%appdata%\Malwarebytes\Malwarebytes Anti-Malware\Logs
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\вова\AppData\Roaming\mystartsearch\UninstallManager.exe','');
DeleteFile('C:\Users\????\AppData\Roaming\UIMXTAM.exe /infocmdline=Y5up5TOMwNdIX+W5bbEgjlN52s9rTD3woVgajyktVmdUnrIRe+MjBoF5mCF/R183rOoF1XJxkiexshysjUTUoIqdjvUWABv+vTUMM9+nuVMI5TJQrq+bfeeJ+sfePbWFDtyurQLKOfVyjfXlGJykZYsoLP/Bu5b6wataqllxhz5/txthyF3BIegGAaxuX7fYI7HrW2pzhYIlfQS9TRQNVOSipf7Q0b9Ld7WOVVNvfK0UEVXGxag0slGr1YrhAt5YG5A1sfjFxsC+T+aq9khrSWQzLiRVck2V+2JeTp/Nt7Eorvl850McOPomu0s84YGGwIKW26oJ1o+ObozegCP0iEIOJ0mGWOJQjuZJgVv8IC1bwHej0LzY86e0D8D/83Ad5UrLEi1aa0dx/z+rU+y9rIJLADMNRwU4KqC7I8bXD4jaw9x1sLBHXm4voBq6o/rpSKLoo4FMPSefxadSn6rR0IXxitXAvMAHxj50QAewpf8KIE9Xn/3c1MCOXgkW/CYUqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=','32');
DeleteFile('C:\WINDOWS\Tasks\UIMXTAM.job','32');
DeleteFile('C:\WINDOWS\system32\Tasks\UIMXTAM','64');
DeleteFile('C:\Users\вова\AppData\Roaming\mystartsearch\UninstallManager.exe','32');
DeleteFile('C:\WINDOWS\system32\Tasks\{53490931-ADD6-4054-BDFD-16ED30286A22}','64');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
не ответили.Pokki - сами устанавливали?
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
QuarantineFile('C:\Users\????\AppData\Roaming\UIMXTAM.exe', '');
DeleteFile('C:\Users\????\AppData\Roaming\UIMXTAM.exe ', '32');
ExecuteFile('schtasks.exe', '/delete /TN "UIMXTAM.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "UIMXTAM" /F', 0, 15000, true);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
RebootWindows(true);
end.
Удалите их через AdwCleaner, все четыре от адвари ключи.остались еще 4 ключа в реестре
C:\ProgramData\wmzddnmb.cix
start
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-314672566-3849827228-1750561717-1001\...\RunOnce: [Application Restart #0] => C:\Users\вова\AppData\Local\Pokki\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-m-box --disable-extensions --disable-web-security --disable-web-resources --disable-clie (the data entry has 547 more characters).
HKU\S-1-5-21-314672566-3849827228-1750561717-1001\...\MountPoints2: F - "F:\AutoRun.exe"
HKU\S-1-5-21-314672566-3849827228-1750561717-1001\...\MountPoints2: {15c33bad-14e4-11e5-82a5-28d244a469f4} - "F:\LaunchCGS.exe"
HKU\S-1-5-21-314672566-3849827228-1750561717-1001\...\MountPoints2: {322ec8e2-368d-11e5-82c3-90489a914b66} - "F:\AutoRun.exe"
HKU\S-1-5-21-314672566-3849827228-1750561717-1001\...\MountPoints2: {3f2e17d3-58f5-11e5-82d9-28d244a469f4} - "F:\AutoRun.exe"
HKU\S-1-5-21-314672566-3849827228-1750561717-1001\...\MountPoints2: {3f2e344d-58f5-11e5-82d9-28d244a469f4} - "F:\AutoRun.exe"
HKU\S-1-5-21-314672566-3849827228-1750561717-1001\...\MountPoints2: {4febc4fe-0100-11e5-8296-90489a914b66} - "F:\AutoRun.exe"
HKU\S-1-5-21-314672566-3849827228-1750561717-1001\...\MountPoints2: {72b4390a-9896-11e4-8271-28d244a469f4} - "F:\LG_PC_Programs.exe"
HKU\S-1-5-21-314672566-3849827228-1750561717-1001\...\MountPoints2: {7babf3e1-637d-11e4-825d-90489a914b66} - "F:\SISetup.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> => No File
BHO-x32: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> => No File
Toolbar: HKU\S-1-5-21-314672566-3849827228-1750561717-1001 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
2015-09-23 23:27 - 2015-09-23 23:27 - 00005074 _____ C:\Users\Все пользователи\wmzddnmb.cix
2015-09-23 23:27 - 2015-09-23 23:27 - 00005074 _____ C:\ProgramData\wmzddnmb.cix
Task: {011EBA03-2D0E-4101-9FE5-518F374F1BF5} - \{53490931-ADD6-4054-BDFD-16ED30286A22} -> No File <==== ATTENTION
Task: {367B21EE-CAEF-4B98-A6DF-13F0AD5A155E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5AAC6D61-42E7-4E0D-BB44-2C7D0273A84F} - \UpdateAdmin -> No File <==== ATTENTION
Task: {785501FB-D654-47BE-868E-A65DEAD92054} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {85F85D67-C34C-4366-9253-0DAC5E5FFF18} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9B92CE6A-53C9-4A50-B376-AF9FB0B9FB76} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CE4557D8-52FA-4E08-B4A9-14369542450E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CFCB7D39-EF26-4069-BF9C-7AB12C03CFCE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D691A0A9-862B-4396-9338-3B705C3DD469} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D725032A-5C13-40D3-96B3-6E5AE634445E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DF609353-2BE3-406B-9FE8-191D8DA2BCC2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F16CE7AE-2267-41E5-A6A4-8D686D74631D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FB39D922-8E87-459C-990F-1895B7E5443E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
EmptyTemp:
Reboot:
end
var
LogPath : string;
ScriptPath : string;
begin
LogPath := GetAVZDirectory + 'log\avz_log.txt';
if FileExists(LogPath) Then DeleteFile(LogPath);
ScriptPath := GetAVZDirectory +'ScanVuln.txt';
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 1) then ExecuteScript(ScriptPath) else begin
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 0) then ExecuteScript(ScriptPath) else begin
ShowMessage('Невозможно загрузить скрипт AVZ для обнаружения наиболее часто используемых уязвимостей!');
exit;
end;
end;
if FileExists(LogPath) Then ExecuteFile('notepad.exe', LogPath, 1, 0, false)
end.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?