Различия

Показаны различия между двумя версиями страницы.

--- windows:virils:qqpcmgr [2016/02/12 19:40] – [Требуемые программы] mirocow
+++ windows:virils:qqpcmgr [2016/02/12 19:55] (текущий) – mirocow
@@ Строка 64: / Строка 64: @@
 BC_Activate;
 RebootWindows(false);
+end.
+</code>
+<code>
+begin
+ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
+ TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\10.6.15950.224\qqpcrtp.exe');
+ StopService('TSSysKit');
+ StopService('TSDefenseBt');
+ StopService('TSCPM');
+ StopService('QQSysMonX64');
+ StopService('QQPCRTP');
+ QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\plugins\FileSmash\QMSoftExt64.dll','');
+ QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\plugins\FileSmash\QMSoftExt.dll','');
+ QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\QQPCTray.exe','');
+ QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\QMContextUninstall64.dll','');
+ QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\TSSysKit64.sys','');
+ QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\TSDefenseBT64.sys','');
+ QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\tscpm64.sys','');
+ QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\QQSysMonX64.sys','');
+ QuarantineFile('C:\Program Files (x86)\IGS\CCL.exe','');
+ QuarantineFile('c:\program files (x86)\tencent\qqpcmgr\10.6.15950.224\qqpcrtp.exe','');
+ QuarantineFile('C:\Users\al.NWTRUSSIA\AppData\Roaming\Browsers\exe.erolpxei.bat', '');
+ QuarantineFile('C:\Users\al.NWTRUSSIA\AppData\Roaming\newSI_649\s_inst.exe', '');
+ DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\QQPCRTP.exe','32');
+ DeleteFile('C:\Program Files (x86)\IGS\CCL.exe','32');
+ DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\QQSysMonX64.sys','32');
+ DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\tscpm64.sys','32');
+ DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\TSDefenseBT64.sys','32');
+ DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\TSSysKit64.sys','32');
+ DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\QMContextUninstall64.dll','32');
+ DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\QQPCTray.exe','32');
+ DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\plugins\FileSmash\QMSoftExt.dll','32');
+ DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\plugins\FileSmash\QMSoftExt64.dll','32');
+ DeleteFile('C:\windows\Tasks\newSI_649.job', '64');
+ DeleteFile('C:\windows\system32\Tasks\newSI_649', '64');
+ DeleteFile('C:\Users\al.NWTRUSSIA\AppData\Roaming\Browsers\exe.erolpxei.bat', '32');
+ DeleteFile('C:\Users\al.NWTRUSSIA\AppData\Roaming\newSI_649\s_inst.exe', '32');
+ DeleteService('TSSysKit');
+ DeleteService('TSDefenseBt');
+ DeleteService('TSCPM');
+ DeleteService('QQSysMonX64');
+ DeleteService('CCL');
+ DeleteService('QQPCRTP');
+ DeleteFileMask('C:\Users\al.NWTRUSSIA\AppData\Roaming\newSI_649\', '*', true);
+ DeleteDirectory('C:\Users\al.NWTRUSSIA\AppData\Roaming\newSI_649\');
+ DelCLSID('{754DF2CE-51E8-4895-B53C-6381418B84AE}');
+ RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved','{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}');
+ RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','QQPCTray');
+ RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved','{754DF2CE-51E8-4895-B53C-6381418B84AE}');
+ExecuteSysClean;
+ ExecuteRepair(1);
+ ExecuteWizard('SCU', 2, 3, true);
+ CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
+RebootWindows(true);
 end.
 </code>