Dima_braun
Новый пользователь
- Сообщения
- 18
- Реакции
- 0
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
QuarantineFile('C:\Users\Damir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdobeARMHelper.vbs', '');
DeleteFile('C:\Users\Damir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdobeARMHelper.vbs', '64');
ExecuteSysClean;
ExecuteRepair(1);
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteRepair(13);
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
begin
DeleteFile(GetAVZDirectory+'quarantine.7z');
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
end.
перетащите на утилиту ClearLNK....\AutoLogger\CheckBrowserLnk
ждёмсвежий CollectionLog
Извините, не совсем понял)) свежий CollectionLog? Мне нужно ещё какой-то отчёт скинуть?)
То есть, нужно повторить то же, что и в первом сообщении. Для контроля.Для повторной диагностики запустите снова AutoLogger.
Прикрепите к следующему сообщению свежий CollectionLog.
R0 - HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command: (default) = "c:\program files (x86)\internet explorer\iexplore.exe" http://www.nuesearch.com/?type=sc&ts=1471937087&z=fbe4587eeb520fdc541ed98g4z4m3gct0c2m6ect2m&from=eve0822&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43JYAJ6JYAJ6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://www.nuesearch.com/?type=hp&ts=1465910587&z=aaf0e21e820925f1cb2079dg4zdqew2tbg3e3w5b9t&from=wpm0614&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43JYAJ6JYAJ6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Search_URL] = http://www.nuesearch.com/search/?type=ds&ts=1465910587&z=aaf0e21e820925f1cb2079dg4zdqew2tbg3e3w5b9t&from=wpm0614&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43JYAJ6JYAJ6&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Search Page] = http://www.nuesearch.com/search/?type=ds&ts=1465910587&z=aaf0e21e820925f1cb2079dg4zdqew2tbg3e3w5b9t&from=wpm0614&uid=WDCXWD5000LPVX-80V0TT0_WD-WXH1E43JYAJ6JYAJ6&q={searchTerms}
O2 - HKLM\..\BHO: (no name) - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - (no file)
O2 - HKLM\..\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - (no file)
O2 - HKLM\..\BHO: TSWebMon - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - (no file)
O2-32 - HKLM\..\BHO: (no name) - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - (no file)
O2-32 - HKLM\..\BHO: QPMIEHelper - {50F4150A-48B2-417A-BE4C-C83F580FB904} - (no file)
O3 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
O3-32 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon: (no name) - {B7667919-3765-4815-A66D-98A09BE662D6} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avast: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
Start::
CreateRestorePoint:
HKLM-x32\...\Run: [gmsd_ru_264] => [X]
HKLM-x32\...\Run: [gmsd_ru_268] => [X]
HKLM-x32\...\Run: [gmsd_ru_005010002] => [X]
HKLM-x32\...\Run: [gmsd_ru_005010003] => [X]
HKLM-x32\...\Run: [rec_en_77] => [X]
HKLM-x32\...\Run: [gmsd_ru_005010169] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
BootExecute: autocheck autochk * aswBoot.exe /M:14d4c7dd1 /wow /dir:"C:\Program Files\AVAST Software\Avast"
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-177644993-2064810857-2446424188-1002 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - No File
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxps://inline.go.mail.ru/homepage?inline_comp=hp&inline_hp_cnt=11956636
FF HomepageOverride: Mozilla\Firefox\Profiles\nahd6ha2.default -> Enabled: homepage@mail.ru
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=789185","hxxp://go.mail.ru/?chverfix=1&fr=chverfix_sg"
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7BDE119B6E-9EA9-4393-BC64-9FB7042E4E47%7D&gp=789235
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
C:\Users\Damir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnpnkhfgfkcpgikiinojlmdcjimobi
C:\Users\Damir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjcgomkanpkpblokebecknhahgkcmoo
C:\Users\Damir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgangmffjcofiknibcmfjionicohfgj
CHR NewTab: Default -> Active:"chrome-extension://iflppbjnpneiigcbdfjpnkebidmkjmoi/visual-bookmarks.html", Active:"chrome-extension://bpgangmffjcofiknibcmfjionicohfgj/visual-bookmarks.html"
C:\Users\Damir\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpegcopcfajiiibidlaelhjjblpefbjk
C:\Users\Damir\AppData\Local\Google\Chrome\User Data\Default\Extensions\eioddfaepdoeifbhjphfefgipcjcdieo
C:\Users\Damir\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflppbjnpneiigcbdfjpnkebidmkjmoi
C:\Users\Damir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbifdkmdojgmpmopdebnjcobekgdoncn
C:\Users\Damir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppoilmfkbpckodoifdlkmkepcajfjmhl
CHR HKLM-x32\...\Chrome\Extension: [bejnpnkhfgfkcpgikiinojlmdcjimobi] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bhjcgomkanpkpblokebecknhahgkcmoo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpgangmffjcofiknibcmfjionicohfgj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cpegcopcfajiiibidlaelhjjblpefbjk] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eioddfaepdoeifbhjphfefgipcjcdieo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdjdjkkjoiomafnihnobkinnfjnnlhdg] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iflppbjnpneiigcbdfjpnkebidmkjmoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilamgbdaebkbpkkmfmmfbnaamkhijdek] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nbifdkmdojgmpmopdebnjcobekgdoncn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ofdgafmdegfkhfdfkmllfefmcmcjllec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnooffjhclkocplopffdbcdghmiffhji] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ppoilmfkbpckodoifdlkmkepcajfjmhl] - hxxps://clients2.google.com/service/update2/crx
HKU\S-1-5-21-177644993-2064810857-2446424188-1002\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Bagsarah\Application\chrome.exe <==== ATTENTION
2019-04-01 10:44 - 2015-06-03 19:06 - 000000000 ____D C:\Users\Damir\AppData\LocalLow\IObit
2019-04-01 10:44 - 2015-06-03 19:05 - 000000000 ____D C:\Users\Damir\AppData\Roaming\IObit
2019-04-01 10:44 - 2015-06-03 19:05 - 000000000 ____D C:\ProgramData\IObit
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [QMContextUninstall] -> {CBDECEF7-7A29-4cbf-A009-2673D82C7BF9} => -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => -> No File
ContextMenuHandlers6: [QMContextUninstall] -> {CBDECEF7-7A29-4cbf-A009-2673D82C7BF9} => -> No File
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - \Microsoft\Windows\Live\Roaming\SynchronizeWithStorage -> No File <==== ATTENTION
Task: {A800277E-E202-4492-AD38-3312641CBC04} - \Microsoft\Windows\Live\Roaming\MaintenanceTask -> No File <==== ATTENTION
HKU\S-1-5-21-177644993-2064810857-2446424188-1002\Software\Classes\.scr: scrfile => <==== ATTENTION
EmptyTemp:
Reboot:
End::
Покажите скриншот этого сообщения.появляется сообщение: "Невозможно...
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?