begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('C:\Windows\svchost.exe');
TerminateProcessByName('C:\Windows\csrss.exe');
SetServiceStart('QMUdisk', 4);
StopService('QMUdisk');
QuarantineFileF('C:\Program Files (x86)\Tencent', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\tsskx64.sys', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMUdisk64.sys', '');
QuarantineFile('C:\Windows\svchost.exe', '');
QuarantineFile('C:\Windows\csrss.exe', '');
DeleteFile('C:\Windows\csrss.exe', '32');
DeleteFile('C:\Windows\svchost.exe', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMUdisk64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\tsskx64.sys', '32');
DeleteService('TSSKX64');
DeleteService('softaal');
DeleteService('QMUdisk');
DeleteFileMask('C:\Program Files (x86)\Tencent', '*', true);
DeleteDirectory('C:\Program Files (x86)\Tencent');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mark008.com/2345.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mark008.com/2345.html
O2 - BHO: (no name) - {1a894269-562d-459e-b17e-efd8de428e41} - (no file)
O2 - BHO: (no name) - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - (no file)
O3 - Toolbar: (no name) - {1a894269-562d-459e-b17e-efd8de428e41} - (no file)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
;uVS v3.86.5 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v385c
breg
sreg
delref %SystemDrive%\TEMP\1.EXE
deldir %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\11.1.16908.217
deldir %SystemDrive%\PROGRAM FILES (X86)\COMMON FILES\TENCENT\QQDOWNLOAD\130
delref {D5FEC983-01DB-414A-9456-AF95AC9ED7B5}\[CLSID]
delref {1A894269-562D-459E-B17E-EFD8DE428E41}\[CLSID]
delref HTTP://WWW.MARK008.COM/2345.HTML
dirzoo %SystemDrive%\PROGRAM FILES (X86)\CONDUITENGINE
deldir %SystemDrive%\PROGRAM FILES (X86)\KINO-FILMOV.NET
delref HTTP://KINO-FILMOV.NET/
delref %SystemDrive%\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GOMEKMIDLODGLBBMALCNEEGIEACBDMKI\9.0.2018.93_0\AVAST! ONLINE SECURITY
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEIODDFAEPDOEIFBHJPHFEFGIPCJCDIEO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DIFLPPBJNPNEIIGCBDFJPNKEBIDMKJMOI%26INSTALLSOURCE%3DONDEMAND%26UC
delref %SystemDrive%\USERS\HOME\APPDATA\LOCAL\TEMP\NKCPOPGGJCJKIICPENIKEOGIOEDNJEAC.CRX
delref %SystemDrive%\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HENMFOPPJJKCENCPBJAIGFAHDJLGPEGN\0.3.8\QUICK SEARCHER
czoo
deltmp
areg
restart
Затем повторите сканирование Adwcleaner и новый лог прикрепите.
start
CreateRestorePoint:
Task: {32BE3D6E-ADCA-4A11-B7E8-6060A677ACFC} - System32\Tasks\{51FA4001-3D7E-4DF9-9C35-AD4F96E6E4CF} => pcalua.exe -a C:\PROGRA~2\KINO-F~1.NET\UNWISE.EXE -c /U C:\PROGRA~2\KINO-F~1.NET\INSTALL.LOG
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: Kino-Filmov.Net - C:\Users\HOME\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\kino-filmov.net.xpi [2010-09-19] [not signed]
2015-12-29 19:05 - 2015-12-29 19:05 - 00000000 ____D C:\Users\HOME\AppData\Roaming\MyDesktop
EmptyTemp:
Reboot:
end
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?