�� esetnod32.ru [��: �� "�� " wsaudio.com/index.php]

�� "�� " wsaudio.com/index.php

Thu, 11 May 2017 13:47:34 +0300

�� "�� " wsaudio.com/index.php Stantinko � �� .
��
https://forum.esetnod32.ru/forum9/topic13764//
11.05.2017 13:47:34, santy.

�� "�� " wsaudio.com/index.php

Thu, 11 May 2017 11:39:57 +0300

�� "�� " wsaudio.com/index.php Stantinko � �� .

====quote====
santy ��:
6. �� fixlist.txt � �� Farbar Recovery Scan Tool:
�� FRST � �� Fix � ��. �� -�� (Fixlog.txt). ��, �� !

====quote====
IFEO\foxitreader.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
S2 ihctrl32; %SystemRoot%\System32\ihctrl32.dll [X]
S3 vpeohyfr; \\?\C:\USERS\ALEKSEY\DOWNLOADS\��\pemmek !\\-1\000 [X]
S2 wsaudio; %SystemRoot%\System32\wsaudio.dll [X]
EmptyTemp:
Reboot:

=============

=============

Fixlog.txt
11.05.2017 11:39:57, �� .

�� "�� " wsaudio.com/index.php

Thu, 11 May 2017 11:18:55 +0300

�� "�� " wsaudio.com/index.php Stantinko � �� .
6. �� fixlist.txt � �� Farbar Recovery Scan Tool:
�� FRST � �� Fix � ��. �� -�� (Fixlog.txt). ��, �� !

====quote====
IFEO\foxitreader.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
S2 ihctrl32; %SystemRoot%\System32\ihctrl32.dll [X]
S3 vpeohyfr; \\?\C:\USERS\ALEKSEY\DOWNLOADS\��\pemmek !\\-1\000 [X]
S2 wsaudio; %SystemRoot%\System32\wsaudio.dll [X]
EmptyTemp:
Reboot:

=============

11.05.2017 11:18:55, santy.

�� "�� " wsaudio.com/index.php

Thu, 11 May 2017 11:05:28 +0300

�� "�� " wsaudio.com/index.php Stantinko � �� .

====quote====
santy ��:
2.��
��
��,
3.��
http://forum.esetnod32.ru/forum9/topic7084/

*****
4.� ��, �� ,
� �� mail.ru, yandex (�� )
��
��,

5.�� FRST
http://forum.esetnod32.ru/forum9/topic2798/
=============

Addition 1.txt
FRST 1.txt
11.05.2017 11:05:28, �� .

�� "�� " wsaudio.com/index.php

Thu, 11 May 2017 02:10:49 +0300

�� "�� " wsaudio.com/index.php Stantinko � �� .
2.��
��
��,
3.��
http://forum.esetnod32.ru/forum9/topic7084/

*****
4.� ��, �� ,
� �� �� �� mail.ru, yandex (�� )
�� ��
��,

5.�� FRST
http://forum.esetnod32.ru/forum9/topic2798/
11.05.2017 02:10:49, santy.

�� "�� " wsaudio.com/index.php

Wed, 10 May 2017 22:58:04 +0300

�� "�� " wsaudio.com/index.php Stantinko � �� .
��
��.txt
10.05.2017 22:58:04, �� .

�� "�� " wsaudio.com/index.php

Wed, 10 May 2017 20:35:49 +0300

�� "�� " wsaudio.com/index.php Stantinko � �� .
� �� .
-------
�� - � �� .
uVS: start.exe, �� , ��, �� - �� .
�� , �� !
�� : �� !

====code====



;uVS v4.0.2 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
deldirex %SystemDrive%\USERS\ALEKSEY\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER
deltmp
restart
;---------command-block---------
delref %SystemDrive%\USERS\ALEKSEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KCKNBENJNKKJKNPHMNIDANJIFBGPHJKE\4.18_0\THE SAFE SURFING
delref %SystemDrive%\USERS\ALEKSEY\APPDATA\LOCAL\YANDEX\YANDEXBROWSER\USER DATA\DEFAULT\EXTENSIONS\KCKNBENJNKKJKNPHMNIDANJIFBGPHJKE\4.18_0\THE SAFE SURFING
bl 0D9127D8BD341EC651C88D6B4019A2F9 1440768
delall %SystemDrive%\USERS\ALEKSEY\APPDATA\ROAMING\STEAM\WINDOWS DEFENDER\MSASCUI.EXE
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\UMPO.DLL
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\RDVGKMD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.EXE
delref {0D012ABD-CEED-11D2-9C76-00105AA73033}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {56A58823-AE99-11D5-B90B-0050DACD1F75}\[CLSID]
delref {CA8A9780-280D-11CF-A24D-444553540000}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {E01D1C6A-4F40-11D3-8958-00105A272DCF}\[CLSID]
delref %SystemRoot%\SYSWOW64\WIN32K.SYS
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {32020A01-506E-484D-A2A8-BE3CF17601C3}\[CLSID]
delref %Sys32%\DRIVERS\RDVGKMD.SYS
delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL
delref %Sys32%\BLANK.HTM
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\SAM CODEC PACK\FILTERS\G2MWMPPLUGIN64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE_64.DLL
delref %Sys32%\SHAREMEDIACPL.CPL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\JAVA\JRE7\BIN\WSDETECT.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref J:\SETUP.EXE
apply

=============

+
�� (�� ) �� Malwarebytes
http://forum.esetnod32.ru/forum9/topic10688/

�� : �� .
�� ( � �� ).
�� .txt ( �� )
10.05.2017 20:35:49, RP55 RP55.

�� "�� " wsaudio.com/index.php

Wed, 10 May 2017 18:58:19 +0300

�� "�� " wsaudio.com/index.php Stantinko � �� .
��
10.05.2017 18:58:19, santy.

�� "�� " wsaudio.com/index.php

Wed, 10 May 2017 18:45:35 +0300

�� "�� " wsaudio.com/index.php Stantinko � �� .
�� wsaudio.com/index.php. �� . ADW Clesner �� . �� .
PC_2017-05-10_18-50-57.7z
10.05.2017 18:45:35, �� .

����� esetnod32.ru [����: �������������� "����� ������������" wsaudio.com/index.php]

�������������� "����� ������������" wsaudio.com/index.php

�������������� "����� ������������" wsaudio.com/index.php

�������������� "����� ������������" wsaudio.com/index.php

�������������� "����� ������������" wsaudio.com/index.php

�������������� "����� ������������" wsaudio.com/index.php

�������������� "����� ������������" wsaudio.com/index.php

�������������� "����� ������������" wsaudio.com/index.php

�������������� "����� ������������" wsaudio.com/index.php

�������������� "����� ������������" wsaudio.com/index.php

�� esetnod32.ru [��: �� "�� " wsaudio.com/index.php]

�� "�� " wsaudio.com/index.php

�� "�� " wsaudio.com/index.php

�� "�� " wsaudio.com/index.php

�� "�� " wsaudio.com/index.php

�� "�� " wsaudio.com/index.php

�� "�� " wsaudio.com/index.php

�� "�� " wsaudio.com/index.php

�� "�� " wsaudio.com/index.php

�� "�� " wsaudio.com/index.php