�� esetnod32.ru [��: �� ]

��

Wed, 15 Nov 2017 20:03:45 +0300

��  � �� .
�� : ��.
�� .
15.11.2017 20:03:45, RP55 RP55.

��

Wed, 15 Nov 2017 19:55:34 +0300

��  � �� .
��, �� : ��?
�� ?
15.11.2017 19:55:34, Sergey L.

��

Wed, 15 Nov 2017 19:46:33 +0300

��  � �� .
�� Drweb.
�� , � �� . �� .
15.11.2017 19:46:33, RP55 RP55.

��

Wed, 15 Nov 2017 19:34:04 +0300

��  � �� .
�� , �� , � �� Cureit � �� d: (�� ) TrojanMull - ��.
�� Drweb live Usb , �� DRHuserinitBlocker.corrupted �� - ��
�� . �� ?
15.11.2017 19:34:04, Sergey L.

��

Wed, 15 Nov 2017 19:16:00 +0300

��  � �� .
��, ��.
15.11.2017 19:16:00, Sergey L.

��

Wed, 15 Nov 2017 19:09:19 +0300

��  � �� .
� �� .
�� .
��
15.11.2017 19:09:19, RP55 RP55.

��

Wed, 15 Nov 2017 19:04:26 +0300

��  � �� .
�� .
� �� , �� ?
15.11.2017 19:04:26, Sergey L.

��

Wed, 15 Nov 2017 18:55:23 +0300

��  � �� .
�� ?
15.11.2017 18:55:23, RP55 RP55.

��

Wed, 15 Nov 2017 18:51:04 +0300

��  � �� .
��, Fixlog
Fixlog.txt
15.11.2017 18:51:04, Sergey L.

��

Wed, 15 Nov 2017 16:00:22 +0300

��  � �� .
6. �� fixlist.txt � �� Farbar Recovery Scan Tool:
�� FRST � �� Fix � ��. �� -�� (Fixlog.txt). ��, �� !

====code====

Toolbar: HKU\S-1-5-21-1976782565-2392023882-194289058-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1976782565-2392023882-194289058-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
EmptyTemp:
Reboot:

=============

+
�� Firefox �� 57, �� .
15.11.2017 16:00:22, santy.

��

Wed, 15 Nov 2017 15:45:56 +0300

��  � �� .
�� FRST
FRST.txt
Addition.txt
15.11.2017 15:45:56, Sergey L.

��

Tue, 14 Nov 2017 04:13:59 +0300

��  � �� .

====quote====
Sergey L ��:
�� firefox �� .
=============

====quote====
3) �� FRST: http://forum.esetnod32.ru/forum9/topic2798/
=============

14.11.2017 04:13:59, santy.

��

Mon, 13 Nov 2017 20:41:55 +0300

��  � �� .
�� firefox �� .
13.11.2017 20:41:55, Sergey L.

��

Mon, 13 Nov 2017 19:04:39 +0300

��  � �� .
1) � Malwarebytes - �� .
( �� )

2) �� AdwCleaner
http://forum.esetnod32.ru/forum9/topic7084/

�� :
�� Mail.Ru � Yandex �� ( �� )
�� :
�� (Folders) �� Mail.Ru � Yandex �� [V]

�� AdwCleaner �� (Clean), ��
� ��

3) �� FRST: http://forum.esetnod32.ru/forum9/topic2798/
13.11.2017 19:04:39, RP55 RP55.

��

Mon, 13 Nov 2017 18:58:24 +0300

��  � �� .
�� , �� , �� : �� .
�� malwarebytes, �� 4 �� , �� .
�� , �� .
Log13-11-2017.txt
13.11.2017 18:58:24, Sergey L.

��

Mon, 13 Nov 2017 17:35:52 +0300

��  � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v4.0.10 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

delref {8984B388-A5BB-4DF7-B274-77B879E179DB}\[CLSID]
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBKNBNAPADDJDNBILPMLACDKJDKJMBJHD%26INSTALLSOURCE%3DONDEMAND%26UC
apply

; OpenAL
exec  C:\Program Files (x86)\OpenAL\oalinst.exe" /U
deltmp
delref %SystemRoot%\SOFTWAREDISTRIBUTION\DOWNLOAD\CC316493BF228F7B0A8D4130EB629406\FB73EB7E81091441E0A7B8E0854E548CA1735423
delref %SystemRoot%\SOFTWAREDISTRIBUTION\DOWNLOAD\3BA255F39F8F96E0507C1EE8C9663300\WINDOWS6.1-KB3188740-X64.CAB
delref %SystemRoot%\SOFTWAREDISTRIBUTION\DOWNLOAD\3A7F75BC5B9694F42FE0210F67896A3D\EDE8A857DDEC0F30C8F2E6AF5A71ED0563FF3A31
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref D:\DOWNLOAD_SOFT\XILISOFT_VIDEO_CONVERTER_ULTIMATE_7.8.2_RUS_PORTABLE\XILISOFT_VIDEO_CONVERTER_ULTIMATE_7.8.2_RUS_PORTABLE\XILISOFTVIDEOCONVERTER.EXE
delref %SystemDrive%\USERS\USER\DOWNLOADS\RESCUE2USB.EXE
delref D:\DOWNLOAD_SOFT\RUVCR446WIN\VCR446F.EXE
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\UMPO.DLL
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.EXE
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID]
delref {BAD4FE2C-503B-45CC-88CD-4B0574057D11}\[CLSID]
delref {CA8A9780-280D-11CF-A24D-444553540000}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {D27CDB6E-AE6D-11CF-96B8-444553540000}\[CLSID]
delref %SystemRoot%\SYSWOW64\WIN32K.SYS
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {474C98EE-CF3D-41F5-80E3-4AAB0AB04301}\[CLSID]
delref {7EFA68C6-086B-43E1-A2D2-55A113531240}\[CLSID]
delref {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}\[CLSID]
delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL
delref %Sys32%\BLANK.HTM
delref APPMGMT\[SERVICE]
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\TEMP\CPUZ135\CPUZ135_X64.SYS
delref %SystemRoot%\TEMP\CPUZ136\CPUZ136_X64.SYS
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\TEMP\ESIHDRV.SYS
delref %SystemRoot%\TEMP\GPUZ.SYS
delref %Sys32%\DRIVERS\PORTTALK.SYS
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.11\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.23.9\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.7\PSMACHINE_64.DLL
delref %Sys32%\NVCUVENC.DLL
delref %Sys32%\SHAREMEDIACPL.CPL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.15\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.26.9\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.22.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.145\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\ASUS\GPU TWEAK\CHARTEX.OCX
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.22.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.135\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.165\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\JAVA\JRE7\BIN\WSDETECT.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.153\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.99\PSMACHINE.DLL
delref D:\DOWNLOAD_SOFT\MALWAREBYTES' ANTI-MALWARE PORTABLE\REPACK 1.75.0.1300 PRO BASE 26.12.2013 FROM ANDY PORTABLE\SSUBTMR6.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\BATTLELOG WEB PLUGINS\2.4.0\BATTLELOGAX.OCX
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.25.11\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.23.9\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.149\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\NVIDIA CORPORATION\INSTALLER2\INSTALLER.{1711CC8E-C2AB-4130-9F76-3176149141D9}\NVI2.DLL
delref %SystemRoot%\SYSWOW64\NVCUVENC.DLL
delref D:\DOWNLOAD_SOFT\MALWAREBYTES' ANTI-MALWARE PORTABLE\REPACK 1.75.0.1300 PRO BASE 26.12.2013 FROM ANDY PORTABLE\VBALSGRID6.OCX
delref %SystemDrive%\PROGRAM FILES (X86)\ASUS\GPU TWEAK\FEEDBACKCHART.OCX
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.24.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\FAR CRY 3 BLOOD DRAGON\FCBD.BAT
delref E:\BIN\ASSETUP.EXE
delref {3216F683-68D2-4C5B-B7EC-9496AF981FC0}\[CLSID]
;-------------------------------------------------------------

restart

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
13.11.2017 17:35:52, santy.

��

Mon, 13 Nov 2017 15:39:51 +0300

��  � �� .
�� , � �� , �� .
MYPC_2017-11-13_16-13-31.7z
13.11.2017 15:39:51, Sergey L.

��

Mon, 13 Nov 2017 01:49:45 +0300

��  � �� .

====quote====
Sergey L ��:
� �� , �� . �� - �� ?
=============

�� start.exe
� ��

13.11.2017 01:49:45, santy.

��

Sun, 12 Nov 2017 23:57:06 +0300

��  � �� .
� �� , �� . �� - �� ?
12.11.2017 23:57:06, Sergey L.

��

Fri, 10 Nov 2017 04:46:32 +0300

��  � �� .

====quote====
Sergey L ��:
� �� ?

=============
��
10.11.2017 04:46:32, santy.

��

Thu, 09 Nov 2017 23:05:10 +0300

��  � �� .
� �� ?
�� cureIt, �� 6 adware �� TrojanMulDrop �� d: (�� ), �� ?
�� TrojanMulDrop5.6051 � ��, �� Nod32 ��, �� �� , �� , �� ?
09.11.2017 23:05:10, Sergey L.

��

Thu, 09 Nov 2017 20:35:01 +0300

��  � �� .
�� : https://www.virustotal.com/ru/

�� ( � �� ) �� \�� .
09.11.2017 20:35:01, RP55 RP55.

��

Thu, 09 Nov 2017 19:06:25 +0300

��  � �� .
��, 2 �� dni.ru �� (�� , �� -�� )
�� u1ffe4k
�� u1ffe4k �� text/asm 186kb
�� https://storage.mdsyandex.net
��

http://i-fotki.info/23/82070bbeef0756a380795000fed077f15f68e2292903995.jpg.html"> src="http://f23.ifotki.info/thumb/82070bbeef0756a380795000fed077f15f68e2292903995.jpg">;

nod32 ��
�� , �� , ��?

09.11.2017 19:06:25, Sergey L.

����� esetnod32.ru [����: ���������� �� �����]

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

���������� �� �����

�� esetnod32.ru [��: �� ]

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��