\USERS\OST\APPDATA\LOCAL\YANDEX\BROWSERMANAGER\MBLAUNCHER.EXE delref {29B6CFD5-0064-411A-8C42-9890C83F9921}\[CLSID] delref %SystemDrive%\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 14.0.0\AVPUI.EXE delref %SystemDrive%\PROGRAM FILES (X86)\RAIDCALL.RU\RAIDCALL.EXE delref %SystemDrive%\PROGRAM FILES (X86)\RAIDCALL.RU\UNINST.EXE ;------------------------------------------------------------- restart

Код


;uVS v4.0.9 [http://dsrt.dyndns.org]
;Target OS: NTv6.3
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

deldirex %SystemDrive%\USERS\OST\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER

deldirex %SystemDrive%\PROGRAM FILES (X86)\COMMON FILES\TENCENT\TXSSO\1.2.2.37\BIN

deldirex %SystemDrive%\PROGRAM FILES (X86)\COMMON FILES\TENCENT\QQVIPDOWNLOADER\124

delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
del %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
delref {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\[CLSID]
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DAONEDLCHKBICMHEPIMIAHFALHEEDJGBH%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBEJNPNKHFGFKCPGIKIINOJLMDCJIMOBI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DFHEOGGKFDFCHFPHCEEIFDBEPAOOICAHO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGEIDJEEFDDHGEFEPLHDLEGOLDLGIODON%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DICANJJKADCEEBMHANPEKKOFDHCLNOIJL%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DILHAPDFJLMHFDGDBEFPINEBIJMHJIJPN%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOELPKEPJLGMEHAJEHFEICFBJDIOBDKFJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPJFKGJLNOCFAKOHEOAPICNKNOGLIPAPD%26INSTALLSOURCE%3DONDEMAND%26UC
delref {10921475-03CE-4E04-90CE-E2E7EF20C814}\[CLSID]
delref %Sys32%\TESSAFE.SYS
del %Sys32%\TESSAFE.SYS
delref %SystemDrive%\USERS\OST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CPEGCOPCFAJIIIBIDLAELHJJBLPEFBJK\2.0.4.11_1\СТАРТОВАЯ — ЯНДЕКС
delref %SystemDrive%\USERS\OST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD\12.0.11_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\OST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PJFKGJLNOCFAKOHEOAPICNKNOGLIPAPD\2.0.1.11_1\СТАРТОВАЯ — ЯНДЕКС
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCCFIFBOJENKENPKMNBNNDEADPFDIFFOF%26INSTALLSOURCE%3DONDEMAND%26UC
apply

deltmp
delref %SystemDrive%\USERS\1\APPDATA\LOCAL\MATH PROBLEM SOLVER\CPU\SOLVE.EXE
delref %SystemDrive%\USERS\1\APPDATA\ROAMING\ICE-PICK LODGE\CACHES\MDM
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE15\OLICENSEHEARTBEAT.EXE
delref A9A33436-678B-4C9C-A211-7CC38785E79D\[CLSID]
delref {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}\[CLSID]
delref 752073A1-23F2-4396-85F0-8FDB879ED0ED\[CLSID]
delref {E51DFD48-AA36-4B45-BB52-E831F02E8316}\[CLSID]
delref {FF87090D-4A9A-4F47-879B-29A80C355D61}\[CLSID]
delref {45F26E9E-6199-477F-85DA-AF1EDFE067B1}\[CLSID]
delref {7CCA6768-8373-4D28-8876-83E8B4E3A969}\[CLSID]
delref D:\GAMES\BNSCHINA\QQPCMGR\8.11.11347.801\UNINST.EXE
delref %SystemRoot%\SYSWOW64\COMPMGMTLAUNCHER.EXE
delref %SystemRoot%\SYSWOW64\DRIVERS\MRXSMB.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\USBXHCI.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SRV2.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\HTTP.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\TCPIP.SYS
delref %SystemRoot%\SYSWOW64\UMPOEXT.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\DMVSC.SYS
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\SPACEPORT.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\FVEVOL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\AFD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAUTOREACTIVATOR64.EXE
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {19916E01-B44E-4E31-94A4-4696DF46157B}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\PLUGINS\NPFOXITREADERPLUGIN.DLL
delref %SystemDrive%\PROGRA~2\MCAFEE\MSC\NPMCSN~1.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\58.0.3029.81\INSTALLER\CHRMSTP.EXE
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}\[CLSID]
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {DD230880-495A-11D1-B064-008048EC2FC5}\[CLSID]
delref {472083B0-C522-11CF-8763-00608CC02F24}\[CLSID]
delref {3EF5086B-5478-4598-A054-786C45D75692}\[CLSID]
delref {5513F07E-936B-4E52-9B00-067394E91CC5}\[CLSID]
delref %SystemDrive%\PROGRAM FILES\AVAST SOFTWARE\AVAST\ASWWEBREPIE64.DLL
delref %SystemDrive%\PROGRA~1\MCAFEE\MSC\NPMCSN~1.DLL
delref %Sys32%\BLANK.HTM
delref FTSHELLCONTEXT EXTENSION\[CLSID]
delref APPMGMT\[SERVICE]
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\DRIVERS\BGOEYORW.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\LIVEUPDATE\LIVEUPDATE.EXE
delref %SystemDrive%\PROGRAM FILES\NVIDIA CORPORATION\GEFORCE EXPERIENCE SERVICE\NVWIRELESSCONTROLLER.EXE
delref D:\GAMES\BNSCHINA\QQPCMGR\8.11.11347.801\QMUDISK64.SYS
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES\AVAST SOFTWARE\AVAST\ASWWRCIEBROKER64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.11\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.23.9\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.15\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\TAPILUA.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.22.5\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\AEPROAM.DLL
delref %SystemRoot%\SYSWOW64\RSTRUI.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.165\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\LISTSVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\WBEM\NLMCIM.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.11\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.23.9\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\WPCCPL.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\NVIDIA CORPORATION\INSTALLER2\INSTALLER.{AE87D6C4-F252-4200-BE45-38F1A4B136DD}\NVI2.DLL
delref %SystemRoot%\SYSWOW64\GPSVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\IDLISTEN.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAORA.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.22.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.15\PSMACHINE.DLL
delref D:\GAMES\UPLAY\UBISOFT GAME LAUNCHER\GAMES\FAR CRY 3 BLOOD DRAGON\FCBD.BAT
delref G:\SETUP.EXE
delref %SystemDrive%\USERS\1\APPDATA\LOCAL\MAIL.RU\GAMECENTER\NPDETECTOR.DLL
delref %SystemDrive%\USERS\OST\APPDATA\LOCAL\YANDEX\BROWSERMANAGER\MBLAUNCHER.EXE
delref {29B6CFD5-0064-411A-8C42-9890C83F9921}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 14.0.0\AVPUI.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\RAIDCALL.RU\RAIDCALL.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\RAIDCALL.RU\UNINST.EXE
;-------------------------------------------------------------

restart

[ Как создать образ автозапуска? ]

Перейти

[ Закрыто] Вирус wsaudiо и icloudsrv, Stantinko

Сообщений: 17977

Баллов: 28762

Регистрация: 16.03.2010

Размещено 08.08.2017 04:13:44

@Ostap Ivanov,
переделайте образ автозапуска актуальной версией uVS. 4.0.9
http://chklst.ru/data/uVS%20latest/uvs_latest.zip
для решения вашей проблемы это важно.

[ Как создать образ автозапуска? ]

Перейти

[ Закрыто] Рекламный вирус 12котов.ру

Сообщений: 17977

Баллов: 28762

Регистрация: 16.03.2010

Размещено 07.08.2017 15:53:20

2.удалите все найденное в малваребайт
перегрузите систему
далее,
3.сделайте проверку в АдвКлинере
http://forum.esetnod32.ru/forum9/topic7084/

*****
4.в АдвКлинере, после завершения проверки,
в секции Папки снимите галки с записей mail.ru, yandex (если есть такие)
остальное удалите по кнопке Очистить
далее,

5.сделайте проверку в FRST
http://forum.esetnod32.ru/forum9/topic2798/

[ Как создать образ автозапуска? ]

Перейти