begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Programdata\RealtekHD\taskhostw.exe','');
QuarantineFile('C:\Programdata\RealtekHD\taskhost.exe','');
DeleteFile('C:\Programdata\RealtekHD\taskhost.exe','64');
DeleteFile('C:\Programdata\RealtekHD\taskhostw.exe','64');
DeleteSchedulerTask('Microsoft\Windows\Wininet\RealtekMO');
DeleteSchedulerTask('Microsoft\Windows\Wininet\RealtekOnLogon');
DeleteSchedulerTask('Microsoft\Windows\Wininet\TaskhostMO');
DeleteSchedulerTask('Microsoft\Windows\Wininet\TaskhostOnlogon');
BC_Activate;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
BC_ImportALL;
RebootWindows(true);
end.
begin
DeleteFile(GetAVZDirectory+'quarantine.7z');
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
end.
Start::
SystemRestore: On
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ограничение <==== ВНИМАНИЕ
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Ограничение <==== ВНИМАНИЕ
HKU\S-1-5-21-1874730287-2925810993-795880429-1001\...\MountPoints2: {bc3abe78-284b-11e9-a38e-b06ebf2afb12} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1874730287-2925810993-795880429-1001\...\MountPoints2: {fca109b9-4bf9-11e9-a3be-b06ebf2afb12} - "G:\Setup.exe"
GroupPolicy\User: Ограничение ? <==== ВНИМАНИЕ
C:\Users\Антон\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\mjmpfdkmpojoeemjmfiddlhkkndcdpno
C:\Users\Антон\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mjmpfdkmpojoeemjmfiddlhkkndcdpno
CHR HKU\S-1-5-21-1874730287-2925810993-795880429-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ldgpjdiadomhinpimgchmeembbgojnjk]
2022-06-16 13:24 - 2022-06-16 13:24 - 000000000 __SHD C:\Program Files\Rainmeter
2022-06-16 13:24 - 2022-06-16 13:24 - 000000000 __SHD C:\Program Files\Loaris Trojan Remover
2022-06-16 13:24 - 2022-06-16 13:24 - 000000000 __SHD C:\KVRT2020_Data
2022-06-16 13:24 - 2022-06-16 13:24 - 000000000 ____D C:\Users\Антон\AppData\Roaming\RMS_settings
2022-06-16 13:23 - 2022-06-16 13:23 - 000000000 __SHD C:\Users\John
AlternateDataStreams: C:\Users\Антон\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Антон\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
FirewallRules: [{A654EF0A-0B71-4315-8502-988449C79313}] => (Allow) C:\ProgramData\Windows Tasks Service\winserv.exe => Нет файла
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
EmptyTemp:
Reboot:
End::
Там будут активные ссылки.C:\SecurityCheck\SecurityCheck.txt
На перечисленное обратите внимание и по возможности исправьте.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?