begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('c:\program files (x86)\fastoplayer\vsupdater.exe');
TerminateProcessByName('c:\program files (x86)\visual protect service\vsprotector.exe');
TerminateProcessByName('c:\users\b7e3~1\appdata\local\temp\wizz\ioproduct.exe');
TerminateProcessByName('c:\users\b7e3~1\appdata\local\temp\wizz\ioprotect.exe');
TerminateProcessByName('c:\program files (x86)\03000200-1441301735-0500-0006-000700080009\knsxf51a.tmp');
SetServiceStart('VSUpdater', 4);
SetServiceStart('kefihivo', 4);
StopService('VSUpdater');
StopService('kefihivo');
QuarantineFileF('C:\Program Files (x86)\Visual Protect Service', '*', true, '', 0 , 0);
QuarantineFile('C:\Users\Евгений\AppData\Local\Kometa\kometaup.exe', '');
QuarantineFileF('C:\ProgramData\lWdsM', '*', true, '', 0 , 0);
QuarantineFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe', '');
QuarantineFileF('C:\Program Files (x86)\FastoPlayer', '*', true, '', 0 , 0);
QuarantineFileF('C:\Program Files (x86)\03000200-1441301735-0500-0006-000700080009', '*', true, '', 0 , 0);
QuarantineFile('C:\Windows\system32\VSProtectProxy.dll', '');
QuarantineFile('c:\program files (x86)\fastoplayer\vsupdater.exe', '');
QuarantineFile('c:\program files (x86)\visual protect service\vsprotector.exe', '');
QuarantineFile('c:\users\b7e3~1\appdata\local\temp\wizz\ioproduct.exe', '');
QuarantineFile('c:\users\b7e3~1\appdata\local\temp\wizz\ioprotect.exe', '');
QuarantineFile('c:\program files (x86)\03000200-1441301735-0500-0006-000700080009\knsxf51a.tmp', '');
QuarantineFile('C:\ProgramData\lWdsM', '');
QuarantineFile('C:\Users\B7E3~1\AppData\Local\Temp\WIZZ\ioproduct_service.bat', '');
QuarantineFile('C:\Users\Евгений\AppData\Roaming\daemon.exe', '');
QuarantineFile('C:\Program Files (x86)\Mindjet\MindManager 15\sys\MmInternetExplorerActiveSetup.vbs', '');
QuarantineFile('C:\Users\Евгений\AppData\Local\kometa.bat', '');
QuarantineFile('C:\Program Files (x86)\Google\chrome.bat', '');
QuarantineFile('C:\Users\Евгений\AppData\Local\Yandex\browser.bat', '');
QuarantineFile('C:\launcher.bat', '');
QuarantineFile('F:\launcher.bat', '');
QuarantineFile('D:\ЖЕНЯ\ИГРЫ\launcher.bat', '');
QuarantineFile('D:\Program Files (x86)\R.G. Games\Sniper3Launcher.bat', '');
QuarantineFile('D:\Program Files (x86)\Running With Scissors\Launcher.bat', '');
DeleteFile('c:\users\b7e3~1\appdata\local\temp\wizz\ioproduct.exe', '32');
DeleteFile('c:\users\b7e3~1\appdata\local\temp\wizz\ioprotect.exe', '32');
DeleteFile('C:\Windows\system32\VSProtectProxy.dll', '32');
DeleteFile('C:\Program Files (x86)\03000200-1441301735-0500-0006-000700080009\knsxF51A.tmp', '32');
DeleteFile('C:\Program Files (x86)\FastoPlayer\VSUpdater.exe', '32');
DeleteFile('C:\Program Files (x86)\Google\chrome.bat', '32');
DeleteFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe', '32');
DeleteFile('C:\ProgramData\lWdsM', '32');
DeleteFile('C:\Users\B7E3~1\AppData\Local\Temp\WIZZ\ioproduct_service.bat', '32');
DeleteFile('C:\Users\Евгений\AppData\Local\Kometa\kometaup.exe', '32');
DeleteFile('C:\Users\Евгений\AppData\Local\Yandex\browser.bat', '32');
DeleteFile('C:\Users\Евгений\AppData\Local\kometa.bat', '32');
DeleteFile('C:\Users\Евгений\AppData\Roaming\daemon.exe', '32');
DeleteFile('C:\Program Files (x86)\Visual Protect Service\VSProtector.exe', '32');
DeleteFile('C:\Windows\system32\Tasks\VSProtector', '64');
DeleteFile('c:\users\b7e3~1\appdata\local\temp\wizz\ioproduct.exe');
DeleteFile('c:\users\b7e3~1\appdata\local\temp\wizz\ioprotect.exe');
DeleteFile('c:\program files (x86)\03000200-1441301735-0500-0006-000700080009\knsxf51a.tmp');
DeleteFile('C:\Program Files (x86)\Google\chrome.bat');
DeleteFile('C:\ProgramData\lWdsM');
DeleteFile('C:\Users\B7E3~1\AppData\Local\Temp\WIZZ\ioproduct_service.bat');
DeleteFile('C:\Users\Евгений\AppData\Local\Yandex\browser.bat');
DeleteFile('C:\Users\Евгений\AppData\Local\kometa.bat');
DeleteFile('C:\Users\Евгений\AppData\Roaming\daemon.exe');
DeleteFile('C:\Program Files (x86)\Mindjet\MindManager 15\sys\MmInternetExplorerActiveSetup.vbs');
DeleteFile('C:\Users\Евгений\AppData\Local\kometa.bat', '');
DeleteFile('C:\Program Files (x86)\Google\chrome.bat', '');
DeleteFile('C:\Users\Евгений\AppData\Local\Yandex\browser.bat', '');
DeleteFile('C:\launcher.bat', '');
DeleteFile('F:\launcher.bat', '');
DeleteFile('D:\ЖЕНЯ\ИГРЫ\launcher.bat', '');
DeleteFile('D:\Program Files (x86)\R.G. Games\Sniper3Launcher.bat', '');
DeleteFile('D:\Program Files (x86)\Running With Scissors\Launcher.bat', '');
DeleteService('VSUpdater');
DeleteService('kefihivo');
DeleteFileMask('C:\Program Files (x86)\Visual Protect Service', '*', true);
DeleteFileMask('C:\ProgramData\lWdsM', '*', true);
DeleteFileMask('C:\Program Files (x86)\FastoPlayer', '*', true);
DeleteFileMask('C:\Program Files (x86)\03000200-1441301735-0500-0006-000700080009', '*', true);
DeleteDirectory('C:\Program Files (x86)\Visual Protect Service', '');
DeleteDirectory('C:\ProgramData\lWdsM', '');
DeleteDirectory('C:\Program Files (x86)\FastoPlayer', '');
DeleteDirectory('C:\Program Files (x86)\03000200-1441301735-0500-0006-000700080009', '');
DelCLSID('{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpaceSoundPro', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kometaup', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro', 'EventMessageFile');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'IOPROTECT');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Daemon', 'command');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
BC_ImportALL;
ExecuteSysClean;
ExecuteRepair(1);
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsprotectproxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsprotectproxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsprotectproxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsprotectproxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsprotectproxy.dll
Подробнее читайте в этом руководстве.
- Скачайте AdwCleaner (by Xplode) и сохраните его на Рабочем столе.
- Запустите его (в ОС Vista/Windows 7/8 необходимо запускать через правую кн. мыши от имени администратора), нажмите кнопку "Scan" ("Сканировать") и дождитесь окончания сканирования.
- Когда сканирование будет завершено, отчет будет сохранен в следующем расположении: C:\AdwCleaner\AdwCleaner[R0].txt.
- Прикрепите отчет к своему следующему сообщению.
Какие именно?ли восстановить данные с браузера?
CreateRestorePoint:
() C:\Program Files (x86)\03000200-1441301735-0500-0006-000700080009\knsj2690.tmp
() C:\Users\B7E3~1\AppData\Local\Temp\nsm9918.tmp
(DTools LIMITED) C:\ProgramData\OWdsManProO\WdsManPro.exe
(Visual Protect) C:\Program Files (x86)\FastoPlayer\VSUpdater.exe
(Visual Protect) C:\Program Files (x86)\Visual Protect Service\VSProtector.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
() C:\Program Files (x86)\SFK\SFKEX64.exe
(CMI Limited) C:\Users\B7E3~1\AppData\Local\Temp\nsr6700.tmp
GroupPolicy-x32: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1441398208&z=93679535f5b78f1d365c6e8gcz9z2gccdtee6m9qew&from=face&uid=ST500DM002-1BD142_Z2AFMSPWXXXXZ2AFMSPW
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1441305088&z=7c1efe9c0cdae60ba1771efgfz2z9g3oft9mcqfz8t&from=cmi&uid=WDCXWD5000AAKS-007AA0_WD-WCATR123754337543
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1441305088&z=7c1efe9c0cdae60ba1771efgfz2z9g3oft9mcqfz8t&from=cmi&uid=WDCXWD5000AAKS-007AA0_WD-WCATR123754337543","hxxp://www.istartsurf.com/?type=hp&ts=1441376962&z=b741fa9b58a9fffc47ba540gazfzcg0caq4taw3obg&from=face&uid=ST500DM002-1BD142_Z2AFMSPWXXXXZ2AFMSPW","hxxp://www.mystartsearch.com/?type=hp&ts=1441380058&z=944de75604b04601a83a050g2z2z4gac4mdo7qag3m&from=cmi&uid=WDCXWD5000AAKS-007AA0_WD-WCATR123754337543","hxxp://www.istartsurf.com/?type=hp&ts=1441398208&z=93679535f5b78f1d365c6e8gcz9z2gccdtee6m9qew&from=face&uid=ST500DM002-1BD142_Z2AFMSPWXXXXZ2AFMSPW"
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1441398208&z=93679535f5b78f1d365c6e8gcz9z2gccdtee6m9qew&from=face&uid=ST500DM002-1BD142_Z2AFMSPWXXXXZ2AFMSPW
R2 byzypiky; C:\Program Files (x86)\03000200-1441301735-0500-0006-000700080009\knsj2690.tmp [778240 2015-09-04] () [File not signed]
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [411648 2015-09-04] (TODO: <公司名>) [File not signed]
R2 WdsManPro; C:\ProgramData\OWdsManProO\WdsManPro.exe [709288 2015-09-04] (DTools LIMITED)
R2 VSUpdater; C:\Program Files (x86)\FastoPlayer\VSUpdater.exe [972800 2015-09-02] (Visual Protect) [File not signed]
S3 AsrAutoChkUpdDrv; \??\C:\Windows\SysWOW64\Drivers\AsrAutoChkUpdDrv.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
2015-09-04 23:24 - 2015-09-04 23:23 - 00613255 _____ (CMI Limited) C:\Users\Евгений\AppData\Local\nsr6700.tmp
2015-09-04 23:23 - 2015-09-04 23:30 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-09-04 23:23 - 2015-09-04 23:26 - 00000000 ____D C:\Users\Евгений\AppData\Roaming\istartsurf
2015-09-04 23:23 - 2015-09-04 23:24 - 00000000 ____D C:\Users\Все пользователи\OWdsManProO
2015-09-04 23:23 - 2015-09-04 23:24 - 00000000 ____D C:\ProgramData\OWdsManProO
2015-09-04 23:23 - 2015-09-04 23:23 - 00000000 __SHD C:\Users\Евгений\AppData\Roaming\AnyProtectEx
2015-09-04 23:23 - 2015-09-04 23:23 - 00000000 ____D C:\Program Files (x86)\SFK
2015-09-04 18:21 - 2015-09-04 18:21 - 00613255 _____ (CMI Limited) C:\Users\Евгений\AppData\Local\nsm10D.tmp
2015-09-04 17:30 - 2015-09-04 17:30 - 00613255 _____ (CMI Limited) C:\Users\Евгений\AppData\Local\nsx1DA2.tmp
2015-09-04 17:29 - 2015-09-04 17:46 - 00000000 ____D C:\Users\Евгений\AppData\Local\gmsd_ru_005010079
2015-09-04 17:29 - 2015-09-04 17:37 - 00000000 ____D C:\Program Files (x86)\gmsd_ru_005010079
2015-09-04 17:29 - 2015-09-04 17:30 - 00000000 ____D C:\Users\Все пользователи\eWdsManProe
2015-09-04 17:29 - 2015-09-04 17:30 - 00000000 ____D C:\ProgramData\eWdsManProe
2015-09-04 16:58 - 2015-09-04 22:52 - 00003368 _____ C:\Windows\System32\Tasks\VSProtector
2015-09-04 07:36 - 2015-09-04 07:36 - 00613255 _____ (CMI Limited) C:\Users\Евгений\AppData\Local\nsmB216.tmp
2015-09-04 07:34 - 2015-09-04 07:34 - 00000000 ____D C:\Users\Все пользователи\FWdsManProF
2015-09-04 07:34 - 2015-09-04 07:34 - 00000000 ____D C:\ProgramData\FWdsManProF
2015-09-03 21:32 - 2015-09-03 21:32 - 00613255 _____ (CMI Limited) C:\Users\Евгений\AppData\Local\nscF460.tmp
2015-09-03 21:31 - 2015-09-04 23:23 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-03 21:31 - 2015-09-03 21:32 - 00000000 ____D C:\ProgramData\lWdsManProl
2015-09-03 21:17 - 2015-09-04 17:22 - 00007168 _____ C:\Windows\SysWOW64\Drivers\utqxotix.sys
2015-09-03 20:37 - 2015-09-03 20:37 - 00000000 ____D C:\Users\Евгений\Downloads\Torrentex
2015-09-03 20:35 - 2015-09-04 21:50 - 00000000 ____D C:\Program Files (x86)\03000200-1441301735-0500-0006-000700080009
2015-09-03 20:34 - 2015-09-04 16:58 - 00000000 ____D C:\Program Files (x86)\Visual Protect Service
2015-09-03 20:34 - 2015-09-03 20:34 - 00001059 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastoPlayer.lnk
2015-09-03 20:34 - 2015-09-03 20:34 - 00000000 ____D C:\Users\Евгений\AppData\Roaming\Visual Protect Service
2015-09-03 20:34 - 2015-09-03 20:34 - 00000000 ____D C:\Program Files (x86)\FastoPlayer
2015-09-04 07:04 - 2015-09-04 22:52 - 0007824 _____ () C:\Program Files (x86)\VSConfig
2015-09-03 21:32 - 2015-09-03 21:32 - 0613255 _____ (CMI Limited) C:\Users\Евгений\AppData\Local\nscF460.tmp
2015-09-04 18:21 - 2015-09-04 18:21 - 0613255 _____ (CMI Limited) C:\Users\Евгений\AppData\Local\nsm10D.tmp
2015-09-04 07:36 - 2015-09-04 07:36 - 0613255 _____ (CMI Limited) C:\Users\Евгений\AppData\Local\nsmB216.tmp
2015-09-04 23:24 - 2015-09-04 23:23 - 0613255 _____ (CMI Limited) C:\Users\Евгений\AppData\Local\nsr6700.tmp
2015-09-04 17:30 - 2015-09-04 17:30 - 0613255 _____ (CMI Limited) C:\Users\Евгений\AppData\Local\nsx1DA2.tmp
2015-09-03 21:31 - 2015-09-04 23:23 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-04 20:13 - 2015-09-04 20:13 - 00201594 _____ () C:\Users\B7E3~1\AppData\Local\Temp\nsm9918.tmp
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
ShortcutWithArgument: C:\Users\Евгений\Desktop\lаunсhеr.ехе - Ярлык.lnk -> F:\launcher\launcher.exe (Destiny KARO LLC) -> hxxp://www.istartsurf.com/?type=sc&ts=1441398208&z=93679535f5b78f1d365c6e8gcz9z2gccdtee6m9qew&from=face&uid=ST500DM002-1BD142_Z2AFMSPWXXXXZ2AFMSPW
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gupdate" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gupdatem" /f
EmptyTemp:
Reboot:
start
CreateRestorePoint:
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [No File]
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1441305088&z=7c1efe9c0cdae60ba1771efgfz2z9g3oft9mcqfz8t&from=cmi&uid=WDCXWD5000AAKS-007AA0_WD-WCATR123754337543
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1441305088&z=7c1efe9c0cdae60ba1771efgfz2z9g3oft9mcqfz8t&from=cmi&uid=WDCXWD5000AAKS-007AA0_WD-WCATR123754337543","hxxp://www.istartsurf.com/?type=hp&ts=1441376962&z=b741fa9b58a9fffc47ba540gazfzcg0caq4taw3obg&from=face&uid=ST500DM002-1BD142_Z2AFMSPWXXXXZ2AFMSPW","hxxp://www.mystartsearch.com/?type=hp&ts=1441380058&z=944de75604b04601a83a050g2z2z4gac4mdo7qag3m&from=cmi&uid=WDCXWD5000AAKS-007AA0_WD-WCATR123754337543","hxxp://www.istartsurf.com/?type=hp&ts=1441398208&z=93679535f5b78f1d365c6e8gcz9z2gccdtee6m9qew&from=face&uid=ST500DM002-1BD142_Z2AFMSPWXXXXZ2AFMSPW","hxxp://www.mystartsearch.com/?type=hp&ts=1441430999&z=6e7bb1611267302e4bff6fcgbz0zegdzcoec4w0waq&from=cmi&uid=ST500DM002-1BD142_Z2AFMSPWXXXXZ2AFMSPW"
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Евгений\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
S3 utqxotix; \??\C:\Windows\system32\Drivers\utqxotix.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
EmptyTemp:
Reboot:
end
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?