Александр Сургут
Новый пользователь
- Сообщения
- 11
- Реакции
- 0
удалите через Установку программAnySend
AppHelper
GamesDesktop 033.005010204
GamesDesktop 033.005010205
GamesDesktop 033.005010206
Games-desktop Maintenance 033.165
IconRunner version 1.0
SwiftSearch 1.10.0.25
yoursearching uninstall
Служба автоматического обновления программ
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
TerminateProcessByName('c:\users\Александр\appdata\local\amigo\application\amigo.exe');
TerminateProcessByName('c:\users\Александр\appdata\local\amigo\application\44.4.2403.3\amigo_cr.exe');
TerminateProcessByName('c:\program files (x86)\3e5fab20-1452436523-11dd-954f-50465d749799\knso3032.tmp');
TerminateProcessByName('c:\programdata\tmp0x0x\protectwindowsmanager.exe');
TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qmchext.exe');
TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qmdl.exe');
TerminateProcessByName('c:\users\Александр\appdata\local\3e5fab20-1452801049-11dd-954f-50465d749799\qnse9224.tmp');
TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\plugins\qmnetmon\qqpcnetflow.exe');
TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qqpcrealtimespeedup.exe');
TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qqpcrtp.exe');
TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qqpctray.exe');
TerminateProcessByName('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe');
TerminateProcessByName('c:\program files (x86)\tdatadld\tdata.exe');
TerminateProcessByName('c:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe');
SetServiceStart('TSSysKit', 4);
SetServiceStart('TSSKX64', 4);
SetServiceStart('tsnethlpx64', 4);
SetServiceStart('TFsFlt', 4);
SetServiceStart('TAOAccelerator', 4);
SetServiceStart('swsedrvr_vt_1_10_0_25', 4);
SetServiceStart('softaal', 4);
SetServiceStart('QQSysMonX64', 4);
SetServiceStart('QMUdisk', 4);
SetServiceStart('zigipyro', 4);
SetServiceStart('WindowsMangerProtect', 4);
SetServiceStart('TDataSvr', 4);
SetServiceStart('swsesrvc_1.10.0.25', 4);
SetServiceStart('QQPCRTP', 4);
QuarantineFile('C:\Users\Александр\appdata\roaming\aspackage\aspackage.exe','');
QuarantineFile('C:\Users\Александр\AppData\Roaming\WindowsUpdater\Updater.exe','');
QuarantineFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe','');
QuarantineFile('C:\Users\8523~1\AppData\Local\Temp\setup.exe','');
QuarantineFile('C:\Program Files (x86)\rec_ru_165\rec_ru_165.exe','');
QuarantineFile('C:\Users\Александр\AppData\Local\profitsaver\config.json','');
QuarantineFile('C:\Users\Александр\AppData\Local\profitsaver\rft_sb.exe','');
QuarantineFile('C:\Users\Александр\AppData\Roaming\MyDesktop\qweeeCL.exe','');
QuarantineFile('C:\Program Files (x86)\MTV20151125\MTView.exe','');
QuarantineFile('C:\Program Files (x86)\IconRunner\MoneyBot.exe','');
QuarantineFile('C:\Program Files (x86)\Company\gupdate\gupdate.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010206\gmsd_ru_005010206.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010205\gmsd_ru_005010205.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010204\gmsd_ru_005010204.exe','');
QuarantineFile('C:\Users\Александр\AppData\Local\gmsd_ru_005010206\upgmsd_ru_005010206.exe','');
QuarantineFile('C:\Windows\system32\DRIVERS\MPCKpt.sys','');
QuarantineFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys','');
QuarantineFile('c:\program files (x86)\tdatadld\tdata.exe','');
QuarantineFile('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe','');
QuarantineFile('c:\users\Александр\appdata\local\3e5fab20-1452801049-11dd-954f-50465d749799\qnse9224.tmp','');
QuarantineFile('c:\programdata\tmp0x0x\protectwindowsmanager.exe','');
QuarantineFile('c:\program files (x86)\3e5fab20-1452436523-11dd-954f-50465d749799\knso3032.tmp','');
DeleteFile('c:\users\Александр\appdata\local\amigo\application\44.4.2403.3\amigo_cr.exe','32');
DeleteFile('c:\users\Александр\appdata\local\amigo\application\amigo.exe','32');
DeleteFile('c:\program files (x86)\3e5fab20-1452436523-11dd-954f-50465d749799\knso3032.tmp','32');
DeleteFile('c:\programdata\tmp0x0x\protectwindowsmanager.exe','32');
DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qmchext.exe','32');
DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qmdl.exe','32');
DeleteFile('c:\users\Александр\appdata\local\3e5fab20-1452801049-11dd-954f-50465d749799\qnse9224.tmp','32');
DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\plugins\qmnetmon\qqpcnetflow.exe','32');
DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qqpcrealtimespeedup.exe','32');
DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qqpcrtp.exe','32');
DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qqpctray.exe','32');
DeleteFile('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe','32');
DeleteFile('c:\program files (x86)\tdatadld\tdata.exe','32');
DeleteFile('C:\Program Files (x86)\TDataDld\MSVCP100.dll','32');
DeleteFile('C:\Program Files (x86)\TDataDld\MSVCR100.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\AndroidAssistHelper.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\arkGraphic.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\Common.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\communic.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\DLProtectComm.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\dr.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\GameUpgrade.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\GarbageCleaner.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\GF.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\GFCustom.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\GFFtsysCustom.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\jgImage.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMDns.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMEmKit.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMEmMat.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMExt.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\GameSpeedupExposure.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\GameSpeedupGiftBagMgr.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\SpeedupMsg.dll','32');
DeleteFile('C:\ProgramData\Tencent\TSVulFw\TSVulFW.DAT','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\xImage.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\xGraphic32.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TSZip.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TSWebMon.dat','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMUdisk64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQSysMonX64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\softaal64.sys','32');
DeleteFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys','32');
DeleteFile('C:\Windows\system32\Drivers\TAOAccelerator64.sys','32');
DeleteFile('C:\Windows\system32\Drivers\TAOKernel64.sys','32');
DeleteFile('C:\Windows\system32\Drivers\TFsFltX64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TsNetHlpX64.sys','32');
DeleteFile('C:\Windows\System32\drivers\tsskx64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TSSysKit64.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\MPCKpt.sys','32');
DeleteFile('C:\Users\Александр\AppData\Local\gmsd_ru_005010206\upgmsd_ru_005010206.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010206\gmsd_ru_005010206.exe','32');
DeleteFile('C:\Program Files (x86)\Company\gupdate\gupdate.exe','32');
DeleteFile('C:\Program Files (x86)\IconRunner\MoneyBot.exe','32');
DeleteFile('C:\Program Files (x86)\MTV20151125\MTView.exe','32');
DeleteFile('C:\Users\Александр\AppData\Roaming\MyDesktop\qweeeCL.exe','32');
DeleteFile('C:\Users\Александр\AppData\Local\profitsaver\rft_sb.exe','32');
DeleteFile('C:\Users\Александр\AppData\Local\profitsaver\config.json','32');
DeleteFile('C:\Program Files (x86)\rec_ru_165\rec_ru_165.exe','32');
DeleteFile('C:\Users\8523~1\AppData\Local\Temp\setup.exe','32');
DeleteFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe','32');
DeleteFile('C:\Users\Александр\AppData\Roaming\OdnUqnxVqtAcmfpq4n\tor\tor.exe','32');
DeleteFile('C:\Users\Александр\AppData\Roaming\WindowsUpdater\Updater.exe','32');
DeleteFile('C:\Windows\system32\Tasks\WindowsUpdater','64');
DeleteFile('C:\Users\Александр\AppData\Local\Temp\nsqB073.tmp\blowfish.dll','32');
DeleteFile('C:\Users\Александр\appdata\roaming\aspackage\aspackage.exe','32');
DeleteFile('C:\Users\Александр\appdata\roaming\aspackage\uninstall.exe','32');
DeleteService('wucotusy');
DeleteService('SSFK');
DeleteService('AppVerifier');
DeleteService('zigipyro');
DeleteService('WindowsMangerProtect');
DeleteService('TDataSvr');
DeleteService('swsesrvc_1.10.0.25');
DeleteService('QQPCRTP');
DeleteService('MPCKpt');
DeleteService('TSSKX64');
DeleteService('tsnethlpx64');
DeleteService('TFsFlt');
DeleteService('TAOAccelerator');
DeleteService('swsedrvr_vt_1_10_0_25');
DeleteService('softaal');
DeleteService('QQSysMonX64');
DeleteService('QMUdisk');
DelCLSID('{63332668-8CE1-445D-A5EE-25929176714E}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TorProject','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpaceSoundPro','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\setup','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\rec_ru_165','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\profitsaver','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyDesktop','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MTview','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IconRunner','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gupdate','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010206','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010205','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010204','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GenieFloater','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EncrypterEpta','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DTS','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\amigo','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved','{63332668-8CE1-445D-A5EE-25929176714E}');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','lsas');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','amigo');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upgmsd_ru_005010206.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','QQPCTray');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
begin
CreateQurantineArchive('c:\quarantine.zip');
end.
Trojan.MalPack.Generic, D:\! system\Users\Александр\Загрузки\Porno\[MangaGamer] Slave Witch April\SlaveWitchApril\WinRoot\aconite\SlaveWitchApril\lcsebody.exe, , [ea32f4472970b086c6ec540a4fb2cf31],
PUP.Optional.OpenCandy, D:\! system\Users\Александр\Мои документы\Shareman\Игры\Cashflow 101 & Cashflow 202 - Денежный поток 101 и 202\DTLite4452-0287.exe, , [b26aeb500495b18570b0ba12ee168080],
PUP.Optional.SofTonic, D:\Download\Games\SoftonicDownloader_for_hamachi.exe, , [a17b2714455466d03e24f145917027d9],
HackTool.Agent, D:\Download\Install\Активация\Активация Windows 7 Loader.exe, , [0c1043f83e5b92a4c0abe342c04148b8],
PUP.Optional.Koyote, D:\Download\Program\FreeVideoConverterSetup-r0-n-bc.exe, , [3ddf69d2386195a12dedc2727d84c63a],
PUP.Optional.OpenCandy, D:\Download\Program\DAEMON Tools Lite 4.46.1.0328 (2013) PC\DAEMON Tools Lite 4.46.1.0328.exe, , [5ac2d2697821d5618898d8f4dd2705fb],
Trojan.Agent.MSIL, D:\Download\Program\Skype Video\Keygen\keygen.exe, , [ac70e457a0f978be90153a3eeb16a65a],
CreateRestorePoint:
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCTray.exe [355296 2016-01-14] (Tencent)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2439474060-298662969-3691748063-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=99136537_hao_pg
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TSWebMon64.dat [2016-01-14] (Tencent)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\npQMExtensionsMozilla.dll [2016-01-14] (Tencent Technology (Shenzhen) Company Limited)
CHR DefaultSearchURL: Default -> hxxp://yoursearching.com/web?type=ds&ts=1452860328&z=b8b7e9dc7d13d5f920f7d69g5z8wdoab5q4c8qewfb&from=face&uid=ST2000DM001-1CH164_Z1E24946XXXXZ1E24946&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yoursearching
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCRTP.exe [301728 2016-01-14] (Tencent)
S2 dipytomyzbt; C:\Program Files (x86)\3E5FAB20-1452436523-11DD-954F-50465D749799\knso3032.tmp [X]
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMUdisk64.sys [162104 2016-01-12] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQSysMonX64.sys [138552 2016-01-14] (电脑管家)
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\softaal64.sys [35128 2016-01-14] (Tencent)
R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [89464 2016-01-14] (Tencent)
R1 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [131896 2016-01-14] (Tencent Technology(Shenzhen) Company Limited)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-01-14] (电脑管家)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TS888x64.sys [28984 2016-01-20] (Tencent)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TSDefenseBT64.sys [28984 2016-01-14] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TsNetHlpX64.sys [48440 2016-01-14] ()
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45368 2015-12-28] (电脑管家)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TSSysKit64.sys [87352 2016-01-14] (电脑管家)
2016-01-15 17:47 - 2016-01-20 22:17 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2016-01-15 17:47 - 2016-01-14 21:44 - 00131896 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2016-01-14 21:44 - 2016-01-14 21:44 - 00089464 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2016-01-14 20:36 - 2016-01-14 21:44 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2016-01-14 20:36 - 2016-01-14 21:10 - 00000000 ____D C:\Users\Александр\AppData\Roaming\Tencent
2016-01-14 20:36 - 2016-01-14 20:51 - 00000000 ____D C:\Users\Все пользователи\Tencent
2016-01-14 20:36 - 2016-01-14 20:51 - 00000000 ____D C:\ProgramData\Tencent
2016-01-14 20:36 - 2016-01-14 20:36 - 00000000 ____D C:\Users\Все пользователи\TXQMPC
2016-01-14 20:36 - 2016-01-14 20:36 - 00000000 ____D C:\ProgramData\TXQMPC
2016-01-14 20:36 - 2016-01-14 20:36 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-01-14 20:36 - 2016-01-14 20:36 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-01-14 20:36 - 2015-12-28 21:34 - 00045368 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2016-01-14 20:35 - 2016-01-14 20:35 - 00000000 ____D C:\Program Files (x86)\t_201601142035
2016-01-14 20:34 - 2016-01-14 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ГАНјдЇАА
2016-01-14 20:34 - 2016-01-14 20:34 - 00000000 ____D C:\Program Files (x86)\MTV20151125
2016-01-14 13:53 - 2016-01-14 13:53 - 00000000 ____D C:\Program Files (x86)\Company
2016-01-14 13:42 - 2016-01-15 17:48 - 00000566 _____ C:\appverifier.txt
2016-01-13 11:24 - 2016-01-17 01:14 - 00000000 ____D C:\Users\Александр\AppData\Roaming\ASPackage
2016-01-12 09:54 - 2016-01-17 01:40 - 00000000 ____D C:\Users\Александр\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения Амиго
2016-01-12 09:50 - 2016-01-20 01:03 - 00002260 _____ C:\Users\Александр\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Интернет.lnk
2016-01-12 09:50 - 2016-01-20 01:03 - 00002241 _____ C:\Users\Александр\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk
2016-01-12 09:50 - 2016-01-20 01:03 - 00002241 _____ C:\Users\Александр\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Вконтакте.lnk
2016-01-12 09:50 - 2016-01-12 09:50 - 00000000 ____D C:\Users\Александр\AppData\Local\Amigo
2016-01-12 09:20 - 2016-01-13 13:27 - 00000000 ____D C:\Users\Александр\AppData\Roaming\tor
2016-01-12 09:20 - 2016-01-12 09:20 - 00000000 ____D C:\Users\Александр\AppData\Roaming\OdnUqnxVqtAcmfpq4n
2016-01-11 11:40 - 2016-01-11 11:40 - 00000008 _____ C:\END
2016-01-10 20:47 - 2016-01-11 12:00 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-01-10 20:35 - 2016-01-10 20:34 - 00000999 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-10 19:34 - 2016-01-10 19:34 - 00000000 ____D C:\Users\Александр\AppData\Roaming\ProductData
2016-01-10 19:33 - 2016-01-11 12:01 - 00000000 ____D C:\Users\Александр\AppData\Local\ZetaGamesNews
2016-01-10 19:32 - 2016-01-17 01:18 - 00000000 ____D C:\Users\Александр\AppData\Roaming\WindowsUpdater
2016-01-10 19:31 - 2016-01-12 09:22 - 00000000 ____D C:\Users\Александр\AppData\Roaming\Browsers
2016-01-10 19:31 - 2016-01-10 19:31 - 00000000 ____D C:\Users\Александр\AppData\Roaming\MyDesktop
2016-01-10 19:31 - 2016-01-10 19:31 - 00000000 ____D C:\Users\Александр\AppData\Local\Hostinstaller
C:\Users\Александр\AppData\Local\Temp\0jHe4hBJxsCw.exe
C:\Users\Александр\AppData\Local\Temp\1AE0.tmp.exe
C:\Users\Александр\AppData\Local\Temp\39AB662E2A813AEB.exe
C:\Users\Александр\AppData\Local\Temp\44692uninstall.exe
C:\Users\Александр\AppData\Local\Temp\4A48.tmp.exe
C:\Users\Александр\AppData\Local\Temp\4A96.tmp.exe
C:\Users\Александр\AppData\Local\Temp\4D93.tmp.exe
C:\Users\Александр\AppData\Local\Temp\89B8.tmp.exe
C:\Users\Александр\AppData\Local\Temp\978E.tmp.exe
C:\Users\Александр\AppData\Local\Temp\AE47D69CEF82511.exe
C:\Users\Александр\AppData\Local\Temp\B8A8.tmp.exe
C:\Users\Александр\AppData\Local\Temp\Baidusd.Setup.3.0.0.4609.youqian_1050102139.exe
C:\Users\Александр\AppData\Local\Temp\BDABrowserProtectUnInstall.exe
C:\Users\Александр\AppData\Local\Temp\DC1D.tmp.exe
C:\Users\Александр\AppData\Local\Temp\dfsd74hfgz_OrionInstaller.exe
C:\Users\Александр\AppData\Local\Temp\dist-X.Y.Z.exe
C:\Users\Александр\AppData\Local\Temp\EFB3.tmp.exe
C:\Users\Александр\AppData\Local\Temp\enxcript.exe
C:\Users\Александр\AppData\Local\Temp\F686015ACC28F2C7.exe
C:\Users\Александр\AppData\Local\Temp\hcv_mailruhomesearch (1).exe
C:\Users\Александр\AppData\Local\Temp\hcv_mailruhomesearch.exe
C:\Users\Александр\AppData\Local\Temp\libcurl.dll
C:\Users\Александр\AppData\Local\Temp\MobogenieSetup.exe
C:\Users\Александр\AppData\Local\Temp\nsq64C3.tmp.exe
C:\Users\Александр\AppData\Local\Temp\PCMgr_Setup_11_3_17203_220.exe
C:\Users\Александр\AppData\Local\Temp\qqpcmgr_v11.1.16923.222_45101_Silence.exe
C:\Users\Александр\AppData\Local\Temp\setup1012016193312.exe
C:\Users\Александр\AppData\Local\Temp\Tinyxml2.dll
C:\Users\Александр\AppData\Local\Temp\ts_10051.exe
C:\Users\Александр\AppData\Local\Temp\tu17p84.exe
C:\Users\Александр\AppData\Local\Temp\unzeta.exe
C:\Users\Александр\AppData\Local\Temp\TempQMSystemSetup_10.11.16575.227_1777425748.exe
C:\Users\Александр\AppData\Local\Temp\TempQMSystemSetup_11.3.17203.220_2992616340(1).exe
C:\Users\Александр\AppData\Local\Temp\TempQMSystemSetup_11.3.17203.220_2992616340(2).exe
C:\Users\Александр\AppData\Local\Temp\TempQMSystemSetup_11.3.17203.220_2992616340(3).exe
C:\Users\Александр\AppData\Local\Temp\TempQMSystemSetup_11.3.17203.220_2992616340(4).exe
C:\Users\Александр\AppData\Local\Temp\TempQMSystemSetup_11.3.17203.220_2992616340.exe
C:\Users\Александр\AppData\Local\Temp\TempQMWechatBackupSetup_10.11.53229.501_240329750.exe
Task: {F872F8AA-A1E6-4856-ACA9-FB0E53C56B5F} - \WindowsUpdater -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:8D25D700
AlternateDataStreams: C:\ProgramData\TEMP:F7183734
AlternateDataStreams: C:\Users\Все пользователи\TEMP:56E2E879
AlternateDataStreams: C:\Users\Все пользователи\TEMP:8D25D700
AlternateDataStreams: C:\Users\Все пользователи\TEMP:F7183734
FirewallRules: [{4384779B-EB0F-442D-9032-48C1982FE1FD}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{0881E57A-6305-4A71-B9F0-533D5EE22432}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{15488627-40E8-4377-AF73-01C6914E66B8}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCmgrInstallGuide.exe
FirewallRules: [{7244F913-5145-47B5-9E3F-874061A56663}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCTray.exe
FirewallRules: [{D8607E8C-1E26-44AD-AE61-32C16561829A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCMgr.exe
FirewallRules: [{1DC4E5BA-4EA2-460E-BE2E-8828B338FA50}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCRTP.exe
FirewallRules: [{23205923-5779-4537-88E0-E7C710F581C3}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMDL.exe
FirewallRules: [{DAD6207A-8AB2-4370-AB34-065B76131C1A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\bugreport.exe
FirewallRules: [{ADA7D1B6-03B9-4547-A40E-025D0F9443A5}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCFileOpen.exe
FirewallRules: [{0E7C2353-BAC5-4F6A-B736-C4049C5C687C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCLeakScan.exe
FirewallRules: [{0AF47168-389A-4F2A-AA4F-027B75F8B9EF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPConfig.exe
FirewallRules: [{F3E3C545-390C-4D8B-A807-CEC125581CF5}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCSoftMgr.exe
FirewallRules: [{BD3A7CCB-4A53-462B-96F4-698BCE2AD354}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{3083BF94-B406-4F6C-8FF4-7518D2BDB62E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCBTU.exe
FirewallRules: [{831A0585-51F9-4E02-BCB9-4055D9889BD1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCClinic.exe
FirewallRules: [{742270F3-3B91-43B5-8991-C986259A74C1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCLaunch.exe
FirewallRules: [{9F693523-E04F-49B9-8DC8-0C3836A9B5B5}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{E405AD93-2CDF-46A1-BB7F-C2E3716BE09C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCSoftGame.exe
FirewallRules: [{DC3A9E21-E644-475F-94C6-8479552B84A1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCSysOptimize.exe
FirewallRules: [{7076CF96-068C-4E6C-81F3-75ACA1F8754B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCUpdateAVLib.exe
FirewallRules: [{ACB07E71-73EC-4B54-862A-55990A67D388}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQRepair.exe
FirewallRules: [{4EE3B842-3E5B-4DC0-BDEB-611E9E9B3245}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\Uninst.exe
FirewallRules: [{9F98B3A6-C3CE-47A4-B5F6-0E9325C8658E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCPatch.exe
FirewallRules: [{4E80CE2E-9CD2-4A15-9B3D-36D62D0E6AD1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TpkUpdate.exe
FirewallRules: [{52C1BB29-3475-4C48-892C-8985EC3E8594}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMRouterMgr.exe
FirewallRules: [{7DFDF22D-4DC4-4E7C-B7AD-40629DD82354}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMAccountProtection.exe
FirewallRules: [{FAC2E40F-3530-435F-8F81-9CFD1D82ADA4}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMAdBlock.exe
FirewallRules: [{BB2D6ADE-E78D-4A30-AAE0-B5BCC989EA94}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{A1513CED-9A82-4AC7-B3CB-72C59E38DB48}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
Reboot:
CreateRestorePoint:
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCTray.exe [355296 2016-01-14] (Tencent)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMGCShellExt64.dll [2016-01-14] (Tencent)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=99136537_hao_pg
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TSWebMon64.dat [2016-01-14] (Tencent)
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQPCRTP.exe [301728 2016-01-14] (Tencent)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMUdisk64.sys [162104 2016-01-12] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQSysMonX64.sys [138552 2016-01-14] (电脑管家)
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\softaal64.sys [35128 2016-01-14] (Tencent)
R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [89464 2016-01-14] (Tencent)
R1 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [131896 2016-01-14] (Tencent Technology(Shenzhen) Company Limited)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-01-14] (电脑管家)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TS888x64.sys [28984 2016-01-21] (Tencent)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TSDefenseBT64.sys [28984 2016-01-14] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TsNetHlpX64.sys [48440 2016-01-14] ()
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TSSysKit64.sys [87352 2016-01-14] (电脑管家)
S3 TSSKX64; System32\drivers\tsskx64.sys [X]
2016-01-21 18:54 - 2016-01-21 22:24 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2016-01-21 18:54 - 2016-01-21 19:08 - 00000000 ____D C:\Users\Все пользователи\Tencent
2016-01-21 18:54 - 2016-01-21 19:08 - 00000000 ____D C:\ProgramData\Tencent
2016-01-21 18:54 - 2016-01-21 18:55 - 00000000 ____D C:\Users\Александр\AppData\Roaming\Tencent
2016-01-21 18:54 - 2016-01-21 18:54 - 00000000 ____D C:\Users\Все пользователи\TXQMPC
2016-01-21 18:54 - 2016-01-21 18:54 - 00000000 ____D C:\ProgramData\TXQMPC
2016-01-21 18:54 - 2016-01-21 18:54 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-01-21 18:54 - 2016-01-14 21:44 - 00131896 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2016-01-21 18:54 - 2016-01-14 21:44 - 00089464 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2016-01-14 20:36 - 2016-01-14 21:44 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2016-01-14 20:36 - 2016-01-14 20:36 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-01-10 20:32 - 2016-01-10 20:32 - 00000000 ____D C:\Users\Александр\mobogenieP2sp
2016-01-10 20:32 - 2016-01-10 20:32 - 00000000 ____D C:\Users\Александр\AppData\Roaming\Mobogenie
C:\Users\Александр\AppData\Local\Temp\TempQMSystemSetup_10.11.16575.227_1777425748.exe
C:\Users\Александр\AppData\Local\Temp\TempQMSystemSetup_11.3.17203.220_2992616340(1).exe
C:\Users\Александр\AppData\Local\Temp\TempQMSystemSetup_11.3.17203.220_2992616340(2).exe
C:\Users\Александр\AppData\Local\Temp\TempQMSystemSetup_11.3.17203.220_2992616340(3).exe
C:\Users\Александр\AppData\Local\Temp\TempQMSystemSetup_11.3.17203.220_2992616340(4).exe
C:\Users\Александр\AppData\Local\Temp\TempQMSystemSetup_11.3.17203.220_2992616340.exe
C:\Users\Александр\AppData\Local\Temp\TempQMWechatBackupSetup_10.11.53229.501_240329750.exe
Reboot:
и попадаются такие, как Вы, на шифрование данных. Пришло время задуматься.резервное копирование затруднительно
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?