Смотрите видео ниже, чтобы узнать, как установить наш сайт в качестве веб-приложения на домашнем экране.
Примечание: Эта возможность может быть недоступна в некоторых браузерах.
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
SetServiceStart('backlh', 4);
SetServiceStart('Quoteex', 4);
SetServiceStart('tiser', 4);
StopService('backlh');
QuarantineFile('c:\programdata\logic cramble\set.exe', '');
QuarantineFile('C:\ProgramData\Quoteex\Quoteex.exe', '');
QuarantineFile('C:\ProgramData\Quoteex\Unaeco.dll', '');
QuarantineFile('C:\ProgramData\tiser\run.exe', '');
QuarantineFile('C:\Users\Admin\Downloads\qsc_pack.exe', '');
DeleteFile('c:\programdata\logic cramble\set.exe', '32');
DeleteFile('C:\ProgramData\Quoteex\Quoteex.exe', '64');
DeleteFile('C:\ProgramData\Quoteex\Unaeco.dll', '32');
DeleteFile('C:\ProgramData\tiser\run.exe', '64');
DeleteService('backlh');
DeleteService('Quoteex');
DeleteService('tiser');
DeleteSchedulerTask('Online Application V2G1');
DeleteSchedulerTask('Online Application V2G1.job');
DeleteSchedulerTask('Online Application V2G2');
DeleteSchedulerTask('Online Application V2G2.job');
DeleteSchedulerTask('Online Application V2G3');
DeleteSchedulerTask('Online Application V2G3.job');
DeleteSchedulerTask('Online Application V2G4');
DeleteSchedulerTask('Online Application V2G4.job');
DeleteSchedulerTask('Online Application V2G5');
DeleteSchedulerTask('Online Application V2G5.job');
DeleteSchedulerTask('Online Application V2G6');
DeleteSchedulerTask('Online Application V2G6.job');
DeleteSchedulerTask('Updater_Online_Application');
DeleteSchedulerTask('Web Protector Plus Server');
DeleteSchedulerTask('Web Protector Plus');
BC_ImportALL;
ExecuteRepair(4);
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
BC_Activate;
RebootWindows(true);
end.
begin
DeleteFile(GetAVZDirectory+'quarantine.7z');
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
end.
R3-32 - HKLM\..\URLSearchHooks: (no name) - - (no file)
O9 - Button: HKLM\..\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}: (no name) - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\text/xml: [CLSID] = (no CLSID) - (no file)
O20 - HKLM\..\Windows: [AppInit_DLLs] = C:\ProgramData\Quoteex\Labam.dll (file missing)
O20-32 - HKLM\..\Windows: [AppInit_DLLs] = C:\ProgramData\Quoteex\Unaeco.dll (file missing)
O22 - Task (.job): (Ready) Online Application V2G1.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (file missing) 1 69
O22 - Task (.job): (Ready) Online Application V2G2.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (file missing) 1 70
O22 - Task (.job): (Ready) Online Application V2G3.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (file missing) 1 71
O22 - Task (.job): (Ready) Online Application V2G4.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (file missing) 1 60
O22 - Task (.job): (Ready) Online Application V2G5.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (file missing) 1 61
O22 - Task (.job): (Ready) Online Application V2G6.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (file missing) 1 62
O22 - Task: Online Application V2G1 - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 69 (file missing)
O22 - Task: Online Application V2G2 - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 70 (file missing)
O22 - Task: Online Application V2G3 - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 71 (file missing)
O22 - Task: Online Application V2G4 - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 60 (file missing)
O22 - Task: Online Application V2G5 - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 61 (file missing)
O22 - Task: Online Application V2G6 - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 62 (file missing)
Start::
CreateRestorePoint:
HKLM\...\Run: [SERVICE] => [X]
HKU\S-1-5-21-876556221-3273288354-3639153953-1000\...\MountPoints2: {3135884f-964f-11e4-a809-bcee7b86ca0e} - K:\Setup.exe
HKU\S-1-5-21-876556221-3273288354-3639153953-1000\...\MountPoints2: {54d7fa2c-a691-11e3-bafd-806e6f6e6963} - E:\Bin\ASSETUP.exe
HKU\S-1-5-21-876556221-3273288354-3639153953-1000\...\MountPoints2: {71fbe76d-d7c8-11e3-a44b-bcee7b86ca0e} - F:\sources\setup.exe
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {6BCF31D5-E07E-4EA1-9389-6AE554AC4FE7} - System32\Tasks\{8D2CC6D4-ABA0-4A08-A47D-4D76D70E071F} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Downloads\VsSDK_sfx.exe -d C:\Users\Admin\Downloads
Tcpip\Parameters: [DhcpNameServer] 118.30.28.38 192.168.1.1
Tcpip\..\Interfaces\{49AAB5B0-4A27-4622-8859-FD7854C1004C}: [DhcpNameServer] 118.30.28.38 192.168.1.1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1429726738&from=cor&uid=KINGSTONXSV300S37A120G_50026B723B069CA4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1429726738&from=cor&uid=KINGSTONXSV300S37A120G_50026B723B069CA4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1429726738&from=cor&uid=KINGSTONXSV300S37A120G_50026B723B069CA4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1429726738&from=cor&uid=KINGSTONXSV300S37A120G_50026B723B069CA4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1429726738&from=cor&uid=KINGSTONXSV300S37A120G_50026B723B069CA4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1429726738&from=cor&uid=KINGSTONXSV300S37A120G_50026B723B069CA4&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1429726738&from=cor&uid=KINGSTONXSV300S37A120G_50026B723B069CA4&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
U3 aceejz42; no ImagePath
2019-07-06 12:19 - 2019-07-06 12:19 - 000002521 _____ C:\Users\Admin\Downloads\taskbar(1).vbs
2019-07-06 12:17 - 2019-07-06 12:20 - 193020992 _____ C:\Users\Admin\Downloads\49ssikd7.exe
2019-06-15 00:02 - 2019-06-15 00:02 - 000002521 _____ C:\Users\Admin\Downloads\taskbar.vbs
5-12 10:23 - 2015-05-12 10:23 - 000000079 _____ () C:\Program Files (x86)\prefs.js
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [UnlockerShellExtension] -> [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
FirewallRules: [TCP Query User{96DA72AA-EE93-4D00-B18B-269D57707C28}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe No File
FirewallRules: [UDP Query User{506E1379-89A5-4CBF-B824-0CC09BB05314}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe No File
FirewallRules: [{4EC48CA4-1DF0-494B-8458-46716F25ED35}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe No File
FirewallRules: [{FA805DF2-1E6A-4DCE-89CD-6568EA2D2229}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe No File
FirewallRules: [TCP Query User{2CEC5C57-1604-4B74-A2C6-63FD3E7E868B}C:\program files\ditto\ditto.exe] => (Block) C:\program files\ditto\ditto.exe No File
FirewallRules: [UDP Query User{E7DF1745-814E-41EB-87C4-A8B0ABA99E16}C:\program files\ditto\ditto.exe] => (Block) C:\program files\ditto\ditto.exe No File
FirewallRules: [{C4FCA82A-FF9F-4F6D-B177-DD121B4F69CB}] => (Allow) C:\Users\Admin\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe No File
FirewallRules: [{57980DD6-A36C-44A7-8544-B9680E315AB1}] => (Allow) C:\Users\Admin\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe No File
FirewallRules: [{95A0A0F8-2F11-4661-AB0C-DB031E14ABD9}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe No File
FirewallRules: [{3620265F-1926-469A-BF5E-C0C884811086}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe No File
FirewallRules: [{175C0568-A157-40A2-9DDF-99FA447AE86B}] => (Allow) D:\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{3DD17686-E009-4F25-8C42-A767A9F7C949}] => (Allow) D:\Steam\bin\steamwebhelper.exe No File
FirewallRules: [TCP Query User{C16F7308-D0D5-4010-BA3F-BD80B5884B55}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe No File
FirewallRules: [UDP Query User{52939D98-E00D-40C4-B800-E4D50E32292A}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe No File
FirewallRules: [TCP Query User{2FEC0708-6571-48A4-9924-FC1D62290600}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe No File
FirewallRules: [UDP Query User{8A529998-5989-4416-8AD0-DA19261425D4}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe No File
FirewallRules: [{C26728B4-CAB1-412F-B130-507A6189AE04}] => (Block) C:\games\world_of_tanks\worldoftanks.exe No File
FirewallRules: [{5280DACC-829B-47A3-B2BA-E09311351C94}] => (Block) C:\games\world_of_tanks\worldoftanks.exe No File
FirewallRules: [{6E0601A9-3444-4B31-A052-3710DCB0041B}] => (Allow) D:\Diablo III\Diablo III.exe No File
FirewallRules: [{485193FB-332B-446B-AEEE-8DDC949962DA}] => (Allow) D:\Diablo III\Diablo III.exe No File
FirewallRules: [{7993A5C8-D5D8-45AB-8660-4458E43EBDB8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe No File
FirewallRules: [{68E15B6E-66D0-4D4B-A2B0-919F8E7105BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe No File
FirewallRules: [{5F480B32-6652-4962-BF25-242A11325AF7}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe No File
FirewallRules: [{9248971F-647A-4DBC-89B3-6563DEE4FAA9}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe No File
FirewallRules: [{F327B4BE-3D61-441B-818E-96E6FF67C45E}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe No File
FirewallRules: [{42D0D116-2DDD-498C-9D74-54C104BFC02D}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe No File
FirewallRules: [{BCAB90AD-CC75-49D3-9861-BF0AFDDCD634}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe No File
FirewallRules: [{A4923553-36B4-4653-AA2D-73A16297A7C8}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe No File
FirewallRules: [TCP Query User{8900B2D9-B5EC-478C-9FFE-83CC329D5916}C:\bcs_work\учебный quik бкс\winros.exe] => (Allow) C:\bcs_work\учебный quik бкс\winros.exe No File
FirewallRules: [UDP Query User{54D9C6C1-4C14-4EBC-81F2-4112F47F898A}C:\bcs_work\учебный quik бкс\winros.exe] => (Allow) C:\bcs_work\учебный quik бкс\winros.exe No File
FirewallRules: [TCP Query User{F4DE728B-CD8D-4C7D-A3AA-6AFDC07C673B}D:\quik\front\winros.exe] => (Allow) D:\quik\front\winros.exe No File
FirewallRules: [UDP Query User{2A0E154C-EEBC-4DF4-973C-9302B31942FB}D:\quik\front\winros.exe] => (Allow) D:\quik\front\winros.exe No File
FirewallRules: [{8396133B-7F0F-4765-B541-204F79499592}] => (Allow) C:\Users\Admin\AppData\Local\MediaGet2\mediaget.exe No File
FirewallRules: [{A82E088C-2B84-4521-9DD7-247162901F4D}] => (Allow) C:\Users\Admin\AppData\Local\MediaGet2\mediaget.exe No File
FirewallRules: [{3940116D-37E4-4004-99A0-E49B61631838}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{C5D43B79-7DB0-4FDE-9F3D-481410444782}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
C:\ProgramData\Logic Cramble
C:\ProgramData\tiser
C:\ProgramData\Microleaves
C:\Users\Admin\AppData\Roaming\Microleaves
C:\Users\Admin\AppData\Local\Kometa
C:\Users\Admin\AppData\Roaming\Carambis
C:\Users\Admin\AppData\Local\Crossbrowse
C:\Users\Admin\AppData\Roaming\DigitalSites
C:\Users\Admin\AppData\Local\Gameo
C:\Program Files (x86)\Speed Test 127
C:\Users\Admin\AppData\Local\MediaGet2
C:\Users\Admin\AppData\Local\Nichrome
C:\Users\Admin\AppData\Local\Orbitum
C:\Users\Admin\AppData\Local\Xpom
C:\Users\Admin\AppData\Local\torch
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2
C:\Users\Admin\AppData\Local\MailRu
C:\ProgramData\Media Get LLC
C:\Users\Admin\AppData\Local\Media Get LLC
C:\Program Files (x86)\LLOWRATEE
C:\Program Files (x86)\OFFERAPP
C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
C:\Program Files (x86)\PC Performer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
C:\Users\Admin\AppData\Roaming\Performersoft
C:\Program Files (x86)\DriverDoc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDoc
C:\Users\Admin\AppData\Roaming\Solvusoft
C:\Users\Admin\AppData\Roaming\WebExtend
C:\Program Files (x86)\WebProtectorPlus
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Protector Plus
C:\Users\Admin\AppData\Local\uCozMedia
C:\Users\Admin\AppData\Local\PO.DB
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PO.DB
C:\Users\Admin\AppData\Local\Main.dat
C:\Users\Public\Desktop\PC Performer.lnk
C:\Users\Public\Desktop\DriverDoc.lnk
C:\Windows\SysWOW64\findit.xml
C:\Windows\ZonaUpdater.log
C:\ProgramData\_tmp.exe
EmptyTemp:
Reboot:
End::
Пароль сменили? Прошивку обновили?Убрал в роутере китайский ДНС
Да, если обновление доступно.Прошивку роутера?
Start::
CreateRestorePoint:
BHO-x32: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File
Toolbar: HKU\S-1-5-21-876556221-3273288354-3639153953-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
S2 themctrl; %SystemRoot%\System32\themctrl.dll [X]
S2 wbiosrvp; %SystemRoot%\System32\wbiosrvp.dll [X]
EmptyTemp:
Reboot:
End::
Не трогал, покажите скрин проблемы. Если смотреть в справку, то эта комбинация отчечаетПосле удаления вируса\ов при сворачивании окон комбинацией WIN+D
свернуть/восстановить все окна, включая диалоговые, то есть показать Рабочий стол;