Смотрите видео ниже, чтобы узнать, как установить наш сайт в качестве веб-приложения на домашнем экране.
Примечание: Эта возможность может быть недоступна в некоторых браузерах.
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\users\nata\appdata\roaming\crmsvc\crmsvc.exe');
StopService('458752A3C7E0046A');
StopService('4598B99E1E8062EA');
QuarantineFile('C:\Users\Nata\AppData\Roaming\oghbcjccelmjabbfcbcfhannmcnmlmag\app.py','');
QuarantineFile('C:\Users\Nata\AppData\Roaming\oghbcjccelmjabbfcbcfhannmcnmlmag\python\pythonw.exe','');
QuarantineFile('C:\Users\Nata\AppData\Roaming\oghbcjccelmjabbfcbcfhannmcnmlmag\ml.py','');
QuarantineFile('C:\Users\Nata\AppData\Roaming\Microsoft\usavhudf\hrftvubt.exe', '');
QuarantineFile('c:\users\nata\appdata\roaming\crmsvc\crmsvc.exe', '');
QuarantineFile('C:\Users\Nata\AppData\Local\Temp\8218FEE7.sys', '');
QuarantineFile('C:\Users\Nata\AppData\Local\Temp\39E5C042.sys', '');
DeleteFile('c:\users\nata\appdata\roaming\crmsvc\crmsvc.exe', '32');
DeleteFile('C:\Users\Nata\AppData\Local\Temp\8218FEE7.sys', '32');
DeleteFile('C:\Users\Nata\AppData\Local\Temp\39E5C042.sys', '32');
DeleteService('CRMSvc');
DeleteService('458752A3C7E0046A');
DeleteService('4598B99E1E8062EA');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3C} - > - http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=fabdc4793e7b8ca9f99108ec636ee250&text={searchTerms}
Start::
CreateRestorePoint:
VirusTotal: C:\Users\Nata\AppData\Roaming\Microsoft\usavhudf\hrftvubt.exe;C:\Windows\system32\qaethaik\iwjvvrzb.exe
S2 qaethaik; C:\Windows\system32\qaethaik\iwjvvrzb.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
C:\Windows\system32\qaethaik\iwjvvrzb.exe
2017-10-04 02:42 - 2017-10-04 22:39 - 000000000 ____D C:\Users\Nata\AppData\Roaming\oghbcjccelmjabbfcbcfhannmcnmlmag
Task: {5F4FA717-F386-43F8-82D2-FCD4E35D15D3} - System32\Tasks\oghbcjccelmjabbfcbcfhannmcnmlmag2 => C:\Users\Nata\AppData\Roaming\oghbcjccelmjabbfcbcfhannmcnmlmag\python\pythonw.exe [2017-07-08] (Python Software Foundation) <==== ATTENTION
Task: {96C6DD42-92D1-4A33-B210-43F6A815F370} - System32\Tasks\oghbcjccelmjabbfcbcfhannmcnmlmag => C:\Users\Nata\AppData\Roaming\oghbcjccelmjabbfcbcfhannmcnmlmag\python\pythonw.exe [2017-07-08] (Python Software Foundation) <==== ATTENTION
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A [151]
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC [136]
AlternateDataStreams: C:\Users\Все пользователи\TEMP:41ADDB8A [151]
AlternateDataStreams: C:\Users\Все пользователи\TEMP:A064CECC [136]
EmptyTemp:
Reboot:
End::
Используйте OTCleanIt, он сам удалит хвостыУдалить не дает - не находит через выполнить.