ChipotleBoyo
Новый пользователь
- Сообщения
- 11
- Реакции
- 0
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('C:\Users\Default\AppData\Local\vcredist_x64.exe');
TerminateProcessByName('c:\users\default\appdata\local\vc.exe');
TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\10.9.16349.225\qqpcrtp.exe');
TerminateProcessByName('c:\users\e\appdata\roaming\7f4d1c80-1433795816-81e1-3373-50465de58974\nsncf76.tmpfs');
TerminateProcessByName('c:\users\e\appdata\roaming\7f4d1c80-1433795816-81e1-3373-50465de58974\jnsn8a.tmp');
TerminateProcessByName('c:\users\e\appdata\roaming\7f4d1c80-1433795816-81e1-3373-50465de58974\hnsd1728.tmp');
SetServiceStart('TSSKX64', 4);
SetServiceStart('TSSysKit', 4);
SetServiceStart('TsDefenseBt', 4);
SetServiceStart('TSCPM', 4);
SetServiceStart('TFsFlt', 4);
SetServiceStart('TAOKernelDriver', 4);
SetServiceStart('TAOAccelerator', 4);
SetServiceStart('scfd_1_10_0_16', 4);
SetServiceStart('innfd_1_10_0_14', 4);
SetServiceStart('QQSysMonX64', 4);
SetServiceStart('xoperoze', 4);
SetServiceStart('zedepory', 4);
SetServiceStart('QQPCRTP', 4);
StopService('TSSKX64');
StopService('TSSysKit');
StopService('TsDefenseBt');
StopService('TSCPM');
StopService('TFsFlt');
StopService('TAOKernelDriver');
StopService('TAOAccelerator');
StopService('scfd_1_10_0_16');
StopService('innfd_1_10_0_14');
StopService('QQSysMonX64');
StopService('xoperoze');
StopService('zedepory');
StopService('QQPCRTP');
QuarantineFile('C:\Users\e\appdata\roaming\funspace\shadow\funspace.update\funspace.update.process.exe', '');
QuarantineFile('C:\Users\e\AppData\Local\SmartWeb\SmartWebHelper.exe', '');
QuarantineFile('TSCPM.sys', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\tscpm64.sys', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TsDefenseBT64.sys', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSSysKit64.sys', '');
QuarantineFile('C:\Windows\system32\Drivers\TFsFltX64.sys', '');
QuarantineFile('C:\Windows\System32\Drivers\TAOKernel64.sys', '');
QuarantineFile('C:\Windows\system32\Drivers\TAOAccelerator64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\scfd_1_10_0_16.sys', '');
QuarantineFile('C:\Users\Default\AppData\Local\vcredist_x64.exe', '');
QuarantineFile('c:\users\default\appdata\local\vc.exe', '');
QuarantineFile('c:\users\e\appdata\roaming\7f4d1c80-1433795816-81e1-3373-50465de58974\nsncf76.tmpfs', '');
QuarantineFile('c:\users\e\appdata\roaming\7f4d1c80-1433795816-81e1-3373-50465de58974\jnsn8a.tmp', '');
QuarantineFile('c:\users\e\appdata\roaming\7f4d1c80-1433795816-81e1-3373-50465de58974\hnsd1728.tmp', '');
QuarantineFileF('C:\Program Files (x86)\Tencent', '*', true, '', 0 , 0);
DeleteFile('c:\users\e\appdata\roaming\7f4d1c80-1433795816-81e1-3373-50465de58974\hnsd1728.tmp');
DeleteFile('c:\users\e\appdata\roaming\7f4d1c80-1433795816-81e1-3373-50465de58974\jnsn8a.tmp');
DeleteFile('c:\users\e\appdata\roaming\7f4d1c80-1433795816-81e1-3373-50465de58974\nsncf76.tmpfs', '32');
DeleteFile('C:\Users\Default\AppData\Local\vcredist_x64.exe', '32');
DeleteFile('C:\Windows\system32\drivers\scfd_1_10_0_16.sys', '32');
DeleteFile('C:\Windows\system32\Drivers\TAOAccelerator64.sys', '32');
DeleteFile('C:\Windows\System32\Drivers\TAOKernel64.sys', '32');
DeleteFile('C:\Windows\system32\Drivers\TFsFltX64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSSysKit64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TsDefenseBT64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\tscpm64.sys', '32');
DeleteFile('C:\Users\e\AppData\Roaming\7F4D1C80-1433795816-81E1-3373-50465DE58974\jnsn8A.tmp', '32');
DeleteFile('C:\Users\e\AppData\Roaming\7F4D1C80-1433795816-81E1-3373-50465DE58974\hnsd1728.tmp', '32');
DeleteFile('TSCPM.sys', '32');
DeleteFile('C:\Users\Default\AppData\Local\vc.exe', '32');
DeleteFile('C:\Users\e\AppData\Local\SmartWeb\SmartWebHelper.exe', '32');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task', '64');
DeleteFile('C:\Windows\system32\Tasks\Soft installer', '64');
DeleteFile('C:\Users\e\AppData\Local\Host installer\1883693313_monster.exe', '32');
DeleteFile('C:\Users\e\appdata\roaming\funspace\shadow\funspace.update\funspace.update.process.exe', '32');
DeleteService('TSSKX64');
DeleteService('TSSysKit');
DeleteService('TsDefenseBt');
DeleteService('TSCPM');
DeleteService('TFsFlt');
DeleteService('TAOKernelDriver');
DeleteService('TAOAccelerator');
DeleteService('scfd_1_10_0_16');
DeleteService('innfd_1_10_0_14');
DeleteService('QQSysMonX64');
DeleteService('xoperoze');
DeleteService('zedepory');
DeleteService('QQPCRTP');
DeleteFileMask('C:\Program Files (x86)\Tencent', '*', true);
DeleteDirectory('C:\Program Files (x86)\Tencent', '');
DelBHO('{50F4150A-48B2-417A-BE4C-C83F580FB904}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'IntelTBRunOnce');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved', '{754DF2CE-51E8-4895-B53C-6381418B84AE}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'QQPCTray');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved', '{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved', '{63332668-8CE1-445D-A5EE-25929176714E}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'SmartWeb');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteRepair(2);
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU',2,3,true);
RebootWindows(true);
end.
Не надо так делать - зависание,о котором вы говорите,это ход выполнения скрипта.завис и перестал отвечать. Я попробовал отключить его и сделать это заново
start
CreateRestorePoint:
() C:\Users\e\AppData\Roaming\7F4D1C80-1433795816-81E1-3373-50465DE58974\nsnCF76.tmpfs
() C:\Users\Default\AppData\Local\vc.exe
() C:\Users\Default\AppData\Local\vcredist_x64.exe
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTRAY.EXE" /regrun /qqrepair
HKU\S-1-5-21-1284808173-658227981-30416656-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1284808173-658227981-30416656-1001\...\MountPoints2: {1c895f1c-88ac-11e3-8832-0008ca592829} - G:\SISetup.exe
HKU\S-1-5-21-1284808173-658227981-30416656-1001\...\MountPoints2: {579846b9-1cad-11e3-b21a-0008ca592829} - F:\setup.exe
Startup: C:\Users\e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VC.lnk [2014-12-05]
ShortcutTarget: VC.lnk -> C:\Users\Default\AppData\Local\vc.exe ()
GroupPolicy-x32: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1284808173-658227981-30416656-1001 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File
HKU\S-1-5-21-1284808173-658227981-30416656-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://spacesearch.ru/?ri=1&rsid=6bb8f0a4aacbc94c02bd46c0975bf402&q={searchTerms}
HKU\S-1-5-21-1284808173-658227981-30416656-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://spacesearch.ru/?ri=1&rsid=6bb8f0a4aacbc94c02bd46c0975bf402&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1284808173-658227981-30416656-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = http://spacesearch.ru/?ri=1&rsid=6bb8f0a4aacbc94c02bd46c0975bf402&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1284808173-658227981-30416656-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = http://spacesearch.ru/?ri=1&rsid=6bb8f0a4aacbc94c02bd46c0975bf402&q=
DefaultPrefix-x32: => http://spacesearch.ru/?ri=1&rsid=6bb8f0a4aacbc94c02bd46c0975bf402&q= <==== ATTENTION
R2 bytinuhe; C:\Users\e\AppData\Roaming\7F4D1C80-1433795816-81E1-3373-50465DE58974\nsnCF76.tmpfs [X]
S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRtp.exe" -r [X]
S4 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-08] (电脑管家)
R1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TsDefenseBT64.sys [X]
S4 scfd_1_10_0_16; system32\drivers\scfd_1_10_0_16.sys [X]
2015-06-18 14:38 - 2015-06-18 14:38 - 00000000 ____D C:\Users\Все пользователи\TXQMPC
2015-06-18 14:38 - 2015-06-18 14:38 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-12 03:38 - 2015-06-12 03:38 - 00099640 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TAOAccelerator64.sys
2015-06-12 03:38 - 2015-06-12 03:38 - 00087864 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TFsFltX64.sys
2015-06-09 04:03 - 2015-06-09 04:03 - 00613255 _____ (CMI Limited) C:\Users\e\AppData\Local\nsg9B0B.tmp
2015-06-09 00:55 - 2015-06-09 00:55 - 00613255 _____ (CMI Limited) C:\Users\e\AppData\Local\nsrBA67.tmp
2015-06-09 00:42 - 2015-06-09 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-09 00:41 - 2015-06-09 01:05 - 00000000 ____D C:\Users\e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-08 23:40 - 2015-06-08 23:39 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-08 23:40 - 2015-06-08 23:39 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-08 23:39 - 2015-06-08 23:39 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-08 23:39 - 2015-06-08 23:39 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-08 23:39 - 2015-06-08 23:39 - 00002260 _____ C:\Users\Public\Desktop\软件管理.lnk
2015-06-08 23:38 - 2015-06-18 14:39 - 00000000 ____D C:\Users\Все пользователи\Tencent
2015-06-08 23:38 - 2015-06-18 14:39 - 00000000 ____D C:\ProgramData\Tencent
2015-06-08 23:39 - 2015-06-08 23:39 - 00000000 ____D C:\Users\e\AppData\Roaming\ProductData
EmptyTemp:
Reboot:
end
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?