Rikar, здравствуйте и добро пожаловать на форум!
Через Программы и компоненты в Панели управления удалите следующие программы (если присутствуют):
Код:
WindowsMangerProtect
SmarterPower
IePluginServices
SupTab
Запустите AVZ В меню Файл--Выполнить скрипт, в окошко вставьте текст:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Program Files (x86)\SmarterPower\SmarterPowerbho.dll','');
QuarantineFile('C:\Program Files (x86)\SupTab\SupTab.dll','');
QuarantineFile('C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe','');
QuarantineFile('C:\Program Files (x86)\SmarterPower\updateSmarterPower.exe','');
QuarantineFile('C:\ProgramData\IePluginServices\PluginService.exe','');
QuarantineFile('C:\Windows\system32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys','');
QuarantineFile('C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll','');
QuarantineFile('C:\Program Files (x86)\SmarterPower\bin\{5eeb83d0-96ea-4249-942c-beead6847053}.dll','');
QuarantineFile('C:\Program Files (x86)\SmarterPower\bin\5eeb83d096ea4249942c.dll','');
QuarantineFile('c:\program files (x86)\smarterpower\bin\utilsmarterpower.exe','');
QuarantineFile('c:\program files (x86)\smarterpower\updatesmarterpower.exe','');
QuarantineFile('C:\Program Files (x86)\SmarterPower\bin\SmarterPower.PurBrowse64.exe','');
QuarantineFile('c:\program files (x86)\smarterpower\bin\smarterpower.browseradapter.exe','');
QuarantineFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','');
QuarantineFile('c:\programdata\iepluginservices\pluginservice.exe','');
QuarantineFile('C:\Program Files (x86)\SupTab\Loader64.exe','');
QuarantineFile('c:\program files (x86)\suptab\loader32.exe','');
QuarantineFile('c:\program files (x86)\suptab\hpui.exe','');
DelBHO('{bd7c9b62-a7d9-4405-be51-7fd633f08791}');
DelBHO('{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}');
DeleteService('WindowsMangerProtect');
DeleteService('Update SmarterPower');
DeleteService('IePluginServices');
DeleteFile('c:\program files (x86)\suptab\hpui.exe','32');
DeleteFile('c:\program files (x86)\suptab\loader32.exe','32');
DeleteFile('C:\Program Files (x86)\SupTab\Loader64.exe','32');
DeleteFile('c:\programdata\iepluginservices\pluginservice.exe','32');
DeleteFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','32');
DeleteFile('c:\program files (x86)\smarterpower\bin\smarterpower.browseradapter.exe','32');
DeleteFile('C:\Program Files (x86)\SmarterPower\bin\SmarterPower.PurBrowse64.exe','32');
DeleteFile('c:\program files (x86)\smarterpower\updatesmarterpower.exe','32');
DeleteFile('c:\program files (x86)\smarterpower\bin\utilsmarterpower.exe','32');
DeleteFile('C:\Program Files (x86)\SmarterPower\bin\5eeb83d096ea4249942c.dll','32');
DeleteFile('C:\Program Files (x86)\SmarterPower\bin\{5eeb83d0-96ea-4249-942c-beead6847053}.dll','32');
DeleteFile('C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll','32');
DeleteFile('C:\Windows\system32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys','32');
DeleteFile('C:\ProgramData\IePluginServices\PluginService.exe','32');
DeleteFile('C:\Program Files (x86)\SmarterPower\updateSmarterPower.exe','32');
DeleteFile('C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe','32');
DeleteFile('C:\Program Files (x86)\SupTab\SupTab.dll','32');
DeleteFile('C:\Program Files (x86)\SmarterPower\SmarterPowerbho.dll','32');
DeleteFileMask('C:\Program Files (x86)\SmarterPower\', '*', true);
DeleteDirectory('C:\Program Files (x86)\SmarterPower');
DeleteFileMask('C:\ProgramData\IePluginServices\', '*', true);
DeleteDirectory('C:\ProgramData\IePluginServices');
DeleteFileMask('C:\Program Files (x86)\SupTab\', '*', true);
DeleteDirectory('C:\Program Files (x86)\SupTab');
DeleteFileMask('c:\programdata\windowsmangerprotect\', '*', true);
DeleteDirectory('c:\programdata\windowsmangerprotect');
DeleteFileMask('c:\programdata\iepluginservices\', '*', true);
DeleteDirectory('c:\programdata\iepluginservices');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
И нажмите Запустить. Компьютер перезагрузится.
После перезагрузки выполните скрипт:
Код:
begin
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
end.
Используйте ссылку "Прислать запрошенный карантин", которая находится над первым сообщением темы, чтобы прислать quarantine.zip.
Запустите HijackThis и нажмите Do a System Scan Only. В окошке найдите и отметьте строчки (если присутствуют):
Код:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1408686410&from=cor&uid=WDCXWD5003AZEX-00K1GA0_WD-WCC1S266650066500
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1408686410&from=cor&uid=WDCXWD5003AZEX-00K1GA0_WD-WCC1S266650066500
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1408686410&from=cor&uid=WDCXWD5003AZEX-00K1GA0_WD-WCC1S266650066500
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1408686410&from=cor&uid=WDCXWD5003AZEX-00K1GA0_WD-WCC1S266650066500&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1408686410&from=cor&uid=WDCXWD5003AZEX-00K1GA0_WD-WCC1S266650066500&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1408686410&from=cor&uid=WDCXWD5003AZEX-00K1GA0_WD-WCC1S266650066500
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
Нажмите кнопку Fix checked
Подготовьте новые отчеты AVZ и HijackThis + подготовьте отчет AdwCleaner по инструкции: http://virusinfo.info/showthread.php?t=146192