begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('c:\program files (x86)\transmission\transmission-qt.exe');
TerminateProcessByName('c:\users\nikdan\appdata\local\system32\system32.exe');
StopService('Transmission');
QuarantineFile('C:\Program Files (x86)\lCXAbaqnQIE\tJ97yDQb9.dll', '');
QuarantineFile('C:\Program Files (x86)\Transmission\Qt5Core.dll', '');
QuarantineFile('c:\program files (x86)\transmission\transmission-qt.exe', '');
QuarantineFile('c:\users\nikdan\appdata\local\system32\system32.exe', '');
QuarantineFile('C:\Users\nikdan\AppData\Local\Temp\nw888_2630', '');
DeleteFile('C:\Program Files (x86)\lCXAbaqnQIE\tJ97yDQb9.dll', '64');
DeleteFile('C:\Program Files (x86)\Transmission\Qt5Core.dll', '');
DeleteFile('c:\program files (x86)\transmission\transmission-qt.exe', '');
DeleteFile('C:\Program Files (x86)\Transmission\transmission-qt.exe', '64');
DeleteFile('c:\users\nikdan\appdata\local\system32\system32.exe', '32');
DeleteFile('C:\Users\nikdan\AppData\Local\Temp\nw888_2630', '32');
DeleteFile('C:\Users\nikdan\AppData\Local\Temp\nw888_2630', '64');
DeleteService('Transmission');
DeleteFileMask('c:\program files (x86)\transmission', '*', true);
DeleteFileMask('C:\ProgramData\robotdemo\', '*', true);
DeleteDirectory('c:\program files (x86)\transmission');
DeleteDirectory('C:\ProgramData\robotdemo\');
DelBHO('{3A13CC43-54F9-42DA-B25F-4F7578697B0B}');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'Application Restart #0', '32');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'Application Restart #0', '64');
ExecuteSysClean;
ExecuteRepair(21);
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
Start::
SystemRestore: On
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ограничение <==== ВНИМАНИЕ
GroupPolicy: Ограничение - Chrome <==== ВНИМАНИЕ
Policies: C:\ProgramData\NTUSER.pol: Ограничение <==== ВНИМАНИЕ
HKLM\SOFTWARE\Policies\Google: Ограничение <==== ВНИМАНИЕ
CHR Notifications: Default -> hxxps://1-h1638475761.thevtk.com; hxxps://38.caiwik.com; hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://empireg.ru; hxxps://gmt-maxnet16309244135240.yanews24.com; hxxps://l16417593843200.vkonrakte.com; hxxps://mail-notification.info; hxxps://mmoreigrcom1631563569201.yanews24.com; hxxps://mnthor.xyz; hxxps://pinghauz.xyz; hxxps://rump3torbiz163266673326401233.yanews24.com; hxxps://s-tracking.xyz; hxxps://supertopfreegames.com; hxxps://www.tiktok.com; hxxps://www.youtube.com; hxxps://www84.todhamilton.pro; hxxps://zarabotok-online.xyz
CHR HomePage: Default -> hxxps://find-it.pro/?utm_source=distr_m
CHR StartupUrls: Default -> "hxxps://find-it.pro/?utm_source=distr_m"
CHR DefaultSearchURL: Default -> hxxp://search-cdn.net/fip/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> cdn
C:\Users\nikdan\AppData\Local\Google\Chrome\User Data\Default\Extensions\meejmcfbiapijdfaadackoblffmidlig
C:\Users\nikdan\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\npiclhkkbgabhapklngkpahnaafkgpne
2022-02-17 11:35 - 2021-09-11 10:49 - 000000000 ____D C:\Users\nikdan\AppData\Local\system32
2022-02-17 11:35 - 2021-09-06 09:01 - 000000000 ____D C:\Program Files (x86)\lCXAbaqnQIE
AlternateDataStreams: C:\WINDOWS\System32:tdsrinu.gfc [5882]
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
EmptyTemp:
Reboot:
End::
удалите.YoutubeDownloader
Кнопка "Яндекс" на панели задач
Дополнительно сделайте:NoAds 1.0.0.0 v.1.0.0.0 << Скрыта Внимание! Подозрение на Adware!
Start::
NoAds 1.0.0.0 (HKLM-x32\...\{fd75e36c-7bcc-4ca6-ac17-94b53b233fc7}) (Version: 1.0.0.0 - NoAds) Hidden
Reboot:
End::
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?