begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('C:\Windows\Temp\gB71F.tmp.exe');
TerminateProcessByName('C:\Windows\Temp\g5D21.tmp.exe');
QuarantineFile('C:\Users\C559~1\AppData\Roaming\SETUPS~1\python\pythonw.exe','');
QuarantineFile('C:\Users\C559~1\AppData\Roaming\SETUPS~1\ml.py','');
QuarantineFile('C:\Users\C559~1\AppData\Roaming\setupsk\python\pythonw.exe','');
QuarantineFile('C:\Users\C559~1\AppData\Roaming\setupsk\ml.py','');
QuarantineFile('C:\Users\Юля\AppData\Roaming\Adobe\Manager.exe','');
QuarantineFile('C:\ProgramData\RegisterObject\RegisterObject.exe','');
QuarantineFile('C:\ProgramData\302G455G644r994\302G455G644r994.dll','');
QuarantineFile('C:\Users\Юля\AppData\Roaming\Browsers\exe.resworb.bat','');
QuarantineFile('C:\Users\Юля\AppData\Roaming\Browsers\exe.rehcnualebivsusa.bat','');
QuarantineFile('C:\WINDOWS\TEMP\g5D21.tmp.exe','');
QuarantineFile('C:\Windows\Temp\gB71F.tmp.exe','');
QuarantineFile('C:\Windows\Temp\g5D21.tmp.exe','');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\АsusVibeLaunchеr.lnk','');
QuarantineFile('C:\Users\Юля\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yаndеx.lnk ','');
QuarantineFile('C:\Users\Юля\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk','');
QuarantineFileF('C:\Users\C559~1\AppData\Roaming\SETUPS~1', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
QuarantineFileF('C:\Users\C559~1\AppData\Roaming\setupsk', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
QuarantineFileF('C:\ProgramData\RegisterObject', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
QuarantineFileF('C:\ProgramData\302G455G644r994', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
QuarantineFileF('C:\Users\Юля\AppData\Roaming\Browsers', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
DeleteFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\АsusVibeLaunchеr.lnk','32');
DeleteFile('C:\Users\Юля\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yаndеx.lnk ','32');
DeleteFile('C:\Users\Юля\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk','32');
DeleteFile('C:\Windows\Temp\g5D21.tmp.exe','32');
DeleteFile('C:\Windows\Temp\gB71F.tmp.exe','32');
DeleteFile('C:\WINDOWS\TEMP\g5D21.tmp.exe','32');
DeleteFile('C:\Users\Юля\AppData\Roaming\Browsers\exe.rehcnualebivsusa.bat','32');
DeleteFile('C:\Users\Юля\AppData\Roaming\Browsers\exe.resworb.bat','32');
DeleteFile('C:\ProgramData\302G455G644r994\302G455G644r994.dll','32');
DeleteFile('C:\ProgramData\RegisterObject\RegisterObject.exe','32');
DeleteFile('C:\Users\Юля\AppData\Roaming\Adobe\Manager.exe','32');
DeleteFile('C:\Users\C559~1\AppData\Roaming\setupsk\ml.py','32');
DeleteFile('C:\Users\C559~1\AppData\Roaming\setupsk\python\pythonw.exe','32');
DeleteFile('C:\Users\C559~1\AppData\Roaming\SETUPS~1\ml.py','32');
DeleteFile('C:\Users\C559~1\AppData\Roaming\SETUPS~1\python\pythonw.exe','32');
ExecuteFile('schtasks.exe', '/delete /TN "mrupdsrv" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "302G455G644r994" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "ravcpl64" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "RegisterObject" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Manager" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "setupsk" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "setupsk_upd" /F', 0, 15000, true);
DeleteFileMask('C:\Users\C559~1\AppData\Roaming\SETUPS~1','*', true);
DeleteFileMask('C:\Users\C559~1\AppData\Roaming\setupsk','*', true);
DeleteFileMask('C:\ProgramData\RegisterObject','*', true);
DeleteFileMask('C:\ProgramData\302G455G644r994','*', true);
DeleteFileMask('C:\Users\Юля\AppData\Roaming\Browsers','*', true);
DeleteDirectory('C:\Users\C559~1\AppData\Roaming\SETUPS~1');
DeleteDirectory('C:\Users\C559~1\AppData\Roaming\setupsk');
DeleteDirectory('C:\ProgramData\RegisterObject');
DeleteDirectory('C:\ProgramData\302G455G644r994');
DeleteDirectory('C:\Users\Юля\AppData\Roaming\Browsers');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','ULIA');
ExecuteSysClean;
ExecuteWizard('SCU',2,2,true);
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
RebootWindows(true);
end.
IObit
System Tools
Mail.Ru
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
QuarantineFile('C:\ProgramData\302G455G644r994\302G455G644r994.dll','');
QuarantineFileF('C:\ProgramData\302G455G644r994', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 ,0);
DeleteFile('C:\ProgramData\302G455G644r994\302G455G644r994.dll','32');
DeleteFile('C:\WINDOWS\system32\Tasks\update service\mrupdsrv','64');
DeleteFile('C:\WINDOWS\system32\Tasks\Microsoft\Windows\Multimedia\Manager','64');
DeleteFile('C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\RegisterObject','64');
DeleteFile('C:\WINDOWS\system32\Tasks\hda\ravcpl64','64');
DeleteFile('C:\WINDOWS\system32\Tasks\302G455G644r994','64');
ExecuteFile('schtasks.exe', '/delete /TN "mrupdsrv" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "302G455G644r994" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "ravcpl64" /F', 0, 15000, true);
DeleteFileMask('C:\ProgramData\302G455G644r994','*', true);
DeleteDirectory('C:\ProgramData\302G455G644r994');
ExecuteSysClean;
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
RebootWindows(true);
end.
Start
CreateRestorePoint:
HKU\S-1-5-21-2849475924-2855329070-3449528083-1002\...\MountPoints2: {8bd68c56-cb8e-11e4-bf05-dc85de6a2ed6} - "F:\LG_PC_Programs.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2849475924-2855329070-3449528083-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2849475924-2855329070-3449528083-1002 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\qkx2apfd.default -> РџРѕРёСЃРє@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\qkx2apfd.default -> РџРѕРёСЃРє@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\qkx2apfd.default -> hxxp://mail.ru/cnt/10445?gp=832110
FF Keyword.URL: Mozilla\Firefox\Profiles\qkx2apfd.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7BF40000BA-6BA6-460F-9B66-CBE5EE5EC3C6%7D&gp=832111
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Юля\AppData\Roaming\Mozilla\Firefox\Profiles\qkx2apfd.default\Extensions\homepage@mail.ru [2017-03-29]
FF Extension: (Поиск@Mail.Ru) - C:\Users\Юля\AppData\Roaming\Mozilla\Firefox\Profiles\qkx2apfd.default\Extensions\search@mail.ru [2017-03-29]
FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Юля\AppData\Roaming\Mozilla\Firefox\Profiles\qkx2apfd.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-03-29]
FF SearchPlugin: C:\Users\Юля\AppData\Roaming\Mozilla\Firefox\Profiles\qkx2apfd.default\searchplugins\mailru.xml [2017-03-29]
CHR HomePage: Default -> hxxps://mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811021"
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7BC5CA443B-5C5B-40C1-8EEB-B1961D2BB027%7D&gp=832111
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Юля\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof [2017-03-26]
CHR Extension: (No Name) - C:\Users\Юля\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpgllbnilfcbckbdchjcfgopijgllcm [2017-03-25]
CHR Extension: (No Name) - C:\Users\Юля\AppData\Local\Google\Chrome\User Data\Default\Extensions\necfmkplpminfjagblfabggomdpaakan [2017-03-25]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\Юля\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2017-03-26]
CHR Extension: (Быстрый поиск) - C:\Users\Юля\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilhebpjhnjaeghedpjnmajajlcfdjgc [2017-03-29]
CHR Extension: (Mail.Ru) - C:\Users\Юля\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd [2017-03-26]
CHR HKU\S-1-5-21-2849475924-2855329070-3449528083-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [odijcgafkhpobjlnfdgiacpdenpmbgme] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2849475924-2855329070-3449528083-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [phkdcinmmljblpnkohlipaiodlonpinf] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2849475924-2855329070-3449528083-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pmpoaahleccaibbhfjfimigepmfmmbbk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdpgllbnilfcbckbdchjcfgopijgllcm] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [necfmkplpminfjagblfabggomdpaakan] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oilhebpjhnjaeghedpjnmajajlcfdjgc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
2017-03-26 11:11 - 2017-03-26 11:15 - 00000000 ____D C:\Users\Все пользователи\ProductData
2017-03-26 11:11 - 2017-03-26 11:15 - 00000000 ____D C:\ProgramData\ProductData
2017-03-26 11:11 - 2017-03-26 11:13 - 00000000 ____D C:\Users\Юля\AppData\LocalLow\IObit
2017-03-26 11:11 - 2017-03-26 11:11 - 00027552 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2017-03-26 11:11 - 2017-03-26 11:11 - 00003008 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Юля)
2017-03-26 11:11 - 2017-03-26 11:11 - 00000000 ____D C:\WINDOWS\IObit
2017-03-26 11:11 - 2017-03-26 11:11 - 00000000 ____D C:\Users\Юля\AppData\Roaming\IObit
2017-03-26 11:11 - 2017-03-26 11:11 - 00000000 ____D C:\Users\Все пользователи\IObit
2017-03-26 11:11 - 2017-03-26 11:11 - 00000000 ____D C:\ProgramData\IObit
2017-03-26 11:10 - 2017-03-26 11:15 - 00000000 ____D C:\Program Files (x86)\System Tools 8.4.11
2017-03-26 11:10 - 2017-03-26 11:10 - 00000000 ____D C:\Users\Юля\AppData\Roaming\System Tools
2017-03-26 10:31 - 2017-03-26 10:41 - 00000000 ____D C:\Users\Юля\AppData\LocalLow\Unity
2017-03-26 10:31 - 2017-03-26 10:41 - 00000000 ____D C:\Users\Юля\AppData\Local\Unity
Task: {0A4701F1-41D4-4CCD-9E53-0922634E37D2} - \WPD\SqmUpload_S-1-5-21-2849475924-2855329070-3449528083-1002 -> No File <==== ATTENTION
Task: {31534996-E07C-46D5-93F5-4240213FC1BD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3CDE60CF-20B4-4CEF-A1D4-2750AADC84F3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4E08BA2A-40C4-4076-9103-8F36D2705540} - \hda\ravcpl64 -> No File <==== ATTENTION
Task: {52D91E9A-9567-42F2-A5E9-D7A170396419} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6AA3CD60-D616-4933-AC37-2E9FF8765125} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7491F904-0DD1-415A-8342-42BC061AFB1D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7F5E2107-84FC-4E89-812B-A8761C6DDE2C} - System32\Tasks\Driver Booster SkipUAC (Юля) => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe
Task: {86CB4CF7-1AD5-4E87-8678-E1B95CA4774B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8BB365E6-5E9D-4EE1-9CD9-0E2BC6B54EC6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9351145E-A391-4470-BCB4-100FBECF817E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9BEA5973-247C-4F08-89B1-AB251D2DB75D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BBB66DF9-E86E-4177-897C-9394E26BE6C4} - \update service\mrupdsrv -> No File <==== ATTENTION
Task: {D2BDAFED-9875-4DB6-B951-3585797BF7CC} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D5A05EC5-8E21-4122-87B9-73F4FFA45581} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E607DE4D-7FD3-4F88-BD9F-0E7EA85B7D1A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
EmptyTemp:
Reboot:
end
Для другого компьютера создайте отдельную тему и выполните начальные правила.могу ли я проверить второй комп этими программами?
Не ответили.Если проблем не осталось
Проблем касательно вирусов нет.Для другого компьютера создайте отдельную тему и выполните начальные правила.
Не ответили.
это скрипт для удаления драйвера AVZВыполнила скрипт 6
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?