АлексейМусулев
Новый пользователь
- Сообщения
- 20
- Реакции
- 6
Смотрите видео ниже, чтобы узнать, как установить наш сайт в качестве веб-приложения на домашнем экране.
Примечание: Эта возможность может быть недоступна в некоторых браузерах.
SpyHunter 4 [2015/11/16 19:30:17]-->C:\Users\леша\AppData\Roaming\Enigma Software Group\sh_installer.exe -r sh
Supreme AdBlocker [20140222]-->"C:\ProgramData\Supreme AdBlocker\Supreme AdBlocker.exe" /progname=Supreme AdBlocker /progver=3.4.2 /progpub=Supreme AdBlocker /proguninstallurl=asdahjka.com /deleteappfolder=0 /deletefile2="C:\Program Files (x86)\Google\Chrome\Applicationupdate.dll" /deletefile3="C:\Program Files (x86)\Google\Chrome\Applicationchrome.dll" /deletefile4="C:\Users\леша\AppData\Local\Google\Chrome\Applicationupdate.dll" /deletefile5="C:\Users\леша\AppData\Local\Google\Chrome\Applicationchrome.dll" /VERYSILENT
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\леша\AppData\Local\fupdate\fupdate.exe', '');
QuarantineFile('C:\ProgramData\KRB Updater Utility\krbupdater.exe', '');
QuarantineFile('C:\Program Files (x86)\Common Files\Adobe\OOBA\PDApp\PPAPI\B0C022B0-560B-4206-81E8-B8DC50683D55.exe', '');
QuarantineFile('C:\Program Files (x86)\Kinoroom Browser\krbrowser.exe', '');
QuarantineFile('C:\Windows\system32\drivers\jynorggl.sys', '');
QuarantineFile('C:\Windows\system32\DNSAPI.dll', '');
DeleteFile('C:\Windows\system32\drivers\jynorggl.sys', '32');
DeleteFile('C:\Program Files (x86)\Kinoroom Browser\krbrowser.exe', '32');
DeleteFile('C:\Program Files (x86)\Common Files\Adobe\OOBA\PDApp\PPAPI\B0C022B0-560B-4206-81E8-B8DC50683D55.exe', '32');
DeleteFile('C:\ProgramData\KRB Updater Utility\krbupdater.exe', '32');
DeleteFile('C:\Users\леша\AppData\Local\fupdate\fupdate.exe', '32');
DeleteFile('C:\Windows\system32\Tasks\fupdate', '64');
DeleteFile('C:\Windows\system32\Tasks\Microsoft\KRBUUS\KRB Updater Utility Service', '64');
DeleteFile('C:\Windows\system32\Tasks\Microsoft\KRBUUS\KRBLNKRUN', '64');
DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\A39FAEEFE-DEC3-4BF8-B55F-D45D87A1CAD6', '64');
ExecuteFile('schtasks.exe', '/delete /TN "A39FAEEFE-DEC3-4BF8-B55F-D45D87A1CAD6" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "KRBLNKRUN" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "KRB Updater Utility Service" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "fupdate" /F', 0, 15000, true);
DeleteService('jynorggl');
DelBHO('{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}');
DelBHO('{2670000A-7350-4f3c-8081-5663EE0C6C49}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Kinoroom Browser');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ktlbvasqqh');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run', '39FAEEFE-DEC3-4BF8-B55F-D45D87A1CAD6');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run', 'KRB Updater Utility');
BC_ImportAll;
ExecuteRepair(21);
ExecuteWizard('SCU', 2, 3, true);
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
O1 - Hosts.ICS: 192.168.137.46 android-4d5b941f6f100d74.mshome.net # 2016 6 5 10 7 46 2 115
O1 - Hosts.ICS: 192.168.137.1
O1 - DNSApi: File is patched - C:\Windows\system32\dnsapi.dll
O1 - DNSApi: File is patched - C:\Windows\syswow64\dnsapi.dll
O2-64 - BHO: ReguilarDEals - {4EF498D0-B320-4FE2-81FB-C6B5C9CDA76C} - (no file)
O4 - HKLM\..\Policies\Explorer\Run: [39FAEEFE-DEC3-4BF8-B55F-D45D87A1CAD6] "C:\Program Files (x86)\Common Files\Adobe\OOBA\PDApp\PPAPI\B0C022B0-560B-4206-81E8-B8DC50683D55.exe" --getupdate-ppapi-plugin
O4 - HKLM\..\Policies\Explorer\Run: [KRB Updater Utility] "C:\ProgramData\KRB Updater Utility\krbupdater.exe" /S
O4 - HKLM\..\Run: [Kinoroom Browser] "C:\Program Files (x86)\Kinoroom Browser\krbrowser.exe" --auto-run-reg
O4-64 - HKCU\..\Run: [ktlbvasqqh] explorer "http://nintur.ru/?utm_source=uoua03&utm_content=3774b7bfab33d18f8d8141f16cadb5e6&utm_term=33B93A81F9458E1E3A463E5A8AEA5954&utm_d=20160603"
O4-64 - HKLM\..\Policies\Explorer\Run: [39FAEEFE-DEC3-4BF8-B55F-D45D87A1CAD6] "C:\Program Files (x86)\Common Files\Adobe\OOBA\PDApp\PPAPI\B0C022B0-560B-4206-81E8-B8DC50683D55.exe" --getupdate-ppapi-plugin
O4-64 - HKLM\..\Policies\Explorer\Run: [KRB Updater Utility] "C:\ProgramData\KRB Updater Utility\krbupdater.exe" /S
O1 - DNSApi: File is patched - C:\Windows\system32\dnsapi.dll
O1 - DNSApi: File is patched - C:\Windows\syswow64\dnsapi.dll
start
CMD: wmic /Namespace:\\root\default Path SystemRestore Call Enable "%SystemDrive%\"
CreateRestorePoint:
HKU\S-1-5-21-1089988304-2270247092-1082221458-1000\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\леша\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\леша\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\леша\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\леша\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\леша\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\леша\AppData\Local\MEGAsync\ShellExtX32.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO-x32: Research Bar -> {AEF595EA-2BEF-4F13-9D57-031060958C69} -> C:\Program Files\MTI\ResearchBarIE\TNSbar.dll => No File
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-1089988304-2270247092-1082221458-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
FF NetworkProxy: "type", ""
CHR HKU\S-1-5-21-1089988304-2270247092-1082221458-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cfddaegnkmjagelbdokgchblpjdneglm] - C:\Users\леша\AppData\Local\Metabar\metabar-fc-zenit.crx <not found>
CHR HKU\S-1-5-21-1089988304-2270247092-1082221458-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehfjihahbphdpljpiadbkmgmhnfehhgi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pbnhjaeolclgbofikfkagcgocgkbmkkh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pchfckkccldkbclgdepkaonamkignanh] - hxxp://clients2.google.com/service/update2/crx
2016-06-03 20:47 - 2016-06-04 18:18 - 00000346 _____ C:\Windows\Tasks\PED_Torrent_Search.job
2016-06-03 20:47 - 2016-06-03 20:47 - 00003366 _____ C:\Windows\System32\Tasks\PED_Torrent_Search
2016-06-03 20:47 - 2016-06-03 20:47 - 00000000 ____D C:\Users\Все пользователи\Torrent_Search_PED
2016-06-03 20:47 - 2016-06-03 20:47 - 00000000 ____D C:\ProgramData\Torrent_Search_PED
2016-06-03 20:44 - 2016-06-03 20:44 - 00000000 ____D C:\Users\леша\AppData\Local\Вoйти в Интeрнет
2016-06-03 20:39 - 2016-06-03 20:39 - 00000000 ____D C:\Users\леша\AppData\Local\Поиcк в Интeрнете
2016-06-03 20:38 - 2016-06-03 20:47 - 00000000 ____D C:\Users\леша\AppData\Roaming\Checkers
2016-06-03 22:33 - 2014-01-31 23:05 - 00000258 __RSH C:\Users\Все пользователи\ntuser.pol
2016-06-03 22:33 - 2014-01-31 23:05 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-06-03 20:46 - 2009-07-14 07:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-10-08 15:13 - 2013-10-08 15:13 - 0000040 _____ () C:\Program Files\{AACE8122-B27D-421C-A5BB-95060941AFD7}.sys
Task: {10B3FE48-A03C-42A1-BE52-91319EA333DA} - \Update Service for Torrent Search2 -> No File <==== ATTENTION
Task: {116F1E13-0853-485E-A138-274FC7C296BD} - System32\Tasks\PED_Torrent_Search => Rundll32.exe VsuhDd9.dll,#67
Task: {A06B2F6B-504A-48F6-B9C2-3DFC41A97BD7} - \DNSKINGSTON -> No File <==== ATTENTION
Task: {AAA27A62-EA4D-4B25-B9B2-67776FF54B75} - \Microsoft\Windows\A39FAEEFE-DEC3-4BF8-B55F-D45D87A1CAD6 -> No File <==== ATTENTION
Task: {D5F7C8A9-2EF7-4E14-9614-CB8A3C0DB4DD} - \Update Service for Torrent Search -> No File <==== ATTENTION
Task: {DF4EAE4B-DCAD-49EE-A808-E62D23F7A293} - \DigitalSite -> No File <==== ATTENTION
Task: C:\Windows\Tasks\PED_Torrent_Search.job => C:\ProgramData\Torrent_Search_PED\rundll32.exeVsuhDd9.dll
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B [264]
AlternateDataStreams: C:\Users\Все пользователи\TEMP:07BF512B [264]
AlternateDataStreams: C:\Users\леша\Local Settings:wa [178]
AlternateDataStreams: C:\Users\леша\AppData\Local:wa [178]
AlternateDataStreams: C:\Users\леша\AppData\Local\Application Data:wa [178]
cmd: ipconfig /flushdns
cmd: ipconfig /release
cmd: ipconfig /renew
cmd: bitsadmin /reset /allusers
EmptyTemp:
Reboot:
end