Код:
begin
ExecuteAVUpdate;
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
end;
ClearQuarantine;
TerminateProcessByName('C:\Windows\System32\tprb\dnkt.exe');
TerminateProcessByName('c:\windows\syswow64\mjcm\dnkt.exe');
TerminateProcessByName('C:\Windows\System32\dmwu.exe');
TerminateProcessByName('c:\program files (x86)\common files\baidu\baiduprotect1.3\1.3.0.542\baiduprotect.exe');
SetServiceStart('BDSafeBrowser', 4);
SetServiceStart('BDMWrench', 4);
SetServiceStart('BDArKit', 4);
SetServiceStart('bd0004', 4);
SetServiceStart('bd0001', 4);
SetServiceStart('BDSGRTP', 4);
SetServiceStart('IBUpdaterService', 4);
StopService('BDSafeBrowser');
StopService('BDMWrench');
StopService('BDArKit');
StopService('bd0004');
StopService('bd0001');
StopService('BDSGRTP');
StopService('IBUpdaterService');
QuarantineFile('C:\iexplore.bat','');
QuarantineFile('C:\firefox.bat','');
QuarantineFile('C:\Users\Алина\AppData\Local\Win_update\Win_update.exe','');
QuarantineFile('C:\Users\Алина\AppData\Local\Yandex\browser.bat','');
QuarantineFile('C:\PROGRA~2\Ticno\Multibar\SearchService.exe','');
QuarantineFile('C:\Windows\System32\tprb\dnkt.exe','');
QuarantineFile('c:\windows\syswow64\mjcm\dnkt.exe','');
QuarantineFile('C:\Windows\System32\dmwu.exe','');
DeleteFile('c:\windows\syswow64\mjcm\dnkt.exe','32');
DeleteFile('C:\Windows\System32\tprb\dnkt.exe','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0001.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0004.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDArKit.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDMWrench.sys','32');
DeleteFile('C:\Windows\system32\drivers\BDSafeBrowser.sys','32');
DeleteFile('C:\Windows\system32\dmwu.exe','32');
DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\BaiduProtect.exe','32');
DeleteFile('C:\PROGRA~2\Ticno\Multibar\SearchService.exe','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDMWrench_x64.sys','32');
DeleteFile('C:\Program Files (x86)\Ticno\Multibar\multibar.exe','32');
DeleteFile('C:\Users\Алина\AppData\Local\Yandex\browser.bat','32');
DeleteFile('C:\Users\Алина\AppData\Local\Win_update\Win_update.exe','32');
DeleteFile('C:\firefox.bat','32');
DeleteFile('C:\iexplore.bat','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','multibar.exe');
DeleteService('BDMWrench_x64');
DeleteService('bd0002');
DeleteService('BDSafeBrowser');
DeleteService('BDMWrench');
DeleteService('BDArKit');
DeleteService('bd0004');
DeleteService('bd0001');
DeleteService('TicnoSearch');
DeleteService('BDSGRTP');
DeleteService('IBUpdaterService');
DeleteFileMask('C:\Windows\System32\tprb', '*', true, ' ');
DeleteFileMask('C:\Program Files (x86)\Common Files\Baidu', '*', true, ' ');
DeleteFileMask('C:\Users\Алина\AppData\Local\Win_update', '*', true, ' ');
DeleteFileMask('c:\windows\syswow64\mjcm', '*', true, ' ');
DeleteDirectory('C:\Windows\System32\tprb');
DeleteDirectory('C:\Program Files (x86)\Common Files\Baidu');
DeleteDirectory('C:\Users\Алина\AppData\Local\Win_update');
DeleteDirectory('c:\windows\syswow64\mjcm');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(false);
end.
Код:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=2f4baf80fa14048a20ca4b471033dd23&text={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=2f4baf80fa14048a20ca4b471033dd23&text={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/etype/{37FA643A-E9B8-4E1E-94CB-B6695FF0B6EC}
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files (x86)\Ticno\Tabs\TicnoTabsBho111217.dll (file missing)
O2 - BHO: Спутник@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - (no file)
O2 - BHO: (no name) - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - (no file)
O4 - Startup: Win_update.lnk = ?
O4 - Global Startup: Tabs.lnk = C:\Program Files (x86)\Ticno\Tabs\Ticno Tabs.exe
Сделайте повторные логи по