Долго загружается 7, автоматически устанавливается кросбраузер, геймдесктоп. Переадрессация страниц в браузере

@Roma80448044 · Регистрация: 15.06.2015

Author24 — интернет-сервис помощи студентам

Винда 7 еле грузится, после загрузки где-то минуту черный экран. Установились какие-то программы, типа crossbrowser, gamesdesktop и прочие прелести. В браузере стартовая страничка - mystartsearch.. Замечал переадресацию на какую-то левую страничку bycontext.. Помогите вернуть былую скорость и беззаботность моему дохлику..
Лог прикрепляю..

У меня ещё такой вопрос, всё вредоносное ПО удалиться автоматически или мне надо будет удалять вручную?

@thyrex · 15.06.2015, 21:55

AnyProtect
AnySend
CinemaPlus-3.2cV15.06
Crossbrowse
GamesDesktop 092.005010002
mystartsearch uninstall

удалите через Установку программ

Выполните скрипт в AVZ

Код

begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
 then
  begin
   SearchRootkit(true, true);
   SetAVZGuardStatus(True);
  end;
SetServiceStart('zedepory', 4);
 SetServiceStart('xoperoze', 4);
 SetServiceStart('WindowsMangerProtect', 4);
 SetServiceStart('IHProtect Service', 4);
 SetServiceStart('BDSGRTP', 4);
 TerminateProcessByName('c:\users\Роман\appdata\local\gmsd_re_005010002\upgmsd_re_005010002.exe');
 TerminateProcessByName('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe');
 TerminateProcessByName('c:\program files (x86)\miuitab\protectservice.exe');
 TerminateProcessByName('c:\users\4cfa~1\appdata\local\temp\nsmfad5.tmp');
 TerminateProcessByName('c:\users\4cfa~1\appdata\local\temp\nsh2206.tmp');
 TerminateProcessByName('c:\users\Роман\appdata\roaming\cda78bc5-1434240305-11e2-9673-ce39e7dc6f03\nsa8715.tmp');
 TerminateProcessByName('c:\users\Роман\appdata\roaming\cda78bc5-1434379090-11e2-9673-ce39e7dc6f03\jnsh4bbe.tmp');
 TerminateProcessByName('c:\program files (x86)\miuitab\hpnotify.exe');
 TerminateProcessByName('c:\users\Роман\appdata\roaming\cda78bc5-1434379090-11e2-9673-ce39e7dc6f03\hnss6327.tmp');
 TerminateProcessByName('c:\program files (x86)\gmsd_re_005010002\gmsd_re_005010002.exe');
 TerminateProcessByName('c:\program files (x86)\crossbrowse\crossbrowse\application\crossbrowse.exe');
 TerminateProcessByName('C:\Windows\System32\cpuminer-gw64.exe');
 TerminateProcessByName('c:\program files (x86)\miuitab\cmdshell.exe');
 TerminateProcessByName('c:\program files (x86)\common files\baidu\baiduprotect1.3\1.3.0.619\baiduprotect.exe');
 TerminateProcessByName('c:\program files (x86)\cinemaplus-3.2cv15.06\adb92954-b24c-450b-85c1-6c65111c17d7-1-6.exe');
QuarantineFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe','');
 QuarantineFile('C:\Users\Роман\AppData\Local\16185\Updater.exe','');
 QuarantineFile('C:\Program Files (x86)\CinemaPlus-3.2cV15.06\adb92954-b24c-450b-85c1-6c65111c17d7-5.exe','');
 QuarantineFile('C:\Program Files (x86)\CinemaPlus-3.2cV15.06\adb92954-b24c-450b-85c1-6c65111c17d7-11.exe','');
 QuarantineFile('C:\Program Files (x86)\CinemaPlus-3.2cV15.06\adb92954-b24c-450b-85c1-6c65111c17d7-10.exe','');
 QuarantineFile('C:\Program Files (x86)\CinemaPlus-3.2cV15.06\adb92954-b24c-450b-85c1-6c65111c17d7-1-7.exe','');
 QuarantineFile('C:\Program Files (x86)\CinemaPlus-3.2cV15.06\adb92954-b24c-450b-85c1-6c65111c17d7-1-6.exe','');
 QuarantineFile('C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll','');
 QuarantineFile('C:\Program Files (x86)\MiuiTab\SupTab.dll','');
 QuarantineFile('C:\Users\Роман\AppData\Roaming\eTranslator\eTranslator.exe','');
 QuarantineFile('C:\Users\Роман\AppData\Roaming\cpuminer\sgminer\sgminer.cmd','');
 QuarantineFile('C:\Users\Роман\AppData\Roaming\ASPackage\ASPackage.exe','');
 QuarantineFile('c:\users\Роман\appdata\local\gmsd_re_005010002\upgmsd_re_005010002.exe','');
 QuarantineFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','');
 QuarantineFile('c:\program files (x86)\miuitab\protectservice.exe','');
 QuarantineFile('c:\users\4cfa~1\appdata\local\temp\nsmfad5.tmp','');
 QuarantineFile('c:\users\4cfa~1\appdata\local\temp\nsh2206.tmp','');
 QuarantineFile('c:\users\Роман\appdata\roaming\cda78bc5-1434240305-11e2-9673-ce39e7dc6f03\nsa8715.tmp','');
 QuarantineFile('C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe','');
 QuarantineFile('c:\users\Роман\appdata\roaming\cda78bc5-1434379090-11e2-9673-ce39e7dc6f03\jnsh4bbe.tmp','');
 QuarantineFile('c:\program files (x86)\miuitab\hpnotify.exe','');
 QuarantineFile('c:\users\Роман\appdata\roaming\cda78bc5-1434379090-11e2-9673-ce39e7dc6f03\hnss6327.tmp','');
 QuarantineFile('c:\program files (x86)\gmsd_re_005010002\gmsd_re_005010002.exe','');
 QuarantineFile('c:\program files (x86)\crossbrowse\crossbrowse\application\crossbrowse.exe','');
 QuarantineFile('C:\Windows\System32\cpuminer-gw64.exe','');
 QuarantineFile('c:\program files (x86)\miuitab\cmdshell.exe','');
 QuarantineFile('c:\program files (x86)\cinemaplus-3.2cv15.06\adb92954-b24c-450b-85c1-6c65111c17d7-1-6.exe','');
 DeleteFile('c:\program files (x86)\cinemaplus-3.2cv15.06\adb92954-b24c-450b-85c1-6c65111c17d7-1-6.exe','32');
 DeleteFile('c:\program files (x86)\common files\baidu\baiduprotect1.3\1.3.0.619\baiduprotect.exe','32');
 DeleteFile('c:\program files (x86)\miuitab\cmdshell.exe','32');
 DeleteFile('C:\Windows\System32\cpuminer-gw64.exe','32');
 DeleteFile('c:\program files (x86)\crossbrowse\crossbrowse\application\crossbrowse.exe','32');
 DeleteFile('c:\program files (x86)\gmsd_re_005010002\gmsd_re_005010002.exe','32');
 DeleteFile('c:\users\Роман\appdata\roaming\cda78bc5-1434379090-11e2-9673-ce39e7dc6f03\hnss6327.tmp','32');
 DeleteFile('c:\program files (x86)\miuitab\hpnotify.exe','32');
 DeleteFile('c:\users\Роман\appdata\roaming\cda78bc5-1434379090-11e2-9673-ce39e7dc6f03\jnsh4bbe.tmp','32');
 DeleteFile('C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe','32');
 DeleteFile('c:\users\Роман\appdata\roaming\cda78bc5-1434240305-11e2-9673-ce39e7dc6f03\nsa8715.tmp','32');
 DeleteFile('c:\users\4cfa~1\appdata\local\temp\nsh2206.tmp','32');
 DeleteFile('c:\users\4cfa~1\appdata\local\temp\nsmfad5.tmp','32');
 DeleteFile('c:\program files (x86)\miuitab\protectservice.exe','32');
 DeleteFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','32');
 DeleteFile('c:\users\Роман\appdata\local\gmsd_re_005010002\upgmsd_re_005010002.exe','32');
 DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\ad.dll','32');
 DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\BDKitUtils.dll','32');
 DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\BDLogicUtils.dll','32');
 DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\BDMNet.dll','32');
 DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\BDMReport.dll','32');
 DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\DriverManager.dll','32');
 DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\dynplugins\BbSavior.dll','32');
 DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\plugins\BaiduRepair.dll','32');
 DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\plugins\HIPS.dll','32');
 DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\SafeBrowserDll.dll','32');
 DeleteFile('C:\Windows\system32\DRIVERS\bd0001.sys','32');
 DeleteFile('C:\Windows\system32\DRIVERS\BDArKit.sys','32');
 DeleteFile('C:\Windows\system32\DRIVERS\BDMWrench.sys','32');
 DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.619\BaiduProtect.exe','32');
 DeleteFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe','32');
 DeleteFile('C:\Windows\system32\DRIVERS\BDMWrench_x64.sys','32');
 DeleteFile('C:\Windows\system32\DRIVERS\bd0002.sys','32');
 DeleteFile('C:\Users\Роман\AppData\Roaming\ASPackage\ASPackage.exe','32');
 DeleteFile('C:\Users\Роман\AppData\Roaming\cpuminer\sgminer\sgminer.cmd','32');
 DeleteFile('C:\Users\Роман\AppData\Roaming\eTranslator\eTranslator.exe','32');
 DeleteFile('C:\Program Files (x86)\MiuiTab\SupTab.dll','32');
 DeleteFile('C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll','32');
 DeleteFile('C:\Program Files (x86)\CinemaPlus-3.2cV15.06\adb92954-b24c-450b-85c1-6c65111c17d7-1-6.exe','32');
 DeleteFile('C:\Program Files (x86)\CinemaPlus-3.2cV15.06\adb92954-b24c-450b-85c1-6c65111c17d7-1-7.exe','32');
 DeleteFile('C:\Program Files (x86)\CinemaPlus-3.2cV15.06\adb92954-b24c-450b-85c1-6c65111c17d7-10.exe','32');
 DeleteFile('C:\Program Files (x86)\CinemaPlus-3.2cV15.06\adb92954-b24c-450b-85c1-6c65111c17d7-11.exe','32');
 DeleteFile('C:\Program Files (x86)\CinemaPlus-3.2cV15.06\adb92954-b24c-450b-85c1-6c65111c17d7-5.exe','32');
 DeleteFile('C:\Users\Роман\AppData\Local\16185\Updater.exe','32');
 DeleteFile('C:\Windows\Tasks\AmiUpdXp.job','64');
 DeleteFile('C:\Windows\Tasks\adb92954-b24c-450b-85c1-6c65111c17d7-5_user.job','64');
 DeleteFile('C:\Windows\Tasks\adb92954-b24c-450b-85c1-6c65111c17d7-5.job','64');
 DeleteFile('C:\Windows\Tasks\adb92954-b24c-450b-85c1-6c65111c17d7-11.job','64');
 DeleteFile('C:\Windows\Tasks\adb92954-b24c-450b-85c1-6c65111c17d7-10_user.job','64');
 DeleteFile('C:\Windows\Tasks\adb92954-b24c-450b-85c1-6c65111c17d7-1-7.job','64');
 DeleteFile('C:\Windows\Tasks\adb92954-b24c-450b-85c1-6c65111c17d7-1-6.job','64');
 DeleteFile('C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe','32');
 DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe','32');
 DeleteFile('C:\Windows\Tasks\Crossbrowse.job','64');
 DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','64');
 DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','64');
 DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','64');
 DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job','64');
 DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job','64');
 DeleteFile('C:\Windows\Tasks\sJgFmzmvSqv1faWuD.job','64');
 DeleteFile('C:\Windows\system32\Tasks\adb92954-b24c-450b-85c1-6c65111c17d7-1-6','64');
 DeleteFile('C:\Windows\system32\Tasks\adb92954-b24c-450b-85c1-6c65111c17d7-1-7','64');
 DeleteFile('C:\Windows\system32\Tasks\adb92954-b24c-450b-85c1-6c65111c17d7-11','64');
 DeleteFile('C:\Windows\system32\Tasks\adb92954-b24c-450b-85c1-6c65111c17d7-5','64');
 DeleteFile('C:\Windows\system32\Tasks\AmiUpdXp','64');
 DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','64');
 DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','64');
 DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','64');
 DeleteFile('C:\Windows\system32\Tasks\Crossbrowse','64');
 DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineUA','64');
 DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineCore','64');
 DeleteFile('C:\Users\Роман\AppData\Local\Temp\nsh62D8.tmp\blowfish.dll','32');
 DeleteFile('C:\Users\Роман\AppData\Local\Temp\nsx4818.tmp\blowfish.dll','32');
 DeleteFile('C:\Users\Роман\AppData\Local\Temp\nsy93E7.tmp\blowfish.dll','32');
 DeleteFile('C:\Users\Роман\AppData\Local\CDA78BC5-1434389946-11E2-9673-CE39E7DC6F03\bnssE053.exe','32');
  DeleteService('BDSGRTP');
 DeleteService('IHProtect Service');
 DeleteService('WindowsMangerProtect');
 DeleteService('xoperoze');
 DeleteService('zedepory');
 DeleteService('globalUpdate');
 DeleteService('globalUpdatem');
 DeleteService('bd0001');
 DeleteService('BDArKit');
 DeleteService('BDMWrench');
 DeleteService('bd0002');
 DeleteService('BDMWrench_x64');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.

Компьютер перезагрузится.

Выполните скрипт в AVZ

Код

begin
CreateQurantineArchive('c:\quarantine.zip');
end.

Отправьте c:\quarantine.zip при помощи этой формы

Сделайте новые логи по правилам

	15.06.2015, 21:55