удалял всё в ручную..QQ Phone Manager Service,Tencent,Iobit
start
CreateRestorePoint:
HKU\S-1-5-21-2026571132-1214774528-1767223049-1000\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => -> No File
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => -> No File
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.bat
Task: {1E249B40-8E35-4067-80F7-A6F511D2D1CD} - System32\Tasks\avast! Emergency Update => D:\аваст\AvastEmUpdate.exe
Task: {56672277-93E4-4A0E-9659-90581133F564} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {6008D9FB-2CFE-4CCE-92A7-3CFFEB14FB7C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\аваст\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - D:\аваст\SafePrice\FF => not found
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - D:\аваст\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\аваст\WebRep\Chrome\aswWebRepChrome.crx <not found>
S4 QQPMSRV; "C:\Program Files\Tencent\QQPCMgr\10.11.16600.237\Plugins\QQPCB1AndroidJmp\QQPmSrv.exe" [X]
S1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16600.237\QMUdisk.sys [X]
S3 TS888; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16600.237\TS888.sys [X]
C:\Program Files\Tencent\
EmptyTemp:
Reboot:
end
По удаленке не работаем. Только прозрачное лечение. Тем более большая часть дела уже сделана.есть желание поработать с моим ПК удалённо...?
Это продолжается? Если да, в каком браузере? Проверьте в Internet Explorer.полезли баннеры,даже со "стоп рекламом"
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Windows\System32\wsaudio.dll', '');
DeleteFile('C:\Windows\System32\wsaudio.dll', '32');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\wsaudio\Parameters', 'ServiceDll');
BC_ImportALL;
ExecuteSysClean;
ExecuteRepair(22);
ExecuteWizard('SCU', 2, 3, true);
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://accesswebunlimited.com/wpad.dat?e65d14ed6b5fdf1d503df7ecd82a888b35963715
R1 - HKLM\System\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies,(default) = 0http://accesswebunlimited.com/wpad.dat?e65d14ed6b5fdf1d503df7ecd82a888b35963715
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?