�� esetnod32.ru [��: �� ARP]

�� ARP

Wed, 23 Dec 2015 06:31:08 +0300

�� ARP � �� .
�� "��".
�� .
�� -�� , �� , �� .

�� , �� .
� �� , �� _�� , �� .
23.12.2015 06:31:08, santy.

�� ARP

Tue, 22 Dec 2015 14:28:27 +0300

�� ARP � �� .

====quote====
santy ��:
�� :
http://forum.esetnod32.ru/forum9/topic12354/
=============
�� , �� . �� , �� "�� "
��, �� AdwCleaner[S1].txt , FRST.txt, Addition.txt � �.�.? � �� . �� ? �� ? �� , �� , �� .
� �� ?
22.12.2015 14:28:27, marina Bukhal.

�� ARP

Mon, 21 Dec 2015 18:52:50 +0300

�� ARP � �� .
�� :
http://forum.esetnod32.ru/forum9/topic12354/
21.12.2015 18:52:50, santy.

�� ARP

Mon, 21 Dec 2015 17:08:29 +0300

�� ARP � �� .

====quote====
santy ��:
6. �� fixlist.txt � �� Farbar Recovery Scan Tool:
�� FRST � �� Fix � ��. �� -�� (Fixlog.txt). ��, �� !
=============

Fixlog.txt
21.12.2015 17:08:29, marina Bukhal.

�� ARP

Mon, 21 Dec 2015 16:34:22 +0300

�� ARP � �� .
6. �� fixlist.txt � �� Farbar Recovery Scan Tool:
�� FRST � �� Fix � ��. �� -�� (Fixlog.txt). ��, �� !

====code====

CHR HKLM-x32\...\Chrome\Extension: [hcncjpganfocbfoenaemagjjopkkindp] - <no Path/update_url>
OPR Extension: (Quick Searcher) - C:\Users\�������������\AppData\Roaming\Opera Software\Opera Stable\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-09-08]
EmptyTemp:
Reboot:

=============
21.12.2015 16:34:22, santy.

�� ARP

Mon, 21 Dec 2015 11:59:03 +0300

�� ARP � �� .

====quote====
santy ��:
5.�� FRST
http://pchelpforum.ru/f26/t24207/2/#post1257991
=============
�� FRST:
FRST.txt
Addition.txt
21.12.2015 11:59:03, marina Bukhal.

�� ARP

Mon, 21 Dec 2015 11:53:19 +0300

�� ARP � �� .

====quote====
santy ��:
=============

====quote====
��,

3.��
http://forum.esetnod32.ru/forum9/topic7084/

*****
4.� ��, �� ,
� �� mail.ru, yandex (�� )
��

=============
�� :
AdwCleaner[S1].txt
21.12.2015 11:53:19, marina Bukhal.

�� ARP

Mon, 21 Dec 2015 11:18:05 +0300

�� ARP � �� .
��,

3.��
http://forum.esetnod32.ru/forum9/topic7084/

*****
4.� ��, �� ,
� �� �� �� mail.ru, yandex (�� )
�� ��
��,

5.�� FRST
http://pchelpforum.ru/f26/t24207/2/#post1257991
21.12.2015 11:18:05, santy.

�� ARP

Mon, 21 Dec 2015 09:58:36 +0300

�� ARP � �� .

====quote====
santy ��:
�� .
�� , �� . �� .
=============

18.12.2015.txt
21.12.2015 09:58:36, marina Bukhal.

�� ARP

Mon, 21 Dec 2015 09:42:55 +0300

�� ARP � �� .
�� .
�� , �� . �� .
21.12.2015 09:42:55, santy.

�� ARP

Mon, 21 Dec 2015 08:20:54 +0300

�� ARP � �� .

====quote====
santy ��:
�� , ��, �� , �� , �� , ��
=============
�� ! �� . �� ?

21.12.2015 08:20:54, marina Bukhal.

�� ARP

Fri, 18 Dec 2015 18:22:44 +0300

�� ARP � �� .
�� , ��, �� , �� , �� , ��
18.12.2015 18:22:44, santy.

�� ARP

Fri, 18 Dec 2015 16:02:49 +0300

�� ARP � �� .

====quote====
santy ��:
�� , � ��
=============
�� ?
18.12.2015 16:02:49, marina Bukhal.

�� ARP

Fri, 18 Dec 2015 15:56:31 +0300

�� ARP � �� .
�� , � ��
18.12.2015 15:56:31, santy.

�� ARP

Fri, 18 Dec 2015 15:07:40 +0300

�� ARP � �� .

====quote====
marina Bukhal ��:
�� . �� ... �� ?
=============
�, ��, �� AsusSetup. � � �� Asus, � ��. � "�� " �� Asus ��...
18.12.2015 15:07:40, marina Bukhal.

�� ARP

Fri, 18 Dec 2015 14:58:14 +0300

�� ARP � �� .

====quote====
santy ��:

��,
��
http://forum.esetnod32.ru/forum9/topic10688/
=============
�� malwarebytes. �� . �� ? �� ?

18.12.2015 14:58:14, marina Bukhal.

�� ARP

Fri, 18 Dec 2015 14:40:19 +0300

�� ARP � �� .
�� . �� ... �� ?

18.12.2015 14:40:19, marina Bukhal.

�� ARP

Fri, 18 Dec 2015 13:26:41 +0300

�� ARP � �� .
�� :

�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v3.86.7 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v385c
OFFSGNSAVE

;------------------------autoscript---------------------------

chklst
delvir

deldirex %SystemDrive%\PROGRAM FILES (X86)\GLOBALUPDATE\UPDATE

delref %SystemDrive%\USERS\&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;\APPDATA\ROAMING\MGMXSGV5AT0I5FUH3ASSALBW.EXE

deldirex %SystemDrive%\PROGRAM FILES (X86)\GLOBALUPDATE\UPDATE\1.3.25.0

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBGKNPFANCPEAMEJMCOOEDLJJNADDLDHG%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCEGDOMHOCAEOEDBDPFOLMGJKJAIJFOMO%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGDKNICMNHBAAJDGLBINPAHHAPGHPAKCH%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGNDACICECCGAPJHPNIECKNJLMMLANAEM%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DILAMGBDAEBKBPKKMFMMFBNAAMKHIJDEK%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DJEDELKHANEFMCNPAPPFHACHBPNLHOMAI%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DJGGBJBMNFMIPGCANIDAMJFPECHDEEKOI%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DKPPACDMMDDEDIAHKLMCGKGDHHOOJEMMD%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DLANABBPAHPJNALJEBNPGKJEMCBKEPIAK%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOFDGAFMDEGFKHFDFKMLLFEFMCMCJLLEC%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPGANLGLBHGFJFGOPIJBHEMCPBEHJNPIA%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPLDBIENODKPGKCCOCELIDINMCIEDJDOK%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPNOOFFJHCLKOCPLOPFFDBCDGHMIFFHJI%26INSTALLSOURCE%3DONDEMAND%26UC

deldirex %SystemDrive%\PROGRAM FILES (X86)\ZAXAR

delref %SystemDrive%\PROGRAMDATA\TIMETASKS\TIMETASKS.EXE"

delref %SystemDrive%\USERS\�������������\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\ILAMGBDAEBKBPKKMFMMFBNAAMKHIJDEK\4.0.5_0\����� MAIL.RU

delref %SystemDrive%\USERS\�������������\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\LANABBPAHPJNALJEBNPGKJEMCBKEPIAK\2.0.2_0\����� MAIL.RU

deldirex %SystemDrive%\USERS\�������������\APPDATA\LOCAL\KOMETA\APPLICATION

; etranslator
exec  C:\Users\�������������\AppData\Roaming\eTranslator\eTranslator.exe" /uninstall
deltmp
delnfr
;-------------------------------------------------------------

restart

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
18.12.2015 13:26:41, santy.

�� ARP

Fri, 18 Dec 2015 12:55:12 +0300

�� ARP � �� .
�� , �� , �� , �� IP-�� , �� (�� ARP) �� . �� , �� ...
18.12.2015 12:55:12, marina Bukhal.

�� ARP

Fri, 18 Dec 2015 12:48:39 +0300

�� ARP � �� .
��
XTREME-KN2D2TQJ_2015-12-18_12-44-49.7z
18.12.2015 12:48:39, marina Bukhal.

�� ARP

Fri, 18 Dec 2015 12:43:50 +0300

�� ARP � �� .

====quote====
santy ��:
�� ,
�� . ��
=============
��, ��. �� , ��
18.12.2015 12:43:50, marina Bukhal.

�� ARP

Fri, 18 Dec 2015 12:41:01 +0300

�� ARP � �� .
�� ,
�� . ��
18.12.2015 12:41:01, santy.

�� ARP

Fri, 18 Dec 2015 12:37:04 +0300

�� ARP � �� .

====quote====
santy ��:
��
http://forum.esetnod32.ru/forum9/topic2687/
=============
�� ?
18.12.2015 12:37:04, marina Bukhal.

�� ARP

Fri, 18 Dec 2015 12:29:35 +0300

�� ARP � �� .
��
http://forum.esetnod32.ru/forum9/topic2687/
18.12.2015 12:29:35, santy.

�� ARP

Fri, 18 Dec 2015 11:29:06 +0300

�� ARP � �� .
��! �� (ESET Smart Security) �� ARP. �� , � �� IP-�� , � �� . � �� IP-��. �� , �� . �� , �� . �� ?

18.12.2015 11:29:06, marina Bukhal.

�� ARP

Fri, 04 Dec 2015 16:49:17 +0300

�� ARP � �� .
�� !

� �� UVS �� script.cmd
�� , �� ,
�� �� �� �� � �� .
�� , �� !

====code====

;uVS v3.86.7 [http://dsrt.dyndns.org]
;Target OS: NTv5.1
v385c
zoo %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\APPLICATION DATA\PRIVOXY\PRIVOXY.EXE
dirzoo %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\APPLICATION DATA\PRIVOXY
unload %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\APPLICATION DATA\PRIVOXY\PRIVOXY.EXE
deldir %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\APPLICATION DATA\PRIVOXY
zoo %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\LOCAL SETTINGS\TEMP\MAILRUHOMESEARCH.EXE
delall %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\LOCAL SETTINGS\TEMP\MAILRUHOMESEARCH.EXE
zoo %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\LOCAL SETTINGS\TEMP\HYD12E.TMP.1447689003\HTA\3RDPARTY\OCCOMSDK.DLL
delall %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\LOCAL SETTINGS\TEMP\HYD12E.TMP.1447689003\HTA\3RDPARTY\OCCOMSDK.DLL
delall %SystemDrive%\IEXPLORE.BAT
delall %SystemDrive%\OPERA.BAT
delref HTTP:\\SEARCHSY-POISK.RU
delall %SystemDrive%\PROGRAM FILES\ZAXAR\ZAXARGAMEBROWSER.EXE
deldir %SystemDrive%\PROGRAM FILES\ZAXAR
delref %SystemDrive%\PROGRAMDATA\TIMETASKS\TIMETASKS.EXE"
deldir %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\LOCAL SETTINGS\APPLICATION DATA\CUPOINT
deldir %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\LOCAL SETTINGS\APPLICATION DATA\MORESKIDKI
delall %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\LOCAL SETTINGS\TEMP\AMIGODISTRIB.EXE
delall %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\LOCAL SETTINGS\TEMP\INSTHELPER.EXE
delall %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\LOCAL SETTINGS\TEMP\SET12.TMP
delall %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\LOCAL SETTINGS\TEMP\SET1C.TMP
delall %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\LOCAL SETTINGS\TEMP\SET27.TMP
delall %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\LOCAL SETTINGS\TEMP\SETA.TMP
delall %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\LOCAL SETTINGS\TEMP\SETD.TMP
delall %SystemDrive%\DOCUMENTS AND SETTINGS\�������������\������� ����\���������\MORESKIDKI\MORESKIDKI.LNK
exec Updater\Updater.exe -uninstall
regt 28
regt 29
deltmp
delnfr
restart

============= � �� ��.
��
�� .

� �� UVS �� zoo, �� , �� virus � �� sendvirus2011@gmail.com

��(�� ) �� MBAM
http://forum.esetnod32.ru/forum9/topic10688/
�� �� . ��
04.12.2015 16:49:17, zloyDi.

�� ARP

Fri, 04 Dec 2015 12:39:45 +0300

�� ARP � �� .
��! � �� ARP. �� UVS. �� ! ��
SERVER_2015-12-04_14-14-46.rar
04.12.2015 12:39:45, �� .

����� esetnod32.ru [����: ����� ����� �������� ������� ���� ARP]

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

����� ����� �������� ������� ���� ARP

�� esetnod32.ru [��: �� ARP]

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP

�� ARP