Самопроизвольное открытие сайтов с рекламмой [not-a-virus:WebToolbar.Win32.CrossRider.anvj, not-a-virus:AdWare.NSIS.Adwapper.do ]

Printable View

01.10.2015, 16:07
rosalin

Вложений: 3

Самопроизвольное открытие сайтов с рекламмой [not-a-virus:WebToolbar.Win32.CrossRider.anvj, not-a-virus:AdWare.NSIS.Adwapper.do ]

Уважаемые форумчане ! Подхватил какуюто заразу , установилось кучу левого софта и в браузерах запускаются страницы с рекламой и 18+ даже если браузер закрыт
01.10.2015, 16:08
Info_bot

Уважаемый(ая) [B]rosalin[/B], спасибо за обращение на наш форум!

Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в [URL="http://virusinfo.info/pravila.html"]правилах оформления запроса о помощи[/URL].

[INFORMATION]Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом [URL="http://virusinfo.info/content.php?r=613-sub_pomogite"]Помогите+[/URL].[/INFORMATION]

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста [URL="http://virusinfo.info/content.php?r=113-virusinfo.info-donate"]поддержите проект[/URL].
02.10.2015, 10:39
rosalin

Ребята , что не так сделал почему тишина?
02.10.2015, 19:26
thyrex

Выполните скрипт в AVZ
[code]begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files (x86)\WordWizard_1.10.0.24\Update\WordwizardAutoUpdateClient.exe','');
QuarantineFile('C:\Users\elena\AppData\Local\Hostinstaller\3032075727_monster.exe','');
QuarantineFile('C:\Users\elena\AppData\Local\Temp\R.vbs','');
QuarantineFile('C:\Users\elena\AppData\Roaming\WLs1R4yWNid6HG6xub2.exe','');
QuarantineFile('C:\Users\elena\AppData\Roaming\zFdhAQca.exe','');
QuarantineFile('C:\Users\elena\AppData\Roaming\tHob2avZ71QBIK4yoPEqQ8Auy.exe','');
QuarantineFile('C:\Program Files (x86)\Torrent Search\03BNtXK.exe','');
QuarantineFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-7.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-6.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-5.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-3.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-11.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-10.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-1-7.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-1-6.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-7.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-6.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-5.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-3.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-11.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-10.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-1-7.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-1-6.exe','');
QuarantineFile('C:\Users\elena\AppData\Roaming\09wIbEDqCxqofG.exe','');
DelBHO('{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}');
DelBHO('{6E727987-C8EA-44DA-8749-310C0FBE3C3E}');
QuarantineFile('C:\Users\elena\AppData\Local\foryougain\stub.exe','');
QuarantineFile('C:\Users\elena\AppData\Local\foryougain\config.json','');
SetServiceStart('contentdefenderdrv', 4);
DeleteService('contentdefenderdrv');
QuarantineFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe','');
DeleteService('globalUpdate');
SetServiceStart('wwsvc_1.10.0.24', 4);
DeleteService('wwsvc_1.10.0.24');
SetServiceStart('WdsManPro', 4);
DeleteService('WdsManPro');
SetServiceStart('SSFK', 4);
DeleteService('SSFK');
SetServiceStart('luzolime', 4);
DeleteService('luzolime');
SetServiceStart('lehicewu', 4);
DeleteService('lehicewu');
SetServiceStart('HHandler Service', 4);
DeleteService('HHandler Service');
SetServiceStart('gyvixodu', 4);
DeleteService('gyvixodu');
SetServiceStart('dipubibu', 4);
DeleteService('dipubibu');
SetServiceStart('ContentDefender', 4);
DeleteService('ContentDefender');
QuarantineFile('C:\Windows\system32\drivers\wwfd_vt_1_10_0_24.sys','');
QuarantineFile('C:\Windows\system32\drivers\contentdefenderdrv.sys','');
QuarantineFile('C:\Users\elena\AppData\Local\SmartWeb\swhk.dll','');
QuarantineFile('C:\Program Files (x86)\Torrent Search\IEEF\nvEoMoxalq.dll','');
QuarantineFile('C:\Program Files (x86)\Torrent Search\IEEF\Interfaces32.dll','');
TerminateProcessByName('c:\program files (x86)\zaxar\zaxarloader.exe');
QuarantineFile('c:\program files (x86)\zaxar\zaxarloader.exe','');
TerminateProcessByName('c:\program files (x86)\zaxar\zaxargamebrowser.exe');
QuarantineFile('c:\program files (x86)\zaxar\zaxargamebrowser.exe','');
TerminateProcessByName('c:\program files (x86)\wordwizard_1.10.0.24\service\wwsvc.exe');
QuarantineFile('c:\program files (x86)\wordwizard_1.10.0.24\service\wwsvc.exe','');
TerminateProcessByName('c:\programdata\bwdsmanprob\wdsmanpro.exe');
QuarantineFile('c:\programdata\bwdsmanprob\wdsmanpro.exe','');
TerminateProcessByName('c:\users\elena\appdata\local\gmsd_ru_005010101\upgmsd_ru_005010101.exe');
QuarantineFile('c:\users\elena\appdata\local\gmsd_ru_005010101\upgmsd_ru_005010101.exe','');
TerminateProcessByName('c:\program files (x86)\sfk\ssfk.exe');
QuarantineFile('c:\program files (x86)\sfk\ssfk.exe','');
TerminateProcessByName('c:\users\elena\appdata\local\d02d9ede-1443459803-e111-9b10-c86000aa1b72\snsg2bf6.tmp');
QuarantineFile('c:\users\elena\appdata\local\d02d9ede-1443459803-e111-9b10-c86000aa1b72\snsg2bf6.tmp','');
TerminateProcessByName('c:\users\elena\appdata\local\smartweb\smartwebhelper.exe');
QuarantineFile('c:\users\elena\appdata\local\smartweb\smartwebhelper.exe','');
TerminateProcessByName('c:\users\elena\appdata\local\smartweb\smartwebapp.exe');
QuarantineFile('c:\users\elena\appdata\local\smartweb\smartwebapp.exe','');
TerminateProcessByName('C:\Program Files (x86)\SFK\SFKEX64.exe');
QuarantineFile('C:\Program Files (x86)\SFK\SFKEX64.exe','');
TerminateProcessByName('c:\users\elena\appdata\local\temp\nsr2ff9.tmp');
QuarantineFile('c:\users\elena\appdata\local\temp\nsr2ff9.tmp','');
TerminateProcessByName('c:\users\elena\appdata\local\kometa\panel\kometalaunchpanel.exe');
QuarantineFile('c:\users\elena\appdata\local\kometa\panel\kometalaunchpanel.exe','');
TerminateProcessByName('c:\users\elena\appdata\local\kometa\application\kometa.exe');
QuarantineFile('c:\users\elena\appdata\local\kometa\application\kometa.exe','');
TerminateProcessByName('c:\program files (x86)\d02d9ede-1443445350-e111-9b10-c86000aa1b72\knsk57bc.tmp');
QuarantineFile('c:\program files (x86)\d02d9ede-1443445350-e111-9b10-c86000aa1b72\knsk57bc.tmp','');
TerminateProcessByName('c:\program files (x86)\d02d9ede-1443445350-e111-9b10-c86000aa1b72\jnsg7e09.tmp');
QuarantineFile('c:\program files (x86)\d02d9ede-1443445350-e111-9b10-c86000aa1b72\jnsg7e09.tmp','');
TerminateProcessByName('c:\program files (x86)\d02d9ede-1443445350-e111-9b10-c86000aa1b72\hnsq93eb.tmp');
QuarantineFile('c:\program files (x86)\d02d9ede-1443445350-e111-9b10-c86000aa1b72\hnsq93eb.tmp','');
TerminateProcessByName('c:\program files (x86)\hp defender\hhandler.exe');
QuarantineFile('c:\program files (x86)\hp defender\hhandler.exe','');
TerminateProcessByName('c:\program files (x86)\gmsd_ru_005010102\gmsd_ru_005010102.exe');
QuarantineFile('c:\program files (x86)\gmsd_ru_005010102\gmsd_ru_005010102.exe','');
TerminateProcessByName('c:\program files (x86)\gmsd_ru_005010101\gmsd_ru_005010101.exe');
QuarantineFile('c:\program files (x86)\gmsd_ru_005010101\gmsd_ru_005010101.exe','');
TerminateProcessByName('c:\program files (x86)\torrent search\ieef\ecz81htzj3.exe');
QuarantineFile('c:\program files (x86)\torrent search\ieef\ecz81htzj3.exe','');
TerminateProcessByName('c:\program files (x86)\crossbrowse\crossbrowse\application\crossbrowse.exe');
QuarantineFile('c:\program files (x86)\crossbrowse\crossbrowse\application\crossbrowse.exe','');
TerminateProcessByName('C:\Program Files\Content Defender\ContentDefender.exe');
QuarantineFile('C:\Program Files\Content Defender\ContentDefender.exe','');
TerminateProcessByName('c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-6.exe');
QuarantineFile('c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-6.exe','');
TerminateProcessByName('c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-10.exe');
QuarantineFile('c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-10.exe','');
TerminateProcessByName('c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-1-6.exe');
QuarantineFile('c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-1-6.exe','');
TerminateProcessByName('c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-6.exe');
QuarantineFile('c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-6.exe','');
TerminateProcessByName('c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-10.exe');
QuarantineFile('c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-10.exe','');
TerminateProcessByName('c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-1-6.exe');
QuarantineFile('c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-1-6.exe','');
DeleteFile('c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-1-6.exe','32');
DeleteFile('c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-10.exe','32');
DeleteFile('c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-6.exe','32');
DeleteFile('c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-1-6.exe','32');
DeleteFile('c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-10.exe','32');
DeleteFile('c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-6.exe','32');
DeleteFile('C:\Program Files\Content Defender\ContentDefender.exe','32');
DeleteFile('c:\program files (x86)\crossbrowse\crossbrowse\application\crossbrowse.exe','32');
DeleteFile('c:\program files (x86)\torrent search\ieef\ecz81htzj3.exe','32');
DeleteFile('c:\program files (x86)\gmsd_ru_005010101\gmsd_ru_005010101.exe','32');
DeleteFile('c:\program files (x86)\gmsd_ru_005010102\gmsd_ru_005010102.exe','32');
DeleteFile('c:\program files (x86)\hp defender\hhandler.exe','32');
DeleteFile('c:\program files (x86)\d02d9ede-1443445350-e111-9b10-c86000aa1b72\hnsq93eb.tmp','32');
DeleteFile('c:\program files (x86)\d02d9ede-1443445350-e111-9b10-c86000aa1b72\jnsg7e09.tmp','32');
DeleteFile('c:\program files (x86)\d02d9ede-1443445350-e111-9b10-c86000aa1b72\knsk57bc.tmp','32');
DeleteFile('c:\users\elena\appdata\local\kometa\application\kometa.exe','32');
DeleteFile('c:\users\elena\appdata\local\kometa\panel\kometalaunchpanel.exe','32');
DeleteFile('c:\users\elena\appdata\local\temp\nsr2ff9.tmp','32');
DeleteFile('C:\Program Files (x86)\SFK\SFKEX64.exe','32');
DeleteFile('c:\users\elena\appdata\local\smartweb\smartwebapp.exe','32');
DeleteFile('c:\users\elena\appdata\local\smartweb\smartwebhelper.exe','32');
DeleteFile('c:\users\elena\appdata\local\d02d9ede-1443459803-e111-9b10-c86000aa1b72\snsg2bf6.tmp','32');
DeleteFile('c:\program files (x86)\sfk\ssfk.exe','32');
DeleteFile('c:\users\elena\appdata\local\gmsd_ru_005010101\upgmsd_ru_005010101.exe','32');
DeleteFile('c:\programdata\bwdsmanprob\wdsmanpro.exe','32');
DeleteFile('c:\program files (x86)\wordwizard_1.10.0.24\service\wwsvc.exe','32');
DeleteFile('c:\program files (x86)\zaxar\zaxargamebrowser.exe','32');
DeleteFile('c:\program files (x86)\zaxar\zaxarloader.exe','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\chrome.dll','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\chrome_child.dll','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\chrome_elf.dll','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\ffmpegsumo.dll','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libegl.dll','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libglesv2.dll','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\pdf.dll','32');
DeleteFile('C:\Program Files (x86)\Torrent Search\IEEF\Interfaces32.dll','32');
DeleteFile('C:\Program Files (x86)\Torrent Search\IEEF\nvEoMoxalq.dll','32');
DeleteFile('C:\Program Files (x86)\Zaxar\QtWebKit4.dll','32');
DeleteFile('C:\Users\elena\AppData\Local\Kometa\Application\45.0.2454.93\chrome.dll','32');
DeleteFile('C:\Users\elena\AppData\Local\Kometa\Application\45.0.2454.93\chrome_child.dll','32');
DeleteFile('C:\Users\elena\AppData\Local\Kometa\Application\45.0.2454.93\chrome_elf.dll','32');
DeleteFile('C:\Users\elena\AppData\Local\Kometa\Application\45.0.2454.93\kometa-client-util.dll','32');
DeleteFile('C:\Users\elena\AppData\Local\Kometa\Application\45.0.2454.93\libegl.dll','32');
DeleteFile('C:\Users\elena\AppData\Local\Kometa\Application\45.0.2454.93\libglesv2.dll','32');
DeleteFile('C:\Users\elena\AppData\Local\Kometa\Panel\1.0.0.763\sciter32.dll','32');
DeleteFile('C:\Users\elena\AppData\Local\SmartWeb\swhk.dll','32');
DeleteFile('C:\Windows\system32\drivers\contentdefenderdrv.sys','32');
DeleteFile('C:\Windows\system32\drivers\wwfd_vt_1_10_0_24.sys','32');
DeleteFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ZaxarGameBrowser');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ZaxarLoader');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Timestasks');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010101');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010102');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','KometaLaunchPanel');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SmartWeb');
DeleteFile('C:\Users\elena\AppData\Local\foryougain\config.json','32');
DeleteFile('C:\Users\elena\AppData\Local\foryougain\stub.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','foryougain');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upgmsd_ru_005010101.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upgmsd_ru_005010102.exe');
DeleteFile('C:\Users\elena\AppData\Roaming\09wIbEDqCxqofG.exe','32');
DeleteFile('C:\Windows\Tasks\09wIbEDqCxqofG.job','64');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-1-6.job','64');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-1-7.exe','32');
DeleteFile('C:\Windows\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-1-7.job','64');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-10.exe','32');
DeleteFile('C:\Windows\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-10_user.job','64');
DeleteFile('C:\Windows\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-11.job','64');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-11.exe','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-3.exe','32');
DeleteFile('C:\Windows\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-3.job','64');
DeleteFile('C:\Windows\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-5.job','64');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-5.exe','32');
DeleteFile('C:\Windows\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-5_user.job','64');
DeleteFile('C:\Windows\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-6.job','64');
DeleteFile('C:\Windows\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-7.job','64');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-6.exe','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-7.exe','32');
DeleteFile('C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','64');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','64');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','64');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-1-6.job','64');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-1-7.exe','32');
DeleteFile('C:\Windows\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-1-7.job','64');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-10.exe','32');
DeleteFile('C:\Windows\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-10_user.job','64');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-11.exe','32');
DeleteFile('C:\Windows\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-11.job','64');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-3.exe','32');
DeleteFile('C:\Windows\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-3.job','64');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-5.exe','32');
DeleteFile('C:\Windows\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-5.job','64');
DeleteFile('C:\Windows\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-5_user.job','64');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-6.exe','32');
DeleteFile('C:\Windows\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-6.job','64');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-7.exe','32');
DeleteFile('C:\Windows\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-7.job','64');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe','32');
DeleteFile('C:\Windows\Tasks\Crossbrowse.job','64');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job','64');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job','64');
DeleteFile('C:\Windows\Tasks\tHob2avZ71QBIK4yoPEqQ8Auy.job','64');
DeleteFile('C:\Windows\Tasks\Update Service for Torrent Search.job','64');
DeleteFile('C:\Windows\Tasks\Update Service for Torrent Search2.job','64');
DeleteFile('C:\Program Files (x86)\Torrent Search\03BNtXK.exe','32');
DeleteFile('C:\Users\elena\AppData\Roaming\tHob2avZ71QBIK4yoPEqQ8Auy.exe','32');
DeleteFile('C:\Windows\Tasks\WLs1R4yWNid6HG6xub2.job','64');
DeleteFile('C:\Windows\Tasks\zFdhAQca.job','64');
DeleteFile('C:\Windows\system32\Tasks\09wIbEDqCxqofG','64');
DeleteFile('C:\Users\elena\AppData\Roaming\zFdhAQca.exe','32');
DeleteFile('C:\Users\elena\AppData\Roaming\WLs1R4yWNid6HG6xub2.exe','32');
DeleteFile('C:\Windows\system32\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-10_user','64');
DeleteFile('C:\Windows\system32\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-11','64');
DeleteFile('C:\Windows\system32\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-3','64');
DeleteFile('C:\Windows\system32\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-5','64');
DeleteFile('C:\Windows\system32\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-5_user','64');
DeleteFile('C:\Windows\system32\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-6','64');
DeleteFile('C:\Windows\system32\Tasks\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-7','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','64');
DeleteFile('C:\Windows\system32\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-10_user','64');
DeleteFile('C:\Windows\system32\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-11','64');
DeleteFile('C:\Windows\system32\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-3','64');
DeleteFile('C:\Windows\system32\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-5','64');
DeleteFile('C:\Windows\system32\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-5_user','64');
DeleteFile('C:\Windows\system32\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-6','64');
DeleteFile('C:\Windows\system32\Tasks\c3090179-3ae5-4696-bd6b-58b99a13b7d1-7','64');
DeleteFile('C:\Windows\system32\Tasks\Crossbrowse','64');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineCore','64');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineUA','64');
DeleteFile('C:\Windows\system32\Tasks\RestoreSearch','64');
DeleteFile('C:\Users\elena\AppData\Local\Temp\R.vbs','32');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task','64');
DeleteFile('C:\Windows\system32\Tasks\Soft installer','64');
DeleteFile('C:\Users\elena\AppData\Local\Hostinstaller\3032075727_monster.exe','32');
DeleteFile('C:\Windows\system32\Tasks\tHob2avZ71QBIK4yoPEqQ8Auy','64');
DeleteFile('C:\Windows\system32\Tasks\Update Service for Torrent Search','64');
DeleteFile('C:\Windows\system32\Tasks\Update Service for Torrent Search2','64');
DeleteFile('C:\Windows\system32\Tasks\WLs1R4yWNid6HG6xub2','64');
DeleteFile('C:\Windows\system32\Tasks\WordWizard Auto Updater 1.10.0.24 Core','64');
DeleteFile('C:\Windows\system32\Tasks\WordWizard Auto Updater 1.10.0.24 Pending Update','64');
DeleteFile('C:\Program Files (x86)\WordWizard_1.10.0.24\Update\WordwizardAutoUpdateClient.exe','32');
DeleteFile('C:\Windows\system32\Tasks\zFdhAQca','64');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.[/code]Будет выполнена перезагрузка компьютера.

Выполните скрипт в AVZ
[code]begin
CreateQurantineArchive('c:\quarantine.zip');
end.[/code][b]c:\quarantine.zip[/b] пришлите по красной ссылке [color="Red"][u][b]Прислать запрошенный карантин[/b][/u][/color] [b]над первым сообщением[/b] в Вашей теме.

[B][COLOR="Red"]Выполните правила ЕЩЕ РАЗ и предоставьте НОВЫЕ логи[/COLOR][/B]
04.10.2015, 13:20
rosalin

Вложений: 3

Карантин закачал, новые логи прилагаю ....
04.10.2015, 15:23
thyrex

Сделайте лог [url="http://virusinfo.info/showthread.php?t=53070&p=1104657&viewfull=1#post1104657"]полного сканирования МВАМ[/url]
04.10.2015, 17:24
rosalin

Вложений: 1

[QUOTE=thyrex;1319671]Сделайте лог [URL="http://virusinfo.info/showthread.php?t=53070&p=1104657&viewfull=1#post1104657"]полного сканирования МВАМ[/URL][/QUOTE]

log MBAM
05.10.2015, 12:50
thyrex

Удалите в МВАМ все, [B]кроме[/B]
[CODE]RiskWare.Tool.CK, C:\Users\elena\Downloads\Autodesk_AutoCAD_2013\crack\xf-autocad-kg_x32.exe, , [ce24064c256616202e6a1c9cc04053ad],
RiskWare.Tool.CK, C:\Users\elena\Downloads\Autodesk_AutoCAD_2013\crack\xf-autocad-kg_x64.exe, , [cb27c68c5b3075c103953e7a4ab646ba],
Trojan.Downloader, C:\Mcam9\hasp9.exe, , [cc26d57d9eed2511348f72fa5fa24cb4],
Trojan.Downloader, C:\Mcam9\BACKUP\hasp9.A291.exe, , [0ee40151becd65d19f2484e857aa0ef2],
Trojan.Downloader, C:\Mcam9_\hasp9.exe, , [2fc3dc761279191de5de93d9926f01ff],
Trojan.Dropped, C:\Windows\System32\hidcon.exe, , [da18242ea4e76accaeec817e1de432ce],[/CODE]
05.10.2015, 14:29
rosalin

Да все удалил кроме приведенных строк , повторный лог чистый , почистил темпы , установил все обновы , проверил ярлыки пока вроде все хорошо .Спасибо!
05.10.2015, 21:05
thyrex

Скачайте [url=http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/][b]Farbar Recovery Scan Tool[/b][/url] [img]http://i.imgur.com/NAAC5Ba.png[/img] и сохраните на Рабочем столе.
[list][*][b]Примечание[/b]: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.[/list]

1. Запустите программу двойным щелчком. Когда программа запустится, нажмите [b]Yes[/b] для соглашения с предупреждением.
2. Убедитесь, что в окне [b]Optional Scan[/b] отмечены [i]"List BCD"[/i] и [i]"Driver MD5"[/i].
[img]http://i.imgur.com/B92LqRQ.png[/img]
3. Нажмите кнопку [b]Scan[/b].
4. После окончания сканирования будет создан отчет ([b]FRST.txt[/b]) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите этот отчет в следующем сообщении.
5. Если программа была запущена в первый раз, также будет создан отчет ([b]Addition.txt[/b]). Пожалуйста, и его тоже прикрепите в следующем сообщении.
05.10.2015, 21:15
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]54[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-10.exe - [B]not-a-virus:WebToolbar.Win32.CrossRider.amqa[/B][*] c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-11.exe - [B]not-a-virus:WebToolbar.Win32.CrossRider.amqa[/B] ( BitDefender: Gen:Application.Heur.xv1@k8C5KyoO )[*] c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-1-6.exe - [B]not-a-virus:WebToolbar.Win32.CrossRider.amqa[/B] ( BitDefender: Gen:Application.Heur.sz1@kOpemroi )[*] c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-1-7.exe - [B]not-a-virus:WebToolbar.Win32.CrossRider.amqa[/B] ( BitDefender: Gen:Application.Heur.dv1@k0ifyTgO )[*] c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-3.exe - [B]not-a-virus:WebToolbar.Win32.CrossRider.amqa[/B] ( BitDefender: Gen:Application.Heur.xv1@k8C5KyoO )[*] c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-5.exe - [B]not-a-virus:WebToolbar.Win32.CrossRider.amqa[/B] ( BitDefender: Gen:Application.Heur.gv1@kCE00llO )[*] c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-6.exe - [B]not-a-virus:WebToolbar.Win32.CrossRider.amqa[/B] ( BitDefender: Gen:Application.Heur.oz1@kuAducpi )[*] c:\program files (x86)\ciplus-4.5vv29.09\92a1ee49-d74b-4c04-b9d2-762ca8ecb6d8-7.exe - [B]not-a-virus:WebToolbar.Win32.CrossRider.amqa[/B] ( BitDefender: Gen:Application.Heur.dv1@k0ifyTgO )[*] c:\program files (x86)\crossbrowse\crossbrowse\application\crossbrowse.exe - [B]not-a-virus:AdWare.Win32.CrossRider.agfo[/B][*] c:\program files (x86)\crossbrowse\crossbrowse\application\utility.exe - [B]not-a-virus:WebToolbar.Win32.CrossRider.anvj[/B][*] c:\program files (x86)\d02d9ede-1443445350-e111-9b10-c86000aa1b72\hnsq93eb.tmp - [B]not-a-virus:AdWare.Win32.ConvertAd.azh[/B] ( AVAST4: Win32:Adware-gen [Adw] )[*] c:\program files (x86)\d02d9ede-1443445350-e111-9b10-c86000aa1b72\jnsg7e09.tmp - [B]not-a-virus:AdWare.Win32.ConvertAd.azi[/B] ( AVAST4: Win32:Adware-gen [Adw] )[*] c:\program files (x86)\globalupdate\update\globalupdate.exe - [B]not-a-virus:RiskTool.Win32.GlobalUpdate.dx[/B][*] c:\program files (x86)\gmsd_ru_005010101\gmsd_ru_005010101.exe - [B]not-a-virus:AdWare.Win32.Eorezo.afob[/B][*] c:\program files (x86)\gmsd_ru_005010102\gmsd_ru_005010102.exe - [B]not-a-virus:AdWare.Win32.Eorezo.afob[/B][*] c:\program files (x86)\hp defender\hhandler.exe - [B]Trojan.Win32.StartPage.fsga[/B][*] c:\program files (x86)\sfk\sfkex64.exe - [B]not-a-virus:AdWare.Win64.MySearch.d[/B][*] c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-10.exe - [B]not-a-virus:AdWare.NSIS.Adwapper.do[/B] ( DrWEB: Trojan.Crossrider1.22993 )[*] c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-11.exe - [B]not-a-virus:AdWare.NSIS.Adwapper.do[/B] ( DrWEB: Trojan.Crossrider1.22993, BitDefender: Gen:Application.Heur.zv1@kaReGdgO )[*] c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-1-6.exe - [B]not-a-virus:AdWare.NSIS.Adwapper.do[/B] ( DrWEB: Trojan.Crossrider1.22993 )[*] c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-1-7.exe - [B]not-a-virus:AdWare.NSIS.Adwapper.do[/B] ( DrWEB: Trojan.Crossrider1.22993, BitDefender: Gen:Application.Heur.fv1@kaSmQNgO )[*] c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-3.exe - [B]not-a-virus:AdWare.NSIS.Adwapper.do[/B] ( DrWEB: Trojan.Crossrider1.22993, BitDefender: Gen:Application.Heur.zv1@kaReGdgO )[*] c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-5.exe - [B]not-a-virus:AdWare.NSIS.Adwapper.do[/B] ( DrWEB: Trojan.Crossrider1.22993, BitDefender: Gen:Application.Heur.iv1@ky94C9dO )[*] c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-6.exe - [B]not-a-virus:AdWare.NSIS.Adwapper.do[/B] ( DrWEB: Trojan.Crossrider1.22993, BitDefender: Gen:Application.Heur.zz1@k4OguCmi )[*] c:\program files (x86)\shop and save up\c3090179-3ae5-4696-bd6b-58b99a13b7d1-7.exe - [B]not-a-virus:AdWare.NSIS.Adwapper.do[/B] ( DrWEB: Trojan.Crossrider1.22993, BitDefender: Gen:Application.Heur.fv1@kaSmQNgO )[*] c:\program files (x86)\torrent search\ieef\ecz81htzj3.exe - [B]not-a-virus:WebToolbar.Win32.Agent.byo[/B][*] c:\program files (x86)\torrent search\ieef\interfaces32.dll - [B]not-a-virus:WebToolbar.Win32.Agent.byo[/B][*] c:\program files (x86)\torrent search\ieef\nveomoxalq.dll - [B]not-a-virus:WebToolbar.Win32.Agent.byo[/B][*] c:\program files (x86)\torrent search\03bntxk.exe - [B]not-a-virus:WebToolbar.Win32.Agent.byo[/B] ( AVAST4: Win32:Adware-gen [Adw] )[*] c:\program files (x86)\wordwizard_1.10.0.24\service\wwsvc.exe - [B]not-a-virus:AdWare.MSIL.Vitruvian.c[/B][*] c:\program files (x86)\wordwizard_1.10.0.24\update\wordwizardautoupdateclient.exe - [B]not-a-virus:AdWare.MSIL.Vitruvian.c[/B][*] c:\program files\content defender\contentdefender.exe - [B]not-a-virus:RiskTool.Win64.NetFilter.o[/B][*] c:\programdata\bwdsmanprob\wdsmanpro.exe - [B]not-a-virus:AdWare.Win32.WProtManager.bw[/B][*] c:\users\elena\appdata\local\d02d9ede-1443459803-e111-9b10-c86000aa1b72\snsg2bf6.tmp - [B]not-a-virus:AdWare.Win32.ConvertAd.azl[/B] ( AVAST4: Win32:Adware-gen [Adw] )[*] c:\users\elena\appdata\local\foryougain\stub.exe - [B]not-a-virus:AdWare.NSIS.Agent.gz[/B] ( AVAST4: Win32:Malware-gen )[*] c:\users\elena\appdata\local\gmsd_ru_005010101\upgmsd_ru_005010101.exe - [B]not-a-virus:AdWare.Win32.Eorezo.afob[/B][*] c:\users\elena\appdata\local\smartweb\smartwebapp.exe - [B]not-a-virus:AdWare.Win32.PriceGong.a[/B] ( DrWEB: Adware.Shopper.845, AVAST4: Win32:PriceGong-B [Adw] )[*] c:\users\elena\appdata\local\smartweb\smartwebhelper.exe - [B]not-a-virus:AdWare.Win32.PriceGong.a[/B] ( DrWEB: Adware.Shopper.845 )[*] c:\users\elena\appdata\local\smartweb\swhk.dll - [B]not-a-virus:AdWare.Win32.PriceGong.a[/B] ( DrWEB: Adware.Shopper.845, AVAST4: Win32:BHO-AOK [Adw] )[*] c:\users\elena\appdata\local\temp\nsr2ff9.tmp - [B]not-a-virus:AdWare.Win32.Vopak.wfx[/B][*] c:\users\elena\appdata\roaming\thob2avz71qbik4yopeqq8auy.exe - [B]not-a-virus:WebToolbar.Win32.CroRi.fte[/B][*] c:\users\elena\appdata\roaming\wls1r4ywnid6hg6xub2.exe - [B]not-a-virus:WebToolbar.Win32.CroRi.fte[/B][*] c:\users\elena\appdata\roaming\zfdhaqca.exe - [B]not-a-virus:WebToolbar.Win32.CroRi.fte[/B][*] c:\users\elena\appdata\roaming\09wibedqcxqofg.exe - [B]not-a-virus:WebToolbar.Win32.CroRi.fte[/B][*] c:\windows\system32\drivers\contentdefenderdrv.sys - [B]not-a-virus:RiskTool.Win64.NetFilter.o[/B][*] c:\windows\system32\drivers\wwfd_vt_1_10_0_24.sys - [B]not-a-virus:NetTool.Win64.NetFilter.l[/B][/LIST][/LIST]