begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('c:\program files (x86)\pkhwgmrkbie\hgezixeyxk.exe');
QuarantineFile('C:\Program Files (x86)\hwkRISwvfZVIC\aUxpXbZ.dll', '');
QuarantineFile('C:\Program Files (x86)\PiOSiwZlU\RjngxO.dll', '');
QuarantineFile('c:\program files (x86)\pkhwgmrkbie\hgezixeyxk.exe', '');
QuarantineFile('C:\Program Files (x86)\pKHWgMRkBIE\khWWUSHxg.dll', '');
QuarantineFile('C:\Program Files (x86)\pKHWgMRkBIE\sjJkW.dll', '');
QuarantineFile('C:\Program Files (x86)\SzpLobcaUcAmgsckcbR\gexGWow.dll', '');
QuarantineFileF('C:\Program Files (x86)\hwkRISwvfZVIC', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\PiOSiwZlU', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\pKHWgMRkBIE', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\SzpLobcaUcAmgsckcbR', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\UompkEjhKQfU2', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Users\Admin\appdata\local\xmarin', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
DeleteFile('C:\Program Files (x86)\hwkRISwvfZVIC\aUxpXbZ.dll', '32');
DeleteFile('C:\Program Files (x86)\PiOSiwZlU\RjngxO.dll', '32');
DeleteFile('c:\program files (x86)\pkhwgmrkbie\hgezixeyxk.exe', '32');
DeleteFile('C:\Program Files (x86)\pKHWgMRkBIE\khWWUSHxg.dll', '32');
DeleteFile('C:\Program Files (x86)\pKHWgMRkBIE\sjJkW.dll', '32');
DeleteFile('C:\Program Files (x86)\SzpLobcaUcAmgsckcbR\gexGWow.dll', '32');
ExecuteFile('schtasks.exe', '/delete /TN "FElhOrKhKUmaYQEsq2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "LteCIRbihgKxWSwHchj2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "lunMcdkuuacGjYS2" /F', 0, 15000, true);
DeleteFileMask(' C:\Program Files (x86)\SzpLobcaUcAmgsckcbR', '*', true);
DeleteFileMask('C:\Program Files (x86)\hwkRISwvfZVIC', '*', true);
DeleteFileMask('C:\Program Files (x86)\PiOSiwZlU', '*', true);
DeleteFileMask('C:\Program Files (x86)\pKHWgMRkBIE', '*', true);
DeleteFileMask('C:\Program Files (x86)\UompkEjhKQfU2', '*', true);
DeleteFileMask('C:\Users\Admin\appdata\local\xmarin', '*', true);
DeleteDirectory('C:\Program Files (x86)\SzpLobcaUcAmgsckcbR');
DeleteDirectory('C:\Program Files (x86)\hwkRISwvfZVIC');
DeleteDirectory('C:\Program Files (x86)\PiOSiwZlU');
DeleteDirectory('C:\Program Files (x86)\pKHWgMRkBIE');
DeleteDirectory('C:\Program Files (x86)\UompkEjhKQfU2');
DeleteDirectory('C:\Users\Admin\appdata\local\xmarin');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
# AdwCleaner 7.0.4.0 - Logfile created on Mon Oct 30 13:09:15 2017
Start::
CreateRestorePoint:
GroupPolicy: Restriction - Chrome <==== ATTENTION
2018-03-05 11:13 - 2018-03-05 11:13 - 000003214 _____ C:\WINDOWS\System32\Tasks\OHurYzwpfZsLsh
2018-03-05 11:13 - 2018-03-05 11:13 - 000003008 _____ C:\WINDOWS\System32\Tasks\wXkHuguozQzssiw2
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [432]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fawwltky.sys:changelist [834]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [432]
AlternateDataStreams: C:\Users\Все пользователи:NT [40]
AlternateDataStreams: C:\Users\Все пользователи:NT2 [432]
AlternateDataStreams: C:\Users\Admin\Application Data:NT [40]
AlternateDataStreams: C:\Users\Admin\Application Data:NT2 [432]
AlternateDataStreams: C:\Users\Admin\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\Admin\AppData\Roaming:NT2 [432]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [432]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432]
AlternateDataStreams: C:\Users\Все пользователи\Application Data:NT [40]
AlternateDataStreams: C:\Users\Все пользователи\Application Data:NT2 [432]
AlternateDataStreams: C:\Users\Все пользователи\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\Users\Все пользователи\MTA San Andreas All:NT2 [432]
EmptyTemp:
Reboot:
End::
Обычно они так нагружают систему когда происходит процесс установки обновлений системы2 3 4 и 5 процессы стали нагружать систему. Хотя я их не запускал и т.д
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?