�� esetnod32.ru [��: �� windrvs.ru]

�� windrvs.ru

Mon, 25 Feb 2019 18:48:28 +0300

�� windrvs.ru � �� .

====quote====
�� :
��
=============
TNOD ��
C:\PROGRAM FILES (X86)\TNOD\TNODUP.EXE
(�� ~ TNODUP.EXE)(1) [skip (0)]

�� , � �� ,
��, �� ESET
25.02.2019 18:48:28, santy.

�� windrvs.ru

Mon, 25 Feb 2019 18:23:49 +0300

�� windrvs.ru � �� .
��
1-��_2019-02-25_17-03-15_v4.1.3.7z
25.02.2019 18:23:49, �� .

�� windrvs.ru

Mon, 25 Feb 2019 16:58:51 +0300

�� windrvs.ru � �� .
@ �� ,
�� .
25.02.2019 16:58:51, santy.

�� windrvs.ru

Mon, 25 Feb 2019 16:46:52 +0300

�� windrvs.ru � �� .
�� ? � �� , � �� , � 8�� 16.00, �� ...
25.02.2019 16:46:52, �� .

�� windrvs.ru

Tue, 12 Feb 2019 14:53:06 +0300

�� windrvs.ru � �� .

====quote====
andruhasms ��:
�� 3 �� . �� . ��
=============
��:
�� ,
�� ESET? �� ESET?

�� , ��

12.02.2019 14:53:06, santy.

�� windrvs.ru

Tue, 12 Feb 2019 14:51:56 +0300

�� windrvs.ru � �� .

====quote====
santy ��:
� �� ?
��?
�� , �� ?
=============
�� 3 �� . �� . ��
12.02.2019 14:51:56, andruhasms.

�� windrvs.ru

Tue, 12 Feb 2019 14:51:16 +0300

�� windrvs.ru � �� .

====quote====
RP55 RP55 ��:
1) PC-A-N68_2019-02-12_13-55-53_v4.1.2.7z (500.19 ��) - ��.

2) �� ...
�� DNS - �� .
( �� DNS �� , �� )
�� - �� DNS �� .
�� .

�� . ��
https://club.esetnod32.ru/articles/analitika/moya-set-moi-pravila/
=============
�� . �� . �� . �� . � � �� -�� . �� .
12.02.2019 14:51:16, andruhasms.

�� windrvs.ru

Tue, 12 Feb 2019 14:42:11 +0300

�� windrvs.ru � �� .
� �� ?
��?
�� , �� ?
+
��:
�� ,
�� ESET? �� ESET?
12.02.2019 14:42:11, santy.

�� windrvs.ru

Tue, 12 Feb 2019 14:40:23 +0300

�� windrvs.ru � �� .
1) PC-A-N68_2019-02-12_13-55-53_v4.1.2.7z (500.19 ��) - ��.

2) �� ...
�� DNS - �� .
( �� DNS �� , �� )
�� - �� DNS �� .
�� .

�� . ��
https://club.esetnod32.ru/articles/analitika/moya-set-moi-pravila/
12.02.2019 14:40:23, RP55 RP55.

�� windrvs.ru

Tue, 12 Feb 2019 14:13:46 +0300

�� windrvs.ru � �� .
��
http://joxi.ru/KAgK6kbIE6Q5gA

P.S. �� , �� . �� . � ��
PC-A-N68_2019-02-12_13-55-53_v4.1.2.7z
12.02.2019 14:13:46, andruhasms.

�� windrvs.ru

Fri, 08 Feb 2019 17:19:44 +0300

�� windrvs.ru � �� .
�� .
+
��: �� ?
192.168.30.252
08.02.2019 17:19:44, santy.

�� windrvs.ru

Fri, 08 Feb 2019 17:08:39 +0300

�� windrvs.ru � �� .
�� . �� , � �� . ��
08.02.2019 17:08:39, andruhasms.

�� windrvs.ru

Fri, 08 Feb 2019 16:28:39 +0300

�� windrvs.ru � �� .
� ��...

====quote====
�� ?
�� ?
=============

08.02.2019 16:28:39, santy.

�� windrvs.ru

Fri, 08 Feb 2019 16:06:10 +0300

�� windrvs.ru � �� .
��
08.02.2019 16:06:10, andruhasms.

�� windrvs.ru

Fri, 08 Feb 2019 14:26:24 +0300

�� windrvs.ru � �� .
�� ?
�� ?
�� ?
�� ?
08.02.2019 14:26:24, santy.

�� windrvs.ru

Fri, 08 Feb 2019 14:07:32 +0300

�� windrvs.ru � �� .
��
Fixlog.txt
08.02.2019 14:07:32, andruhasms.

�� windrvs.ru

Fri, 08 Feb 2019 13:44:30 +0300

�� windrvs.ru � �� .
6. �� fixlist.txt � �� Farbar Recovery Scan Tool:
�� FRST � �� Fix � ��. �� -�� (Fixlog.txt). ��, �� !

====code====

CHR DefaultSearchURL: Default -> hxxps://ilex-private.ilex.by/assets/img/fav_32.ico
OPR Extension: (Free Flash, Unity3D and html5 games) - C:\Users\��������\AppData\Roaming\Opera Software\Opera Stable\Extensions\egjicgmgibgofmekojoaaddjkagfajjh [2016-06-06]
OPR Extension: (SaveFrom.net ��������) - C:\Users\��������\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2016-08-18]
2019-02-01 09:21 - 2019-02-08 12:48 - 000002631 _____ C:\Users\��� ������������\temp1.exe
2019-02-01 09:21 - 2019-02-08 12:48 - 000002631 _____ C:\ProgramData\temp1.exe
2019-02-01 09:21 - 2019-02-08 12:48 - 000002631 _____ () C:\ProgramData\temp1.exe
2019-02-01 09:21 - 2019-02-08 12:48 - 000002631 _____ () C:\Users\��� ������������\temp1.exe
Task: {C0F4537C-30C3-4947-9E2A-9FA518CA374C} - \Opera scheduled Autoupdate 1438166370 -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A [130]
AlternateDataStreams: C:\Users\��� ������������\TEMP:41ADDB8A [130]
EmptyTemp:
Reboot:

=============
08.02.2019 13:44:30, santy.

�� windrvs.ru

Fri, 08 Feb 2019 13:17:49 +0300

�� windrvs.ru � �� .
�� 2 , ��
�� 5 . ��
FRST.txt
Addition.txt
08.02.2019 13:17:49, andruhasms.

�� windrvs.ru

Thu, 07 Feb 2019 17:48:34 +0300

�� windrvs.ru � �� .
2.��
��
��,
3.��
http://forum.esetnod32.ru/forum9/topic7084/

*****
4.� ��, �� ,
� �� �� �� mail.ru, yandex (�� )
�� ��
��,

5.�� FRST
http://forum.esetnod32.ru/forum9/topic2798/
07.02.2019 17:48:34, santy.

�� windrvs.ru

Thu, 07 Feb 2019 17:45:53 +0300

�� windrvs.ru � �� .
�� , �� . ��
��.txt
07.02.2019 17:45:53, andruhasms.

�� windrvs.ru

Thu, 07 Feb 2019 16:00:16 +0300

�� windrvs.ru � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v4.1.2 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

deldirex %SystemDrive%\USERS\��������\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER

deldirex %SystemDrive%\USERS\ALEX\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER

delall %SystemDrive%\USERS\��������\APPDATA\ROAMING\ACESTREAM\EXTENSIONS\AWE\FIREFOX\ACEWEBEXTENSION_UNLISTED.XPI
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBEJNPNKHFGFKCPGIKIINOJLMDCJIMOBI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGBJEIEKAHKLBGBFCCOHIPINHGAADIJAD%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DJKFBLCBJFOJMGAGIKHLDEPPGMGDPJKPL%26INSTALLSOURCE%3DONDEMAND%26UC
delref %SystemDrive%\USERS\��������\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BEJNPNKHFGFKCPGIKIINOJLMDCJIMOBI\2.0.2.15_0\�����  ������A
delref %SystemDrive%\USERS\��������\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GBJEIEKAHKLBGBFCCOHIPINHGAADIJAD\2.0.3.11_1\��������� � ������
delref %SystemDrive%\USERS\��������\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI\1.7_0\GOOGLE ��������� ������
delref %SystemDrive%\USERS\��������\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MBLACHNHCPMGDGKOCHJKBMONNGEBKMKL\8.24.1_0\����� � ��������� � ������
delref %SystemDrive%\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BEJNPNKHFGFKCPGIKIINOJLMDCJIMOBI\2.0.2.11_0\�����  ������A
delref %SystemDrive%\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GBJEIEKAHKLBGBFCCOHIPINHGAADIJAD\2.0.3.11_0\��������� � ������
delref %SystemDrive%\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI\1.4_1\GOOGLE ��������� ������
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DDHDGFFKKEBHMKFJOJEJMPBLDMPOBFKFO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DMJBEPBHONBOJPOAENHCKJOCCHGFIAOFO%26INSTALLSOURCE%3DONDEMAND%26UC
apply

deltmp
delref %SystemRoot%\SYSWOW64\MACROMED\FLASH\FLASHUTIL32_19_0_0_245_PEPPER.EXE
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE15\OLICENSEHEARTBEAT.EXE
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\OPERA\LAUNCHER.EXE
delref %SystemRoot%\SYSWOW64\TBSSVC.DLL
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\UMPO.DLL
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.EXE
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref %SystemDrive%\USERS\ALEX\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER\UNITYWEBPLUGINAX.OCX
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID]
delref {A25BDC79-1A0B-45A9-947A-28809944B1FF}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {D27CDB6E-AE6D-11CF-96B8-444553540000}\[CLSID]
delref %SystemRoot%\SYSWOW64\WIN32K.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\57.0.2987.133\INSTALLER\CHRMSTP.EXE
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\AIMP3\MODULES\AIMP_MENU64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\AIMP3\MODULES\AIMP_MENU32.DLL
delref %Sys32%\IGFXPPH.DLL
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref %SystemDrive%\PROGRAM FILES\TABLET\PEN\CONSUMER_CPL.EXE
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %SystemDrive%\USERS\��������\DESKTOP\MEDIACODER-X64-0.8.39.5790\SYSINFOX64.SYS
delref %SystemDrive%\PROGRAM FILES\NVIDIA CORPORATION\GEFORCE EXPERIENCE SERVICE\NVWIRELESSCONTROLLER.EXE
delref %Sys32%\DRIVERS\RDVGKMD.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{972CE4C6-7E08-4474-A285-3208198CE6FD}
delref %SystemDrive%\USERS\ALEX\APPDATA\LOCAL\MAIL.RU\GAMECENTER\NPDETECTOR.DLL
delref %Sys32%\IGFXSRVC.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\UC\PLAYBACKCTRL.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UC\STREAMPLAYER.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.8\PSMACHINE_64.DLL
delref %Sys32%\IGFXDO.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.17\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UC\SEARCHIPC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.5\PSMACHINE_64.DLL
delref %Sys32%\IGFXTMM.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UC\AUXPTZNEW.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UC\AVIRECORD.DLL
delref %Sys32%\IGFXDEV.DLL
delref %Sys32%\SHAREMEDIACPL.CPL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE_64.DLL
delref %Sys32%\IGFXSRVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\UC\RTSPPULLCLIENT.DLL
delref %SystemDrive%\PROGRA~2\AIMP3\AIMP3.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\UC\RTSPACTIVEX.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.28.15\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.32.8\PSMACHINE.DLL
delref %SystemDrive%\USERS\331A~1\APPDATA\LOCAL\TEMP\HYD1D8D.TMP.1474369505\HTA\3RDPARTY\OCCOMSDK.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.17\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\JAVA\JRE1.8.0_111\BIN\WSDETECT.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.30.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\ACRORD32INFO.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.5\PSMACHINE.DLL
delref E:\LENOVO_SUITE.EXE
delref %SystemDrive%\PROGRAM FILES\TABLETPLUGINS\NPWACOMTABLETPLUGIN.DLL
delref {092DFA86-5807-5A94-BF3B-5A53BA9E5308}\[CLSID]
delref %Sys32%\BLANK.HTM
delref %SystemDrive%\DRIVERS\WIN\WLANBCM\SETUP.EXE
;-------------------------------------------------------------

restart

=============
��, �� .
------------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
07.02.2019 16:00:16, santy.

�� windrvs.ru

Thu, 07 Feb 2019 15:33:35 +0300

�� windrvs.ru � �� .
�� . �� nod32, � �� 10 �� . � �� windrvs.ru ��-�� 185.125.219.31
�� . �� uvs �� . �� ,��!
PC-10_2019-02-07_15-20-00_v4.1.2.7z
07.02.2019 15:33:35, andruhasms.

����� esetnod32.ru [����: ������������� ���������� � windrvs.ru]

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

������������� ���������� � windrvs.ru

�� esetnod32.ru [��: �� windrvs.ru]

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru

�� windrvs.ru