content copied
content
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Combo Cleaner (HKLM\...\{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.75.0 - RCS LT) Hidden
AlternateDataStreams: C:\Users\mrzin\Downloads\FRST64.exe:MBAM.Zone.Identifier [225]
FirewallRules: [{733293A6-37D5-4C3F-96E3-6C46E620803A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{D72E1671-EA0A-47A1-9F15-6110CB7438CF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
CHR StartupUrls: Default -> "hxxps://developedsever.com/hp?dev=QUMyZGV2cwNRXHlzAlRReHEFVVZxdgUYVHB0BlBUdD8DU1J5cwBTXHh7TiEkCCJ7NQojAFopLHg3dgkRdiJYCCQMFW03UAQAcFYqHhFDFSAABmslNgACdwMuMgZtIDoDNHc%3D&source=hj"
CHR DefaultSearchURL: Profile 1 -> hxxps://developedsever.com/search?dev=QUMyZGV2cwNRXHlzAlRReHEFVVZxdgUYVHB0BlBUdD8DU1J5cwBTXHh7TiEkCCJ7NQojAFopLHg3dgkRdiJYCCQMFW03UAQAcFYqHhFDFSAABmslNgACdwMuMgZtIDoDNHc%3D&q={searchTerms}&source=hj
CHR StartupUrls: Profile 1 -> "hxxps://developedsever.com/hp?dev=QUMyZGV2cwNRXHlzAlRReHEFVVZxdgUYVHB0BlBUdD8DU1J5cwBTXHh7TiEkCCJ7NQojAFopLHg3dgkRdiJYCCQMFW03UAQAcFYqHhFDFSAABmslNgACdwMuMgZtIDoDNHc%3D&source=hj"
CHR HomePage: Profile 1 -> hxxps://developedsever.com/hp?dev=QUMyZGV2cwNRXHlzAlRReHEFVVZxdgUYVHB0BlBUdD8DU1J5cwBTXHh7TiEkCCJ7NQojAFopLHg3dgkRdiJYCCQMFW03UAQAcFYqHhFDFSAABmslNgACdwMuMgZtIDoDNHc%3D&source=hj
CHR DefaultNewTabURL: Profile 1 -> hxxps://developedsever.com/nt?dev=QUMyZGV2cwNRXHlzAlRReHEFVVZxdgUYVHB0BlBUdD8DU1J5cwBTXHh7TiEkCCJ7NQojAFopLHg3dgkRdiJYCCQMFW03UAQAcFYqHhFDFSAABmslNgACdwMuMgZtIDoDNHc%3D&source=hj
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
CMD: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Warn" /f
CMD: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 1 /f
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
C:\Windows\SystemTemp\*
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.