davapi.dll ��?

Sat, 19 Jan 2019 17:12:05 +0300

davapi.dll ��? ��  � �� .
santy, RP55 RP55,
�� . ��
19.01.2019 17:12:05, �� .

davapi.dll ��?

Sat, 19 Jan 2019 15:27:45 +0300

davapi.dll ��? ��  � �� .
��
https://forum.esetnod32.ru/forum9/topic13764//
19.01.2019 15:27:45, santy.

davapi.dll ��?

Sat, 19 Jan 2019 14:25:33 +0300

davapi.dll ��? ��  � �� .
�� Frst.
AdwCleaner[C00].txt
AdwCleaner[S00].txt
Addition.txt
FRST.txt
19.01.2019 14:25:33, �� .

davapi.dll ��?

Sat, 19 Jan 2019 06:13:24 +0300

davapi.dll ��? ��  � �� .
2.��
��
��,
3.��
http://forum.esetnod32.ru/forum9/topic7084/

*****
4.� ��, �� ,
� �� �� �� mail.ru, yandex (�� )
�� ��
��,

5.�� FRST
http://forum.esetnod32.ru/forum9/topic2798/
19.01.2019 06:13:24, santy.

davapi.dll ��?

Sat, 19 Jan 2019 01:10:28 +0300

davapi.dll ��? ��  � �� .
RP55 RP55, �� . �� .
��!
Malwarebyte �� , ��
malware log.txt
19.01.2019 01:10:28, �� .

davapi.dll ��?

Fri, 18 Jan 2019 21:14:25 +0300

davapi.dll ��? ��  � �� .
�� - � �� .
uVS: start.exe, �� , ��, �� - �� .
�� , �� !
�� : �� !

====code====


;uVS v4.1.2 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
zoo %Sys32%\WINDHCP.DLL
bl DCD1B3E2BF9AC8DDFD3FFC90478AF1ED 2396672
addsgn A4BC2472546A4C72C78CE638A780EDC56DA7FC46AAFA5755119FAFBB18D3FA104910436CF220848F28803F9F56164992BA68154F3D3A78CC4D24F4C7CB062273 64 Win64/Packed.Themida.[ESET-NOD32] 7

chklst
delvir

deltmp
restart
;---------command-block---------
delref HTTP://STARTMAIN.RU/
delall %SystemDrive%\USERS\TRABL\APPDATA\LOCAL\YANDEX\YANDEXBROWSER\USER DATA\DEFAULT\EXTENSIONS\HELPER@SAVEFROM.NET.CRX
delref %SystemDrive%\USERS\TRABL\APPDATA\LOCAL\YANDEX\YANDEXBROWSER\USER DATA\DEFAULT\EXTENSIONS\MDPLJNDCMBEIKFNLFLCGGAIPGNHIEDBL\8.1_0\SAVEFROM.NET ��������
delref %SystemDrive%\USERS\TRABL\APPDATA\LOCAL\TEMP\SETUP-YABROWSER.EXE
delref %SystemDrive%\USERS\ADMINISTRATOR\APPDATA\LOCAL\YANDEX\YANDEXBROWSER\APPLICATION\BROWSER.EXE
delref %SystemRoot%\AACT_TOOLS\AACT.EXE
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref %SystemRoot%\SYSWOW64\TBSSVC.DLL
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\UMPO.DLL
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\RDVGKMD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.EXE
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {CA8A9780-280D-11CF-A24D-444553540000}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {D27CDB6E-AE6D-11CF-96B8-444553540000}\[CLSID]
delref %SystemRoot%\SYSWOW64\WIN32K.SYS
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref %Sys32%\BLANK.HTM
delref %Sys32%\DRIVERS\RDVGKMD.SYS
delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.7\PSMACHINE_64.DLL
delref %Sys32%\IGFXCFG.EXE
delref %Sys32%\SHAREMEDIACPL.CPL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.7\PSMACHINE.DLL
delref G:\HISUITEDOWNLOADER.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
delref D:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE
delref %SystemDrive%\USERS\TRABL\APPDATA\LOCAL\YANDEX\YANDEXBROWSER\USER DATA\DEFAULT\EXTENSIONS\FKFAKAKMBBPGCPBCOFKHPKKGDOHKFOJG\1.9.19.1_0\SAVE TO POCKET
apply

=============

+
�� (�� ) �� Malwarebytes
http://forum.esetnod32.ru/forum9/topic10688/

�� : �� .
�� ( � �� ).
�� .txt ( �� )
18.01.2019 21:14:25, RP55 RP55.

davapi.dll ��?

Fri, 18 Jan 2019 19:50:10 +0300

davapi.dll ��? ��  � �� .

====quote====
santy ��:
��
=============

TRABL-��_2019-01-18_19-36-08_v4.1.2.7z
18.01.2019 19:50:10, �� .

davapi.dll ��?

Fri, 18 Jan 2019 16:10:48 +0300

davapi.dll ��? ��  � �� .
��
18.01.2019 16:10:48, santy.

davapi.dll ��?

Fri, 18 Jan 2019 16:05:18 +0300

davapi.dll ��? ��  � �� .
��. � �� davapi.dll. �� C:\Windows\system32\
�� "�� davapi.dll - Win64/Packed.Themida.F.Gen �� . �� ".
�� ?
18.01.2019 16:05:18, �� .

����� esetnod32.ru [����: davapi.dll �����?]

davapi.dll �����?

davapi.dll �����?

davapi.dll �����?

davapi.dll �����?

davapi.dll �����?

davapi.dll �����?

davapi.dll �����?

davapi.dll �����?

davapi.dll �����?

�� esetnod32.ru [��: davapi.dll ��?]

davapi.dll ��?

davapi.dll ��?

davapi.dll ��?

davapi.dll ��?

davapi.dll ��?

davapi.dll ��?

davapi.dll ��?

davapi.dll ��?

davapi.dll ��?