Поймал вирус

SV9TOI · 13.05.2017, 17:47

не позволяет открыть фото. прошу проверить образ

safety · 13.05.2017, 18:10

фото, как я понимаю, у вас зашифровано шифратором WanaCrypt0r

выполняем скрипт в uVS
- скопировать содержимое кода в буфер обмена;
- стартуем uVS(start.exe), далее выбираем: текущий пользователь, меню - скрипты - выполнить скрипт из буфера обмена;
- закрываем все браузеры перед выполнением скрипта;
при деинсталляции программ - соглашаемся на деинсталляцию_удаление подтверждаем "да"

Код:

;uVS v4.0.2 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

zoo %SystemDrive%\PROGRAMDATA\GWDVDXYIQTAHWIO623\TASKSCHE.EXE
addsgn A7679BF0AA02C4A64BD4C64512881261848AFCF689AA7BF1A0C3C5BC50559D24704194DE5BBDAE92A2DD78F544E95C3EFC9FE82BD6D7FCD56D775BACCA56DB33 8 BACKDOOR.Trojan [DrWeb] 7

zoo %SystemRoot%\PREFETCH\WUAUSER.EXE
addsgn 19E42027506A4C720BD44739A337ED05258AFCF689FA1F7885C3C5BC50D6714C2317C3573E559D492B80849F461649FA7DDFE87255DAB02C2D77A42FC7062273 8 Win32/CoinMiner 7

zoo %SystemDrive%\PROGRAMDATA\GWDVDXYIQTAHWIO623\@WANADECRYPTOR@.EXE
addsgn A7679BF0AA02E4C84AD4C6E154891261848AFCF689AA7BF1A0C3C5BC50559D24704194DE5BBDAE92A2DD78F544E95CDE289EE82BD6D7280E6F775BACCA9A0031 8 WannaDecrypt 7

zoo %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\MEDIAGET2\MEDIAGET-UNINSTALLER.EXE
addsgn 9252771A116AC1CC0B44554E33231995AF8CBA7E8EBD1EA3F0C44EA2D3388D5DF8652EEF3F559D492A5BF198CD08CA1481CE336395DB6B5F26028CA4D985CC8F 14 Win32:FakeSys-BF [PUP] 7

zoo %SystemDrive%\PROGRAM FILES\CONTENT DEFENDER\CONTENTDEFENDERCONTROL.EXE
addsgn BA6F9BB2BDCD0D720B9C2D754C2124FBDA75303A4536D3B4490F09709C1ABD80EFDB0F9BF299FB2F249F009F461649FA3554293AA203F8852A77A42FB30944E3 15 Win64/Riskware.NetFilter 7

chklst
delvir

deldirex %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER

deldirex %SystemDrive%\PROGRAM FILES (X86)\GLOBALUPDATE\UPDATE\1.3.25.0

deldirex %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.9.16349.225

deldirex %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\MEDIAGET2

deldirex %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\MEDIA GET LLC\MEDIAGET2\USER_SEARCH\TSERVERINFO

deldirex %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\MEDIA GET LLC\MEDIAGET2\USER_SEARCH\ISERVERINFO

deldirex %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\MEDIA GET LLC\MEDIAGET2\USER_SEARCH\SSERVERINFO

delref %SystemDrive%\PROGRAM FILES (X86)\OPERA\LAUNCHER.EXE
del %SystemDrive%\PROGRAM FILES (X86)\OPERA\LAUNCHER.EXE
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DDKEKDLKMDPIPIHONAPOLEOPFEKMAPADH%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEIODDFAEPDOEIFBHJPHFEFGIPCJCDIEO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DFDHBKAAHEPHNIEJAPEPAIGGNGJNEDPCI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DFDJDJKKJOIOMAFNIHNOBKINNFJNNLHDG%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGEHNGEIFMELPHPLLNCOBKMIMPHFKCKNE%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGEIDJEEFDDHGEFEPLHDLEGOLDLGIODON%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DHDPGLLBNILFCBCKBDCHJCFGOPIJGLLCM%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DIFLPPBJNPNEIIGCBDFJPNKEBIDMKJMOI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DJDKIHDHLEGCDGGKNOKFEKOEMKJJNJHGI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DNECFMKPLPMINFJAGBLFABGGOMDPAAKAN%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPFIGAOAMNNCIJBGOMIFAMKMKIDNNLIKL%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://WWW.ISTARTSURF.COM/WEB/?TYPE=DS&TS=1433530971&Z=1458EE6DA0EBF6DE31DB3CBG0ZDC6C7W9C9EBT9M0B&FROM=FACE&UID=ST3250410AS_9RY2YQ94XXXX9RY2YQ94&Q={SEARCHTERMS}
delref HTTP://WWW.ISTARTSURF.COM/?TYPE=HPPP&TS=1433418077&Z=C8FE3F6E184E1B41F9F3E92G4Z8C1C5Z3G7B7E0B0G&FROM=FACE&UID=ST3250410AS_9RY2YQ94XXXX9RY2YQ94
delref HTTP://VK.IJMELTO.RU/INDEX.XML?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DKNEGGODALBCMGDKKFHBHBICBBAHNACJB%26INSTALLSOURCE%3DONDEMAND%26UC
delref %Sys32%\DRIVERS\CONTENTDEFENDERDRV.SYS
del %Sys32%\DRIVERS\CONTENTDEFENDERDRV.SYS
delref %Sys32%\DRIVERS\INNFD_1_10_0_14.SYS
del %Sys32%\DRIVERS\INNFD_1_10_0_14.SYS
delref %SystemRoot%\SKINAPP.SYS
del %SystemRoot%\SKINAPP.SYS
delref %Sys32%\DRIVERS\TSSKX64.SYS
del %Sys32%\DRIVERS\TSSKX64.SYS
delref %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DKEKDLKMDPIPIHONAPOLEOPFEKMAPADH\1.2.0.2_0\СТАРТОВАЯ — ЯНДЕКС
delref %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EIODDFAEPDOEIFBHJPHFEFGIPCJCDIEO\7.0.25_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GEHNGEIFMELPHPLLNCOBKMIMPHFKCKNE\1.0.9_0\СТАРТОВАЯ — ЯНДЕКС
delref %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JDKIHDHLEGCDGGKNOKFEKOEMKJJNJHGI\1.0.3_0\СТАРТОВАЯ — ЯНДЕКС
delref %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PHKDCINMMLJBLPNKOHLIPAIODLONPINF\11.0.3_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\YANDEX\YANDEXBROWSER\USER DATA\DEFAULT\EXTENSIONS\MDPLJNDCMBEIKFNLFLCGGAIPGNHIEDBL\7.6_0\SAVEFROM.NET ПОМОЩНИК
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DDHDGFFKKEBHMKFJOJEJMPBLDMPOBFKFO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DDMPOJJILDDEFGNHIICJCMHBKJGBBCLOB%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DFCFENMBOOJPJINHPGGGODEFCCIPIKBPD%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DODIJCGAFKHPOBJLNFDGIACPDENPMBGME%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPHKDCINMMLJBLPNKOHLIPAIODLONPINF%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://WWW.ISTARTSURF.COM/WEB/?UTM_SOURCE=B&UTM_MEDIUM=FACE&UTM_CAMPAIGN=INSTALL_IE&UTM_CONTENT=DS&FROM=FACE&UID=ST3250410AS_9RY2YQ94XXXX9RY2YQ94&TS=1433531032&TYPE=DEFAULT&Q={SEARCHTERMS}
delref HTTP://WWW.ISTARTSURF.COM/WEB/?TYPE=DSPP&TS=1433418077&Z=C8FE3F6E184E1B41F9F3E92G4Z8C1C5Z3G7B7E0B0G&FROM=FACE&UID=ST3250410AS_9RY2YQ94XXXX9RY2YQ94&Q={SEARCHTERMS}
delref %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\YANDEX\BROWSERMANAGER\MBLAUNCHER.EXE
del %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\YANDEX\BROWSERMANAGER\MBLAUNCHER.EXE
delref HTTP:\\SEARCHS-HI.RU
apply

regt 28
regt 29
deltmp
delref %SystemRoot%\SOFTWAREDISTRIBUTION\DOWNLOAD\C6B2F3E6CF8804FD996978BD1242AEA9\A73FD77311C651808FF83C020BD64B069A062EAE
delref %SystemRoot%\TEMP\GUR8D02.EXE
delref %SystemRoot%\TEMP\GUR8B8C.EXE
delref %SystemRoot%\TEMP\GURA90A.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\APPLE SOFTWARE UPDATE\SOFTWAREUPDATE.EXE
delref %SystemDrive%\PROGRAMDATA\MICROSOFT\MACROMED\FLASH PLAYER\FCBB1D4F-FF56-4257-ADC5-CB6E9F152F3F\7BF6925C-BC71-4999-9EFD-2479E176F46A.EXE
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref D:\HOMM3 SOD\SETUP.EXE
delref D:\НОВАЯ ПАПКА\ASSASSIN'S CREED IV BLACK FLAG.GOLD EDITION\GDFINSTALL.EXE
delref F:\HEROES OF MIGHT AND MAGIC(TM) IV (RUS)\SETUP.EXE
delref %SystemDrive%\USERS\D32B~1\APPDATA\LOCAL\TEMP\IS-O75AM.TMP\DOWNLOADER.EXE
delref %SystemRoot%\SYSWOW64\TBSSVC.DLL
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\UMPO.DLL
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\RDVGKMD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.EXE
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER\UNITYWEBPLUGINAX.OCX
delref %SystemDrive%\PROGRAM FILES\UNITY\WEBPLAYER64\LOADER-X64\UNITYWEBPLUGINAX.OCX
delref {5645E0E7-FC12-43BF-A6E4-F9751942B298}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID]
delref {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\[CLSID]
delref {C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\[CLSID]
delref {CA8A9780-280D-11CF-A24D-444553540000}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref %SystemRoot%\SYSWOW64\WIN32K.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\GLOBALUPDATE\UPDATE\1.3.25.0\NPGLOBALUPDATEUPDATE4.DLL
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {2803063F-4B8D-4DC6-8874-D1802487FE2D}\[CLSID]
delref {B19ED566-D419-470B-B111-3C89040BC027}\[CLSID]
delref {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}\[CLSID]
delref {472083B0-C522-11CF-8763-00608CC02F24}\[CLSID]
delref {136DCBF5-3874-4B70-AE3E-15997D6334F7}\[CLSID]
delref {55DA30FC-F16B-49FC-BAA5-AE59FC65F82D}\[CLSID]
delref {564FD788-86C9-4444-971E-CC4A243DA150}\[CLSID]
delref {760A8F35-97E7-479D-AAF5-DA9EFF95D751}\[CLSID]
delref {8F43B7D9-9D6B-4F48-BE18-4D787C795EEA}\[CLSID]
delref {A28F324B-DDC5-4999-AA25-D3A7E25EF7A8}\[CLSID]
delref {F13D3732-96BD-4108-AFEB-E85F68FF64DC}\[CLSID]
delref {47E792CF-0BBE-4F7A-859C-194B0768650A}\[CLSID]
delref {7CEEEECF-3FEE-4548-B529-C254CAF4D182}\[CLSID]
delref {93A22E7A-5091-45EF-BA61-6DA26156A5D0}\[CLSID]
delref {9852A670-F845-491B-9BE6-EBD841B8A613}\[CLSID]
delref {ABE7B1D9-4B3E-4ACD-A0D1-92611D3A4492}\[CLSID]
delref {C9ECE7B3-1D8E-41F5-9F24-B255DF16C087}\[CLSID]
delref {DEE56715-7081-4D57-91A7-984AE2712268}\[CLSID]
delref %Sys32%\DRIVERS\RDVGKMD.SYS
delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL
delref %SystemDrive%\PROGRAM FILES\UNITY\WEBPLAYER64\LOADER-X64\NPUNITY3D64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\49.0.2623.110\INSTALLER\CHRMSTP.EXE
delref %Sys32%\BLANK.HTM
delref {40CC864B-947A-4E5D-A2E5-DB6777B55D8F}\[CLSID]
delref {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}\[CLSID]
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %SystemDrive%\PROGRAM FILES (X86)\MEGAFON MODEM\UPDATEDOG\OUC.EXE
delref %SystemRoot%\MSSECSVC.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.9.16349.225\QMUDISK64.SYS
delref %Sys32%\DRIVERS\SCFD_1_10_0_16.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.9.16349.225\TS888X64.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\X6VA023
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\YANDEX\BROWSERMANAGER\BROWSERMANAGERSHOW.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.11\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.5\PSMACHINE_64.DLL
delref %Sys32%\SHAREMEDIACPL.CPL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GLOBALUPDATE\UPDATE\1.3.25.0\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.11\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.123\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL
delref F:\AUTORUN.EXE
delref {29B6CFD5-0064-411A-8C42-9890C83F9921}\[CLSID]
delref {5A8FF410-F3CE-4844-B31B-F18D911239E8}\[CLSID]
delref {DFEAF541-F3E1-4C24-ACAC-99C30715084A}\[CLSID]
delref D:\НОВАЯ ПАПКА (4)\POKERSTARSUPDATE.EXE
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref %SystemDrive%\PROGRAMDATA\OFMHGODXKO\GWRABOKLCSE5.BAT
delref %SystemDrive%\USERS\ВАЛЁК\APPDATA\LOCAL\AZBLXBAEWBXEG\HGMITTPAS1.BAT
delref %SystemDrive%\PROGRAMDATA\VPXURAYHFXO\RBHUQMWDRKT0.BAT
delref D:\НОВАЯ ПАПКА\POKERSTARSUPDATE.EXE
delref D:\GAMES\POKERSTARS.NET\POKERSTARSUPDATE.EXE
delref D:\AKELLA GAMES\NOSTRADAMUS\NOSTRADAMUS.EXE
delref D:\НОВАЯ ПАПКА\TRACER.EXE
delref D:\НОВАЯ ПАПКА\POKERSTARSUNINSTALL.EXE
delref D:\GAMES\POKERSTARS.NET\TRACER.EXE
delref D:\GAMES\POKERSTARS.NET\POKERSTARSUNINSTALL.EXE
delref %SystemRoot%\UNINSTALL\WEB-SMS\SETUP.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\WINDOWS KITS\8.1\SHORTCUTS\DESKTOPDEVCENTERLEARN.URL
delref %SystemDrive%\PROGRAM FILES (X86)\WINDOWS KITS\8.1\SHORTCUTS\WINDOWSSTOREAPPDEVCENTERLEARN.URL
delref %SystemDrive%\PROGRAM FILES (X86)\WINDOWS KITS\8.1\SHORTCUTS\DESKTOPDEVCENTERSAMPLES.URL
delref %SystemDrive%\PROGRAM FILES (X86)\WINDOWS KITS\8.1\SHORTCUTS\WINDOWSSTOREAPPDEVCENTERSAMPLES.URL
delref %SystemDrive%\PROGRAM FILES (X86)\WINDOWS KITS\8.1\SHORTCUTS\DESKTOPDEVCENTERTOOLSDOCUMENTATION.URL
delref %SystemDrive%\PROGRAM FILES (X86)\WINDOWS KITS\8.1\SHORTCUTS\WINDOWSSTOREAPPDEVCENTERTOOLSDOCUMENTATION.URL
delref D:\GAMES\ТАЙНА ДА ВИНЧИ\ИНТЕРНЕТ-СТРАНИЦА ELEKTROGAMES.URL
delref D:\GAMES\ТАЙНА ДА ВИНЧИ\ИНТЕРНЕТ-СТРАНИЦА KHEOPS STUDIO.URL
delref D:\GAMES\ТАЙНА ДА ВИНЧИ\ИНТЕРНЕТ-СТРАНИЦА MZONE STUDIO.URL
delref D:\GAMES\ТАЙНА ДА ВИНЧИ\ИНТЕРНЕТ-СТРАНИЦА TOTEM STUDIO.URL
delref D:\GAMES\ТАЙНА ДА ВИНЧИ\ИНТЕРНЕТ-СТРАНИЦА ИГРЫ 'ТАЙНА ДА ВИНЧИ'.URL
delref D:\GAMES\ТАЙНА ДА ВИНЧИ\КОМПАНИЯ 'НОВЫЙ ДИСК'.URL
delref D:\GAMES\ТАЙНА ДА ВИНЧИ\SDV.EXE
delref D:\GAMES\ТАЙНА ДА ВИНЧИ\UNINSTALL.EXE
;-------------------------------------------------------------

restart

перезагрузка, пишем о старых и новых проблемах.
----------
далее,
выполните быстрое сканирование (угроз) в Malwarebytes

13.05.2017, 17:47
Helpmaster Member Регистрация: 08.03.2016 Сообщений: 0	Отправлю вам ссылки по которым содержаться схожие топики Поймал вирус Поймал вирус Поймал вирус Поймал вирус Поймал вирус

Ads
Яндекс Member Регистрация: 31.10.2006 Сообщений: 40200 Записей в дневнике: 0 Сказал(а) спасибо: 0 Поблагодарили 0 раз(а) в 0 сообщениях Репутация: 55070