begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\10.10.16434.218\taoframe.exe');
TerminateProcessByName('c:\users\garry\downloads\rukovodstvo.exe');
TerminateProcessByName('C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe');
StopService('QMUdisk');
StopService('QQSysMonX64');
StopService('TAOAccelerator');
StopService('TAOKernelDriver');
StopService('TFsFlt');
StopService('TSSKX64');
StopService('contentdefenderdrv');
StopService('ContentDefender');
StopService('QQPCRTP');
QuarantineFile('C:\Windows\SYSWOW64\drivers\TS888x64.sys', '');
QuarantineFile('C:\ProgramData\UqMDwpaThpShbh\m5.bat', '');
QuarantineFile('C:\ProgramData\QwhMAf\Y0.bat', '');
QuarantineFile('C:\Windows\system32\drivers\contentdefenderdrv.sys', '');
QuarantineFile('C:\Windows\System32\drivers\tsskx64.sys', '');
QuarantineFile('C:\Windows\system32\Drivers\TFsFltX64.sys', '');
QuarantineFile('C:\Windows\system32\Drivers\TAOKernel64.sys', '');
QuarantineFile('C:\Windows\system32\Drivers\TAOAccelerator64.sys', '');
QuarantineFile('c:\users\garry\downloads\rukovodstvo.exe', '');
QuarantineFileF('C:\Users\Garry\AppData\Local\Amigo', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\UqMDwpaThpShbh', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\QwhMAf ', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\Tencent', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
QuarantineFileF('C:\Program Files\Common Files\Tencent ', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
QuarantineFileF('C:\Users\Garry\AppData\Roaming\Tencent', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\Tencent ', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\vDaqjRFGwQnEC', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\TXQMPC', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0, 0);
DeleteFile('c:\users\garry\downloads\rukovodstvo.exe', '32');
DeleteFile('C:\Windows\system32\Drivers\TAOAccelerator64.sys', '32');
DeleteFile('C:\Windows\system32\Drivers\TAOKernel64.sys', '32');
DeleteFile('C:\Windows\system32\Drivers\TFsFltX64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\contentdefenderdrv.sys', '32');
DeleteFile('C:\Windows\system32\drivers\tsskx64.sys', '32');
DeleteService('QMUdisk');
DeleteService('QQSysMonX64');
DeleteService('TAOAccelerator');
DeleteService('TAOKernelDriver');
DeleteService('TFsFlt');
DeleteService('TSSKX64');
DeleteService('contentdefenderdrv');
DeleteService('ContentDefender');
DeleteService('QQPCRTP');
DeleteFileMask('C:\Users\Garry\AppData\Local\Amigo', '*', true);
DeleteFileMask('C:\ProgramData\UqMDwpaThpShbh ', '*', true);
DeleteFileMask('C:\ProgramData\QwhMAf ', '*', true);
DeleteFileMask('C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218 ', '*', true);
DeleteFileMask('C:\Program Files (x86)\Tencent\QQPCMgr ', '*', true);
DeleteFileMask('C:\Program Files (x86)\Tencent ', '*', true);
DeleteFileMask('C:\Program Files\Common Files\Tencent ', '*', true);
DeleteFileMask('C:\Users\Garry\AppData\Roaming\Tencent', '*', true);
DeleteFileMask('C:\ProgramData\Tencent ', '*', true);
DeleteFileMask('C:\ProgramData\vDaqjRFGwQnEC ', '*', true);
DeleteFileMask('C:\ProgramData\TXQMPC ', '*', true);
DeleteDirectory('C:\Users\Garry\AppData\Local\Amigo');
DeleteDirectory('C:\ProgramData\UqMDwpaThpShbh ');
DeleteDirectory('C:\ProgramData\QwhMAf');
DeleteDirectory('C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218');
DeleteDirectory('C:\Program Files (x86)\Tencent\QQPCMgr');
DeleteDirectory('C:\Program Files (x86)\Tencent ');
DeleteDirectory('C:\Program Files\Common Files\Tencent');
DeleteDirectory('C:\Users\Garry\AppData\Roaming\Tencent ');
DeleteDirectory('C:\ProgramData\Tencent ');
DeleteDirectory('C:\ProgramData\vDaqjRFGwQnEC');
DeleteDirectory('C:\ProgramData\TXQMPC');
DelBHO('{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'QQPCTray');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Не спешите, все успеем)Прошу прощения за задержку...
в первом логе у вас следы от Amigo это вы самостоятельно устанавливали?
"C:\Users\Garry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk"
"C:\Users\Garry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk"
"C:\Users\Garry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk"
"C:\Users\Garry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk"
"C:\Users\Garry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk"
"C:\Users\Garry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk"
"C:\Users\Garry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Вконтакте.lnk"
"C:\Users\Garry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk"
"C:\Users\Garry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Амиго.lnk"
;uVS v3.86.5 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v385c
breg
sreg
zoo %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\QQPCRTP.EXE
bl F3A9ADD5A50D8629BEFFC03C5B94E5B5 301728
addsgn 1A49739A5583EE8FF42BC4A50CF8DC47256228F789FA9C1D79C33AF140AE4BC76E1FE81A32DCD041D4D59074AB9D0C16F49A0CF9103E3B2CA43244A482E6A34B 64 tencent
unload %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\QQPCRTP.EXE
delall %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\QQPCRTP.EXE
unload %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\ODAYPROTECT.DLL
bl EE0314F9E4A035144346C8C7F4AC6A51 18784
zoo %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\ODAYPROTECT.DLL
delall %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\ODAYPROTECT.DLL
bl 421C26F38F286D01547789FA644A599C 63840
addsgn 71905392541F499A5ED7AEB19BBC3601AEC6D8E602AE3B746D0E3B43AF8FB340237FFE053E45F9B61E80849F469D0DDE6D5684564557DC083D5C447C9151836F 64 tencent
zoo %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\PLUGINS\QMIEMALRTPPLUGIN\QMIEMALRTPPLUGIN.DLL
unload %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\PLUGINS\QMIEMALRTPPLUGIN\QMIEMALRTPPLUGIN.DLL
delall %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\PLUGINS\QMIEMALRTPPLUGIN\QMIEMALRTPPLUGIN.DLL
addsgn 71905392541F499A17D0AEB19BBC3601AEC6D8E602AE3B746D0E3B43AF8FB34023DB3C7246569F59D4A5049C4406B6DFF9DCEA623FCAD8EC5275B4C79B062273 64 tencent
zoo %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\QQFILEFLT.DLL
bl C2FC17493DD2309F5212D4FFD5FEDBEA 203104
delall %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\QQFILEFLT.DLL
addsgn 71905392541F499AF0D7AEB19BBC3601AEC6D8E602AE3B746D0E3B43AF8FB340234248BBBFB9B54A2B80278FB810597370D316744553A524D371B4A6DA02DC75 64 tencent
zoo %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\SQLITE.DLL
unload %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\SQLITE.DLL
bl FBA2C8E98479CA22B40FE48A4354E234 481632
delall %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\SQLITE.DLL
addsgn 71905392541F499A1ED0AEB19BBC3601AEC6D8E602AE3B746D0E3B43AF8FB340234248BBBFB9B54A2B8027EFD416597370B37A724553A544BF77B4A6DA62B073 64 tencent
zoo %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\PLUGINS\SYSSPEEDUPRTPPLUGIN\SYSSPEEDUPRTPPLUGIN.DLL
bl BD36627974E508860C76F9BB0561F906 39776
delall %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\PLUGINS\SYSSPEEDUPRTPPLUGIN\SYSSPEEDUPRTPPLUGIN.DLL
addsgn 71905392541F499A34D0AEB19BBC3601AEC6D8E602AE3B746D0E3B43AF8FB340234248BBBFB9B54A2B80277774175973703BDA734553A5CC1F76B4A6DADA1072 64 tencent
zoo %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\TINYXML.DLL
unload %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\TINYXML.DLL
delall %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\TINYXML.DLL
addsgn 71905392541F499A32D0AEB19BBC3601AEC6D8E602AE3B746D0E3B43AF8FB340234248BBBFB9B54A2B8027FF571759737083F9734553A5743C76B4A6DA523372 64 tencent
zoo %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\ZLIB.DLL
bl BD6C48BA68DAEB86833AA6B850541F2C 88416
unload %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\ZLIB.DLL
delall %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\ZLIB.DLL
addsgn 79132211B9E9317E0AA1AB596CC412057863750B7605D3B4490F0943754A604C33DB0F9BF29951B60E18959F56DA8536B113D37FED7AB03C5874662FC7EF4E7F 64 tencent
zoo %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\COMMUNIC.DLL
bl D8B6BDB55EF5F2314F5A90863B8283BA 48480
unload %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\COMMUNIC.DLL
delall %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\COMMUNIC.DLL
deldir %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\SOFTMGR
deldir %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\PLUGINS
deldir %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\QMTRAYPLUGIN\QMPERFCTRL
unload %Sys32%\DRIVERS\TFSFLTX64.SYS
addsgn BA6F9BB219E18E3E801D46249B37ED4CAE5AB57D40B29CBCAD2A534AAF29BD80EFDB0F9BF2995185E74C48531A161DFA3BDF9B7213DADC2C5977F42FA8065073 64 tencent
zoo %Sys32%\DRIVERS\TFSFLTX64.SYS
bl 510466333F1647D444742819E7DE951F 87864
delall %Sys32%\DRIVERS\TFSFLTX64.SYS
addsgn BA6F9BB219E18E3E801D46249B37ED4CAE5AB57D40B29CBCAD2ADF3DAF29BD809387C3573E559D492B80849FB68449FA7D8FE87255DAB02C2D77A42FC7062273 64 tencent
zoo %SystemRoot%\SYSWOW64\DRIVERS\TS888X64.SYS
bl 6B9604161D983AB026EF1CB1EC19FE8C 28984
delall %SystemRoot%\SYSWOW64\DRIVERS\TS888X64.SYS
addsgn 71905392541F499A75D2AFB19BBC3601AEC6D8E602AE3B746D2E3B43AF8FB340239C87733A03AEBF1046F183AE025FFA7D89BE24038C772C3B77A42F2FC29B8C 64 tencent
zoo %SystemDrive%\PROGRAMDATA\TENCENT\TSVULFW\TSVULFW.DAT
bl 30C07F6A49E9709AD7002EDA6A368BA0 665952
delall %SystemDrive%\PROGRAMDATA\TENCENT\TSVULFW\TSVULFW.DAT
addsgn 71905392541F499A4BDDAFB19BBC3601AEC6D8E602AE3B746D2E3B43AF8FB340234148231A5D18BF57896CE3461649C14DA3EF9A26DAB02CA6474C5DC70622F8 64 tencent
zoo %SystemDrive%\PROGRAM FILES (X86)\COMMON FILES\TENCENT\QQDOWNLOAD\130\DLCORE.DLL
bl 1123CC85FF12A2A9C44395E5362220CF 2211384
delall %SystemDrive%\PROGRAM FILES (X86)\COMMON FILES\TENCENT\QQDOWNLOAD\130\DLCORE.DLL
delref %SystemDrive%\USERS\GARRY\APPDATA\LOCAL\AMIGO\APPLICATION\AMIGO.EXE
delref %SystemDrive%\USERS\GARRY\APPDATA\LOCAL\AMIGO\APPLICATION\OK.EXE
delref %SystemDrive%\USERS\GARRY\APPDATA\LOCAL\AMIGO\APPLICATION\VK.EXE
addsgn 79132211B9E9317E0AA1AB5958CC1205DAFFF47DC4EA942D892B0942AF292811E11BC33D2A3D45802F906C48471649791823E88D18CAC816A63AAC048A0AAB3E 64 tencent
zoo %SystemDrive%\USERS\GARRY\APPDATA\ROAMING\TENCENT\ANDROIDSERVER\1.0.0.485\ANDROIDDEVICE.DLL
bl 8BB90D087B1F21C8C16413E16669F485 367672
delall %SystemDrive%\USERS\GARRY\APPDATA\ROAMING\TENCENT\ANDROIDSERVER\1.0.0.485\ANDROIDDEVICE.DLL
deldir %SystemDrive%\USERS\GARRY\APPDATA\ROAMING\TENCENT\ANDROIDSERVER\1.0.0.485
addsgn BA6523BE4522C53E2FDCE6308840120525C23BB2ADBA1F7885C303F874A671A47F2EC35731E35DCCEBF48E274716493A9457E97255923D394908A42F8F8B6E57 64 tencent
zoo %Sys32%\DRIVERS\TAOACCELERATOR64.SYS
bl D4AEDDCC80AE2781A1E0C89484C27D4B 99640
unload %Sys32%\DRIVERS\TAOACCELERATOR64.SYS
delall %Sys32%\DRIVERS\TAOACCELERATOR64.SYS
addsgn 1A5BB19A55835B8CF42B69B088CB5F05CC9E4A0976AC948942C529BF1DD6994A95E83CA17A7195485F87D27706A2B60524542E2C97DEB07A7AFCD80BCB8D6577 64
zoo %SystemDrive%\PROGRAM FILES (X86)\COMMON FILES\TENCENT\QQDOWNLOAD\130\TENCENTDL.EXE
bl 16E27465FC02E6974704FD2187E92144 1097272
delall %SystemDrive%\PROGRAM FILES (X86)\COMMON FILES\TENCENT\QQDOWNLOAD\130\TENCENTDL.EXE
addsgn BA6523BE4522C53E2FDCE63288F0D54101AEFDF6893AD83CA1E3C5BC50D69941DBE83C1BB509B90967099966FE164912F129178D929E940C2D77A42F2C0DA937 64 tencent
zoo %Sys32%\DRIVERS\TAOKERNEL64.SYS
bl EB42B24ACCB1E700AC00912EA2F3C2D2 174392
unload %Sys32%\DRIVERS\TAOKERNEL64.SYS
delall %Sys32%\DRIVERS\TAOKERNEL64.SYS
deldir %SystemDrive%\PROGRAMDATA\VDAQJRFGWQNEC
deldir %SystemDrive%\PROGRAMDATA\UQMDWPATHPSHBH
deldir %SystemDrive%\PROGRAMDATA\QWHMAF
deldir %SystemDrive%\PROGRAM FILES (X86)\COMMON FILES\TENCENT
deldir %SystemDrive%\USERS\GARRY\APPDATA\ROAMING\TENCENT\
deldir %SystemDrive%\PROGRAMDATA\TENCENT\
deldir %SystemDrive%\PROGRAM FILES (X86)\TENCENT
czoo
chklst
delvir
deltmp
areg
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
StopService('TSSKX64');
StopService('TFsFlt');
StopService('TAOKernelDriver');
StopService('TAOAccelerator');
StopService('QQSysMonX64');
StopService('QMUdisk');
StopService('contentdefenderdrv');
StopService('QQPCRTP');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRtp.exe', '32');
DeleteFile('C:\Windows\system32\drivers\tsskx64.sys', '32');
DeleteFile('C:\Windows\system32\Drivers\TFsFltX64.sys', '32');
DeleteFile('C:\Windows\system32\Drivers\TAOKernel64.sys', '32');
DeleteFile('C:\Windows\system32\Drivers\TAOAccelerator64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQSysMonX64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUdisk64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe', '32');
DeleteFileMask('C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218','*', true);
DeleteFileMask('C:\Program Files (x86)\Tencent\QQPCMgr','*', true);
DeleteFileMask('C:\Program Files (x86)\Tencent','*', true);
DeleteFileMask('C:\Program Files\Common Files\Tencent ', '*', true);
DeleteFileMask('C:\Users\Garry\AppData\Roaming\Tencent', '*', true);
DeleteFileMask('C:\ProgramData\Tencent ', '*', true);
DeleteFileMask('C:\ProgramData\TXQMPC ', '*', true);
DeleteDirectory('C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218');
DeleteDirectory('C:\Program Files (x86)\Tencent\QQPCMgr');
DeleteDirectory('C:\Program Files (x86)\Tencent ');
DeleteDirectory('C:\Program Files\Common Files\Tencent');
DeleteDirectory('C:\Users\Garry\AppData\Roaming\Tencent ');
DeleteDirectory('C:\ProgramData\Tencent ');
DeleteDirectory('C:\ProgramData\TXQMPC');
DeleteService('TSSKX64');
DeleteService('TFsFlt');
DeleteService('TAOKernelDriver');
DeleteService('TAOAccelerator');
DeleteService('QQSysMonX64');
DeleteService('QMUdisk');
DeleteService('QQPCRTP');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'QQPCTray');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
;uVS v3.86.5 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v385c
;------------------------autoscript---------------------------
sreg
delref %Sys32%\DRIVERS\TFSFLTX64.SYS
del %Sys32%\DRIVERS\TFSFLTX64.SYS
delref %SystemDrive%\USERS\GARRY\APPDATA\LOCAL\AMIGO\APPLICATION\32.0.1723.105\DELEGATE_EXECUTE.EXE
delref %SystemDrive%\PROGRAMDATA\TENCENT\TSVULFW\TSVULFW.DAT
del %SystemDrive%\PROGRAMDATA\TENCENT\TSVULFW\TSVULFW.DAT
delref %SystemDrive%\PROGRAMDATA\TENCENT\TSVULFW\TSVULFWX64.DAT
del %SystemDrive%\PROGRAMDATA\TENCENT\TSVULFW\TSVULFWX64.DAT
deldir %SystemDrive%\PROGRAMDATA\TENCENT
delref %SystemRoot%\SYSWOW64\DRIVERS\TS888X64.SYS
del %SystemRoot%\SYSWOW64\DRIVERS\TS888X64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\NPQMEXTENSIONSMOZILLA.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\QMCONTEXTUNINSTALL64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\TSWEBMON64.DAT
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\QMCONTEXTSCAN64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\QMGCSHELLEXT64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\QQSYSMONX64.SYS
deltmp
areg
;-------------------------------------------------------------
Отлично, китаец почти удаленСкрипт выполнил.
Лог прикрепил.
;uVS v3.86.5 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v385c
breg
sreg
zoo %Sys32%\DRIVERS\TFSFLTX64.SYS
addsgn BA6F9BB219E18E3E801D46249B37ED4CAE5AB57D40B29CBCAD2A534AAF29BD80EFDB0F9BF2995185E74C48531A161DFA3BDF9B7213DADC2C5977F42FA8065073 64 tencent
zoo %SystemDrive%\PROGRAMDATA\TENCENT\TSVULFW\TSVULFW.DAT
addsgn 71905392541F499A75D2AFB19BBC3601AEC6D8E602AE3B746D2E3B43AF8FB340239C87733A03AEBF1046F183AE025FFA7D89BE24038C772C3B77A42F2FC29B8C 64 tencent
zoo %SystemRoot%\SYSWOW64\DRIVERS\TS888X64.SYS
addsgn BA6F9BB219E18E3E801D46249B37ED4CAE5AB57D40B29CBCAD2ADF3DAF29BD809387C3573E559D492B80849FB68449FA7D8FE87255DAB02C2D77A42FC7062273 64 tencent
bl 510466333F1647D444742819E7DE951F 87864
delall %Sys32%\DRIVERS\TFSFLTX64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\NPQMEXTENSIONSMOZILLA.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\QQSYSMONX64.SYS
bl 6B9604161D983AB026EF1CB1EC19FE8C 28984
delall %SystemRoot%\SYSWOW64\DRIVERS\TS888X64.SYS
bl 30C07F6A49E9709AD7002EDA6A368BA0 665952
delall %SystemDrive%\PROGRAMDATA\TENCENT\TSVULFW\TSVULFW.DAT
addsgn BA652BBE5D22C5062FC4F9F9E7243286DF8BB57D7171C5300E32B0B9B899224C235B4890B586D5C2E5C80FC36226017109FBD03AD61E9073C4F45AD038CAEEBF 64 tencent
zoo %SystemDrive%\PROGRAMDATA\TENCENT\TSVULFW\TSVULFWX64.DAT
bl 40BDAAFB70596C94CB58D21D3BCDFA62 127840
delall %SystemDrive%\PROGRAMDATA\TENCENT\TSVULFW\TSVULFWX64.DAT
delref %SystemDrive%\PROGRAM FILES (X86)\COMMON FILES\TENCENT\QQDOWNLOAD\130\TENCENTDL.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\TSWEBMON64.DAT
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\QMCONTEXTSCAN64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\QMCONTEXTUNINSTALL64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\TENCENT\QQPCMGR\10.10.16434.218\QMGCSHELLEXT64.DLL
deldir %SystemDrive%\PROGRAMDATA\TENCENT\TSVULFW\
deldir %SystemDrive%\PROGRAMDATA\TENCENT\
czoo
chklst
delvir
areg
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?