API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 27th, 2017
157
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.94 KB | None | 0 0
raw download clone embed print report
  1. Start
  2. CreateRestorePoint:
  3. Closeprocesses:
  4. () C:\Users\Kenny\AppData\Local\atkrzhg\atkrzhg.exe
  5. () C:\Users\Kenny\AppData\Local\atkrzhg\svrzotx.exe
  6. () C:\Users\Kenny\AppData\Local\atkrzhg\svrzotx.exe
  7. () C:\Users\Kenny\AppData\Local\atkrzhg\svrzotx.exe
  8. () C:\Users\Kenny\AppData\Local\atkrzhg\svrzotx.exe
  9. () C:\Users\Kenny\AppData\Local\atkrzhg\svrzotx.exe
  10. HKLM-x32\...\Run: [booster] => "C:\Users\Kenny\AppData\Local\PCBooster\booster.exe" -o pool.minemonero.pro:5555 --user=49YfoE2xWHG1vywX2xTV8XZzBzB1E2QHEF9GtzPKSPRdK5TEkxXGRxVdAq8LwbA2Pz7jNQ9gYBxeFPHcqiiqaGJM2QyW64C --pass=WORKER64- (the data entry has 45 more characters).
  11. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
  12. GroupPolicy: Restriction - Chrome <==== ATTENTION
  13. ShortcutTarget: middlemen.lnk -> C:\Program Files (x86)\Hypnotize\preens.exe (No File)
  14. HKU\S-1-5-21-2277922815-1140674523-2033412317-1000\...\Run: [mvgate] => rundll32.exe "C:\Users\Kenny\AppData\Local\mvgate.dll",mvgate <==== ATTENTION
  15. FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
  16. SearchScopes: HKLM-x32 -> DefaultScope value is missing
  17. FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
  18. CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
  19. CHR HKU\S-1-5-21-2277922815-1140674523-2033412317-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
  20. CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
  21. CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
  22. CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
  23. S2 PCOptimize; "C:\Users\Kenny\AppData\Local\Temp\PCOptimize\PCOptimize.exe" [X] <==== ATTENTION
  24. C:\Users\Kenny\AppData\Local\Temp\PCOptimize\S3 btwampfl; system32\DRIVERS\btwampfl.sys [X]
  25. C:\Users\Kenny\AppData\Local\Tempzxpsignf63a8ce8b841f916
  26. C:\Users\Kenny\AppData\Local\Tempzxpsignebcbb1b4407ed5cd
  27. C:\Users\Kenny\AppData\Local\Tempzxpsignb2d62a5507d4974c
  28. C:\Users\Kenny\AppData\Local\Tempzxpsignbb9d57f7ff3dc215
  29. C:\Users\Kenny\AppData\Local\Tempzxpsign24c8ccb4d171775b
  30. C:\Users\Kenny\AppData\Local\Tempzxpsign10260173646fe34b
  31. ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
  32. Task: {26F95074-FFBA-464D-86F8-C100513F0D04} - System32\Tasks\YAtJuVRw7spi => yatjuvrw7spi.exe
  33. Task: {56BF793A-2AF6-4C52-AF34-292BB7B198EA} - System32\Tasks\VideoScan 2007 patch => C:\Windows\system32\rundll32.exe "C:\Program Files\VideoScan 2007 patch\VideoScan 2007 patch.dll",FXrexZseP <==== ATTENTION
  34. Task: {9AE504B0-F981-4AD0-B084-356EA4E69B9D} - System32\Tasks\{84EBD092-B221-4EF5-A536-154B1AC292E5} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Bamfan\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Bamfan\uninstall.dat" -a uninstallme 3922C823-1E20-45A9-A89A-B93DA757E10C DeviceId=72766f6c-d7b1-4346-4898-ffcebc62473e BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
  35. Shortcut: C:\Users\Kenny\Videos\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
  36. Shortcut: C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Еxрlorer.lnk -> C:\Users\Kenny\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
  37. Shortcut: C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks\СodеBlосks (Lаunсher).lnk -> C:\Users\Kenny\AppData\Roaming\Browsers\exe.rehcnualbc.bat (No File) <==== Cyrillic
  38. Shortcut: C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Exрlorer (No Add-оns).lnk -> C:\Users\Kenny\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
  39. Shortcut: C:\Users\Kenny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Chrоme.lnk -> C:\Users\Kenny\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
  40. Shortcut: C:\Users\Kenny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Chrome.lnk -> C:\Users\Kenny\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
  41. Shortcut: C:\Users\Public\Desktop\DАEMОN Toоls Lite.lnk -> C:\Users\Kenny\AppData\Roaming\Browsers\exe.rehcnualtd.bat (No File) <==== Cyrillic
  42. Shortcut: C:\Users\Public\Desktop\Вattlе.nеt.lnk -> C:\Users\Kenny\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat (No File) <==== Cyrillic
  43.  
  44. ShortcutWithArgument: C:\Users\Kenny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9fbc1820a31699c0\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
  45. Emptytemp:
  46. Hosts:
  47. CMD: netsh advfirewall reset
  48. CMD: netsh advfirewall set allprofiles state ON
  49. CMD: bitsadmin /reset /allusers
  50. End
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!