InnaFedorova
Новый пользователь
- Сообщения
- 9
- Реакции
- 0
Несколько дней назад во всех браузерах стала высвечиваться реклама, отдельно открывающиеся ненужные окна с рекламой...Компьютер стал ужасно тормозить...Что сделать?
Смотрите видео ниже, чтобы узнать, как установить наш сайт в качестве веб-приложения на домашнем экране.
Примечание: Эта возможность может быть недоступна в некоторых браузерах.
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
SetServiceStart('WindowsMangerProtect', 4);
QuarantineFile('C:\Program Files (x86)\LiveJasmin.com\JasminCam\jcam.exe','');
QuarantineFile('C:\Users\Lenovo\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.3c\dfc00529-3a2c-483f-9afd-ec4fabc47dbd.exe','');
QuarantineFile('C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.3c\03028fde-b6ef-4928-878a-0e9ddec76e17-7.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.3c\03028fde-b6ef-4928-878a-0e9ddec76e17-6.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.3c\03028fde-b6ef-4928-878a-0e9ddec76e17-5.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.3c\03028fde-b6ef-4928-878a-0e9ddec76e17-4.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.3c\03028fde-b6ef-4928-878a-0e9ddec76e17-3.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.3c\03028fde-b6ef-4928-878a-0e9ddec76e17-2.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.3c\03028fde-b6ef-4928-878a-0e9ddec76e17-11.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.3c\CinemaP-1.3c-codedownloader.exe','');
QuarantineFile('C:\Program Files (x86)\DolkaRuIePlugin\TinyBHO.dll','');
QuarantineFile('C:\ProgramData\WindowsMangerPro','');
QuarantineFile('C:\Program Files (x86)\Dicter\Dicter.exe','');
QuarantineFile('C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL','');
QuarantineFile('C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll','');
QuarantineFile('C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll','');
QuarantineFile('C:\Program Files (x86)\SupTab\SupTab.dll','');
QuarantineFile('C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll','');
QuarantineFile('c:\program files (x86)\suptab\hpui.exe','');
QuarantineFile('C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe','');
DeleteFile('C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe','32');
DeleteFile('c:\program files (x86)\suptab\hpui.exe','32');
DeleteFile('C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll','32');
DeleteFile('C:\Program Files (x86)\SupTab\SupTab.dll','32');
DeleteFile('C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll','32');
DeleteFile('C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll','32');
DeleteFile('C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL','32');
DeleteFile('C:\Program Files (x86)\Mobogenie\DaemonProcess.exe','32');
DeleteFile('C:\ProgramData\WindowsMangerPro','32');
DeleteFile('C:\Program Files (x86)\DolkaRuIePlugin\TinyBHO.dll','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.3c\CinemaP-1.3c-codedownloader.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.3c\03028fde-b6ef-4928-878a-0e9ddec76e17-11.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.3c\03028fde-b6ef-4928-878a-0e9ddec76e17-2.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.3c\03028fde-b6ef-4928-878a-0e9ddec76e17-3.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.3c\03028fde-b6ef-4928-878a-0e9ddec76e17-4.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.3c\03028fde-b6ef-4928-878a-0e9ddec76e17-5.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.3c\03028fde-b6ef-4928-878a-0e9ddec76e17-6.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.3c\03028fde-b6ef-4928-878a-0e9ddec76e17-7.exe','32');
DeleteFile('C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.3c\dfc00529-3a2c-483f-9afd-ec4fabc47dbd.exe','32');
DelBHO('{00e71626-0bef-11dc-8314-0800200c9a66}');
DeleteFile('C:\Users\Lenovo\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE','32');
DeleteService('WindowsMangerProtect');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
%appdata%\Malwarebytes\Malwarebytes Anti-Malware\Logs
>>> [HTTP][RO] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Программное обеспечение и настройка принтера.lnk" -> ["C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetupLauncher.exe" -> "hxxp://simplessearch.ru" ]
>>> [HTTP][RO] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Logitech Webcam Software.lnk" -> ["C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe" -> "hxxp://simplessearch.ru" ]
>>> [HTTP][RO] "C:\Users\Lenovo\Desktop\Ярлыки\Logitech Webcam Software .lnk" -> ["C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe" -> "hxxp://simplessearch.ru" ]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1376626293-2512557170-2737650509-1000 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File
BHO-x32: No Name -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> No File
HKU\S-1-5-21-1376626293-2512557170-2737650509-1000\...\Run: [DicterRu] => [X]
BHO: Weatherbar x64 Class -> {B0B85626-F9B4-47C0-9151-FB9A45ABCD37} -> C:\Program Files\tooldev342\Weatherbar\\TracersToolbarBHO_x64.dll (Null.ru)
BHO-x32: Weatherbar x86 Class -> {17177FAA-3830-43D3-A70B-FDE532676B1E} -> C:\Program Files (x86)\tooldev342\Weatherbar\TracersToolbarBHO_x86.dll (Null.ru)
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5h8d96n2.default\searchplugins\default.xml
FF Extension: NetSecurity v14.3.17 - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5h8d96n2.default\Extensions\exnet@ip-come.net [2014-03-17]
FF Extension: YTuebeAdsiRemovEr - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5h8d96n2.default\Extensions\oymo_6r@brthbppz-.edu [2014-01-31]
FF Extension: Метабар.Советник - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5h8d96n2.default\Extensions\sovetnik@metabar.ru [2014-09-13]
FF Extension: Info Enhancer for Firefox - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5h8d96n2.default\Extensions\dldcbakcjliccckkmfjcblhciilpdcil@infoenhancer.com.xpi [2014-01-03]
FF Extension: superpromokody - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5h8d96n2.default\Extensions\{D723D90A-8E67-11E3-81AA-43CE6088709B}.xpi [2014-02-06]
FF Extension: AppEnable 1.0.1 - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5h8d96n2.default\Extensions\{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}.xpi [2014-11-30]
FF Extension: No Name - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5h8d96n2.default\extensions\info4@etranslator.pro [Not Found]
CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1416934946&from=cor&uid=ST31000524AS_5VPDEE9XXXXX5VPDEE9X
CHR DefaultSearchKeyword: Default -> sweet-page
CHR Extension: (Метабар.Советник) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppiaojpbclpegkkkmikabinlpbahhbha [2014-09-18]
CHR Extension: (CinemaP-1.3c) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejddjnilmdncjilbfjgameihlklfpohp [2014-11-30]
CHR Extension: (Метабар.Советник) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppiaojpbclpegkkkmikabinlpbahhbha [2014-10-06]
CHR HKU\S-1-5-21-1376626293-2512557170-2737650509-1000\...\Chrome\Extension: [ppiaojpbclpegkkkmikabinlpbahhbha] - C:\Users\Lenovo\AppData\Local\Metabar\mbr-chrome.crx [2014-09-05]
2014-12-15 13:21 - 2014-01-31 21:19 - 00000000 ____D () C:\Users\Все пользователи\YTuebeAdsiRemovEr
2014-12-15 13:21 - 2014-01-31 21:19 - 00000000 ____D () C:\ProgramData\YTuebeAdsiRemovEr
Task: C:\Windows\Tasks\CPOKCZF.job => C:\Users\Lenovo\AppData\Roaming\CPOKCZF.exe <==== ATTENTION
Task: C:\Windows\Tasks\OPSN.job => C:\Users\Lenovo\AppData\Roaming\OPSN.exe <==== ATTENTION
EmptyTemp:
Reboot:
var
LogPath : string;
ScriptPath : string;
begin
LogPath := GetAVZDirectory + 'log\avz_log.txt';
if FileExists(LogPath) Then DeleteFile(LogPath);
ScriptPath := GetAVZDirectory +'ScanVuln.txt';
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 1) then ExecuteScript(ScriptPath) else begin
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 0) then ExecuteScript(ScriptPath) else begin
ShowMessage('Невозможно загрузить скрипт AVZ для обнаружения наиболее часто используемых уязвимостей!');
exit;
end;
end;
if FileExists(LogPath) Then ExecuteFile('notepad.exe', LogPath, 1, 0, false)
end.