�� esetnod32.ru [��: �� ]

��

Tue, 28 Jan 2020 01:08:27 +0300

��  Internet Security ��  � �� .
�� :)
28.01.2020 01:08:27, RP55 RP55.

��

Tue, 28 Jan 2020 01:00:27 +0300

��  Internet Security ��  � �� .
RP55 RP55, �� ! �� .
�� !
28.01.2020 01:00:27, Alex Ivanov.

��

Tue, 28 Jan 2020 00:56:21 +0300

��  Internet Security ��  � �� .
�� ESET �� Torrent �� ( �� )
� �� \��.
( � �� - � �� )
https://www.virustotal.com/gui/file/003fda7bf7ed3ded448ba57273cf130378b33bb9eaf12ff2eadce8b9f9a6378b/detection
�� \�� . ( �� )
��
�� : QBittorrent
https://ru.wikipedia.org/wiki/QBittorrent
28.01.2020 00:56:21, RP55 RP55.

��

Tue, 28 Jan 2020 00:47:08 +0300

��  Internet Security ��  � �� .
�� Torrent �� , �� . �� , �� 26 �� , �� . �� ?
321.txt
28.01.2020 00:47:08, Alex Ivanov.

��

Tue, 28 Jan 2020 00:23:45 +0300

��  Internet Security ��  � �� .
� �� Torrent �� - ?
+
��
http://forum.esetnod32.ru/forum9/topic1408/
28.01.2020 00:23:45, RP55 RP55.

��

Tue, 28 Jan 2020 00:13:16 +0300

��  Internet Security ��  � �� .
� ��
[FILE ID=115544]

Fixlog.txt
28.01.2020 00:13:16, Alex Ivanov.

��

Tue, 28 Jan 2020 00:03:31 +0300

��  Internet Security ��  � �� .
�� fixlist.txt � �� Farbar Recovery Scan Tool:
...
�� FRST � �� Fix � ��.

====code====

  

AlternateDataStreams: C:\Users\ASUS2013:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\TEMP:D8999815 [209]
AlternateDataStreams: C:\Users\Public\DRM:?????? [48]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
AlternateDataStreams: C:\Users\��� ������������\TEMP:D8999815 [209]
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe No File
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe No File
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKU\S-1-5-21-4101733993-232200229-2103188814-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
2020-01-27 23:22 - 2020-01-27 23:22 - 000016384 _____ () [File not signed] D:\Temp\nsv9EDF.tmp\registry.dll
Task: {1BB27ED7-CEB9-4BDF-A753-1258D982853A} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {256CC5A0-72AD-406D-9BAF-C691B69D3B94} - \CCleaner Update -> No File <==== ATTENTION
Task: {36206FCF-33ED-4EA1-ABCA-D43199ADCEE8} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {44822E2F-BC2F-4B87-A8A5-6CBE441D38F2} - \ASUS Live Update Task Schedule -> No File <==== ATTENTION
Task: {620DDE7C-AB4A-4371-99BD-10ED873D7118} - \{06060FE7-E4A7-49BA-9F14-BC12BFB77556} -> No File <==== ATTENTION
Task: {6337DB71-D20E-4129-B887-45226D924570} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {88A51E64-B287-4990-A2FB-EBB638D57867} - \{71689F56-7686-4CCE-81C1-AFED223B33CF} -> No File <==== ATTENTION
Task: {900DC5C0-FDA6-47B5-BEB1-08F7BDCD8785} - \{A66B51A9-12E4-487B-8A1F-CB84B2182EA3} -> No File <==== ATTENTION
Task: {A6B5A41F-1A64-4099-9832-0A93D066397B} - \{FCBFA90B-BB2F-42E5-9556-DF40DD1C778D} -> No File <==== ATTENTION
Task: {D288E586-61B7-4E42-AA8F-3535970A6B5B} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {D9BB5365-0A13-467B-A836-E0709C0BCC5E} - \{4AD92130-36E5-4FEB-A359-D6A680583D9B} -> No File <==== ATTENTION
Toolbar: HKU\S-1-5-21-4101733993-232200229-2103188814-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-4101733993-232200229-2103188814-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S2 WCMVCAM; system32\DRIVERS\wcmvcam64.sys [X]


EmptyTemp:
Reboot:

=============
�� FRST �� -�� (Fixlog.txt). ��, �� !
��, �� ...
�
�� .
28.01.2020 00:03:31, RP55 RP55.

��

Mon, 27 Jan 2020 23:28:08 +0300

��  Internet Security ��  � �� .
�� . ��
Addition.txt
FRST.txt
AdwCleaner[C01].txt
27.01.2020 23:28:08, Alex Ivanov.

��

Mon, 27 Jan 2020 23:19:51 +0300

��  Internet Security ��  � �� .
3) �� FRST: http://forum.esetnod32.ru/forum9/topic2798/
27.01.2020 23:19:51, RP55 RP55.

��

Mon, 27 Jan 2020 23:07:17 +0300

��  Internet Security ��  � �� .
1) �� - � �� .
uVS: start.exe, �� , ��, �� - �� .
�� , �� !
�� : �� !

====code====

;uVS v4.1.8 [http://dsrt.dyndns.org:8888]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
deltmp
restart
;---------command-block---------
delref HTTP://GO.MICROSOFT.COM/FWLINK/?LINKID=122915
delref HTTP://QIP.RU/?UTM_SOURCE=QIP2012&UTM_MEDIUM=CPC&UTM_CAMPAIGN=QIP2012_START
delref HTTP://SCHINAGL.PRIV.AT/NT/HARDLINKSHELLEXT/LINKSHELLEXTENSION.HTML
delref HTTP://UI.SKYPE.COM/UI/0/6.11.66.102/RU/ABANDONINSTALL?SOURCE=LIGHTINSTALLER&AMP;PAGE=TSINSTALL
delref HTTP://UI.SKYPE.COM/UI/0/6.11.66.102/RU/ABANDONINSTALL?SOURCE=LIGHTINSTALLER&AMP;PAGE=TSMAIN
delref HTTP://WWW.BING.COM/SEARCH?Q={SEARCHTERMS}&SRC=IE-SEARCHBOX&FORM=IESR02
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref %SystemRoot%\SOFTWAREDISTRIBUTION\DOWNLOAD\D72B28AC143C04AA46397C61C23F42AB\EXCEL-X-NONE.CAB
delref %SystemRoot%\SOFTWAREDISTRIBUTION\DOWNLOAD\7F1706E8E460C5D322C817640A76AEBA\OART-X-NONE.CAB
delref %SystemRoot%\SOFTWAREDISTRIBUTION\DOWNLOAD\4118F59E148251A99D7322743E9DE9AC\PROJECT-X-NONE.CAB
delref %SystemDrive%\PROGRAM FILES (X86)\ASUS\GPU TWEAK\ASUSLIVEUPDATE.EXE
delref %SystemDrive%\PROGRAM FILES\CCLEANER\CCUPDATE.EXE
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
delref D:\GAMES\THE WITCHER 3 WILD HUNT\BIN\X64\WITCHER3.EXE
delref D:\��������\WIN64_153336.EXE
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\UMPO.DLL
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\RDVGKMD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\LSM.EXE
delref %SystemRoot%\SYSWOW64\LOGONUI.EXE
delref {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\[CLSID]
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {7AEFE841-DCA1-4A95-80CB-BE935D020500}\[CLSID]
delref {7AEFE841-DCA1-4A95-80CB-BE935D020700}\[CLSID]
delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref %SystemRoot%\SYSWOW64\WIN32K.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\BATTLELOG WEB PLUGINS\2.5.0\NPBATTLELOG.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\BATTLELOG WEB PLUGINS\2.7.0\NPBATTLELOG.DLL
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {1F77B17B-F531-44DB-ACA4-76ABB5010A28}\[CLSID]
delref {B1883831-F0D8-4453-8245-EEAAD866DD6E}\[CLSID]
delref {64A9418A-B6B1-4112-B75C-E61633C9A31F}\[CLSID]
delref {6A2E142B-EA63-433A-AC05-5223CBD26E65}\[CLSID]
delref {6AFCC535-2F12-4F50-9F0A-1CF856CFC95D}\[CLSID]
delref %Sys32%\DRIVERS\RDVGKMD.SYS
delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL
delref %Sys32%\DRIVERS\TSUSBHUB.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\BATTLELOG WEB PLUGINS\2.5.0\NPBATTLELOGX64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\BATTLELOG WEB PLUGINS\2.7.0\NPBATTLELOGX64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\60.0.3112.90\INSTALLER\CHRMSTP.EXE
delref %Sys32%\BLANK.HTM
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\DRIVERS\ARCCTRL.SYS
delref D:\TEMP\CPU-ZPORTABLETEMP\CPUZ141\CPUZ141_X64.SYS
delref %Sys32%\DRIVERS\CSRAVRCP.SYS
delref %Sys32%\DRIVERS\CSRBTHAUDIOHF.SYS
delref %Sys32%\DRIVERS\CSRBTPORT.SYS
delref %Sys32%\DRIVERS\CSRHFGCC.SYS
delref %Sys32%\DRIVERS\CSRPAN.SYS
delref %Sys32%\DRIVERS\CSRSERIAL.SYS
delref %Sys32%\DRIVERS\CSRUSB.SYS
delref %Sys32%\DRIVERS\CSRBTHAV.SYS
delref D:\TEMP\GPUZ.SYS
delref %Sys32%\DRIVERS\RTKVHD64.SYS
delref %Sys32%\DRIVERS\SYNTH3DVSC.SYS
delref %Sys32%\DRIVERS\RTTEAM60.SYS
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.342\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.34.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.301\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.23\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.17\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.34.11\PSMACHINE_64.DLL
delref %Sys32%\SHAREMEDIACPL.CPL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.145\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.342\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.34.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.301\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\PLASRV.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.23\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.165\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.153\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.17\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.7\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.34.11\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.149\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\NVIDIA CORPORATION\INSTALLER2\INSTALLER.{9EC5D98A-35BE-4EFD-BA56-D2357277BAFB}\NVI2.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.31.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.57\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.22.3\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\RAZER\SYNAPSE3\WPFUI\FRAMEWORK\RAZER SYNAPSE 3 HOST\RAZER SYNAPSE 3.EXE
delref D:\BIN\ASSETUP.EXE
delref {1C492E6A-2803-5ED7-83E1-1B1D4D41EB39}\[CLSID]
delref {5A8FF410-F3CE-4844-B31B-F18D911239E8}\[CLSID]
delref %SystemDrive%\PROGRAM FILES (X86)\INSTALLSHIELD INSTALLATION INFORMATION\{09CDCA35-23FF-4ED6-AFDA-BBD55235CE4B}\SETUP.EXE
delref F:\TRINE 4 - THE NIGHTMARE PRINCE\TRINE4.EXE
delref F:\TRINE 4 - THE NIGHTMARE PRINCE\UNINS000.EXE
delref %Sys32%\MATRIXWORLD 3D SCREENSAVER.SCR
delref %SystemDrive%\PROGRAM FILES (X86)\INSTALLSHIELD INSTALLATION INFORMATION\{7133137D-DF48-4522-AD88-13C82B7D0A63}\SETUP.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\INSTALLSHIELD INSTALLATION INFORMATION\{AD43B296-FE63-42C0-AA39-D8759B905420}\SETUP.EXE
delref J:\������� ������������\MKB10\MKB10\MAKHAONMKB10.EXE
apply

=============

+
�� (�� )

2) �� AdwCleaner
http://forum.esetnod32.ru/forum9/topic7084/

�� :
�� Mail.Ru � Yandex �� ( �� )
�� :
�� (Folders) �� Mail.Ru � Yandex �� [V]
27.01.2020 23:07:17, RP55 RP55.

��

Mon, 27 Jan 2020 22:38:46 +0300

��  Internet Security ��  � �� .
��. �� .�� .
2020-01-27_21-38-58_v4.1.8.7z
27.01.2020 22:38:46, Alex Ivanov.

����� esetnod32.ru [����: ����� ������������]

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

����� ������������

�� esetnod32.ru [��: �� ]

��

��

��

��

��

��

��

��

��

��

��