�� esetnod32.ru [��: �� ]

��

Sat, 24 Feb 2018 20:02:25 +0300

��  � �� .
��.
�� :
https://forum.esetnod32.ru/forum9/topic13764/
24.02.2018 20:02:25, RP55 RP55.

��

Sat, 24 Feb 2018 19:43:20 +0300

��  � �� .
RP55 RP55,�� ccleaner �� )
24.02.2018 19:43:20, �� .

��

Sat, 24 Feb 2018 17:55:25 +0300

��  � �� .
�� .
Ctrl+Shift + Delete
24.02.2018 17:55:25, RP55 RP55.

��

Sat, 24 Feb 2018 17:43:04 +0300

��  � �� .
santy,
Set objShell = CreateObject("WScript.Shell")
objShell.Run("C:\Windows\system32\cmd.exe /c ""C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.bat"""), 0
Set objShell = Nothing

� � ��
"C:\Windows\System32\sc.exe" start USER_ESRV_SVC_WILLAMETTE "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe" --start --run_as_user_process --register_port --address 127.0.0.1 --port 49331 --pause_on_user_switching --depend_on_key SYSTEM\CurrentControlSet\Services\ESRV_SVC_WILLAMETTE --depend_on_value run --time_in_ms --pause 5000 --library "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll" --no_pl --watchdog 10 --watchdog_cpu_usage_limit 50 --end_on_error --kernel_priority_boost --shutdown_priority_boost --device_options \"" time=no output=no output_folder='C:\ProgramData\Intel\SUR\WILLAMETTE\IntelData\userlogs' limit_output_by=time output_limit=3600000 output_buffer=1024 il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll' "\"

�� 32 ��?
24.02.2018 17:43:04, �� .

��

Sat, 24 Feb 2018 16:57:37 +0300

��  � �� .
��
"C:\PROGRAM FILES\INTEL\SUR\WILLAMETTE\ESRV\TASK.VBS"
24.02.2018 16:57:37, santy.

��

Sat, 24 Feb 2018 16:25:06 +0300

��  � �� .
santy,��
24.02.2018 16:25:06, �� .

��

Sat, 24 Feb 2018 15:54:20 +0300

��  � �� .
�� ?
�� DNS �� .
+ �� .
24.02.2018 15:54:20, santy.

��

Sat, 24 Feb 2018 14:39:29 +0300

��  � �� .
santy,http://rgho.st/private/7bhBv7LBM/53c0651156172bad4f5ff4509b3f9a0c
�� . �� no32 ��
24.02.2018 14:39:29, �� .

��

Sat, 24 Feb 2018 14:26:25 +0300

��  � �� .
6. �� fixlist.txt � �� Farbar Recovery Scan Tool:
�� FRST � �� Fix � ��. �� -�� (Fixlog.txt). ��, �� !

====code====

FF Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\�����\AppData\Roaming\Mozilla\Firefox\Profiles\ov46q6nf.default\Extensions\browsec@browsec.com.xpi [2018-02-19]
FF Extension: (friGate3 proxy helper) - C:\Users\�����\AppData\Roaming\Mozilla\Firefox\Profiles\ov46q6nf.default\Extensions\e67f8350-7edf-11e3-baa7-0800200c9a66@fri-gate.org.xpi [2018-02-19]
EmptyTemp:
Reboot:

=============
24.02.2018 14:26:25, santy.

��

Sat, 24 Feb 2018 13:59:38 +0300

��  � �� .
santy, �� , �� http://rgho.st/74YX9XK9G
24.02.2018 13:59:38, �� .

��

Sat, 24 Feb 2018 04:54:41 +0300

��  � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v4.0.10 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DDLJDACFOJGIKOGLDJFFNKDCIELNKLKCE%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://OVGORSKIY.RU
apply

deltmp
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\UMPO.DLL
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\RDVGKMD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.EXE
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {D27CDB6E-AE6D-11CF-96B8-444553540000}\[CLSID]
delref %SystemRoot%\SYSWOW64\WIN32K.SYS
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}\[CLSID]
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}\[CLSID]
delref %Sys32%\DRIVERS\RDVGKMD.SYS
delref %Sys32%\DRIVERS\TPM.SYS
delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL
delref %Sys32%\BLANK.HTM
delref {2F603045-309F-11CF-9774-0020AFD0CFF6}\[CLSID]
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\DRIVERS\EWUSBWWAN.SYS
delref %Sys32%\DRIVERS\EW_HWUSBDEV.SYS
delref %Sys32%\DRIVERS\EW_USBENUMFILTER.SYS
delref %Sys32%\DRIVERS\EW_JUBUSENUM.SYS
delref %Sys32%\DRIVERS\EWUSBMDM.SYS
delref %Sys32%\DRIVERS\EW_CDCACM.SYS
delref %Sys32%\DRIVERS\EW_WWANECM.SYS
delref %Sys32%\DRIVERS\MASSFILTER.SYS
delref E:\LINEAGE C4\SYSTEM\NPKCRYPT.SYS
delref E:\LINEAGE C4\SYSTEM\NPKYCRYP.SYS
delref %Sys32%\DRIVERS\SMB_DRIVER_INTEL.SYS
delref %Sys32%\DRIVERS\ZTEUSBMDM6K.SYS
delref %Sys32%\DRIVERS\ZTEUSBNMEA.SYS
delref %Sys32%\DRIVERS\ZTEUSBSER6K.SYS
delref %Sys32%\DRIVERS\ZTEUSBVOICE.SYS
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\USERS\À� À¨À½À°Ñ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F7LQCY0U.DEFAULT\SEARCHPLUGINS\ICQ-SEARCH.XML
delref %SystemDrive%\USERS\À� À¨À½À°Ñ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F7LQCY0U.DEFAULT\SEARCHPLUGINS\MAILRU---.XML
delref %SystemDrive%\USERS\À� À¨À½À°Ñ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F7LQCY0U.DEFAULT\SEARCHPLUGINS\RAMBLER.XML
delref %Sys32%\SHAREMEDIACPL.CPL
delref %SystemDrive%\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\ACRORD32INFO.EXE
delref G:\AUTORUN.EXE
delref H:\SETUP.EXE
delref F:\AUTORUN.EXE
delref {5A8FF410-F3CE-4844-B31B-F18D911239E8}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\LINEAGE II\LINEAGEII.EXE
delref D:\COMMAND AND CONQUER - GENERALS\COMMAND AND CONQUER GENERALS ZERO HOUR\GENERALS.EXE
delref D:\COMMAND AND CONQUER - GENERALS\COMMAND AND CONQUER GENERALS\GENERALS.EXE
delref %SystemDrive%\PROGRAMDATA\APPDATA\ROAMING\����������\UNINST.EXE
delref %SystemDrive%\PROGRAMDATA\APPDATA\ROAMING\����������\����������.URL
delref %SystemDrive%\PROGRAMDATA\APPDATA\ROAMING\����������\DRUGVOKRUG.EXE
;-------------------------------------------------------------

restart

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
24.02.2018 04:54:41, santy.

��

Fri, 23 Feb 2018 22:46:05 +0300

��  � �� .
�� , �� . ��(�� 30-60��) ��
PlayGround.ru. adwcleaner � Anti-Malware �� .
�� uVS http://rgho.st/8mLdm656l
FRSThttp://rgho.st/7jZCwc9fr

23.02.2018 22:46:05, �� .

����� esetnod32.ru [����: ����� ������������]

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

�� esetnod32.ru [��: �� ]

��

��

��

��

��

��

��

��

��

��

��

��