Video and Audio Plugin UBar
YoutubeAdBlock
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantineEx(true);
TerminateProcessByName('c:\program files\gvekltxujie\jhuvmlxcmb.exe');
TerminateProcessByName('c:\windows\system32\appframehost.exe');
StopService('AppFrameHost');
StopService('netfilter2');
QuarantineFile('c:\program files\gvekltxujie\jhuvmlxcmb.exe', '');
QuarantineFile('C:\Program Files\gVEKLTxUjIE\kQhKsit.dll', '');
QuarantineFile('C:\Program Files\OGqwJxyzdjgEZIvrFER\GsWMsha.dll', '');
QuarantineFile('C:\Program Files\Tortoise SVN\TortoiseSVN.dll', '');
QuarantineFile('C:\Users\User\AppData\Local\yc\Application\yc.exe', '');
QuarantineFile('C:\Users\User\AppData\LocalLow\DuckGo\duckgo.dll', '');
QuarantineFile('C:\Users\User\AppData\Roaming\curl\curl.exe', '');
QuarantineFile('C:\Users\User\AppData\Roaming\curl\curl_7_54.exe', '');
QuarantineFile('c:\windows\system32\appframehost.exe', '');
QuarantineFile('C:\Windows\system32\drivers\r17behtKYXxF.sys', '');
ExecuteFile('schtasks.exe', '/delete /TN "{E97E5BDE-3B97-45BA-8045-54B176474039}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "boQbXxbEJPaDgWztw" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "boQbXxbEJPaDgWztw2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "curl" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "curls" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "DuckGo Task" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "jVVcebPoCjhHKmi" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "jVVcebPoCjhHKmi2" /F', 0, 15000, true);
DeleteFile('c:\program files\gvekltxujie\jhuvmlxcmb.exe', '32');
DeleteFile('C:\Program Files\gVEKLTxUjIE\kQhKsit.dll', '32');
DeleteFile('C:\Program Files\OGqwJxyzdjgEZIvrFER\GsWMsha.dll', '32');
DeleteFile('C:\Program Files\Tortoise SVN\TortoiseSVN.dll', '32');
DeleteFile('C:\Users\User\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.ico');
DeleteFile('C:\Users\User\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk');
DeleteFile('C:\Users\User\AppData\Local\yc\Application\yc.exe', '32');
DeleteFile('C:\Users\User\AppData\LocalLow\DuckGo\duckgo.dll', '32');
DeleteFile('C:\Users\User\AppData\Roaming\curl\curl.exe', '32');
DeleteFile('C:\Users\User\AppData\Roaming\curl\curl_7_54.exe', '32');
DeleteFile('c:\windows\system32\appframehost.exe', '32');
DeleteFile('C:\Windows\system32\drivers\r17behtKYXxF.sys', '32');
DeleteService('AppFrameHost');
DeleteService('netfilter2');
DelBHO('{96AF5545-BC30-4E5D-8E36-836D000A1455}');
DelBHO('{C0D38E5A-7CF8-4105-8FE8-31B81443A114}');
DelBHO('{E4625B55-9401-4B40-B5BA-9134A41BFAA0}');
DelCLSID('{CBF88FC2-F150-4F29-BC80-CE30EFD1B62C}');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'dzjjhmnsjn');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ycAutoLaunch_E945EC6410C7CE86DF55E29C29AFA8B8');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved', '{CBF88FC2-F150-4F29-BC80-CE30EFD1B62C}');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
BC_ImportALL;
ExecuteSysClean;
ExecuteRepair(3);
ExecuteWizard('SCU', 2, 3, true);
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Ждем.Для повторной диагностики запустите снова AutoLogger. В первом диалоговом окне нажмите "ОК", удерживая нажатой клавишу "Shift".
Start::
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
S2 UbarCalloutDriver; \??\C:\Program Files\UBar\UbarDriver.sys [X]
2017-12-06 08:59 - 2017-12-14 16:56 - 000000000 ____D C:\Users\User\AppData\Roaming\curl
2017-12-06 08:58 - 2017-12-14 16:56 - 000000000 ____D C:\Users\User\AppData\LocalLow\DuckGo
2017-12-06 08:58 - 2017-12-06 09:00 - 000000000 ____D C:\Users\User\AppData\Local\DuckGo
2017-12-06 08:56 - 2017-12-06 20:36 - 000000000 ____D C:\Users\User\AppData\Local\yc
2017-12-06 08:53 - 2017-12-06 08:53 - 000000000 ____D C:\Users\User\AppData\Local\Chromium
2017-12-06 08:52 - 2017-12-06 08:58 - 000000000 ____D C:\Users\User\AppData\Local\unityp
2017-12-06 08:51 - 2017-12-14 16:57 - 000000000 ____D C:\Program Files\Tortoise SVN
2017-12-06 08:47 - 2017-12-13 22:15 - 000000000 ____D C:\Users\User\AppData\LocalLow\ZUAwrnxgIZhKc
ShellIconOverlayIdentifiers: [TortoiseOverlay] -> {CBF88FC2-F150-4F29-BC80-CE30EFD1B62C} => -> No File
FirewallRules: [{F5CA5128-92E6-4F42-8042-7125CF9C66E1}] => (Allow) C:\Program Files\UBar\ubar.exe
EmptyTemp:
Reboot:
End::
;uVS v4.0.5 [http://dsrt.dyndns.org]
v400c
adddir %SystemRoot%
crimg
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?