�� esetnod32.ru [��: �� , ��...]

�� , ��...

Thu, 20 Sep 2018 18:59:52 +0300

�� , ��... �� , ��, ��  � �� .

====quote====
iiyama ��:
svchost �� -�� Chrome...
=============
svchost � �� ,
20.09.2018 18:59:52, santy.

�� , ��...

Thu, 20 Sep 2018 18:33:33 +0300

�� , ��... �� , ��, ��  � �� .
�� , �� . �� , �� , �� svchost �� -�� Chrome...
�� santy � ��, �� !!!
20.09.2018 18:33:33, iiyama.

�� , ��...

Thu, 20 Sep 2018 17:05:54 +0300

�� , ��... �� , ��, ��  � �� .
�� ?
20.09.2018 17:05:54, ��.

�� , ��...

Thu, 20 Sep 2018 16:55:05 +0300

�� , ��... �� , ��, ��  � �� .

====quote====
�� :
6. �� fixlist.txt � �� Farbar Recovery Scan Tool:�� FRST � �� Fix � ��. �� -�� (Fixlog.txt). ��, �� !
=============
��...
Fixlog.txt
20.09.2018 16:55:05, iiyama.

�� , ��...

Thu, 20 Sep 2018 16:53:53 +0300

�� , ��... �� , ��, ��  � �� .

====quote====
santy ��:
�� , �� ,�� , �� .�� , �� -��
=============
��.
��, �� .
20.09.2018 16:53:53, iiyama.

�� , ��...

Thu, 20 Sep 2018 15:53:56 +0300

�� , ��... �� , ��, ��  � �� .
6. �� fixlist.txt � �� Farbar Recovery Scan Tool:
�� FRST � �� Fix � ��. �� -�� (Fixlog.txt). ��, �� !

====code====

CreateRestorePoint:
CloseProcesses:
Task: {0EA205A7-5227-418F-A262-BBF8FD9349B0} - System32\Tasks\{B3F8DFD8-6BC7-3786-4E00-E03FE910D91A} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://nbsallastar.com/cl/?guid=y92wjhgqs5boj6xi0hl7thkb6nfjreyg&prid=1&pid=4_1106_0
EmptyTemp:
Reboot:

=============

�� .
20.09.2018 15:53:56, ��.

�� , ��...

Wed, 19 Sep 2018 14:53:23 +0300

�� , ��... �� , ��, ��  � �� .
�� , �� ,
�� , �� .
�� , �� -�� .
19.09.2018 14:53:23, santy.

�� , ��...

Wed, 19 Sep 2018 14:24:59 +0300

�� , ��... �� , ��, ��  � �� .
��...
002-USER-PC_2018-09-19_15-18-54.7z
19.09.2018 14:24:59, iiyama.

�� , ��...

Wed, 19 Sep 2018 14:18:41 +0300

�� , ��... �� , ��, ��  � �� .
��
19.09.2018 14:18:41, santy.

�� , ��...

Wed, 19 Sep 2018 13:56:16 +0300

�� , ��... �� , ��, ��  � �� .
svchost.exe - 14 ��
Chrome - 11
...� �� (��)
�� , �� (http://cliferd.net/?partner_id=p22712p101840p0033t17623&subid=97184c6ab2b304604ce2v_G4wUKuZs)

19.09.2018 13:56:16, iiyama.

�� , ��...

Wed, 19 Sep 2018 13:26:38 +0300

�� , ��... �� , ��, ��  � �� .

====quote====
iiyama ��:
��...
=============
�� ?
19.09.2018 13:26:38, santy.

�� , ��...

Wed, 19 Sep 2018 11:29:01 +0300

�� , ��... �� , ��, ��  � �� .
��...
Fixlog.txt
19.09.2018 11:29:01, iiyama.

�� , ��...

Wed, 19 Sep 2018 11:09:16 +0300

Task: {0226791C-1BDF-4E33-973D-DF4F67323A98} - \Microsoft\Windows\KRBUUS\KRB Updater Utility Service -> No File <==== ATTENTION
Task: {10601294-832E-47F3-95B2-125F20E95B66} - \GoogleUpdateTaskMachineCore1d0e253b30ceb45 -> No File <==== ATTENTION
Task: {16C58476-78F4-4C2D-A5F8-0FA7A7224C1F} - \BczwkImNQjHpdk -> No File <==== ATTENTION
Task: {2E530D41-DB89-4012-87C5-35DBEADC7B8B} - \{770E1C90-35CC-2559-8E3D-82BF6396ED25} -> No File <==== ATTENTION
Task: {3E4B3696-8C9D-43F1-889C-AC9AD6A850E7} - \chrome5 -> No File <==== ATTENTION
Task: {4947FE87-FEA3-4B7E-AC9A-5EED170077B2} - \Scheduler Update-S-1-8-22 -> No File <==== ATTENTION
Task: {53CE1BB5-A8C7-42AB-9F77-F52D7728A7ED} - System32\Tasks\Optimize Menu Cache Files-S-1-5-21-2417506075-2436599668-3818488206v2 => C:\Users\User\AppData\Local\comd\semi.vbs [2018-05-24] ()
Task: {5D546468-9787-4F86-9F95-B1695558CEC5} - \Vkmusicdownloader -> No File <==== ATTENTION
Task: {6716E42F-DDCC-47FC-9AC0-35026F4DC53D} - \Safebrowser -> No File <==== ATTENTION
Task: {9FAD7C4D-5C5F-45DF-B669-657DBAEE4B43} - \RestoreSearch -> No File <==== ATTENTION
Task: {ABEB0161-4520-45F4-B011-2BBA5C7FCB38} - \USXLHQDASYoYWeJUbkx2 -> No File <==== ATTENTION
Task: {AC42637C-DD75-49A7-8686-72666BC05C82} - \FmSTsAdangechII2 -> No File <==== ATTENTION
Task: {BA7C6D29-F4A2-4645-B5CD-CCB37F7A66C7} - \chrome5_logon -> No File <==== ATTENTION
Task: {BD8453E7-3A3D-4ACA-8B63-4C4F299E9126} - \Opera scheduled Autoupdate 1431170514 -> No File <==== ATTENTION
Task: {BF2989E6-5D50-4797-BE3F-74F981B75674} - \GoogleUpdateTaskMachineUA1d0efd94b2b8bd9 -> No File <==== ATTENTION
Task: {EB232CB1-BA35-44D2-943F-91113A1ABBEC} - \Windows Protect -> No File <==== ATTENTION
Task: {EBA637EE-8D6E-46BA-AEBB-EF6E468A995B} - \UOpTLhTZiCBelLTWk2 -> No File <==== ATTENTION
Task: {ED9E3523-4A80-4290-8506-116ECE64BB6A} - \lzvGQNeTRKNce2 -> No File <==== ATTENTION
Task: {FE366CD7-9351-4166-8330-4A2DDABD6CCF} - \GameNet -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\User:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432]
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B [262]
AlternateDataStreams: C:\Users\Public\AppData:CSM [468]
AlternateDataStreams: C:\Users\User\Application Data:NT [40]
AlternateDataStreams: C:\Users\User\Application Data:NT2 [432]
AlternateDataStreams: C:\Users\User\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\User\AppData\Roaming:NT2 [432]
AlternateDataStreams: C:\Users\��� ������������\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\Users\��� ������������\MTA San Andreas All:NT2 [432]
AlternateDataStreams: C:\Users\��� ������������\TEMP:07BF512B [262]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2417506075-2436599668-3818488206-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HomePage: DFLTUSER -> hxxps://newtab.club/
CHR StartupUrls: DFLTUSER -> "hxxp://mail.ru/cnt/10445?gp=newcustom15"
CHR NewTab: DFLTUSER ->  Not-active:"chrome-extension://nolfchbaajenmoghacolnbilmdfjeabi/index.html"
CHR Extension: (�����������) - C:\Users\User\AppData\Local\Google\Chrome\User Data\DFLTUSER\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-11]
CHR Extension: (SL for Google Chrome�) - C:\Users\User\AppData\Local\Google\Chrome\User Data\DFLTUSER\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2015-04-08]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\User\AppData\Local\Google\Chrome\User Data\DFLTUSER\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-09-15]
CHR Extension: (������� ������ � �� (Vk)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\DFLTUSER\Extensions\hhgedphalloaonpimmodkbpmlcjpilkh [2017-11-14]
CHR Extension: (Auto Refresh) - C:\Users\User\AppData\Local\Google\Chrome\User Data\DFLTUSER\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2018-07-09]
CHR Extension: (Super wheather) - C:\Users\User\AppData\Local\Google\Chrome\User Data\DFLTUSER\Extensions\ipmgmkkfjeaipdikbojheommjbcfhccf [2018-06-08]
CHR Extension: (Discord Screen Sharing) - C:\Users\User\AppData\Local\Google\Chrome\User Data\DFLTUSER\Extensions\lcbhdgefieegnkbopmgklhlpjjdgmbog [2018-04-26]
CHR Extension: (FOCUS) - C:\Users\User\AppData\Local\Google\Chrome\User Data\DFLTUSER\Extensions\nolfchbaajenmoghacolnbilmdfjeabi [2017-10-27]
CHR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\User\AppData\Local\Google\Chrome\User Data\DFLTUSER\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2018-09-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
OPR Extension: (Super wheather) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\ipmgmkkfjeaipdikbojheommjbcfhccf [2018-07-03]
EmptyTemp:
Reboot:

=============
19.09.2018 11:09:16, santy.

�� , ��...

Wed, 19 Sep 2018 09:14:54 +0300

�� , ��... �� , ��, ��  � �� .
�� , �� Chrome �� .
� �� -�� svchost �� -�� Chrome...

19.09.2018 09:14:54, iiyama.

�� , ��...

Tue, 18 Sep 2018 17:22:23 +0300

�� , ��... �� , ��, ��  � �� .
��..

�� http://rgho.st/private/7h9gsHhjw/8a673e3b743997d991feb786c9330425 � http://rgho.st/private/7VvN2yMWh/3ed02238f9864b3f6288a5e836405a92
18.09.2018 17:22:23, iiyama.

�� , ��...

Tue, 18 Sep 2018 17:00:33 +0300

�� , ��... �� , ��, ��  � �� .
2.��
��
��,
3.��
http://forum.esetnod32.ru/forum9/topic7084/

*****
4.� ��, �� ,
� �� �� �� mail.ru, yandex (�� )
�� ��
��,

5.�� FRST
http://forum.esetnod32.ru/forum9/topic2798/
18.09.2018 17:00:33, santy.

�� , ��...

Tue, 18 Sep 2018 16:41:43 +0300

�� , ��... �� , ��, ��  � �� .
Svchost �� , �� ...
Chrome �� ...

��
��.txt
001-USER-PC_2018-09-18_17-23-36.7z
18.09.2018 16:41:43, iiyama.

�� , ��...

Tue, 18 Sep 2018 16:09:16 +0300

�� , ��... �� , ��, ��  � �� .
+
�� uVs
��
uVS v4.0 [http://dsrt.dyndns.org]: Windows 7 Ultimate x64 (NT v6.1 SP1) build 7601 Service Pack 1 [C:\WINDOWS]
18.09.2018 16:09:16, santy.

�� , ��...

Tue, 18 Sep 2018 16:06:22 +0300

�� , ��... �� , ��, ��  � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v4.0.16 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

setdns ����������� �� ��������� ����\4\{44CC6430-4DAA-4358-8330-25C928F33215}\8.8.8.8,8.8.4.4
deldirex %SystemDrive%\USERS\USER\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER

delref HTTPS://NEWTAB.CLUB
delall %SystemDrive%\PROGRAM FILES (X86)\ZNZDCAQALSTCLFCXVZR\AZQVYKE.DLL
delall %SystemDrive%\PROGRAM FILES (X86)\SNDOQSECEZDJC\CDYUTZY.DLL
delall %SystemDrive%\PROGRAM FILES (X86)\BXRRTRDAU\DAHVKB.DLL
delall %SystemDrive%\PROGRAMDATA\OXHDTRJAFHQMISVB\RPQIJRN.WSF
delall %SystemDrive%\PROGRAM FILES (X86)\RFGYFJBNYWLU2\VDJARHSVHKXBG.DLL
delref HTTP://EZELEN.RU
delref HTTP://SEWEING.ORG/CJUPOLTHOWZS.FEP
delref HTTP://SEWEING.ORG/GIX0B90DKNDE.HIK
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBGCIFLJFAPBHGIEHKJLCKFJMGEOJIJCB%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCCFIFBOJENKENPKMNBNNDEADPFDIFFOF%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEIODDFAEPDOEIFBHJPHFEFGIPCJCDIEO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DHCADGIJMEDBFGCIEGJOMFPJCDCHLHNIF%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DIFLPPBJNPNEIIGCBDFJPNKEBIDMKJMOI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DILAMGBDAEBKBPKKMFMMFBNAAMKHIJDEK%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DLBJJFIIHGFEGNIOLCKPHPNFAOKDKBMDM%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DLHEMECHCANJMILLLMCCJBJLDONMNNJJJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DMFMJPFOGGIKOLKFILOFBPGCNHDCGAHIB%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DNBIFDKMDOJGMPMOPDEBNJCOBEKGDONCN%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOELPKEPJLGMEHAJEHFEICFBJDIOBDKFJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOFDGAFMDEGFKHFDFKMLLFEFMCMCJLLEC%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOGCBDLIMAFBFGBJIFJLAFEGCBPPHOKOC%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPFJGIBHMCGNCMJHDODPAOLFBJPJJAJAL%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPGAIDLFGJKMEENDHKNAFAHPPLLBNIEJM%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DPNOOFFJHCLKOCPLOPFFDBCDGHMIFFHJI%26INSTALLSOURCE%3DONDEMAND%26UC
delref %Sys32%\THEMCTRL.DLL
delref %Sys32%\WBIOSRVP.DLL
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DFLTUSER\EXTENSIONS\BGCIFLJFAPBHGIEHKJLCKFJMGEOJIJCB\7.0.25_0\����� MAIL.RU
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DFLTUSER\EXTENSIONS\EIODDFAEPDOEIFBHJPHFEFGIPCJCDIEO\7.0.2_0\����� MAIL.RU
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DFLTUSER\EXTENSIONS\ILAMGBDAEBKBPKKMFMMFBNAAMKHIJDEK\4.0.5_0\����� MAIL.RU
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DFLTUSER\EXTENSIONS\NBIFDKMDOJGMPMOPDEBNJCOBEKGDONCN\4.0.5_0\����� MAIL.RU
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DFLTUSER\EXTENSIONS\OJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD\12.0.12_0\����� MAIL.RU
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DFLTUSER\EXTENSIONS\PFJGIBHMCGNCMJHDODPAOLFBJPJJAJAL\3.0.2_0\����� MAIL.RU
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DDHDGFFKKEBHMKFJOJEJMPBLDMPOBFKFO%26INSTALLSOURCE%3DONDEMAND%26UC
apply

regt 27
deltmp
delref %SystemDrive%\PROGRAMDATA\NVIDIA\DISPLAYSESSIONCONTAINER%D.LOG
delref %SystemDrive%\PROGRAMDATA\NVIDIA\NVCONTAINERUSER%DSPUSER.LOG
delref %SystemDrive%\PROGRAMDATA\NVIDIA\NVCONTAINERUSER%D.LOG
delref %SystemDrive%\PROGRAM FILES (X86)\QGNA\QGNA.EXE
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE15\OLICENSEHEARTBEAT.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\OPERA\LAUNCHER.EXE
delref %SystemDrive%\USERS\USER\APPDATA\ROAMING\HARD DISK SENTINEL\REALTEK HD\RTHDCPL.EXE
delref %SystemRoot%\SYSWOW64\TBSSVC.DLL
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\UMPO.DLL
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\RDVGKMD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.EXE
delref {8BE8AA63-D7EA-54DF-9E39-FF673A43B3A8}\[CLSID]
delref {EBA7A1E6-E69D-4BA5-B291-95782A004604}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\4GAME\3.6.2.265\NPPLUGIN4GAME.DLL
delref D:\PROGRAM FILES (X86)\PLAYKEY\NPPLAYKEYPLUGINAPP_I386.DLL
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\57.0.2987.133\INSTALLER\CHRMSTP.EXE
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {05187161-5C36-4324-A734-22BF37509F2D}\[CLSID]
delref {05A1D945-A794-44EF-B41A-2F851A117155}\[CLSID]
delref {1A184982-D79E-44C7-BDE4-686552E67B44}\[CLSID]
delref {1F3EFFE4-0E70-47C7-9C48-05EB99E20011}\[CLSID]
delref {3376086C-D6F9-4CE4-8B89-33CD570106B5}\[CLSID]
delref {5C769985-C3E1-4F95-BEE7-1101C465F5FC}\[CLSID]
delref {5C94FE86-B93B-467F-BFC3-BD6C91416F9B}\[CLSID]
delref {6DDA37BA-0553-499A-AE0D-BEBA67204548}\[CLSID]
delref {7036C2FE-A209-464C-97AB-95B9260EDBF7}\[CLSID]
delref {7605E26C-DE38-4B82-ADD8-FE2568CC0B25}\[CLSID]
delref {77E3A6A3-2A24-43FA-B929-00747E4B560B}\[CLSID]
delref {AD83011E-01D1-4623-91FD-6B75F183C5A9}\[CLSID]
delref {C9361F5A-3282-4944-9899-6D99CDC5370B}\[CLSID]
delref {ED3110F0-5211-11DF-94AF-0026B977EEAA}\[CLSID]
delref {ED3110F3-5211-11DF-94AF-0026B977EEAA}\[CLSID]
delref {ED3110F5-5211-11DF-94AF-0026B977EEAA}\[CLSID]
delref {ED3110F8-5211-11DF-94AF-0026B977EEAA}\[CLSID]
delref %Sys32%\DRIVERS\RDVGKMD.SYS
delref D:\PROGRAM FILES (X86)\PLAYKEY\NPPLAYKEYPLUGINAPP_X86_64.DLL
delref %Sys32%\BLANK.HTM
delref %SystemDrive%\PROGRAM FILES (X86)\BLUESTACKS\HD-HYPERVISOR-AMD64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\BLUESTACKS\BSTKDRV.SYS
delref %Sys32%\DRIVERS\EW_HWUSBDEV.SYS
delref %Sys32%\DRIVERS\EW_USBENUMFILTER.SYS
delref %Sys32%\DRIVERS\EW_JUCDCACM.SYS
delref %Sys32%\DRIVERS\EW_JUBUSENUM.SYS
delref %Sys32%\DRIVERS\EW_JUEXTCTRL.SYS
delref %Sys32%\DRIVERS\EW_JUWWANECM.SYS
delref %Sys32%\DRIVERS\EWUSBMDM.SYS
delref %SystemDrive%\PROGRAMDATA\NVIDIA\NVCONTAINERNETWORKSERVICE.LOG
delref %SystemDrive%\PROGRAM FILES\UBAR\UBARDRIVER.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\X6VA062
delref %SystemRoot%\SYSWOW64\DRIVERS\X6VA063
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.1\PSMACHINE.DLL
delref E:\ACCESSIBLEMARSHAL.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.27.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\NVIDIA CORPORATION\INSTALLER2\INSTALLER.{698E01A4-D4C6-4962-B289-8D262E578E92}\NVI2.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.13\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL
delref {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\[CLSID]
delref {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\[CLSID]
delref H:\AUTORUN.EXE
delref {5A8FF410-F3CE-4844-B31B-F18D911239E8}\[CLSID]
delref {7AEFE841-DCA1-4A95-80CB-BE935D020300}\[CLSID]
delref {7AEFE841-DCA1-4A95-80CB-BE935D020701}\[CLSID]
delref {8DCB7100-DF86-4384-8842-8FA844297B3F}\[CLSID]
delref {D2CE3E00-F94A-4740-988E-03DC2F38C34F}\[CLSID]
;-------------------------------------------------------------

restart

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
18.09.2018 16:06:22, santy.

�� , ��...

Tue, 18 Sep 2018 15:59:43 +0300

�� , ��... �� , ��, ��  � �� .
��,
�� .
�� .
18.09.2018 15:59:43, santy.

�� , ��...

Tue, 18 Sep 2018 15:22:42 +0300

�� , ��... �� , ��, ��  � �� .
�� , �� (https://bnewsb.com/?c=994014016_*_c7d8efe8ff2f10e5300d701a0a487d1e-5602-0918_*_c7d8efe8ff2f10e5300d7...) � (https://1xust.host/ru/?tag=s_51749m_355c_d68_n47_%7bWL%7d1278473153447105-IAB1_l398_pop-up&p...)

� �� chrome, �� .
� �� , �� svchost �� -�� (svchost)
�� .

...��

002-USER-PC_2018-09-18_16-13-15.7z
18.09.2018 15:22:42, iiyama.

�� , ��...

Tue, 18 Sep 2018 11:22:38 +0300

�� , ��... �� , ��, ��  � �� .
��, ��...
001-USER-PC_2018-09-18_12-04-46.7z
18.09.2018 11:22:38, iiyama.

�� , ��...

Tue, 18 Sep 2018 11:04:22 +0300

�� , ��... �� , ��, ��  � �� .
�� ,
(�� , )
18.09.2018 11:04:22, santy.

�� , ��...

Tue, 18 Sep 2018 11:01:28 +0300

�� , ��... �� , ��, ��  � �� .
��. �� 2011 ��. �� , �� . ��.
�� ...
�� , ��. �� , �� svchost �� .
18.09.2018 11:01:28, iiyama.

����� esetnod32.ru [����: ���� ��������, ���������...]

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

���� ��������, ���������...

�� esetnod32.ru [��: �� , ��...]

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...

�� , ��...