begin
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk', '');
QuarantineFile('C:\Users\Aist\AppData\Local\Microsoft\Windows\Application Shortcuts\Chrome\Яндекс.lnk', '');
QuarantineFile('C:\Users\Aist\AppData\Local\Microsoft\Windows\Application Shortcuts\Chrome\Яндекс.Почта.lnk', '');
QuarantineFile('C:\Users\Aist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk', '');
QuarantineFile('C:\Users\Aist\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk', '');
QuarantineFile('C:\Users\Aist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk', '');
QuarantineFile('C:\Users\Aist\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk', '');
QuarantineFile('C:\Users\Aist\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk', '');
QuarantineFile('C:\Users\Aist\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk', '');
QuarantineFile('C:\Users\Aist\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk', '');
QuarantineFile('C:\Users\Aist\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk', '');
QuarantineFile('C:\Users\Aist\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk', '');
QuarantineFile('C:\ProgramData\gfVvkvC\gMYtvVOwiFFkYu5.bat', '');
DeleteFile('C:\ProgramData\gfVvkvC\gMYtvVOwiFFkYu5.bat', '');
QuarantineFileF('C:\ProgramData\gfVvkvC\', '*', true, '', 0, 0);
DeleteFileMask('C:\ProgramData\gfVvkvC\', '*', true);
DeleteDirectory('C:\ProgramData\gfVvkvC\');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
end.
перетащите на утилиту ClearLNK....\AutoLogger\CheckBrowserLnk
CreateRestorePoint:
HKU\S-1-5-21-1528955377-1002154474-3955655100-1002\...\Run: [*wyjnorsiwy<*>] => "C:\Users\Aist\AppData\Local\18573790\fd7a2590.bat" <===== ATTENTION (Value Name with invalid characters)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
Toolbar: HKU\S-1-5-21-1528955377-1002154474-3955655100-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1528955377-1002154474-3955655100-1002 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
CHR HKU\S-1-5-21-1528955377-1002154474-3955655100-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1528955377-1002154474-3955655100-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [flmcjpjaljalebbolickgedgkaeindda] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1528955377-1002154474-3955655100-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kcehcblfpidimbihdfophhhdejckolgh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bgomnbpelpcdicbnicimghcecemjpbef] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cegdomhocaeoedbdpfolmgjkjaijfomo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdjdjkkjoiomafnihnobkinnfjnnlhdg] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flmcjpjaljalebbolickgedgkaeindda] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gbjeiekahklbgbfccohipinhgaadijad] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gehngeifmelphpllncobkmimphfkckne] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jdkihdhlegcdggknokfekoemkjjnjhgi] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kppacdmmddediahklmcgkgdhhoojemmd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mdeldjolamfbcgnndjmjjiinnhbnbnla] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnooffjhclkocplopffdbcdghmiffhji] - hxxps://clients2.google.com/service/update2/crx
2015-09-12 02:38 - 2015-09-12 02:38 - 0613255 _____ (CMI Limited) C:\Users\Aist\AppData\Local\nsfBDB4.tmp
2015-09-12 00:36 - 2015-09-12 00:36 - 0613255 _____ (CMI Limited) C:\Users\Aist\AppData\Local\nshB0B4.tmp
2015-09-13 17:41 - 2015-09-13 17:40 - 0613255 _____ (CMI Limited) C:\Users\Aist\AppData\Local\nsjADB2.tmp
2015-09-13 17:41 - 2015-09-13 17:41 - 0613255 _____ (CMI Limited) C:\Users\Aist\AppData\Local\nslB32D.tmp
2015-10-06 21:45 - 2015-10-06 21:45 - 0613255 _____ (CMI Limited) C:\Users\Aist\AppData\Local\nsmE3FE.tmp
2015-09-12 00:36 - 2015-09-12 00:36 - 0613255 _____ (CMI Limited) C:\Users\Aist\AppData\Local\nsoE73F.tmp
2015-09-12 00:36 - 2015-09-12 00:36 - 0613255 _____ (CMI Limited) C:\Users\Aist\AppData\Local\nsqC608.tmp
2015-09-13 19:59 - 2015-09-13 19:59 - 0613255 _____ (CMI Limited) C:\Users\Aist\AppData\Local\nsu9CC1.tmp
2015-09-12 00:37 - 2015-09-12 00:37 - 0613255 _____ (CMI Limited) C:\Users\Aist\AppData\Local\nsv6B3D.tmp
2015-09-13 19:53 - 2015-09-13 19:53 - 0613255 _____ (CMI Limited) C:\Users\Aist\AppData\Local\nsw9F69.tmp
2015-09-13 17:40 - 2015-09-13 17:40 - 0613255 _____ (CMI Limited) C:\Users\Aist\AppData\Local\nsx9D18.tmp
C:\ProgramData\TYnCWbiGPIU6.bat
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Все пользователи\TYnCWbiGPIU6.bat
C:\Users\Все пользователи\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {211C4E7A-6852-4A2E-97E0-C02E04F23F65} - \c50fb50a-9fc3-4fed-b01c-06db9359859c-7 -> No File <==== ATTENTION
Task: {263C3026-41C5-4733-9614-CA2BAE42257F} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
Task: {29C441B4-E423-41B5-B7D0-E5A61B6FB56A} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4CB89CE8-120F-4CAD-826D-571B6A705E39} - \c50fb50a-9fc3-4fed-b01c-06db9359859c-5 -> No File <==== ATTENTION
Task: {56B8D44A-A78A-4AE1-A8D1-7DCD3CDB7C8B} - \c50fb50a-9fc3-4fed-b01c-06db9359859c-1-7 -> No File <==== ATTENTION
Task: {5C6006F0-D2C4-4F5C-AB67-8036D39A4B79} - \c50fb50a-9fc3-4fed-b01c-06db9359859c-1-6 -> No File <==== ATTENTION
Task: {5D801D85-B7FE-449E-A8CE-274CD8D7C67B} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {6B612292-91DB-4DD1-8B96-B34C859692F3} - \c50fb50a-9fc3-4fed-b01c-06db9359859c-6 -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {708248BB-4455-452C-96EE-69215618FBA7} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {78254AF7-6B6B-41F2-B656-8778FB69F111} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
Task: {9EA478CF-3066-45CC-98EB-BC140282334F} - \WordWizard Auto Updater 1.10.0.24 Core -> No File <==== ATTENTION
Task: {A356C226-8EA6-4C90-B24D-504AAFC5212B} - \c50fb50a-9fc3-4fed-b01c-06db9359859c-4 -> No File <==== ATTENTION
Task: {A8B4B44A-B832-4C7A-8452-252935C36A9F} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {B11752ED-90BF-4D1D-9C6C-220BC06884AF} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {E63B7CE6-3A9F-4B01-83C4-C57E8964BD5E} - \WordWizard Auto Updater 1.10.0.24 Pending Update -> No File <==== ATTENTION
Reboot:
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?