�� esetnod32.ru [��: ESET NOD32 �� win32/adware.PBot.A]

ESET NOD32 �� win32/adware.PBot.A

Fri, 18 Aug 2017 18:35:57 +0300

ESET NOD32 �� win32/adware.PBot.A � �� .
�� .
fixlog ��.
�� .
Fixlog.txt
18.08.2017 18:35:57, �� .

ESET NOD32 �� win32/adware.PBot.A

Thu, 17 Aug 2017 23:16:39 +0300

ESET NOD32 �� win32/adware.PBot.A � �� .
�� fixlist.txt � �� Farbar Recovery Scan Tool:
...
�� FRST � �� Fix � ��.

====code====

  

Task: {3C0270D1-80CC-429B-9482-419BFC6EE85E} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {4C8F793B-C429-45A1-A8F0-40FF6D88EE75} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {D13D9637-789B-4796-B226-5513F385B414} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {D9394BC6-6844-4C7D-A040-E82F092B21C3} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
HKLM Group Policy restriction on software: C:\USERS\123\DOWNLOADS\ZFXD.EXE <==== ATTENTION
CHR HKU\S-1-5-21-3778422923-2011462618-1557199982-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-3778422923-2011462618-1557199982-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08172017202804756\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-3778422923-2011462618-1557199982-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3778422923-2011462618-1557199982-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08172017202804756 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR NewTab: Default ->  Not-active:"chrome-extension://epgjfmblhacacphaljkdcjllkomdcjpc/visual-bookmarks.html"
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}

EmptyTemp:
Reboot:

=============
�� FRST �� -�� (Fixlog.txt). ��, �� !
��, �� ...
�
�� _�� .
17.08.2017 23:16:39, RP55 RP55.

ESET NOD32 �� win32/adware.PBot.A

Thu, 17 Aug 2017 20:40:10 +0300

ESET NOD32 �� win32/adware.PBot.A � �� .
�� .
�� frst �� 2 �� .
FRST.txt
Addition.txt
17.08.2017 20:40:10, �� .

ESET NOD32 �� win32/adware.PBot.A

Wed, 16 Aug 2017 22:57:11 +0300

ESET NOD32 �� win32/adware.PBot.A � �� .
1) � Malwarebytes - �� .
( �� )

2) �� AdwCleaner
http://forum.esetnod32.ru/forum9/topic7084/

�� :
�� Mail.Ru � Yandex �� ( �� )
�� :
�� (Folders) �� Mail.Ru � Yandex �� [V]

�� AdwCleaner �� (Clean), ��
� ��

3) �� FRST: http://forum.esetnod32.ru/forum9/topic2798/
16.08.2017 22:57:11, RP55 RP55.

ESET NOD32 �� win32/adware.PBot.A

Wed, 16 Aug 2017 22:49:20 +0300

ESET NOD32 �� win32/adware.PBot.A � �� .
�� .
�� malwarebytes ��
16082247.txt
16.08.2017 22:49:20, �� .

ESET NOD32 �� win32/adware.PBot.A

Tue, 15 Aug 2017 22:41:38 +0300

ESET NOD32 �� win32/adware.PBot.A � �� .
�� - � �� .
uVS: start.exe, �� , ��, �� - �� .
�� , �� !
�� : �� !

====code====


;uVS v4.0.9 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
OFFSGNSAVE
;------------------------autoscript---------------------------

delref %SystemDrive%\USERS\�����\APPDATA\ROAMING\MICROSOFT\MSI.EXE
del %SystemDrive%\USERS\�����\APPDATA\ROAMING\MICROSOFT\MSI.EXE
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBHJHNAFPIILPFFHGLAJCAEPJBNBJEMCI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEPGJFMBLHACACPHALJKDCJLLKOMDCJPC%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DHCADGIJMEDBFGCIEGJOMFPJCDCHLHNIF%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://MAIL.RU/CNT/10445?GP=811013
delref HTTP://WWW.GOOGLE.COM/
delall %SystemDrive%\USERS\�����\APPDATA\LOCAL\TEMP\V8_7067_53.TMP
delref HTTP://WWW.BING.COM/SEARCH?Q={SEARCHTERMS}&SRC=IE-SEARCHBOX&FORM=IESR02
delref HTTP://GO.MAIL.RU/DISTIB/EP/?Q={SEARCHTERMS}&PRODUCT_ID=%7BB419F6E0-CD3B-4113-BC57-38ADF77CA898%7D&GP=811010
delref HTTP://MAIL.RU/CNT/10445?GP=811009
delref HTTP:\\WWW.MAIL.RU\CNT\20775012?GP=811008
apply

regt 27
;-------------------------------------------------------------

deltmp
restart
;---------command-block---------
delref DESKTOP\STILEX_GEL_INSTRUKTSIYA___.EXE
delref %SystemDrive%\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\60.0.3112.90\INSTALLER\CHRMSTP.EXE
delref %Sys32%\BLANK.HTM
delref %Sys32%\PSXSS.EXE
delref {C442AC41-9200-4770-8CC0-7CDB4F245C55}\[CLSID]
apply

=============

+
�� (�� ) �� Malwarebytes
http://forum.esetnod32.ru/forum9/topic10688/

�� : �� .
�� ( � �� ).
�� .txt ( �� )
15.08.2017 22:41:38, RP55 RP55.

ESET NOD32 �� win32/adware.PBot.A

Tue, 15 Aug 2017 19:53:50 +0300

ESET NOD32 �� win32/adware.PBot.A � �� .
�� .
�� -�� win32/adware.PBot.A ?
�� 32 �� 20-30 �� , �� .
�� .
�� .
GIGABYTE_2017-08-15_19-45-23.7z
15.08.2017 19:53:50, �� .

����� esetnod32.ru [����: ESET NOD32 ��������� win32/adware.PBot.A]

ESET NOD32 ��������� win32/adware.PBot.A

ESET NOD32 ��������� win32/adware.PBot.A

ESET NOD32 ��������� win32/adware.PBot.A

ESET NOD32 ��������� win32/adware.PBot.A

ESET NOD32 ��������� win32/adware.PBot.A

ESET NOD32 ��������� win32/adware.PBot.A

ESET NOD32 ��������� win32/adware.PBot.A

�� esetnod32.ru [��: ESET NOD32 �� win32/adware.PBot.A]

ESET NOD32 �� win32/adware.PBot.A

ESET NOD32 �� win32/adware.PBot.A

ESET NOD32 �� win32/adware.PBot.A

ESET NOD32 �� win32/adware.PBot.A

ESET NOD32 �� win32/adware.PBot.A

ESET NOD32 �� win32/adware.PBot.A

ESET NOD32 �� win32/adware.PBot.A