�� esetnod32.ru [��: �� ]

��

Sun, 11 Dec 2016 17:47:40 +0300

��  �� . � �� .
1) �� :
https://support.google.com/chrome/answer/3296214?hl=ru

2) �� 1. �� :
� �� Google
��: http://my-chrome.ru/2013/05/kak-pravilno-otklyuchit-sinxronizaciyu-v-google-chrome/
�� ...
�� . �� :

1. �� Windows XP
C:\Documents and Settings\Local Settings\Application Data\google\chrome\user data

2. �� Windows Vista/7
C:\Users\�� \AppData\Local\Google\Chrome\user data

* �� AppData \ Application Data � � �� .

�� PC

��
�� : https://www.google.com/chrome/browser/desktop/index.html
* �� ...
�� : https://support.google.com/chrome/answer/96816?hl=ru
11.12.2016 17:47:40, RP55 RP55.

��

Sun, 11 Dec 2016 15:51:07 +0300

��  �� . � �� .
FRST �� . �� , �� , �� , �� adw
AdwCleaner[C0].txt
11.12.2016 15:51:07, �� .

��

Sun, 11 Dec 2016 11:03:52 +0300

��  �� . � �� .
1) � Malwarebytes - �� .
( �� )

2) �� AdwCleaner
http://forum.esetnod32.ru/forum9/topic7084/

3) �� uVS
http://pchelpforum.ru/f26/t141222/3/#post1256024

�� :
�� Mail.Ru � Yandex �� ( �� )
�� :
�� (Folders) �� Mail.Ru � Yandex �� [V]

�� AdwCleaner �� (Clean), ��
� ��

4) �� FRST: http://forum.esetnod32.ru/forum9/topic2798/
11.12.2016 11:03:52, RP55 RP55.

��

Sun, 11 Dec 2016 10:49:58 +0300

��  �� . � �� .
�� , �� , �� , �� , ��
12.txt
11.12.2016 10:49:58, �� .

��

Sun, 11 Dec 2016 09:12:15 +0300

��  �� . � �� .
��

�� - � �� .
uVS: start.exe, �� , ��, �� - �� .
�� , �� !
�� : �� !

====code====


;uVS v3.87.7 [http://dsrt.dyndns.org]
;Target OS: NTv10.0
OFFSGNSAVE
;------------------------autoscript---------------------------

chklst
delvir

delref HTTPS://CLIENTS2.GOOGLE.COM/CR/REPORT

delref %SystemDrive%\USERS\����\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IESEARCHPLUGIN.DLL
del %SystemDrive%\USERS\����\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IESEARCHPLUGIN.DLL

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBGCIFLJFAPBHGIEHKJLCKFJMGEOJIJCB%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBKNBNAPADDJDNBILPMLACDKJDKJMBJHD%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCCFIFBOJENKENPKMNBNNDEADPFDIFFOF%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEHFJIHAHBPHDPLJPIADBKMGMHNFEHHGI%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DFDJDJKKJOIOMAFNIHNOBKINNFJNNLHDG%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOELPKEPJLGMEHAJEHFEICFBJDIOBDKFJ%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD%26INSTALLSOURCE%3DONDEMAND%26UC

delref HTTP://WWW.BING.COM/SEARCH?Q={SEARCHTERMS}&FORM=IE8SRC
delref HTTP://TANKIONLINE.COM/RU/
delref HTTP://GO.MAIL.RU/DISTIB/EP/?PRODUCT_ID=%7B518C4C82-4533-496E-A88F-160B6AE88647%7D&GP=822363
delref HTTP://WWW.BING.COM/SEARCH?Q={SEARCHTERMS}&SRC=IE-SEARCHBOX&FORM=IESR02
delref HTTP://GO.MAIL.RU/DISTIB/EP/?Q={SEARCHTERMS}&PRODUCT_ID=%7B6BE4EECB-F78D-488B-9DF1-21F4854FBA75%7D&GP=822363
delref HTTP://MAIL.RU/CNT/10445?GP=822353
delref HTTP:\\WWW.MAIL.RU\CNT\20775012?GP=820463
;-------------------------------------------------------------

delall %SystemDrive%\USERS\����\APPDATA\LOCAL\HOSTINSTALLER\1154026396_MONSTER.EXE
delall %SystemDrive%\USERS\����\APPDATA\LOCAL\SYSTEMMONITOR2016\1154026396.EXE
deltmp
delnfr
restart

=============

+
�� (�� ) �� Malwarebytes
http://forum.esetnod32.ru/forum9/topic10688/

�� : �� .
�� ( � �� ).
�� .txt ( �� )
11.12.2016 09:12:15, RP55 RP55.

��

Sun, 11 Dec 2016 08:51:40 +0300

��  �� . � �� .
��
��-��_2016-12-11_10-42-31.7z
11.12.2016 08:51:40, �� .

��

Sat, 10 Dec 2016 20:11:50 +0300

��  �� . � �� .
��

�� uVS
http://forum.esetnod32.ru/forum9/topic2687/
10.12.2016 20:11:50, RP55 RP55.

��

Sat, 10 Dec 2016 19:19:27 +0300

��  �� . � �� .
�� , ��

�� , �� ? �� ? win10 ��
10.12.2016 19:19:27, �� .

��

Mon, 28 Nov 2016 09:10:33 +0300

��  �� . � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v3.87.8 [http://dsrt.dyndns.org]
;Target OS: NTv10.0
OFFSGNSAVE
zoo %SystemRoot%\SYSWOW64\NOD32P.EXE
deltmp
delnfr
czoo
restart

=============
��, �� .
�� uVS (�� : ZOO_yyyy-mm-dd_hh-mm-ss.rar/�� 7z) �� sendvirus2011@gmail.com, safety@chklst.ru
------------
28.11.2016 09:10:33, santy.

��

Fri, 25 Nov 2016 15:43:10 +0300

��  �� . � �� .
�� ?

====quote====
�� C:\WINDOWS\SYSWOW64\NOD32P.EXE
�� NOD32P.EXE
��. ��

www.virustotal.com 2015-02-24
- �� .

��
��
�� 32-� ��
File_Id 2A425E196C000
Linker 2.25
�� 414208 ��
�� 06.08.2011 � 17:52:47
�� 24.04.2005 � 10:18:25

TimeStamp 19.06.1992 � 22:22:17
EntryPoint +
OS Version 4.0
Subsystem Windows graphical user interface (GUI) subsystem
IMAGE_FILE_DLL -
IMAGE_FILE_EXECUTABLE_IMAGE +
�� 32-� ��
��. ��

��. ��
pid = 2148 NT AUTHORITY\��
CmdLine C:\Windows\SysWOW64\nod32p.exe
�� 10:49:40 [2016.11.21]
� �� 96:10:15
parentid = 744
SHA1 01892B1E0623C29DC051E5582B22D6910206AFBF
MD5 5F253E65C4E6F082D1D129297E1BAA63

��
�� HKLM\System\CurrentControlSet\Services\nod32p\ImagePath
ImagePath C:\Windows\SysWOW64\nod32p.exe
nod32p �� : �� (2)
Prefetcher C:\WINDOWS\Prefetch\Layout.ini

�� EXE � DLL
NOD32P.EXE C:\WINDOWS\SYSWOW64

=============

25.11.2016 15:43:10, santy.

��

Fri, 25 Nov 2016 11:30:54 +0300

��  �� . � �� .
�� . �� . ��.

��-��_2016-11-25_10-59-43.rar
25.11.2016 11:30:54, �� .

����� esetnod32.ru [����: ����� ������������]

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

�� esetnod32.ru [��: �� ]

��

��

��

��

��

��

��

��

��

��

��