Follow along with the video below to see how to install our site as a web app on your home screen.
Примечание: This feature may not be available in some browsers.
Chrome Search
AnySend
Download Manager Packages
SpaceSoundPro
SVH
yoursearching
Интернет
DriverPack Solution Updater
EasySaver B9.0904.1
Free YouTube Download version 3.2.61.805
MiPony 2.0.2
MKVtoolnix 4.9.1
Unity Web Player
VKMusic 4
Windows Internet Explorer 8
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\windows\system32\searchprotectservice.exe');
TerminateProcessByName('c:\program files\win32_computersystemproduct-1455554885---\knsa170.tmpfs');
StopService('vusefyxezbt');
StopService('SPS');
QuarantineFile('C:\Program Files\max driver updater\idscservice.exe', '');
QuarantineFile('C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol', '');
QuarantineFile('C:\WINDOWS\system32\GroupPolicy\Machine\R', '');
QuarantineFileF('C:\Program Files\Win32_ComputerSystemProduct-1455554885---', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.com', true, '', 0, 0);
QuarantineFile('c:\windows\system32\searchprotectservice.exe', '');
QuarantineFile('c:\program files\win32_computersystemproduct-1455554885---\knsa170.tmpfs', '');
QuarantineFile('c:\program files\raydld\ihpmserver.exe', '');
DeleteFile('c:\program files\win32_computersystemproduct-1455554885---\knsa170.tmpfs', '32');
DeleteFile('C:\WINDOWS\system32\SearchProtectService.exe', '32');
DeleteFile('C:\WINDOWS\system32\GroupPolicy\Machine\R', '32');
DeleteFile('C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol', '32');
DeleteService('vusefyxezbt');
DeleteService('SPS');
DeleteFileMask('C:\Program Files\Win32_ComputerSystemProduct-1455554885---', '*', true);
DeleteDirectory('C:\Program Files\Win32_ComputerSystemProduct-1455554885---');
DelBHO('{0633EE93-D776-472f-A0FF-E1416B8B2E3D}');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'C');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Flash Player SU', 'command');
ClearHostsFile;
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(3);
ExecuteRepair(4);
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
O4 - MSConfig..HKLM: /0/0 [Adobe Flash Player SU] C:\Windows\System32\cmd.exe /k if %date:~6,4%%date:~3,2%%date:~0,2% LEQ 20130606 (exit) else (start http://lyll.net/ && exit)
O4 - HKLM\..\Run: [SpaceSoundPro] "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
O4 - HKLM\..\Run: [rec_en_77] "C:\Program Files\rec_en_77\rec_en_77.exe"
"C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk"
"C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk"
"C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk"
"C:\Documents and Settings\All Users\Главное меню\Программы\Google Chrome.lnk"
"C:\Documents and Settings\All Users\Главное меню\Программы\Mozilla Firefox.lnk"
"C:\Documents and Settings\All Users\Главное меню\Программы\Opera.lnk"
тогда все те программы что я перечислил удалите если установились самостоятельно и вы их не используете.Кроме VKMusic 4, все установилось произвольно и ранее не было(
FF Extension: The best games in one place - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wxyem20y.HOME-324AA7A7EE\Extensions\playgame@zugaramedia.com.xpi [2014-04-27] [not signed]
FF Extension: FirefixTab - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wxyem20y.HOME-324AA7A7EE\Extensions\deskCutv2@gmail.com [2016-02-15] [not signed]
start
CreateRestorePoint:
(RayDl) C:\Program Files\RayDld\ihpmServer.exe
HKLM\...\Run: [sun3] => [X]
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2052111302-1275210071-682003330-1004\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2052111302-1275210071-682003330-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://smartsputnik.ru/?ri=1&uid=1844f7797946621bdf15ecbe9445dedf&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2052111302-1275210071-682003330-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://smartsputnik.ru/?ri=1&uid=1844f7797946621bdf15ecbe9445dedf&q=
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll => No File
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-2052111302-1275210071-682003330-1004 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
FF NewTab: hxxp://www.yoursearching.com/newtab/?type=nt&ts=1455554781&z=00baf4dd8f39715037949dfgczawfwdw4wezfmbbdg&from=itr&uid=wdcxwd3200aaks-00b3a0_wd-wcat1000172301723
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wxyem20y.HOME-324AA7A7EE\searchplugins\yoursearching.xml [2016-02-15]
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/7993/","hxxp://www.rambler.ru/?utm_source=r33&utm_medium=distribution&utm_content=e08&utm_campaign=c03","hxxp://www.yandex.ru/?
win=78&clid=1976506","hxxp://www.yoursearching.com/?type=hp&ts=1455554781&z=00baf4dd8f39715037949dfgczawfwdw4wezfmbbdg&from=itr&uid=wdcxwd3200aaks-00b3a0_wd-wcat1000172301723"
R2 ihpmServer; C:\Program Files\RayDld\ihpmServer.exe [264944 2016-02-03] (RayDl)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
S2 zomyfibyzbt; C:\Program Files\Win32_ComputerSystemProduct-1455554885---\knsm176.tmp [X]
2016-02-16 08:33 - 2016-02-16 19:59 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-02-16 08:33 - 2016-02-16 09:09 - 00000000 ____D C:\Program Files\360
2016-02-16 08:33 - 2016-02-16 08:33 - 00000000 ____D C:\Program Files\rec_en_77
2016-02-16 08:33 - 2016-02-16 08:33 - 00000000 ____D C:\Program Files\Max Driver Updater
2016-02-15 20:52 - 2016-02-15 20:52 - 00000000 ____D C:\Documents and Settings\User\Application Data\ProductData
2016-02-15 20:51 - 2016-02-15 20:51 - 00000000 ____D C:\Program Files\Common Files\IObit
2016-02-15 20:51 - 2016-02-15 20:51 - 00000000 ____D C:\Documents and Settings\User\AppData\LocalLow\IObit
2016-02-15 20:51 - 2016-02-15 20:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2016-02-15 20:51 - 2016-02-15 20:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2016-02-15 20:50 - 2016-02-16 08:26 - 00000000 ____D C:\Program Files\IObit
2016-02-15 20:50 - 2016-02-15 20:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2016-02-15 20:50 - 2016-02-15 20:51 - 00000000 ____D C:\Documents and Settings\User\Application Data\IObit
2016-02-15 20:48 - 2016-02-16 21:12 - 00000000 ____D C:\Program Files\Win32_ComputerSystemProduct-1455554885---
2016-02-15 20:47 - 2016-02-15 20:47 - 00000000 ____D C:\Program Files\RayDld
S1 qutmipc; C:\WINDOWS\system32\drivers\qutmipc.sys [53960 2016-02-01] (360.cn)
cmd: del /q (RayDl) C:\Program Files\RayDld
EmptyTemp:
Reboot:
end