10 ( , :" : -"). , .
.
10 ( , :" : -"). , .
.
AVZ:.:begin QuarantineFile('C:\Program Files\Windows NT\GlassCMD\svchost.exe',''); ExecuteRepair(2); ExecuteWizard('SCU',2,2,true); ExecuteWizard('TSW',2,2,true); RebootWindows(false); end.
AVZ quarantine.zip, " " . , . . " " - , .
, ClearLNK. ""..:>>> [RO][MASK] "C:\Users\\Desktop\\pr.lnk" -> ["C:\opera.bat"]
Farbar Recovery Scan Tool .
: , . , , . .
. , Yes .
Scan.
FRST.txt, Addition.txt , .
( ).
WBR,
Vadim
, .
- - - - - - - - - -
FRST.
( => => => ). :fixlist.txt Farbar Recovery Scan Tool. !:CreateRestorePoint: () C:\Program Files\Windows NT\GlassCMD\svchost.exe HKLM\...\Run: [] => [X] BootExecute: CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-1758464921-147268501-4201687167-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION URLSearchHook: [S-1-5-21-1758464921-147268501-4201687167-500] ATTENTION => Default URLSearchHook is missing URLSearchHook: HKU\S-1-5-21-1758464921-147268501-4201687167-500 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File CHR Profile: C:\Users\\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-11] CHR HKLM\...\Chrome\Extension: [ombkllfdikmoepjdpmdaiinfbjpnkboa] - C:\Program Files\AuthenTec TrueSuite\tschrome.crx [2011-12-15] CHR HKU\S-1-5-21-1758464921-147268501-4201687167-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx S3 4F9547A053FACD11; \??\C:\Users\\AppData\Local\Temp\1174F3DB.sys [X] <==== ATTENTION S3 4F9547A83F83D791; \??\C:\Users\\AppData\Local\Temp\18DC5C317.sys [X] <==== ATTENTION S3 4F9547AFC55BAC11; \??\C:\Users\\AppData\Local\Temp\1BA461A3.sys [X] <==== ATTENTION U0 aswVmm; no ImagePath S1 qutmipc; \??\C:\Windows\system32\drivers\qutmipc.sys [X] 2019-02-07 22:05 - 2019-02-07 22:05 - 000000000 ____D C:\Users\\AppData\Local\Tempzxpsigncd8d4d028d520207 2019-02-07 22:05 - 2019-02-07 22:05 - 000000000 ____D C:\Users\\AppData\Local\Tempzxpsign4063e160bb32d535 2019-02-07 22:05 - 2019-02-07 22:05 - 000000000 ____D C:\Users\\AppData\Local\Tempzxpsign12470587fe6e7520 2019-02-07 22:05 - 2019-02-07 22:05 - 000000000 ____D C:\Users\\AppData\Local\Tempzxpsign10afab17d68f2860 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File Virustotal: C:\Program Files\Windows NT\GlassCMD\svchost.exe Folder: C:\Program Files\Windows NT\GlassCMD C:\Program Files\Windows NT\GlassCMD\svchost.exe ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File Task: {EF143243-E9E4-41FC-A10A-7A481B6016D1} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2019-01-22] (AVAST Software s.r.o. -> AVAST Software) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] Shortcut: C:\Users\\Desktop\mluc 164\\2015-2016\ .lnk -> C:\Users\\Desktop\\2015-2016 (No File) <==== Cyrillic FirewallRules: [{53697AD9-D714-4874-8D15-FA5A060FF948}] => (Allow) C:\GameXP\AccessPoint\accesspoint.exe No File FirewallRules: [{888308D1-C62B-4637-B9C1-A7EF355AC4BD}] => (Allow) C:\GameXP\AccessPoint\accesspoint.exe No File FirewallRules: [{91D349AE-9864-41EA-B160-8016F05BCC9E}] => (Allow) C:\GameXP\AccessPoint\accesspoint-bin.exe No File FirewallRules: [{ECCC1E62-69C3-4EAF-B913-168930DE1C47}] => (Allow) C:\GameXP\AccessPoint\accesspoint-bin.exe No File FirewallRules: [{50236191-BE7E-492E-83BA-73359C4F7EA7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File FirewallRules: [{02CD4E2A-A2AE-48EC-A6A6-BCAE89A00814}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File FirewallRules: [{CFF45A77-6AB7-47F5-A63A-451C6D1E0453}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe No File FirewallRules: [{EBD3DF32-46DD-42E8-8434-4EEFA3BE8BE6}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe No File FirewallRules: [{18D81AE6-76A3-423A-83B3-0EC02488002F}] => (Allow) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe No File FirewallRules: [{E3509F5C-45DD-46DF-A8D3-80128D16DB5C}] => (Allow) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe No File Reboot:
, , FRST.EXE/FRST64.EXE, Fix . - (Fixlog.txt). .
.
, SecurityCheck by glax24 & Severnyj.
( Windows XP) ( Windows Vista/7/8/10).
SecurityCheck, .
, SecurityCheck.txt;
, SecurityCheck, C:\SecurityCheck\SecurityCheck.txt.
.
WBR,
Vadim
.
, - , - . ?
.
Windows Repair (All In One), , , "Jump To Repairs", "Open Repairs", 19 "Repair Volume Shadow Copy Service" "Start Repairs".
Java(TM) 6 Update 24, .
Java - , ( , ) - Java 8.
, Java 6, Java SE Runtime Environment 6u45.
WBR,
Vadim
, .