archiloremd
Новый пользователь
- Сообщения
- 40
- Реакции
- 0
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
QuarantineFileF('c:\program files (x86)\zaxar', '*', true, '', 0 ,0);
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '32');
DeleteFileMask('c:\program files (x86)\zaxar', '*', true);
DeleteDirectory('c:\program files (x86)\zaxar');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Zaxar');
ExecuteSysClean;
ExecuteRepair(1);
ExecuteWizard('SCU', 2, 3, true);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=811040
O2-32 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\Максим\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll
O4 - HKCU\..\Run: [mailruhomesearch] C:\Users\Максим\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe --pr_deferred
O4 - HKCU\..\StartupApproved\Run: [Zaxar] (2017/04/02)C:\Program Files (x86)\Zaxar\ZaxarLoader.exe /verysilent (file missing)
start
CreateRestorePoint:
HKU\S-1-5-21-2692776809-4214489860-3691910712-1001\Software\Classes\.scr: scrfile => <===== ATTENTION
HKU\S-1-5-21-2692776809-4214489860-3691910712-1001\...\StartupApproved\Run: => "Zaxar"
CHR Extension: (SearchWay) - C:\Users\Максим\AppData\Local\Google\Chrome\User Data\Default\Extensions\achhckalphdlhbnohjonneffefbmaddi [2017-04-02]
CHR Extension: (Tampermonkey) - C:\Users\Максим\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-04-02]
CHR Extension: (Elfin Truetest fast) - C:\Users\Максим\AppData\Local\Google\Chrome\User Data\Default\Extensions\doldjcpamenafpnedeeingapcmbfabfi [2017-04-02]
2017-04-03 19:56 - 2017-04-03 19:56 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign8c733d7fc309a1af
2017-04-01 16:55 - 2017-04-01 16:55 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign395aa69ccc9b7229
2017-03-27 21:56 - 2017-03-27 21:56 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign1fa3f06326f198be
2017-03-27 13:45 - 2017-03-27 13:45 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsignb2952f79a2215a2e
2017-03-26 23:37 - 2017-03-26 23:37 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign2f57415cf51cead0
2017-03-26 16:05 - 2017-03-26 16:05 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsignb4aadbc1bc8ccfe1
2017-03-26 16:03 - 2017-03-26 16:03 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsigncc2a231f927338e1
2017-03-25 23:46 - 2017-03-25 23:46 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsigne2d4328e3f165784
2017-03-25 23:45 - 2017-03-25 23:45 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign1a849d04497513bf
2017-03-25 19:23 - 2017-03-25 19:23 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsigna11181ad00096971
2017-03-25 19:21 - 2017-03-25 19:21 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign36edd5c199603d7c
2017-03-24 12:24 - 2017-03-24 12:24 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign126d7eceb5763f6a
2017-03-24 11:26 - 2017-03-24 11:26 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsigne4436a78174067e1
2017-03-24 11:19 - 2017-03-24 11:19 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign3bb005ede8954b57
2017-03-24 10:16 - 2017-03-24 10:16 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsignddb9830fc153ded9
2017-03-24 06:34 - 2017-03-24 06:34 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign6cb0a2507d0b4b3e
2017-03-24 04:51 - 2017-03-24 04:51 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign5d1183d51b5a7153
2017-03-24 04:35 - 2017-03-24 04:35 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign72927c4071f6c104
2017-03-24 02:22 - 2017-03-24 02:22 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign0a3dbf0378ee01d4
2017-03-22 04:18 - 2017-03-22 04:18 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsigne54c57023f94cc83
2017-03-20 16:48 - 2017-03-20 16:48 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign0467ae46e2ad9a27
2017-03-20 12:47 - 2017-03-20 12:47 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign6de67525600d9734
2017-03-17 19:05 - 2017-03-17 19:06 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-03-13 21:16 - 2017-03-13 21:16 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign16fc80b8288be149
2017-03-13 00:57 - 2017-03-13 00:57 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsignf971db4fc4210e8b
2017-03-12 01:09 - 2017-03-12 01:09 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign79a5c4fdf7e4417d
2017-03-10 15:10 - 2017-03-10 15:10 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign30c3c2a7e8ea500c
2017-03-10 13:36 - 2017-03-10 13:36 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsignd614b899659932d4
2017-03-08 14:49 - 2017-03-08 14:49 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsignad992ce305c8c75b
2017-03-07 10:06 - 2017-03-07 10:06 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsignc0644ce226b7979e
2017-03-06 18:02 - 2017-03-06 18:02 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign5c1da4b202b11675
2017-03-06 15:16 - 2017-03-06 15:16 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign508b4416b09c6a63
2017-03-04 15:29 - 2017-03-04 15:29 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign9f10282b1d415522
2017-03-04 15:29 - 2017-03-04 15:29 - 00000000 ____D C:\Users\Максим\AppData\Local\Tempzxpsign0713bbbfe030f028
EmptyTemp:
Reboot:
end
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?