begin
QuarantineFile('C:\Users\zhekin\AppData\Local\Microsoft\Windows\1033\libgzl.dll','');
DelSPIByFileName('C:\Users\zhekin\AppData\Local\Microsoft\Windows\1033\libgzl.dll', true);
DelSPIByFileName('C:\Users\zhekin\AppData\Local\Microsoft\Windows\1033\libgzl.dll', false);
RebootWindows(false);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1600623868-2156090439-1337948150-1000\...\Policies\Explorer: []
CHR HKLM-x32\...\Chrome\Extension: [nkcpopggjcjkiicpenikeogioednjeac] - C:\Users\zhekin\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx <not found>
AlternateDataStreams: C:\ProgramData\TEMP:8303F807
AlternateDataStreams: C:\ProgramData\TEMP:8D25D700
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
AlternateDataStreams: C:\ProgramData\TEMP:F7183734
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\b2c8c70b" /f
EmptyTemp:
Reboot:
;uVS v3.86.5 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v385c
breg
sreg
zoo %SystemDrive%\PROGRAM FILES\ADOBE\ADOBE PHOTOSHOP CC 2015\ADOBE.SNR.PATCH-PAINTER.EXE
; C:\PROGRAM FILES\ADOBE\ADOBE PHOTOSHOP CC 2015\ADOBE.SNR.PATCH-PAINTER.EXE
addsgn 9252779A056AC1CC0BC45E4EA34F8E25378A905009E148FB483C2EB2C046E1DCA91185DF39129C925E870F81C5F8B5EBA6AD05CA54DAB02C2CACD1284C18A19D 64 Trojan.KillProc.34763 [DrWeb]
bl 0D9B7ABE952D6C1DC24750BF47969132 631808
zoo %SystemDrive%\USERS\ZHEKIN\DOWNLOADS\ADOBE PHOTOSHOP CC 2015.0.1 (20150722.R.168) ML_RUS\NEW 1.5 FOR CC-2015 PATCH-PAINTER\ADOBE.SNR.PATCH-PAINTER.EXE
dirzoo D:\KEYLOGGER
; D:\KEYLOGGER\EK_INSTALL.EXE
addsgn 7300F79B556A1F275DE775E6ED94361DE2CED8E6E96B5F78B63503F874C251B33627B3173E3D9CC92B807B8AF66609FA2E20FD0E279AB04625D4FC08BD06CA82 64 Trojan.Keylog.156 [DrWeb]
zoo D:\KEYLOGGER\EK_INSTALL.EXE
bl AFA58E3BD8B738F051C91F135F606122 7533267
zoo %SystemDrive%\PROGRAM FILES (X86)\EMS\EMS SQL MANAGER FOR POSTGRESQL\LOADER.EXE
zoo %SystemDrive%\PROGRAM FILES (X86)\EMS\SQL MANAGER FOR POSTGRESQL\LOADER_PGMANAGER.EXE
dirzoo %SystemDrive%\PROGRAM FILES (X86)\ELITE KEYLOGGER
zoo D:\АКТИВАТОР\MINI-KMS_ACTIVATOR_V1.31_OFFICE2010_VL_ENG.EXE
zoo D:\MINI-KMS_ACTIVATOR_V1.3_OFFICE2010_VL_RUS.EXE
zoo %SystemDrive%\_RUN_AVK\REDIRECTAPI_V1_03.EXE
zoo %SystemDrive%\PROGRAM FILES (X86)\POSTGRESQL\8.4\SCRIPTS\RUNPSQL.BAT
; C:\USERS\ZHEKIN\DOWNLOADS\ADOBE PHOTOSHOP CC 2015.0.1 (20150722.R.168) ML_RUS\NEW 1.5 FOR CC-2015 PATCH-PAINTER\ADOBE.SNR.PATCH-PAINTER.EXE
; C:\PROGRAM FILES (X86)\ELITE KEYLOGGER\UNINSTALL.EXE
zoo %SystemDrive%\PROGRAM FILES (X86)\ELITE KEYLOGGER\UNINSTALL.EXE
bl 4372466778CC990A37AC751DE9C05DD4 589812
czoo
chklst
delvir
deltmp
areg
restart
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?