Код:
Function DelAppInit_DLLsByFileName(Name : string) : byte;
const
RegKey = 'Software\Microsoft\Windows NT\CurrentVersion\Windows';
var
AppInit_DLLs: string;
i: integer;
endSearch, found, update: boolean;
begin
Result:=1;
if Trim(Name) = '' then
exit;
AppInit_DLLs := RegKeyStrParamRead('HKLM', RegKey, 'AppInit_DLLs');
if (Trim(AppInit_DLLs) = '') or (Length(Name) > Length(AppInit_DLLs)) then
exit;
endSearch := false;
update := false;
while not endSearch do
begin
found := false;
for i := 1 to (Length(AppInit_DLLs) - Length(Name) + 1) do
if Copy(AppInit_DLLs, i, Length(Name)) = Name then
if (Length(Name) = Length(AppInit_DLLs))
or ((i = 1) and (Pos(Copy(AppInit_DLLs, i + Length(Name), 1), ', ') > 0))
or ((i + Length(Name) - 1 = Length(AppInit_DLLs)) and (Pos(Copy(AppInit_DLLs, i - 1, 1), ', ') > 0))
or ((Pos(Copy(AppInit_DLLs, i - 1, 1), ', ') > 0) and (Pos(Copy(AppInit_DLLs, i + Length(Name), 1), ', ') > 0)) then
begin
found := true;
update := true;
Result:=0;
Delete(AppInit_DLLs, i, Length(Name));
break;
end;
if not found then
endSearch := true;
end;
if update then
begin
i := 1;
while i < Length(AppInit_DLLs) do
begin
if Pos(Copy(AppInit_DLLs, i, 1), ', ') > 0 then
if Pos(Copy(AppInit_DLLs, i + 1, 1), ', ') > 0 then
begin
Delete(AppInit_DLLs, i, 1);
i := i - 1;
end;
i := i + 1;
end;
if Copy(AppInit_DLLs, 1, 1) = ',' then
Delete(AppInit_DLLs, 1, 1);
if Copy(AppInit_DLLs, Length(AppInit_DLLs), 1) = ',' then
Delete(AppInit_DLLs, Length(AppInit_DLLs), 1);
AppInit_DLLs := Trim(AppInit_DLLs);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', RegKey, 'AppInit_DLLs', AppInit_DLLs);
if RegKeyStrParamRead('HKLM', RegKey, 'AppInit_DLLs') <> AppInit_DLLs then
Result := 2;
end;
end;
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
AddToLog (inttostr(DelAppInit_DLLsByFileName('cicld.dll')));
DeleteFile('cicld.dll');
DeleteFile('C:\WINDOWS\system32\cicld.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Логи повторите.