O4 - HKCU\..\Run: [wjrwolqner] "http://imatiro.ru/?utm_source=uoua03&utm_content=2ab9a970874b6c3a100ddbe365669ec3&utm_term=7714F4F902845D5622ED6367DDB7EEEB&utm_d=20161230"
start
CreateRestorePoint:
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF DefaultSearchEngine: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default -> Поиск@Mail.Ru
FF SelectedSearchEngine: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default -> Поиск@Mail.Ru
FF Homepage: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://imatiro.ru/?utm_source=startpage03&utm_content=56015c7093d8730e649b4c36b97176fa&utm_term=7714F4F902845D5622ED6367DDB7EEEB&utm_d=20161230
FF Keyword.URL: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B084219D2-D880-4176-935B-33602C77B8F9%7D&gp=811014
FF Extension: (Домашняя страница Mail.Ru) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\homepage@mail.ru [2016-12-30]
FF Extension: (Поиск@Mail.Ru) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\search@mail.ru [2016-12-30]
FF Extension: (Визуальные закладки @Mail.Ru) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2016-12-30]
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mailru.xml [2016-12-30]
CHR HomePage: Default -> hxxps://mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> "hxxp://imatiro.ru/?utm_source=startpage03&utm_content=56015c7093d8730e649b4c36b97176fa&utm_term=7714F4F902845D5622ED6367DDB7EEEB&utm_d=20161230"
CHR NewTab: Default -> "chrome-extension://oelpkepjlgmehajehfeicfbjdiobdkfj/visual-bookmarks.html"
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7B31689A79-7E72-4F2C-AC24-D2FE41CD10CE%7D&gp=811014
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
CHR Extension: (No Name) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2016-12-30]
CHR Extension: (No Name) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-09-03]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - <no Path/update_url>
OPR Extension: (No Name) - C:\Documents and Settings\Admin\Application Data\Opera Software\Opera Stable\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2016-12-30]
CMD: ipconfig /flushdns
CMD: IPCONFIG /release
CMD: IPCONFIG /renew
CMD: RD /S /Q %WinDir%\System32\GroupPolicyUsers
CMD: RD /S /Q %WinDir%\System32\GroupPolicy
CMD: RD /S /Q %WinDir%\SysWOW64\GroupPolicyUsers
CMD: RD /S /Q %WinDir%\SysWOW64\GroupPolicy
CMD: RD /S /Q %WinDir%\SysNative\GroupPolicyUsers
CMD: RD /S /Q %WinDir%\SysNative\GroupPolicy
CMD: gpupdate /force
EmptyTemp:
Reboot:
end
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?