�� esetnod32.ru [��: �� .]

�� .

Thu, 08 Sep 2016 06:05:47 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .

====quote====
�� :
�� , ��!
�� .
=============

====quote====
�� : bank_tr
--------------------------------------------------------
zoo %SystemDrive%\DOCUMENTS AND SETTINGS\DIMA\APPLICATION DATA\{212FE02D-BCAD-4D14-38FE-EF0B09899320}\SEOPKZSZL.DOHTYOJ
--------------------------------------------------------
�� Zoo: \\?\C:\DOCUMENTS AND SETTINGS\DIMA\APPLICATION DATA\{212FE02D-BCAD-4D14-38FE-EF0B09899320}\SEOPKZSZL.DOHTYOJ
�� ZOO: C:\DOWNLOADS\��\UVS_V387\ZOO\SEOPKZSZL.DOHTYOJ._A0CFEDF49ED013842C4C9A23FC095E46FC85E9D2

=============
��,
�� ZOO* �� , �� : http://sendspace.com � �� , �� safety@chklst.ru

��, �� RP55 �� .
08.09.2016 06:05:47, santy.

�� .

Sun, 04 Sep 2016 19:40:33 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .
1) � �� .

��.
2) �� AdwCleaner
http://forum.esetnod32.ru/forum9/topic7084/

�� :
�� Mail.Ru � Yandex �� ( �� )
�� :
�� (Folders) �� Mail.Ru � Yandex �� [V]

�� AdwCleaner �� (Clean), ��
� ��

3) FRST: http://forum.esetnod32.ru/forum9/topic2798/
04.09.2016 19:40:33, RP55 RP55.

�� .

Sun, 04 Sep 2016 19:33:47 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .
��
04.09.16.txt
04.09.2016 19:33:47, �� .

�� .

Sun, 04 Sep 2016 03:58:26 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .
�� .

�� .

�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v3.87.4 [http://dsrt.dyndns.org]
;Target OS: NTv5.1
OFFSGNSAVE
zoo %SystemDrive%\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\YANDEX\UPDATER\PRAETORIAN.EXE
addsgn 1AD78B9A5583358CF42B254E3143FE547601B9FA0A3A13F1C03FA1374DD6714C239CC0339D559D492B0BC197CD4B457110236311A9255077E4B5AC2F9F5FA577 8 praetorian

;------------------------autoscript---------------------------

chklst
delvir

delref HTTP://CRASH-REPORTS.BROWSER.YANDEX.NET/SUBMIT

delref IUOZLT.EXE

deldirex %SystemDrive%\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\UNITY\WEBPLAYER\LOADER

deldirex %SystemDrive%\DOCUMENTS AND SETTINGS\DIMA\LOCAL SETTINGS\APPLICATION DATA\UNITY\WEBPLAYER\LOADER

delref %Sys32%\D3DADAPTER.DLL

delref %Sys32%\KBDMAI.DLL

delref %Sys32%\WSAUDIO.DLL

deldirex %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BDDOWNLOAD\108

deldirex %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645

; Mobogenie
exec C:\Program Files\Mobogenie\uninst.exe
; SmilesExtensions version 2.1
exec C:\Program Files\smwdgt\unins000.exe
deltmp
delnfr
;-------------------------------------------------------------

restart

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
04.09.2016 03:58:26, santy.

�� .

Sat, 03 Sep 2016 21:46:42 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .
�� - � �� .
uVS: start.exe, �� , ��, �� - �� .
�� , �� !
�� : �� !
�� : �� !

====code====


;uVS v3.87.4 [http://dsrt.dyndns.org]
;Target OS: NTv5.1
OFFSGNSAVE
delref IUOZLT.EXE
delall %SystemDrive%\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MAIL.RU\MAILRUUPDATER.EXE
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BDSGBUGRPT.EXE
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BDSGBUGRPT.EXE
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BDDOWNLOAD\108\BDDOWNLOADER.EXE
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BDDOWNLOAD\108\BDDOWNLOADER.EXE
delall %SystemDrive%\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\YANDEX\UPDATER\PRAETORIAN.EXE
delall %SystemDrive%\DOCUMENTS AND SETTINGS\DIMA\LOCAL SETTINGS\APPLICATION DATA\MAIL.RU\MAILRUUPDATER.EXE
delall %SystemDrive%\PROGRAM FILES\MAIL.RU\MAILRUUPDATER\MAILRUUPDATER.EXE
delall %SystemDrive%\PROGRAM FILES\MAIL.RU\SPUTNIK\SPUTNIKHELPER.EXE
uidel C:\Documents and Settings\Dima\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe uninstall
uidel "C:\Program Files\baidu\unins000.exe"
deltmp
delnfr
restart

=============

�� , �� .
03.09.2016 21:46:42, RP55 RP55.

�� .

Sat, 03 Sep 2016 20:22:41 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .
�� , ��!
�� .
NONE-C772AB5EDC_2016-09-03_21-11-49.TXT
2016-09-03_20-50-16_log.txt
03.09.2016 20:22:41, �� .

�� .

Fri, 02 Sep 2016 19:13:32 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .
��,

�� -�� ?

�� :

�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v3.87.4 [http://dsrt.dyndns.org]
;Target OS: NTv5.1
OFFSGNSAVE
zoo %SystemDrive%\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\YANDEX\UPDATER\PRAETORIAN.EXE
addsgn 1AD78B9A5583358CF42B254E3143FE547601B9FA0A3A13F1C03FA1374DD6714C239CC0339D559D492B0BC197CD4B457110236311A9255077E4B5AC2F9F5FA577 8 praetorian

addsgn 1A3B5A9A55835A8CF42BF8DB65A016B0648A770761291F788504C3543C9771C7E5490002B5B91EA5276B8960331EA1A352DFE8F79583C423D202ACC7B8282273 64 bank_tr

zoo %SystemDrive%\DOCUMENTS AND SETTINGS\DIMA\APPLICATION DATA\{212FE02D-BCAD-4D14-38FE-EF0B09899320}\SEOPKZSZL.DOHTYOJ

CZOO

sreg
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BAIDUPROTECT.EXE
delref %Sys32%\DRIVERS\BD0004.SYS
delref %Sys32%\DRIVERS\BDARKIT.SYS
delref %Sys32%\DRIVERS\BDMWRENCH.SYS
delref %Sys32%\DRIVERS\BDSAFEBROWSER.SYS
delref HTTP://YAMDEX.NET/?SEARCHID=1&L10N=RU&FROMSEARCH=1&IMSID=3FC9EFB4FF3FC7AC4FB910EE3C327BAA&TEXT={SEARCHTERMS}
delref %SystemDrive%\DOCUMENTS AND SETTINGS\DIMA\APPLICATION DATA\{212FE02D-BCAD-4D14-38FE-EF0B09899320}\SEOPKZSZL.DOHTYOJ
delref HTTP://UTROM.ORG/ZM/
areg

=============
��, �� .
�� uVS (�� : ZOO_2012-12-31_23-59-59.rar/7z) �� rghost.ru � �� safety@chklst.ru
------------
��,
�� .
+
��
http://forum.esetnod32.ru/forum9/topic1408/

+
�� uVS
�� _��log.txt � �� uVS
02.09.2016 19:13:32, santy.

�� .

Fri, 02 Sep 2016 16:16:59 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .
santy,
� �� , �� ?
02.09.2016 16:16:59, �� .

�� .

Fri, 02 Sep 2016 16:15:13 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .
�� , �� "�� , �� uVS , �� "
�� = svchost.exe(2528) - �� Win32/Qadars.AL �� - ��
NONE-C772AB5EDC_2016-09-02_17-13-38.TXT
02.09.2016 16:15:13, �� .

�� .

Fri, 02 Sep 2016 06:25:07 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .
�� ,
�� ?
02.09.2016 06:25:07, santy.

�� .

Thu, 01 Sep 2016 21:48:22 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .
+

��
http://forum.esetnod32.ru/forum9/topic1408/

+

�� :
� �� .
�� .
��: ( 2012-05-18_02-15-25_log.txt )
01.09.2016 21:48:22, RP55 RP55.

�� .

Thu, 01 Sep 2016 21:37:46 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .
�� - � �� .
uVS: start.exe, �� , ��, �� - �� .
�� , �� !
�� : �� !

====code====


;uVS v3.87.4 [http://dsrt.dyndns.org]
;Target OS: NTv5.1
OFFSGNSAVE
delref HTTP://UTROM.ORG/ZM/
delref HTTP://YAMDEX.NET/?SEARCHID=1&L10N=RU&FROMSEARCH=1&IMSID=3FC9EFB4FF3FC7AC4FB910EE3C327BAA&TEXT={SEARCHTERMS}
delref IUOZLT.EXE
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\AD.DLL
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\AD.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BAIDUPROTECT.EXE
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BAIDUPROTECT.EXE
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BDKITUTILS.DLL
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BDKITUTILS.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BDLOGICUTILS.DLL
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BDLOGICUTILS.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BDMNET.DLL
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BDMNET.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BDMREPORT.DLL
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BDMREPORT.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BDSG0001.DLL
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BDSG0001.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BDSGBUGRPT.EXE
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\BDSGBUGRPT.EXE
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\DRIVERMANAGER.DLL
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\DRIVERMANAGER.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\SAFEBROWSERDLL.DLL
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\SAFEBROWSERDLL.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\SAFEEXPLORER.DLL
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\SAFEEXPLORER.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\PLUGINS\BAIDUREPAIR.DLL
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\PLUGINS\BAIDUREPAIR.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\PLUGINS\HIPS.DLL
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BAIDUPROTECT1.3\1.3.0.645\PLUGINS\HIPS.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BDDOWNLOAD\108\BDDOWNLOADER.EXE
del %SystemDrive%\PROGRAM FILES\COMMON FILES\BAIDU\BDDOWNLOAD\108\BDDOWNLOADER.EXE
delref %Sys32%\DRIVERS\BD0004.SYS
del %Sys32%\DRIVERS\BD0004.SYS
delref %Sys32%\DRIVERS\BDMWRENCH.SYS
del %Sys32%\DRIVERS\BDMWRENCH.SYS
delref %Sys32%\DRIVERS\BDARKIT.SYS
del %Sys32%\DRIVERS\BDARKIT.SYS
delall %SystemDrive%\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\YANDEX\UPDATER\PRAETORIAN.EXE
delall %SystemDrive%\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MAIL.RU\MAILRUUPDATER.EXE
delall %SystemDrive%\DOCUMENTS AND SETTINGS\DIMA\LOCAL SETTINGS\APPLICATION DATA\MAIL.RU\MAILRUUPDATER.EXE
delall %SystemDrive%\PROGRAM FILES\MAIL.RU\MAILRUUPDATER\MAILRUUPDATER.EXE
zoo %SystemDrive%\DOCUMENTS AND SETTINGS\DIMA\APPLICATION DATA\{212FE02D-BCAD-4D14-38FE-EF0B09899320}\SEOPKZSZL.DOHTYOJ
bl B66C7DA0BBDE48A51F32BB60D4EC2F9A 174260224
addsgn 1A801F9A55835A8CF42B25F540CC21CC1E8E316630B81F0C978246457DAA80C16BFA40AE2F22912326D8471442DBDD433FDF2B7711254FD34779FD140F1DE250 64 Qadars.AL
chklst
delvir
delref %SystemDrive%\DOCUMENTS AND SETTINGS\DIMA\APPLICATION DATA\{212FE02D-BCAD-4D14-38FE-EF0B09899320}\SEOPKZSZL.DOHTYOJ
delall %SystemDrive%\DOCUMENTS AND SETTINGS\DIMA\APPLICATION DATA\{212FE02D-BCAD-4D14-38FE-EF0B09899320}\SEOPKZSZL.DOHTYOJ
delall %SystemDrive%\PROGRAM FILES\MAIL.RU\SPUTNIK\SPUTNIKHELPER.EXE
delall %SystemDrive%\DOCUMENTS AND SETTINGS\DIMA\APPLICATION DATA\TOR.EXE
uidel C:\Documents and Settings\Dima\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe uninstall
uidel MsiExec.exe /I{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}
uidel "C:\Program Files\baidu\unins000.exe"
deltmp
delnfr
restart

=============

+
�� (�� ) �� Malwarebytes
http://forum.esetnod32.ru/forum9/topic10688/

�� : �� .
�� ( � �� ).
�� .txt ( �� )
01.09.2016 21:37:46, RP55 RP55.

�� .

Thu, 01 Sep 2016 17:57:00 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .
��
NONE-C772AB5EDC_2016-09-01_18-51-07.TXT
01.09.2016 17:57:00, �� .

�� .

Tue, 30 Aug 2016 20:39:34 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .
�� uVS
http://forum.esetnod32.ru/forum9/topic2687/
30.08.2016 20:39:34, RP55 RP55.

�� .

Tue, 30 Aug 2016 18:26:54 +0300

�� . �� = svchost.exe(3472) - �� Win32/Qadars.AL �� - �� , � �� .
�� , �� .. �� ?
�� = svchost.exe(3472) - �� Win32/Qadars.AL �� - ��
30.08.2016 18:26:54, �� .

����� esetnod32.ru [����: �������� ���������� � ���������.]

�������� ���������� � ���������.

�������� ���������� � ���������.

�������� ���������� � ���������.

�������� ���������� � ���������.

�������� ���������� � ���������.

�������� ���������� � ���������.

�������� ���������� � ���������.

�������� ���������� � ���������.

�������� ���������� � ���������.

�������� ���������� � ���������.

�������� ���������� � ���������.

�������� ���������� � ���������.

�������� ���������� � ���������.

�������� ���������� � ���������.

�������� ���������� � ���������.

�� esetnod32.ru [��: �� .]

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .

�� .