�� ?

Sun, 29 Apr 2018 21:40:17 +0300

�� ? � �� .
��.
�� :
https://forum.esetnod32.ru/forum9/topic13764/
29.04.2018 21:40:17, RP55 RP55.

�� ?

Sun, 29 Apr 2018 21:12:23 +0300

�� ? � �� .
�� , �� , �� .
29.04.2018 21:12:23, Ramrierd Redigit.

�� ?

Sun, 29 Apr 2018 20:14:45 +0300

�� ? � �� .
1) � �� Google ( �� )
��: http://my-chrome.ru/2013/05/kak-pravilno-otklyuchit-sinxronizaciyu-v-google-chrome/

2) �� : Ctrl Shift + Delete

3) �� ccleaner.
http://pchelpforum.ru/f26/t24207/2/#post1171371
>
�� > �� .
�� .
29.04.2018 20:14:45, RP55 RP55.

�� ?

Sun, 29 Apr 2018 19:59:48 +0300

�� ? � �� .
��
Fixlog.txt
29.04.2018 19:59:48, Ramrierd Redigit.

�� ?

Sun, 29 Apr 2018 19:16:10 +0300

�� ? � �� .
�� fixlist.txt � �� Farbar Recovery Scan Tool:
...
�� FRST � �� Fix � ��.

====code====

  


ContextMenuHandlers1: [XXX Groove GFS Context Menu Handler XXX] -> [CC]{6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
Task: {2EFBEE8E-6BF3-460F-BF51-0BE8446779FD} - \Driver Booster SkipUAC (Fusion) -> No File <==== ATTENTION
Task: {47BFE674-5DFA-4395-B88C-47D28D6E5597} - \Microsoft\Windows\Maintenance\WinSAT -> No File <==== ATTENTION
Task: {A57C8069-D6AD-4E98-97B2-04BCB223545C} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {F61C1098-6385-4992-9119-CE0F68340314} - \Microsoft\Windows\Servicing\StartComponentCleanup -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D8999815 [143]
AlternateDataStreams: C:\Users\��� ������������\TEMP:D8999815 [143]
ShellExecuteHooks-x32: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  -> No File
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - <no Path/update_url>
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]

EmptyTemp:
Reboot:

=============
�� FRST �� -�� (Fixlog.txt). ��, �� !
��, �� ...
�
�� _�� .
29.04.2018 19:16:10, RP55 RP55.

�� ?

Sun, 29 Apr 2018 18:09:39 +0300

�� ? � �� .
�� AdwCleaner � FRST
AdwCleaner[C00].txt
AdwCleaner[S00].txt
FRST.txt
Addition.txt
29.04.2018 18:09:39, Ramrierd Redigit.

�� ?

Sun, 29 Apr 2018 16:15:49 +0300

�� ? � �� .
1) � Malwarebytes - ��

2) �� AdwCleaner
http://forum.esetnod32.ru/forum9/topic7084/

�� :
�� Mail.Ru � Yandex �� ( �� )
�� :
�� (Folders) �� Mail.Ru � Yandex �� [V]

�� AdwCleaner �� (Clean), ��
� ��

3) �� FRST: http://forum.esetnod32.ru/forum9/topic2798/
29.04.2018 16:15:49, RP55 RP55.

�� ?

Sun, 29 Apr 2018 13:06:11 +0300

�� ? � �� .
��

�� malwarebytes.txt
29.04.2018 13:06:11, Ramrierd Redigit.

�� ?

Sat, 28 Apr 2018 21:43:53 +0300

�� ? � �� .
�� - � �� .
uVS: start.exe, �� , ��, �� - �� .
�� , �� !
�� : �� !

====code====

;uVS v4.0.11 [http://dsrt.dyndns.org]
;Target OS: NTv6.3
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

deldirex %SystemDrive%\USERS\FUSION\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER

delall %SystemDrive%\USERS\FUSION\APPDATA\LOCAL\TEMP\{F2A3076F-0503-42F2-82A1-0EA537A37870}-65.0.3325.181_64.0.3282.186_CHROME_UPDATER.EXE
delall %SystemDrive%\USERS\FUSION\APPDATA\LOCAL\TEMP\CPUZ139\CPUZ139_X64.SYS
delall %SystemDrive%\USERS\FUSION\APPDATA\LOCAL\TEMP\GKERNEL.SYS
delref HTTP://WWW.MINECRAFTFORUM.NET/TOPIC/13807-MCEDIT-MINECRAFT-WORLD-EDITOR-COMPATIBLE-WITH-MC-BETA-173/
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE 7\ASC.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\WISE\WISE CARE 365\WISETRAY.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\WISE\WISE CARE 365\WISETURBO.EXE
delref %SystemRoot%\SYSWOW64\MACROMED\FLASH\FLASHUTIL32_25_0_0_171_PEPPER.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\IOBIT\DRIVER BOOSTER\5.0.3\DRIVERBOOSTER.EXE
delref A9A33436-678B-4C9C-A211-7CC38785E79D\[CLSID]
delref 752073A1-23F2-4396-85F0-8FDB879ED0ED\[CLSID]
delref %SystemRoot%\SYSWOW64\COMPMGMTLAUNCHER.EXE
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\MRXSMB.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\USBXHCI.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SRV2.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\HTTP.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\TCPIP.SYS
delref %SystemRoot%\SYSWOW64\UMPOEXT.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\DMVSC.SYS
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\FVEVOL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\AFD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.DLL
delref {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\[CLSID]
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {0D012ABD-CEED-11D2-9C76-00105AA73033}\[CLSID]
delref {19916E01-B44E-4E31-94A4-4696DF46157B}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {56A58823-AE99-11D5-B90B-0050DACD1F75}\[CLSID]
delref {7AEFE841-DCA1-4A95-80CB-BE935D020501}\[CLSID]
delref {7AEFE841-DCA1-4A95-80CB-BE935D020602}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {CA8A9780-280D-11CF-A24D-444553540000}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {E01D1C6A-4F40-11D3-8958-00105A272DCF}\[CLSID]
delref {EBA7A1E6-E69D-4BA5-B291-95782A004604}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\BATTLELOG WEB PLUGINS\2.5.1\NPBATTLELOG.DLL
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\57.0.2987.133\INSTALLER\CHRMSTP.EXE
delref {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}\[CLSID]
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\BATTLELOG WEB PLUGINS\2.5.1\NPBATTLELOGX64.DLL
delref {472083B0-C522-11CF-8763-00608CC02F24}\[CLSID]
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\DRIVERS\EAGLEX64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\GARENA PLUS\ROOM\SAFEDRV.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\MEGAFON\MEGAFON INTERNET\MEGAFONINTERNETSERVICE.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\E10SROLLOUT@MOZILLA.ORG.XPI
delref %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\FIREFOX@GETPOCKET.COM.XPI
delref %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\FEATURES\LOOP@MOZILLA.ORG.XPI
delref %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{972CE4C6-7E08-4474-A285-3208198CE6FD}.XPI
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.17\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL
delref %SystemRoot%\SYSWOW64\TAPILUA.DLL
delref %SystemRoot%\SYSWOW64\AEPROAM.DLL
delref %SystemRoot%\SYSWOW64\RSTRUI.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\LISTSVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.5\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\WBEM\NLMCIM.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\WPCCPL.DLL
delref %SystemRoot%\SYSWOW64\GPSVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.17\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\IDLISTEN.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAORA.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL
delref D:\AUTORUN.EXE
delref %SystemDrive%\USERS\FUSION\APPDATA\LOCAL\MAIL.RU\GAMECENTER\NPDETECTOR.DLL
delref {3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\[CLSID]
delref {5A8FF410-F3CE-4844-B31B-F18D911239E8}\[CLSID]
delref {759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\[CLSID]
delref {7AEFE841-DCA1-4A95-80CB-BE935D020302}\[CLSID]
delref {8E5E2654-AD2D-48BF-AC2D-D17F00898D06}\[CLSID]
delref %Sys32%\BLANK.HTM
delref E:\GAMES\DIVINITY - ORIGINAL SIN 2\BIN\EOCAPP.EXE
delref E:\GAMES\EVE\LAUNCHER\EVELAUNCHER.EXE
delref %SystemDrive%\USERS\FUSION\APPDATA\LOCAL\MAIL.RU\GAMECENTER\GAMECENTER@MAIL.RU.EXE
delref E:\GAMES\SPORE ANTHOLOGY\SPORE_EP1\SPOREBINEP1\SPOREAPP.EXE
delref E:\GAMES\SPORE ANTHOLOGY\UNINS000.EXE
delref E:\GAMES\DIVINITY - ORIGINAL SIN 2\BIN\SUPPORTTOOL.EXE
delref E:\GAMES\DIVINITY ORIGINAL SIN ENHANCED EDITION\SHIPPING\EOCAPP.EXE
delref E:\GAMES\STARCRAFT II\STARCRAFT II OFFLINE.EXE
delref E:\GAMES\DIVINITY - ORIGINAL SIN 2\UNINS000.EXE
delref E:\GAMES\DIVINITY ORIGINAL SIN ENHANCED EDITION\UNINS000.EXE
delref E:\GAMES\FALLOUT 4\UNINS000.EXE
delref E:\GAMES\STARCRAFT II\UNINS000.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\DIABLO III\MANUAL.URL
delref %SystemDrive%\PROGRAM FILES (X86)\DIABLO III\TECHSUPPORT.URL
delref %SystemDrive%\PROGRAM FILES (X86)\DIABLO III\BATTLENETACCOUNT.URL
delref E:\GAMES\DIVINITY - ORIGINAL SIN 2\SUPPORTTOOL.EXE
delref E:\GAMES\DIVINITY - ORIGINAL SIN 2\UNINS001.EXE
delref E:\GAMES\DIVINITY - ORIGINAL SIN 2\LANGUAGE_SETUP.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT OFFICE\ACTIVATOR.EXE
delref E:\GAMES\PROJECT ZOMBOID\PROJECTZOMBOID32.EXE
delref E:\GAMES\PROJECT ZOMBOID\PROJECTZOMBOID64.EXE
delref E:\GAMES\PROJECT ZOMBOID\UNINS000.EXE
delref E:\GAMES\R.G. CATALYST\TOTAL WAR. ATTILA\ATTILA.EXE
delref E:\GAMES\R.G. CATALYST\TOTAL WAR. ATTILA\UNINSTALL\UNINS000.EXE
delref %SystemDrive%\PROGRAMDATA\APPDATA\ROAMING\SOUTH PARK - THE STICK OF TRUTH\UNINSTALL\UNINS000.EXE
delref E:\PROGRAM\RC\RAIDCALL.RU\UNINST.EXE
delref E:\GAMES\STRONGHOLD 3\STRONGHOLD3.EXE
delref E:\GAMES\WORMS W.M.D\UNINS000.EXE
delref E:\GAMES\WORMS W.M.D\WORMS W.M.D.EXE
delref E:\GAMES\GOG GALAXY\GALAXYCLIENT.EXE
delall %SystemDrive%\PROGRAM FILES (X86)\COMMON FILES\DUOWAN\YY\YYSSO\1.0.0.5\NPCHECKER.DLL
deldir %SystemDrive%\PROGRAM FILES\UNITY\WEBPLAYER64\LOADER-X64
apply
deltmp
restart

=============

+
�� (�� ) �� Malwarebytes
http://forum.esetnod32.ru/forum9/topic10688/

�� : �� .
�� ( � �� ).
�� .txt ( �� )
28.04.2018 21:43:53, RP55 RP55.

�� ?

Sat, 28 Apr 2018 19:43:21 +0300

�� ? � �� .
�� , �� Eset,Kaspersky �� Norton � �� .
28.04.2018 19:43:21, �� .

�� ?

Sat, 28 Apr 2018 19:05:17 +0300

�� ? � �� .
�� .

��

�� malwarebytes � �� .
��
��
�� malwarebytes.txt
28.04.2018 19:05:17, Ramrierd Redigit.

����� esetnod32.ru [����: ��� ������� ���� ������?]

��� ������� ���� ������?

��� ������� ���� ������?

��� ������� ���� ������?

��� ������� ���� ������?

��� ������� ���� ������?

��� ������� ���� ������?

��� ������� ���� ������?

��� ������� ���� ������?

��� ������� ���� ������?

��� ������� ���� ������?

��� ������� ���� ������?

�� esetnod32.ru [��: �� ?]

�� ?

�� ?

�� ?

�� ?

�� ?

�� ?

�� ?

�� ?

�� ?

�� ?

�� ?