�� esetnod32.ru [��: �� ]

��

Sun, 29 Nov 2020 05:31:44 +0300

��  �� FRST � �� .
�� Defender-�, �� ,
��

====quote====
Date: 2020-11-27 23:01:57.367
Description:
�� "�� Windows" �� .
�� , ��. �� .
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0
��: Trojan:Win32/Tiggre!plock
��: 2147723626
��: ��
��: ��
��: containerfile:_C:\Programdata\RealtekHD\taskhost.exe; containerfile:_C:\ProgramData\Setup\update.exe; file:_C:\Programdata\RealtekHD\taskhost.exe; file:_C:\Programdata\RealtekHD\taskhost.exe->(AutoIT)->winlogon.exe; file:_C:\ProgramData\Setup\update.exe; file:_C:\ProgramData\Setup\update.exe->(AutoIT)->taskhost.exe->(AutoIT)->winlogon.exe; file:_C:\Users\Sergey\AppData\Local\Temp\aut2EE5.tmp; file:_C:\Windows\System32\Tasks\Microsoft\Windows\Wininet\RealtekHDControl->(UTF-16LE); file:_C:\Windows\System32\Tasks\Microsoft\Windows\Wininet\RealtekHDStartUP->(UTF-16LE); process:_pid:10036,ProcessStart:132509807757049735; process:_pid:11036,ProcessStart:132509808017002454; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D169034-8170-46E5-AC57-7294706124F1}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EC5E707-BF81-47EB-BBE3-767B8DB3FE32}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\W
�� : ��
�� : ��
�� : ��
��: NT AUTHORITY\��
�� : C:\ProgramData\RealtekHD\taskhost.exe
�� : AV: 1.327.1650.0, AS: 1.327.1650.0, NIS: 1.327.1650.0
�� : AM: 1.1.17600.5, NIS: 1.1.17600.5
=============
��, �� , �� , � �� .

�� , �� safety@chklst.ru � ��, � �� infected
29.11.2020 05:31:44, santy.

��

Sun, 29 Nov 2020 00:19:07 +0300

��  �� FRST � �� .
�� :

- �� , �� Kernel �� , ��
- CureIT �� , �� Kernel �� , �� ~30 ��. �� /�� .
- �� FRST �� . �� C. �� C �� , �� (��: Program Files\Internet Explorer\bin , �� bin �� . �� ProgramData\RealtekHD), �� . �� /�� , �� Unlocker
- � �� fixlist �� FRST �� santy �� .
- �� : AVZ - 1 �� , NOD - 3, KVRT - 0.
- �� 10-15 ��/�� ProgramData, Program Files, User. �� MBAM - �� 4 trojanagent � �� Windows.
- �� CCleaner

� �� /�� , �� , �� . �� , �� , �� .

�� exe �� . Santy - �� . �� .
29.11.2020 00:19:07, Serge Paramonov.

��

Sat, 28 Nov 2020 18:28:42 +0300

��  �� FRST � �� .

====quote====
santy ��:
6. �� fixlist.txt � �� Farbar Recovery Scan Tool:�� FRST � �� Fix � ��. �� -�� (Fixlog.txt). ��, �� !
=============
�� , �� !
�� , �� .
Fixlog.txt
28.11.2020 18:28:42, Serge Paramonov.

��

Sat, 28 Nov 2020 18:25:42 +0300

��  �� FRST � �� .
+
�� FRST
28.11.2020 18:25:42, santy.

��

Sat, 28 Nov 2020 18:07:34 +0300

��  �� FRST � �� .
6. �� fixlist.txt � �� Farbar Recovery Scan Tool:
�� FRST � �� Fix � ��. �� -�� (Fixlog.txt). ��, �� !

====code====

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\Users\��� ������������\McAfee
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\Users\��� ������������\Kaspersky Lab Setup Files
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\Users\��� ������������\grizzly
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\Users\��� ������������\ESET
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\ProgramData\McAfee
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\ProgramData\Kaspersky Lab Setup Files
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\ProgramData\grizzly
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\ProgramData\ESET
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\Program Files\Kaspersky Lab
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\Program Files\ESET
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\Program Files\Common Files\McAfee
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\Program Files\Cezurity
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\Program Files (x86)\Panda Security
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\Program Files (x86)\Kaspersky Lab
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\Program Files (x86)\GRIZZLY Antivirus
2020-11-27 23:00 - 2020-11-27 23:00 - 000000000 __SHD C:\Program Files (x86)\Cezurity
2020-11-27 22:59 - 2020-11-28 12:16 - 000000000 __SHD C:\AdwCleaner
2020-11-27 22:59 - 2020-11-28 04:31 - 000000000 __SHD C:\KVRT_Data
2020-11-27 22:59 - 2020-11-27 23:37 - 000000000 __SHD C:\Users\��� ������������\WindowsTask
2020-11-27 22:59 - 2020-11-27 23:37 - 000000000 __SHD C:\ProgramData\WindowsTask
2020-11-27 22:59 - 2020-11-27 23:02 - 000000000 __SHD C:\Users\��� ������������\Windows
2020-11-27 22:59 - 2020-11-27 23:02 - 000000000 __SHD C:\Users\��� ������������\Setup
2020-11-27 22:59 - 2020-11-27 23:02 - 000000000 __SHD C:\Users\��� ������������\RealtekHD
2020-11-27 22:59 - 2020-11-27 23:02 - 000000000 __SHD C:\ProgramData\Windows
2020-11-27 22:59 - 2020-11-27 23:02 - 000000000 __SHD C:\ProgramData\Setup
2020-11-27 22:59 - 2020-11-27 23:02 - 000000000 __SHD C:\ProgramData\RealtekHD
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Users\��� ������������\RunDLL
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Users\��� ������������\Norton
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Users\��� ������������\Kaspersky Lab
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Users\��� ������������\AVAST Software
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Users\��� ������������\360safe
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\ProgramData\RunDLL
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\ProgramData\Norton
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\ProgramData\Kaspersky Lab
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\ProgramData\AVAST Software
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\ProgramData\360safe
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Program Files\SpyHunter
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Program Files\Malwarebytes
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Program Files\Enigma Software Group
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Program Files\COMODO
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Program Files\ByteFence
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Program Files\AVG
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Program Files\AVAST Software
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Program Files (x86)\SpyHunter
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Program Files (x86)\Microsoft JDX
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Program Files (x86)\AVG
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Program Files (x86)\AVAST Software
2020-11-27 22:59 - 2020-11-27 22:59 - 000000000 __SHD C:\Program Files (x86)\360
2020-11-27 23:04 - 2018-12-26 16:18 - 000000000 __SHD C:\Users\��� ������������\Doctor Web
2020-11-27 23:04 - 2018-12-26 16:18 - 000000000 __SHD C:\ProgramData\Doctor Web
2018-06-17 16:02 C:\DrWeb Quarantine
2020-11-28 04:31 C:\KVRT_Data
2020-11-27 22:59 C:\Program Files\AVAST Software
2020-11-27 22:59 C:\Program Files\AVG
2020-11-27 22:59 C:\Program Files\ByteFence
2020-11-27 23:00 C:\Program Files\Cezurity
2020-11-27 22:59 C:\Program Files\COMODO
2020-11-27 22:59 C:\Program Files\Enigma Software Group
2020-11-27 23:00 C:\Program Files\ESET
2020-11-27 23:00 C:\Program Files\Kaspersky Lab
2020-11-27 22:59 C:\Program Files\Malwarebytes
2020-11-27 22:59 C:\Program Files\SpyHunter
2020-11-27 22:59 C:\Program Files (x86)\360
2020-11-27 22:59 C:\Program Files (x86)\AVAST Software
2020-11-27 22:59 C:\Program Files (x86)\AVG
2020-11-27 23:00 C:\Program Files (x86)\Cezurity
2020-11-27 23:00 C:\Program Files (x86)\GRIZZLY Antivirus
2020-11-27 23:00 C:\Program Files (x86)\Kaspersky Lab
2020-11-27 22:59 C:\Program Files (x86)\Microsoft JDX
2020-11-27 23:00 C:\Program Files (x86)\Panda Security
2020-11-27 22:59 C:\Program Files (x86)\SpyHunter
2020-11-27 22:59 C:\WINDOWS\speechstracing
2020-11-27 23:00 C:\Program Files\Common Files\McAfee
2020-11-27 22:59 C:\ProgramData\360safe
2020-11-27 22:59 C:\ProgramData\AVAST Software
2020-11-27 23:04 C:\ProgramData\Doctor Web
2020-11-27 23:00 C:\ProgramData\ESET
2020-11-27 23:00 C:\ProgramData\grizzly
2020-11-27 22:59 C:\ProgramData\Kaspersky Lab
2020-11-27 23:00 C:\ProgramData\Kaspersky Lab Setup Files
2020-11-27 23:00 C:\ProgramData\McAfee
2020-11-27 22:59 C:\ProgramData\Norton
2020-11-27 22:59 C:\Users\��� ������������\360safe
2020-11-27 22:59 C:\Users\��� ������������\AVAST Software
2020-11-27 23:04 C:\Users\��� ������������\Doctor Web
2020-11-27 23:00 C:\Users\��� ������������\ESET
2020-11-27 23:00 C:\Users\��� ������������\grizzly
2020-11-27 22:59 C:\Users\��� ������������\Kaspersky Lab
2020-11-27 23:00 C:\Users\��� ������������\Kaspersky Lab Setup Files
2020-11-27 23:00 C:\Users\��� ������������\McAfee
2020-11-27 22:59 C:\Users\��� ������������\Norton
EmptyTemp:
Reboot:

=============
28.11.2020 18:07:34, santy.

��

Sat, 28 Nov 2020 18:03:57 +0300

��  �� FRST � �� .
�� , ��

====quote====
HKLM\...\Policies\Explorer: [DisallowRun] 0
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [RestrictRun] 0

=============

�� FRST ��
28.11.2020 18:03:57, santy.

��

Sat, 28 Nov 2020 18:00:55 +0300

��  �� FRST � �� .

====quote====
santy ��:
�� uVS + �� FRST
=============
��.
Addition.txt
FRST.txt
28.11.2020 18:00:55, Serge Paramonov.

��

Sat, 28 Nov 2020 17:40:55 +0300

��  �� FRST � �� .
�� uVS + �� FRST
28.11.2020 17:40:55, santy.

��

Sat, 28 Nov 2020 17:38:42 +0300

��  �� FRST � �� .
santy ��:
� �� , �� FRST �� ?

��, �� . �� , �� , �� fixlist � �� FRST. �� , �� fixlist �� .
28.11.2020 17:38:42, Serge Paramonov.

��

Sat, 28 Nov 2020 17:35:55 +0300

��  �� FRST � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====


;uVS v4.11.3 [http://dsrt.dyndns.org:8888]
;Target OS: NTv10.0
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

delall %SystemDrive%\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE

delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ%26INSTALLSOURCE%3DONDEMAND%26UC
apply

deltmp
delref %SystemDrive%\PROGRAMDATA\MICROSOFT\SPEECH_ONECORE\SR\SV10-EV100\EN-US-N\MV101\NASPMODELSMETADATA.XML
delref {E984D939-0E00-4DD9-AC3A-7ACA04745521}\[CLSID]
delref %SystemRoot%\SYSWOW64\MAPSTOASTTASK.DLL
delref %SystemRoot%\SYSWOW64\MAPSUPDATETASK.DLL
delref {D2CBF5F7-5702-440B-8D8F-8203034A6B82}\[CLSID]
delref %SystemDrive%\USERS\SERGEY\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\ONEDRIVESTANDALONEUPDATER.EXE
delref %SystemRoot%\SYSWOW64\GPSVC.DLL
delref %SystemRoot%\SYSWOW64\VID.DLL
delref %SystemRoot%\SYSWOW64\WEVTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\TCPIP.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\MRXSMB.SYS
delref %SystemRoot%\SYSWOW64\W32TIME.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\USBXHCI.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SRV2.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\DXGMMS2.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\HTTP.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\WINNAT.SYS
delref %SystemRoot%\SYSWOW64\UMPOEXT.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBUSR.SYS
delref %SystemRoot%\SYSWOW64\BTHSERV.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\DMVSC.SYS
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBKMCL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\REFS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SPACEPORT.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\FVEVOL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\AFD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\HVHOSTSVC.DLL
delref %SystemRoot%\SYSWOW64\LSM.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\SYNTH3DVSC.SYS
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref %SystemRoot%\SYSWOW64\IE4USHOWIE.EXE
delref %SystemRoot%\SYSWOW64\IE4UINIT.EXE
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}\[CLSID]
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {307A6C42-0000-0010-8000-00AA00389B71}\[CLSID]
delref %Sys32%\DRIVERS\VMBUSR.SYS
delref {2D8B3101-E025-480D-917C-835522C7F628}\[CLSID]
delref %Sys32%\DRIVERS\UMDF\USBCCIDDRIVER.DLL
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref %Sys32%\BLANK.HTM
delref APPMGMT\[SERVICE]
delref %Sys32%\DRIVERS\HDAUDADDSERVICE.SYS
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref SWPRV\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref BROWSER\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref IRENUM\[SERVICE]
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.135.41\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.137.93\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.442\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.342\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.34.7\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.302\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.23\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.17\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.34.11\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.452\PSMACHINE_64.DLL
delref %Sys32%\TETHERINGSETTINGHANDLER.DLL
delref %Sys32%\QUICKACTIONSPS.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.135.49\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.133.5\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.422\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.135.29\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.127.15\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.135.41\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\SPEECH_ONECORE\COMMON\SPEECHRUNTIME.EXE
delref %SystemRoot%\SYSWOW64\TAPILUA.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.137.93\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\LOCATIONFRAMEWORK.DLL
delref %SystemRoot%\SYSWOW64\MAPSBTSVCPROXY.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.442\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.342\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.34.7\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\COMPPKGSRV.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.302\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\EAPPCFGUI.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.23\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\LISTSVC.DLL
delref %SystemRoot%\SYSWOW64\AUTHHOSTPROXY.DLL
delref %SystemRoot%\SYSWOW64\DRIVERSTORE\FILEREPOSITORY\NV_DISPI.INF_AMD64_B2DD7130A686A22F\NVENCMFTH264.DLL
delref %SystemRoot%\SYSWOW64\WPCREFRESHTASK.DLL
delref %SystemRoot%\SYSWOW64\DRIVERSTORE\FILEREPOSITORY\NV_DISPI.INF_AMD64_B2DD7130A686A22F\NVDECMFTMJPEG.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.33.17\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\WBEM\NLMCIM.DLL
delref %SystemRoot%\SYSWOW64\RMSROAMINGSECURITY.DLL
delref %SystemRoot%\SYSWOW64\SYSTEMSETTINGSBROKER.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.169\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\DRIVERSTORE\FILEREPOSITORY\NV_DISPI.INF_AMD64_B2DD7130A686A22F\NVENCMFTHEVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.34.11\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.452\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\SPEECH_ONECORE\COMMON\SAPI_EXTENSIONS.DLL
delref %SystemRoot%\SYSWOW64\SMARTSCREEN.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.135.49\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.133.5\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.422\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\IDLISTEN.DLL
delref %SystemRoot%\SYSWOW64\WIFICONFIGSP.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.135.29\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAORA.DLL
delref %SystemRoot%\SYSWOW64\WIREDNETWORKCSP.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.127.15\PSMACHINE.DLL
delref D:\THE SETTLERS 7 - PATHS TO A KINGDOM\DATA\BASE\_DBG\BIN\RELEASE\ORBIT\NPUPLAYPC.DLL
delref {1C492E6A-2803-5ED7-83E1-1B1D4D41EB39}\[CLSID]
delref %SystemDrive%\USERS\E.GASPAROVA\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\STANDALONEUPDATER\ONEDRIVESETUP.EXE
delref %SystemDrive%\USERS\SERGEY\DOWNLOADS\EURO TRUCK SIMULATOR 2.STEAM-RIP [=NEMOS=]\EURO TRUCK SIMULATOR 2\BIN\WIN_X86\EUROTRUCKS2.EXE
delref %SystemDrive%\USERS\SERGEY\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE
delref %SystemDrive%\USERS\SERGEY\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\ONEDRIVE.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\LAV FILTERS\X86\LAVAUDIO.AX
delref %SystemDrive%\PROGRAM FILES (X86)\LAV FILTERS\X86\LAVSPLITTER.AX
delref %SystemDrive%\PROGRAM FILES (X86)\LAV FILTERS\X86\LAVVIDEO.AX
delref D:\KING ARTHUR II - THE ROLE-PLAYING WARGAME\KINGARTHURII.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOG GALAXY\GALAXYCLIENT.EXE

regt 18
;-------------------------------------------------------------

=============
��, �� .
------------

+
�� FRST
28.11.2020 17:35:55, santy.

��

Sat, 28 Nov 2020 17:28:51 +0300

��  �� FRST � �� .

====quote====
Serge Paramonov ��:
��.
=============
� �� , �� FRST �� ?
28.11.2020 17:28:51, santy.

��

Sat, 28 Nov 2020 17:14:13 +0300

��  �� FRST � �� .
��.
SERGEYPC_2020-11-28_17-04-52_v4.11.7z
28.11.2020 17:14:13, Serge Paramonov.

��

Sat, 28 Nov 2020 15:26:41 +0300

��  �� FRST � �� .
� ��
28.11.2020 15:26:41, santy.

��

Sat, 28 Nov 2020 12:45:54 +0300

��  �� FRST � �� .
��, �� :
��
https://forum.esetnod32.ru/forum6/topic16164/

�� AdwCleaner, CureIT, �� WinDefendera �� , �� , �� . HiJackThis �� , �� .

� �� FRST � �� One month (created) (Whitelisted) � 2020-11-27 22:59 �� . �� ?
�� fixlist � Farbar RST.
AdwCleaner[C00].txt
Addition.txt
FRST.txt
28.11.2020 12:45:54, Serge Paramonov.

����� esetnod32.ru [����: ����� ��������� ��������� ����������]

����� ��������� ��������� ����������

����� ��������� ��������� ����������

����� ��������� ��������� ����������

����� ��������� ��������� ����������

����� ��������� ��������� ����������

����� ��������� ��������� ����������

����� ��������� ��������� ����������

����� ��������� ��������� ����������

����� ��������� ��������� ����������

����� ��������� ��������� ����������

����� ��������� ��������� ����������

����� ��������� ��������� ����������

����� ��������� ��������� ����������

����� ��������� ��������� ����������

�� esetnod32.ru [��: �� ]

��

��

��

��

��

��

��

��

��

��

��

��

��

��