�� esetnod32.ru [��: YaFinder]

YaFinder

Sun, 13 Oct 2013 19:35:42 +0400

YaFinder �� YaFinder � �� .
� ��

====quote====
Folder Found C:\Program Files\Mail.Ru
Folder Found C:\Users\��\AppData\Local\Mail.Ru
Folder Found C:\Users\��\AppData\LocalLow\Mail.Ru
Folder Found C:\Users\��\AppData\Roaming\Mail.Ru
Folder Found C:\Users\��\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru

=============

��,
��
http://forum.esetnod32.ru/forum9/topic3998/
13.10.2013 19:35:42, santy.

YaFinder

Sun, 13 Oct 2013 19:30:18 +0400

YaFinder �� YaFinder � �� .
�� 4 �� . ��
AdwCleaner[R1].txt
13.10.2013 19:30:18, ��.

YaFinder

Sun, 13 Oct 2013 19:08:37 +0400

YaFinder �� YaFinder � �� .
�� ,
��
http://forum.esetnod32.ru/forum9/topic7084/
13.10.2013 19:08:37, santy.

YaFinder

Sun, 13 Oct 2013 19:07:24 +0400

YaFinder �� YaFinder � �� .
�� , �� . ))
13.10.2013 19:07:24, ��.

YaFinder

Sun, 13 Oct 2013 19:06:14 +0400

YaFinder �� YaFinder � �� .

====quote====
�� url �� exe
=============
��, ��-�� . � url-�� .

��,
��
http://forum.esetnod32.ru/forum9/topic682/
13.10.2013 19:06:14, santy.

YaFinder

Sun, 13 Oct 2013 19:05:30 +0400

YaFinder �� YaFinder � �� .
�� , �� , �� url �� exe � �� . ��.
13.10.2013 19:05:30, ��.

YaFinder

Sun, 13 Oct 2013 18:41:52 +0400

YaFinder �� YaFinder � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
====code====

;uVS v3.81.7 [http://dsrt.dyndns.org]
;Target OS: NTv6.1

OFFSGNSAVE
zoo %SystemDrive%\USERS\����\APPDATA\LOCAL\YANDEX\UPDATER\PRAETORIAN.EXE
addsgn 1AF67A9B5583358CF42B254E3143FE547601B9FA0A3A13F1C03FA1374DD6714C239CC0339D559D492B0BC197CD4B457110236311A9255077E4B5AC2F9F5FA577 8 praetorian

zoo %SystemDrive%\USERS\����\APPDATA\LOCAL\MEDIAGET2\MEDIAGET.EXE
addsgn 1A65719A55839B8EF42B5194406C9105DAAF40530AFAE05DD96646BCAFF329E9A01748A86BDE71B65E886C1EB3E9B6A3201C638D00515C71C46AA42FC7CADD56 8 mediaget

delall %SystemDrive%\USERS\����\APPDATA\LOCAL\SWVUPDATER\UPDATER.EXE
;------------------------autoscript---------------------------

chklst
delvir

delref %SystemDrive%\USERS\����\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\TOPFACE.LNK

delref HTTP://SEARCH.TICNO.COM/?C=T&Q=

delref HTTP://START.TICNO.COM?KEY=D619DF6C-2394-4CB5-9741-F30CD6E36259

delref HTTP://SEARCH.CONDUIT.COM/?CTID=CT3289075&CUI=UN28215053257282820&UM=1&SEARCHSOURCE=13
delref HTTP://SEARCH.CONDUIT.COM/?CTID=CT3289075&SEARCHSOURCE=48&CUI=UN34300061532748025&UM=1

delref IEXPLORE.EXE

delref HTTP://WEBALTA.RU/SEARCH

delref %SystemDrive%\PROGRAM FILES\TICNO\TABS\TICNOTABSBHO120618.DLL

delref %SystemDrive%\PROGRAM FILES\TICNO\TABS\UPDATER.DLL

delref %SystemDrive%\PROGRAM FILES\TICNO\TABS\SQLITE3.DLL

; Java(TM) 6 Update 38
exec MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216038FF} /quiet

deltmp
delnfr
;-------------------------------------------------------------

restart

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic682/
13.10.2013 18:41:52, santy.

YaFinder

Sun, 13 Oct 2013 18:37:44 +0400

YaFinder �� YaFinder � �� .
�� , �� . �� .
��-��_2013-10-13_18-27-50.7z
13.10.2013 18:37:44, ��.

����� esetnod32.ru [����: YaFinder]

YaFinder

YaFinder

YaFinder

YaFinder

YaFinder

YaFinder

YaFinder

YaFinder

�� esetnod32.ru [��: YaFinder]