abrakadabra
Новый пользователь
- Сообщения
- 5
- Реакции
- 0
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=EXPLORER.EXE %WINDIR%\RUNDLL.BAT
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('EXPLORER.EXE C:\WINDOWS\RUNDLL.BAT','');
QuarantineFile('EXPLORER.EXE %WINDIR%\RUNDLL.BAT','');
QuarantineFile('EAV-26037630NodEnabler.exe','');
DeleteFile('EAV-26037630NodEnabler.exe');
DeleteFile('EXPLORER.EXE %WINDIR%\RUNDLL.BAT');
DeleteFile('EXPLORER.EXE C:\WINDOWS\RUNDLL.BAT');
DelBHO('{35A6E2B1-27A9-47D2-913C-559E1EF1D034}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','NodEnabler');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','wininet');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(16);
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Заражённые ключи в реестре:
HKEY_CLASSES_ROOT\Typelib\{7F6EDB84-901B-4309-A2F6-0058F38C4CC4} (Adware.TMAAgent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{01690012-9FBF-4422-B830-BC1EEE946333} (Adware.TMAAgent) -> No action taken.
HKEY_CLASSES_ROOT\Steadway.FFValidator (Adware.TMAagent) -> No action taken.
HKEY_CLASSES_ROOT\Steadway.FFValidator.1 (Adware.TMAagent) -> No action taken.
HKEY_CLASSES_ROOT\Steadway.IEAdapter (Adware.TMAagent) -> No action taken.
HKEY_CLASSES_ROOT\Steadway.IEAdapter.1 (Adware.TMAagent) -> No action taken.
HKEY_CLASSES_ROOT\Steadway.Steadway (Adware.TMAagent) -> No action taken.
HKEY_CLASSES_ROOT\Steadway.Steadway.1 (Adware.TMAagent) -> No action taken.
HKEY_CLASSES_ROOT\Steadway.StwBand (Adware.TMAagent) -> No action taken.
HKEY_CLASSES_ROOT\Steadway.StwBand.1 (Adware.TMAagent) -> No action taken.
HKEY_CLASSES_ROOT\Steadway.StwDialogs (Adware.TMAagent) -> No action taken.
HKEY_CLASSES_ROOT\Steadway.StwDialogs.1 (Adware.TMAagent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Target Marketing Agency (Adware.TMAagent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TMAgency (Adware.TMAagent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Target Marketing Agency (Adware.TMAagent) -> No action taken.
Заражённые папки:
c:\program files\common files\target marketing agency (Adware.TMAagent) -> No action taken.
c:\program files\common files\target marketing agency\TMAgent (Adware.TMAagent) -> No action taken.
c:\program files\common files\target marketing agency\TMAgent\extension (Adware.TMAagent) -> No action taken.
c:\program files\common files\target marketing agency\TMAgent\extension\chrome (Adware.TMAagent) -> No action taken.
c:\program files\common files\target marketing agency\TMAgent\extension\components (Adware.TMAagent) -> No action taken.
c:\program files\FieryAds (Adware.Adware.FearAds) -> No action taken.
c:\system volume information\_restore{5742e9fe-2ebc-484c-aa57-f5591cbed431}\RP741\A0399915.dll (Adware.TMAagent) -> No action taken.
c:\system volume information\_restore{5742e9fe-2ebc-484c-aa57-f5591cbed431}\RP741\A0399911.dll (Adware.TMAagent) -> No action taken.
c:\system volume information\_restore{5742e9fe-2ebc-484c-aa57-f5591cbed431}\RP741\A0399912.dll (Adware.TMAagent) -> No action taken.
c:\system volume information\_restore{5742e9fe-2ebc-484c-aa57-f5591cbed431}\RP741\A0399913.exe (Adware.TMAagent) -> No action taken.
c:\system volume information\_restore{5742e9fe-2ebc-484c-aa57-f5591cbed431}\RP741\A0399914.exe (Adware.TMAagent) -> No action taken.
c:\system volume information\_restore{5742e9fe-2ebc-484c-aa57-f5591cbed431}\RP741\A0399917.exe (Adware.TMAagent) -> No action taken.
c:\documents and settings\Мифодий\application data\fieryads.dat (Adware.FieryAds) -> No action taken.
c:\program files\common files\target marketing agency\TMAgent\license.txt (Adware.TMAagent) -> No action taken.
c:\program files\common files\target marketing agency\TMAgent\extension\chrome.manifest (Adware.TMAagent) -> No action taken.
c:\program files\common files\target marketing agency\TMAgent\extension\install.rdf (Adware.TMAagent) -> No action taken.
c:\program files\common files\target marketing agency\TMAgent\extension\components\nsiadhandler.xpt (Adware.TMAagent) -> No action taken.
c:\program files\common files\target marketing agency\TMAgent\extension\components\nsisteadway.xpt (Adware.TMAagent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: ([url]http://webalta.ru[/url]) Good: ([url]http://www.google.com/[/url]) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: ([url]http://webalta.ru[/url]) Good: ([url]http://www.google.com/[/url]) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: ([url]http://webalta.ru[/url]) Good: ([url]http://www.google.com/[/url]) -> No action taken.
Не вижу лог MBAM.Повторите лог МВАМ
Проблема решена?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?