begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
QuarantineFile('C:\Users\User\AppData\Local\cbmWrRvPcfM.bat', '');
QuarantineFile('C:\Users\User\AppData\Local\xWBlg.bat', '');
ExecuteFile('schtasks.exe', '/delete /TN "LxcBJoPkQqy" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "QRviOY" /F', 0, 15000, true);
DeleteFile('C:\Users\User\AppData\Local\cbmWrRvPcfM.bat', '32');
DeleteFile('C:\Users\User\AppData\Local\xWBlg.bat', '32');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
Ждем.Прикрепите свежий CollectionLog.
Start::
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-2129576046-775921670-950161428-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B395FD857-BC5E-4081-B40B-DBF3C1EF67D2%7D&gp=811142
SearchScopes: HKU\S-1-5-21-2129576046-775921670-950161428-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B395FD857-BC5E-4081-B40B-DBF3C1EF67D2%7D&gp=811142
2017-12-15 00:07 - 2017-12-15 00:07 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf1e349fa186c5bbe
2017-12-15 00:05 - 2017-12-15 00:05 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign63f6e9eb13caef51
2017-12-15 00:05 - 2017-12-15 00:05 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign44cec54eeac70235
2017-12-15 00:05 - 2017-12-15 00:05 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign10443ff87a77d7d9
2017-12-11 20:47 - 2017-12-11 20:47 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf600e33b0f24908d
2017-12-11 20:47 - 2017-12-11 20:47 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9ce720f5d5866c89
2017-12-11 20:47 - 2017-12-11 20:47 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4aa1a8d861a4e3b9
2017-12-11 20:43 - 2017-12-11 20:43 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncb599538480b086b
2017-12-11 20:43 - 2017-12-11 20:43 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign43b1b052c6892d93
2017-12-11 20:43 - 2017-12-11 20:43 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1c003155e961792e
2017-12-08 15:25 - 2017-12-08 15:25 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignd3b998a95e46a62f
2017-12-08 15:25 - 2017-12-08 15:25 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign49d34bdcdf27ed9e
2017-12-07 16:11 - 2017-12-07 16:11 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb476d8463e1d6482
2017-12-07 16:11 - 2017-12-07 16:11 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb4031b1acd7ae0a0
2017-12-07 16:07 - 2017-12-07 16:07 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign20c967ae30840dcb
2017-12-07 16:07 - 2017-12-07 16:07 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign094f3db780dee978
2017-12-07 16:06 - 2017-12-07 16:06 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb381c17521e589e3
2017-12-07 16:06 - 2017-12-07 16:06 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0bddf38f37a9a3eb
2017-12-07 16:03 - 2017-12-07 16:03 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignee05504b45444c69
2017-12-07 16:03 - 2017-12-07 16:03 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign191048b5f38dbb59
2017-12-07 16:02 - 2017-12-07 16:02 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4878e6ce96f2350c
2017-12-07 16:02 - 2017-12-07 16:02 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign197119d53be555a0
2017-12-07 16:01 - 2017-12-07 16:01 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc40e5580bd8146c6
2017-12-07 16:01 - 2017-12-07 16:01 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign698f25aa27bc492b
2017-12-07 15:59 - 2017-12-07 15:59 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndcce577dec74c2bd
2017-12-07 15:59 - 2017-12-07 15:59 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign085f55c1c2fde4ae
2017-12-07 15:54 - 2017-12-07 15:54 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf5602037e66b5d3a
2017-12-07 15:54 - 2017-12-07 15:54 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign24663a6f160f2c12
2017-12-07 15:52 - 2017-12-07 15:52 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsigne04410307c9c3c95
2017-12-07 15:52 - 2017-12-07 15:52 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign99f6cbae83b17f34
2017-12-07 15:51 - 2017-12-07 15:51 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignfa1ff0bcc23f5a41
2017-12-07 15:51 - 2017-12-07 15:51 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7b008c8108431720
2017-12-07 15:40 - 2017-12-07 15:40 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc0185a0689e69db1
2017-12-07 15:40 - 2017-12-07 15:40 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignac37a0b23581744a
2017-12-07 15:39 - 2017-12-07 15:39 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign90f3f088f014b544
2017-12-07 15:39 - 2017-12-07 15:39 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign18d01f85bb491f19
2017-12-07 15:38 - 2017-12-07 15:38 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignef30f66663d9e40e
2017-12-07 15:38 - 2017-12-07 15:38 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0d393578cd2717a3
2017-12-07 15:37 - 2017-12-07 15:37 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign926e69cbbc36316e
2017-12-07 15:37 - 2017-12-07 15:37 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign6ba54800494bd5c8
2017-12-07 15:22 - 2017-12-07 15:22 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign83f3b85a65015dd6
2017-12-07 15:22 - 2017-12-07 15:22 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7b87a4fcea08c8ad
2017-12-07 15:14 - 2017-12-07 15:14 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignd6f2bbb2e6ea50bd
2017-12-07 15:14 - 2017-12-07 15:14 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2480ab3d4cb08cee
2017-12-05 15:20 - 2017-09-29 16:42 - 000001217 _____ C:\Users\User\AppData\Local\LHjIdjNeBnE
2017-12-05 15:20 - 2017-09-29 16:42 - 000001132 _____ C:\Users\User\AppData\Local\uYzkAyg
2017-12-05 15:20 - 2017-09-29 16:42 - 000000069 _____ C:\Users\User\AppData\Local\cbmWrRvPcfM
2017-12-05 15:20 - 2017-09-29 16:42 - 000000065 _____ C:\Users\User\AppData\Local\xWBlg
2017-11-25 11:47 - 2017-11-25 11:47 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsignaa722764d2ed6c48
2017-11-25 11:47 - 2017-11-25 11:47 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign20b47c7148c603f2
2017-11-21 14:25 - 2017-11-21 14:25 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsigne22f0852188a2ad6
2017-11-21 14:25 - 2017-11-21 14:25 - 000000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1f5ce9c2c37106ee
Task: {DC507B4A-C493-4B27-BFBA-A49382DEF3EB} - \QRviOY -> No File <==== ATTENTION
Task: {FE94FD6C-02F2-443F-81B5-4FBFC42E4413} - \LxcBJoPkQqy -> No File <==== ATTENTION
EmptyTemp:
Reboot:
End::
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?