begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('c:\users\user\appdata\roaming\kyubey\kyubey.exe');
TerminateProcessByName('c:\users\user\appdata\local\clean\kyubey.exe');
TerminateProcessByName('c:\program files (x86)\firefox\bin\firefoxupdate.exe');
TerminateProcessByName('c:\program files (x86)\bikaqrss\bikaq.exe');
TerminateProcessByName('c:\programdata\{bc03d85e-0ba8-6ff5-d80f-1908ac67030e}\b66661e5-01cd-d64e-15d4-81008a1f4b8c.exe');
TerminateProcessByName('c:\users\user\appdata\local\amd\amd.exe');
StopService('KuaiZipDrive2');
StopService('Kyubey');
StopService('iThemes5');
StopService('FirefoxU');
StopService('clean');
StopService('AMD');
StopService('p1481296198am');
StopService('p1481548929am');
StopService('p1481727179am');
StopService('p1481730718am');
QuarantineFile('C:\windows\psgo\psgo.ps1','');
QuarantineFile('C:\Users\User\AppData\Roaming\WINSNARE\WinSnare.dll','');
QuarantineFile('C:\Program Files (x86)\KuaiZip\X86\kuaizipUpdateChecker.dll','');
QuarantineFile('C:\Users\User\AppData\Local\Kitty\Kitty.dll','');
QuarantineFile('C:\Program Files (x86)\Dqotionneterle\gurechmng.dll','');
QuarantineFile('C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B87EF020-3882-4D7F-BBE6-138FE259B524}\MpKslb91886d4.sys','');
QuarantineFile('C:\Windows\system32\drivers\KuaiZipDrive2.sys','');
QuarantineFile('C:\Program Files (x86)\amuleC\ed2k.exe','');
QuarantineFile('C:\Program Files (x86)\Common Files\Services\iThemes.dll','');
QuarantineFile('c:\users\user\appdata\roaming\kyubey\kyubey.exe','');
QuarantineFile('c:\users\user\appdata\local\clean\kyubey.exe','');
QuarantineFile('c:\program files (x86)\firefox\bin\firefoxupdate.exe','');
QuarantineFile('c:\program files (x86)\bikaqrss\bikaq.exe','');
QuarantineFile('c:\programdata\{bc03d85e-0ba8-6ff5-d80f-1908ac67030e}\b66661e5-01cd-d64e-15d4-81008a1f4b8c.exe','');
QuarantineFile('c:\users\user\appdata\local\amd\amd.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Temp\bkB989.tmp\p1481296198am.sys', '');
QuarantineFile('C:\Users\User\AppData\Local\Temp\bk7467.tmp\p1481548929am.sys', '');
QuarantineFile('C:\Users\User\AppData\Local\Temp\bkFC3.tmp\p1481727179am.sys', '');
QuarantineFile('C:\Users\User\AppData\Local\Temp\bkEF1.tmp\p1481730718am.sys', '');
QuarantineFile('C:\Users\User\AppData\Local\SNARE\Snare.dll', '');
QuarantineFile('C:\Users\User\AppData\Local\Microsoft\56352C99047CBE7BAC8A46370CF48512\B07AECBA0B20DA2BE5FDA82351BDEE99.exe', '');
QuarantineFile('C:\Users\User\AppData\Local\Microsoft\Extensions\extsetup.exe', '');
QuarantineFile('C:\ProgramData\KRB Updater Utility\krbupdater.exe', '');
QuarantineFile('C:\Program Files (x86)\Kinoroom Browser\krbrowser.exe', '');
QuarantineFile('C:\Users\User\AppData\Local\Adobe\PPAPI\88730E45-8B54-4039-A0F5-1E2AA2BE6BF7\662A2067-1AC3-4F38-AA09-3E5F0EB73305.exe', '');
QuarantineFile('C:\Program Files (x86)\MIO\MIO.exe', '');
QuarantineFile('C:\PROGRA~3\31625cb\4cc32f33.dll', '');
QuarantineFileF('c:\users\user\appdata\local\snare', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
QuarantineFileF('c:\users\user\appdata\local\microsoft\extensions', '*', true, '', 0 ,0);
QuarantineFileF('c:\programdata\krb updater utility', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
QuarantineFileF('c:\program files (x86)\kinoroom browser', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
QuarantineFileF('c:\users\user\appdata\local\adobe\ppapi\88730e45-8b54-4039-a0f5-1e2aa2be6bf7', '*', true, '', 0 ,0);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\BDEE9915328ADF5EB2AD02B0ABB07AEC" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\BDEE9915328ADF5EB2AD02B0ABB07AECSB" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\extsetupSB" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\KRBUUS\KRB Updater Utility Service" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\KRBUUS\KRBLNKRUN" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\A88730E45-8B54-4039-A0F5-1E2AA2BE6BF7" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\BDEE9915328ADF5EB2AD02B0ABB07AEC" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\BDEE9915328ADF5EB2AD02B0ABB07AECSB" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\extsetupSB" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Milimili" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "BikaQ_FetchAndUpgrade_CanBeDel" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Windows-PG" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{68E9AA38-E821-DD51-DBA3-2EB48F98FF69}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{7D0E7E47-0505-7D7A-0A11-7D080D0C1105}" /F', 0, 15000, true);
DeleteFile('c:\users\user\appdata\local\amd\amd.exe','32');
DeleteFile('c:\programdata\{bc03d85e-0ba8-6ff5-d80f-1908ac67030e}\b66661e5-01cd-d64e-15d4-81008a1f4b8c.exe','32');
DeleteFile('c:\program files (x86)\bikaqrss\bikaq.exe','32');
DeleteFile('c:\program files (x86)\firefox\bin\firefoxupdate.exe','32');
DeleteFile('c:\users\user\appdata\local\clean\kyubey.exe','32');
DeleteFile('c:\users\user\appdata\roaming\kyubey\kyubey.exe','32');
DeleteFile('C:\Program Files (x86)\Common Files\Services\iThemes.dll','32');
DeleteFile('C:\Program Files (x86)\amuleC\ed2k.exe','32');
DeleteFile('C:\Windows\system32\drivers\KuaiZipDrive2.sys','32');
DeleteFile('C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B87EF020-3882-4D7F-BBE6-138FE259B524}\MpKslb91886d4.sys','32');
DeleteFile('C:\Program Files (x86)\Dqotionneterle\gurechmng.dll','32');
DeleteFile('C:\Users\User\AppData\Local\Kitty\Kitty.dll','32');
DeleteFile('C:\Program Files (x86)\KuaiZip\X86\kuaizipUpdateChecker.dll','32');
DeleteFile('C:\Users\User\AppData\Roaming\WINSNARE\WinSnare.dll','32');
DeleteFile('C:\windows\psgo\psgo.ps1','32');
DeleteFile('C:\Users\User\AppData\Local\Temp\bkB989.tmp\p1481296198am.sys', '32');
DeleteFile('C:\Users\User\AppData\Local\Temp\bk7467.tmp\p1481548929am.sys', '32');
DeleteFile('C:\Users\User\AppData\Local\Temp\bkFC3.tmp\p1481727179am.sys', '32');
DeleteFile('C:\Users\User\AppData\Local\Temp\bkEF1.tmp\p1481730718am.sys', '32');
DeleteFile('C:\Users\User\AppData\Local\SNARE\Snare.dll', '32');
DeleteFile('C:\Users\User\AppData\Local\Microsoft\56352C99047CBE7BAC8A46370CF48512\B07AECBA0B20DA2BE5FDA82351BDEE99.exe', '32');
DeleteFile('C:\Users\User\AppData\Local\Microsoft\Extensions\extsetup.exe', '32');
DeleteFile('C:\ProgramData\KRB Updater Utility\krbupdater.exe', '32');
DeleteFile('C:\Program Files (x86)\Kinoroom Browser\krbrowser.exe', '32');
DeleteFile('C:\Users\User\AppData\Local\Adobe\PPAPI\88730E45-8B54-4039-A0F5-1E2AA2BE6BF7\662A2067-1AC3-4F38-AA09-3E5F0EB73305.exe', '32');
DeleteFile('C:\Program Files (x86)\MIO\MIO.exe', '32');
DeleteFile('C:\PROGRA~3\31625cb\4cc32f33.dll', '32');
DeleteService('MpKslb91886d4');
DeleteService('KuaiZipDrive2');
DeleteService('ed2kidle');
DeleteService('Kyubey');
DeleteService('iThemes5');
DeleteService('FirefoxU');
DeleteService('clean');
DeleteService('AMD');
DeleteService('p1481296198am');
DeleteService('p1481548929am');
DeleteService('p1481727179am');
DeleteService('p1481730718am');
DeleteFileMask('c:\users\user\appdata\local\snare', '*', true);
DeleteFileMask('c:\users\user\appdata\local\microsoft\extensions', '*', true);
DeleteFileMask('c:\programdata\krb updater utility', '*', true);
DeleteFileMask('c:\program files (x86)\kinoroom browser', '*', true);
DeleteDirectory('c:\users\user\appdata\local\snare');
DeleteDirectory('c:\programdata\krb updater utility');
DeleteDirectory('c:\program files (x86)\kinoroom browser');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
ExecuteSysClean;
ExecuteRepair(9);
ExecuteWizard('SCU', 2, 3, true);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
RebootWindows(true);
end.
перетащите на утилиту ClearLNK....\AutoLogger\CheckBrowserLnk
Что не сможете удалить стандартно, удалите через Revo UninstallUnity Web Player
WINSNARE
youndoo
start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
BHO: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File
BHO-x32: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File
Toolbar: HKLM - No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-2029917323-3445802076-559012544-1001 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
CHR DefaultSearchURL: Default -> hxxp://www.amisites.com/search/?type=ds&ts=1484226600&z=dcf18b00010f19fdc117a3cg1z2b2z3ococq5wdb5q&from=che0812&uid=ST500LT012-1DG142_SBY0W2JFXXXXSBY0W2JF&q={searchTerms}
CHR DefaultSearchKeyword: Default -> amisites
R2 SNAREA; C:\Users\User\AppData\Local\SNAREA\Snare.dll [826368 2017-05-03] (InterSect Alliance Pty Ltd) [File not signed]
2017-05-03 20:57 - 2017-05-03 20:57 - 00000000 ____D C:\Program Files (x86)\5909FDEC_jumpeasy
2017-05-03 20:56 - 2017-05-03 20:57 - 00000000 ____D C:\Program Files (x86)\5909FD96_jumpeasy
2017-05-03 20:55 - 2017-05-03 20:55 - 00000000 ____D C:\Users\User\AppData\Local\SNAREA
2017-04-28 20:50 - 2017-04-28 20:50 - 00000000 ____D C:\Program Files (x86)\vkjsdj00000031
2017-04-28 16:50 - 2017-04-28 16:50 - 00000000 ____D C:\Program Files (x86)\vkjsdj00000030
2017-04-28 12:50 - 2017-04-28 12:50 - 00000000 ____D C:\Program Files (x86)\vkjsdj0000002F
2017-04-27 19:15 - 2017-04-27 19:15 - 00000000 ____D C:\Program Files (x86)\vkjsdj0000002E
2017-04-27 18:52 - 2017-04-27 18:52 - 00000000 ____D C:\Program Files (x86)\vkjsdj0000002D
2017-04-20 20:21 - 2017-04-20 20:21 - 00000000 ____D C:\Program Files (x86)\vkjsdj0000002C
2017-04-20 16:21 - 2017-04-20 16:21 - 00000000 ____D C:\Program Files (x86)\vkjsdj0000002B
2017-04-15 16:48 - 2017-04-15 16:48 - 00000000 ____D C:\Program Files (x86)\vkjsdj0000002A
2017-04-15 12:47 - 2017-04-15 12:48 - 00000000 ____D C:\Program Files (x86)\vkjsdj00000029
2017-04-14 20:16 - 2017-04-14 20:16 - 00000000 ____D C:\Program Files (x86)\vkjsdj00000028
2017-04-13 18:38 - 2017-04-13 18:38 - 00000000 ____D C:\Program Files (x86)\vkjsdj00000027
2017-04-13 15:44 - 2017-04-13 15:44 - 00000000 ____D C:\Program Files (x86)\vkjsdj00000026
2017-04-12 19:06 - 2017-04-12 19:06 - 00000000 ____D C:\Program Files (x86)\vkjsdj00000025
2017-04-11 20:18 - 2017-04-11 20:18 - 00000000 ____D C:\Program Files (x86)\vkjsdj00000024
2017-04-11 16:18 - 2017-04-11 16:18 - 00000000 ____D C:\Program Files (x86)\vkjsdj00000023
2017-04-10 21:12 - 2017-04-10 21:12 - 00000000 ____D C:\Program Files (x86)\vkjsdj00000022
2017-04-10 17:12 - 2017-04-10 17:12 - 00000000 ____D C:\Program Files (x86)\vkjsdj00000021
2017-04-08 16:08 - 2017-04-08 16:08 - 00000000 ____D C:\Program Files (x86)\vkjsdj00000020
2017-04-07 20:09 - 2017-04-07 20:09 - 00000000 ____D C:\Program Files (x86)\vkjsdj0000001F
2017-04-07 16:09 - 2017-04-07 16:09 - 00000000 ____D C:\Program Files (x86)\vkjsdj0000001E
2017-04-06 20:39 - 2017-04-06 20:39 - 00000000 ____D C:\Program Files (x86)\vkjsdj0000001D
2017-04-06 19:25 - 2017-04-06 19:25 - 00000000 ____D C:\Program Files (x86)\vkjsdj0000001C
2017-04-05 16:57 - 2017-04-05 16:57 - 00000000 ____D C:\Program Files (x86)\vkjsdj0000001B
2017-05-02 21:14 - 2017-02-07 22:01 - 00000000 ____D C:\Users\User\AppData\Local\3
2017-05-02 21:14 - 2017-02-07 18:01 - 00000000 ____D C:\Users\User\AppData\Local\1
2017-05-02 21:14 - 2016-12-02 19:55 - 00000000 ____D C:\Users\Все пользователи\cfibf
2017-05-02 21:14 - 2016-12-02 19:55 - 00000000 ____D C:\ProgramData\cfibf
2017-05-02 21:14 - 2016-11-25 16:31 - 00000000 ____D C:\Program Files\SE1P940CAG
2017-05-02 21:14 - 2016-11-25 10:24 - 00000000 ____D C:\Program Files\T1QDHO2R51
2017-05-02 21:14 - 2016-11-22 18:28 - 00000000 ____D C:\Program Files\573C2HXB2O
2017-05-02 21:14 - 2016-11-21 22:52 - 00000000 ____D C:\Program Files\4ZO1I3JHK3
2017-05-02 21:14 - 2016-11-19 20:09 - 00000000 ____D C:\Program Files\R9YCV7NZRR
2017-05-02 21:14 - 2016-11-18 20:35 - 00000000 ____D C:\Program Files\5G2K298Y8N
2017-05-02 21:14 - 2016-09-21 20:47 - 00000000 ____D C:\Program Files\8be7762ee48de337c63ce3961b0c57c9
Task: {3BA475F9-2A9E-437B-93BE-0FF713A0FED8} - System32\Tasks\{99D1A91C-5E39-4CF3-ACE8-1D3229546B03} => pcalua.exe -a "C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe"
Task: {43490C5D-7D9F-4BDC-9F1B-1C5FF8EAB31A} - System32\Tasks\Microsoft\Windows\A5E752E87-D5C8-4561-86EE-59F8E9992957 => C:\Program Files (x86)\Common Files\DC0C72C0-EAC1-498A-8DFA-9F8515A1E90B\5E752E87-D5C8-4561-86EE-59F8E9992957.exe <==== ATTENTION
Task: {69CBC977-AED9-49A0-8EF7-E61C3D988B62} - System32\Tasks\{F26B0D7D-45C0-BAD6-DE47-5BF30F978F27} => C:\ProgramData\{FC9DA9AA-4B36-1E01-2D81-54A18D1BCB92}\AB25BD1C-1C8E-0AB7-BB05-FA7A4D6844B0.exe [2017-05-04] () <==== ATTENTION
Task: {73BA225F-92E6-4613-91B6-5A44C2F17515} - System32\Tasks\{68E9AA38-E821-DD51-DBA3-2EB48F98FF69} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\31625cb\4cc32f33.dll" <==== ATTENTION
Task: {FE293020-D158-4640-9D98-595EA9FE1840} - System32\Tasks\{62397F08-D592-C8A3-B327-DE22F460CD81} => C:\ProgramData\{BC03D85E-0BA8-6FF5-D80F-1908AC67030E}\B66661E5-01CD-D64E-15D4-81008A1F4B8C.exe <==== ATTENTION
C:\Program Files (x86)\KuaiZip\
FirewallRules: [{85281056-E466-46AD-9D7F-6EB752CB3727}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{325393C8-DF38-4021-9F09-078B1016B814}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{24383A47-83E9-4710-9885-95900D543E0D}] => (Allow) C:\Program Files (x86)\MIO\loader\st500lt012-1dg142_sby0w2jfxxxxsby0w2jf.dat
FirewallRules: [{F2AE5307-C687-4308-9A23-00358205DC96}] => (Allow) C:\Program Files (x86)\MIO\loader\st500lt012-1dg142_sby0w2jfxxxxsby0w2jf.dat
FirewallRules: [{B6166E34-2C12-4EEB-A9DE-1F6CF47F9423}] => (Allow) C:\Program Files (x86)\MIO\loader\st500lt012-1dg142_sby0w2jfxxxxsby0w2jf.dat
FirewallRules: [{F0B2754C-2274-4C49-B488-9AC888ACE3DB}] => (Allow) C:\Program Files (x86)\MIO\loader\st500lt012-1dg142_sby0w2jfxxxxsby0w2jf.dat
EmptyTemp:
Reboot:
end
ставили самостоятельно?Я Пират!
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?