begin
QuarantineFile('D:\GAMES\Half-Life\Half-Life Engine\Launcher_ActionHL.bat','');
QuarantineFile('D:\GAMES\Half-Life\Half-Life Engine\Launcher_HL.bat','');
QuarantineFile('D:\GAMES\Half-Life\Half-Life Engine\Launcher_Paranoia.bat','');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
DelBHO('{8DAE90AD-4583-4977-9DD4-4360F7A45C74}');
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
RebootWindows(false);
end.
start
CreateRestorePoint:
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\Users\Все пользователи\TEMP:1CE11B51
FirewallRules: [TCP Query User{97F985B8-EADD-42B8-841B-4C539A5EFB21}C:\users\администратор\appdata\local\mediaget2\mediaget.exe] => (Block) C:\users\администратор\appdata\local\mediaget2\mediaget.exe
FirewallRules: [UDP Query User{9532B49C-DAD0-4811-BC56-EBED21122833}C:\users\администратор\appdata\local\mediaget2\mediaget.exe] => (Block) C:\users\администратор\appdata\local\mediaget2\mediaget.exe
FirewallRules: [TCP Query User{71F696DD-DADE-4089-8522-89D168595076}C:\users\администратор\appdata\local\microsoft\windows\temporary internet files\content.ie5\clp8dc1h\ffinstonline.exe] => (Allow) C:\users\администратор\appdata\local\microsoft\windows\temporary internet files\content.ie5\clp8dc1h\ffinstonline.exe
FirewallRules: [UDP Query User{4F63D218-712B-4490-839A-BAB947AFECCB}C:\users\администратор\appdata\local\microsoft\windows\temporary internet files\content.ie5\clp8dc1h\ffinstonline.exe] => (Allow) C:\users\администратор\appdata\local\microsoft\windows\temporary internet files\content.ie5\clp8dc1h\ffinstonline.exe
HKU\S-1-5-21-2969046192-2865156414-2880596095-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-2969046192-2865156414-2880596095-500\...\MountPoints2: {e1d83ec0-b29a-11e3-a425-806e6f6e6963} - J:\Autorun.exe
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR HKLM-x32\...\Chrome\Extension: [ifpjamfehjeobjanpappgckkmnhjnpgi] - C:\Users\Администратор\AppData\Roaming\Crx\Files\ifpjamfehjeobjanpappgckkmnhjnpgi_0.1.3.5.crx [2014-08-17]
EmptyTemp:
Reboot:
end
var
LogPath : string;
ScriptPath : string;
begin
LogPath := GetAVZDirectory + 'log\avz_log.txt';
if FileExists(LogPath) Then DeleteFile(LogPath);
ScriptPath := GetAVZDirectory +'ScanVuln.txt';
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 1) then ExecuteScript(ScriptPath) else begin
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 0) then ExecuteScript(ScriptPath) else begin
ShowMessage('Невозможно загрузить скрипт AVZ для обнаружения наиболее часто используемых уязвимостей!');
exit;
end;
end;
if FileExists(LogPath) Then ExecuteFile('notepad.exe', LogPath, 1, 0, false)
end.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?