Код:
begin
ExecuteAVUpdate;
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
end;
ClearQuarantine;
TerminateProcessByName('c:\program files\pennybee\pennybeew.exe');
TerminateProcessByName('c:\program files\pennybee\pennybee.exe');
TerminateProcessByName('c:\program files\common files\baidu\baiduprotect1.3\1.3.0.443\baiduprotect.exe');
SetServiceStart('BDSafeBrowser', 4);
SetServiceStart('BDMWrench', 4);
SetServiceStart('BDEnhanceBoost', 4);
SetServiceStart('BDArKit', 4);
SetServiceStart('bd0004', 4);
SetServiceStart('bd0001', 4);
SetServiceStart('PennyBee', 4);
SetServiceStart('BDSGRTP', 4);
StopService('BDSafeBrowser');
StopService('BDMWrench');
StopService('BDEnhanceBoost');
StopService('BDArKit');
StopService('bd0004');
StopService('bd0001');
StopService('PennyBee');
StopService('BDSGRTP');
QuarantineFileF('C:\Users\1\AppData\Roaming\runWIN', '*', true, ' ', 0, 0);
QuarantineFileF('C:\Users\1\AppData\Roaming\Mail.RU NewGamesT', '*', true, ' ', 0, 0);
QuarantineFile('C:\Users\1\AppData\Roaming\runWIN\Update.exe','');
QuarantineFile('C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe','');
QuarantineFile('C:\Users\1\AppData\Roaming\Mail.RU NewGamesT\Encrypt.exe','');
QuarantineFile('C:\Program Files\Opera\Opera.exe.bat','');
QuarantineFile('C:\Program Files\Internet Explorer\iexplore.exe.bat','');
QuarantineFile('c:\program files\pennybee\pennybeew.exe','');
QuarantineFile('c:\program files\pennybee\pennybee.exe','');
DeleteFile('C:\Users\1\AppData\Local\Microsoft\Windowssystem.vbs','32');
DeleteFile('c:\program files\pennybee\pennybeew.exe','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.443\BaiduProtect.exe','32');
DeleteFile('C:\Program Files\PennyBee\PennyBee.exe','32');
DeleteFile('C:\ProgramData\IePluginServices\PluginService.exe','32');
DeleteFile('C:\Program Files\ClearThink\bin\utilClearThink.exe','32');
DeleteFile('C:\Program Files\ClearThink\updateClearThink.exe','32');
DeleteFile('C:\windows\system32\DRIVERS\bd0002.sys','32');
DeleteFile('C:\windows\system32\drivers\BDSafeBrowser.sys','32');
DeleteFile('C:\windows\system32\DRIVERS\BDMWrench.sys','32');
DeleteFile('C:\windows\system32\drivers\BDEnhanceBoost.sys','32');
DeleteFile('C:\windows\system32\DRIVERS\BDArKit.sys','32');
DeleteFile('C:\windows\system32\DRIVERS\bd0004.sys','32');
DeleteFile('C:\windows\system32\DRIVERS\bd0001.sys','32');
DeleteFile('C:\Program Files\Internet Explorer\iexplore.exe.bat','32');
DeleteFile('C:\Program Files\Opera\Opera.exe.bat','32');
DeleteFile('C:\Users\1\AppData\Roaming\Mail.RU NewGamesT\Encrypt.exe','32');
DeleteFile('C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe','32');
DeleteFile('C:\Users\1\AppData\Roaming\runWIN\update.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Encrypt');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','RuningWIN32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','LoaderSystemWIN');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','NewLoadSystemWIN32');
DeleteService('bd0002');
DeleteService('BDSafeBrowser');
DeleteService('BDMWrench');
DeleteService('BDEnhanceBoost');
DeleteService('BDArKit');
DeleteService('bd0004');
DeleteService('bd0001');
DeleteService('Util ClearThink');
DeleteService('Update ClearThink');
DeleteService('IePluginServices');
DeleteService('PennyBee');
DeleteService('BDSGRTP');
DeleteFileMask('C:\Users\1\AppData\Roaming\runWIN', '*', true, ' ');
DeleteFileMask('C:\Users\1\AppData\Roaming\Mail.RU NewGamesT', '*', true, ' ');
DeleteFileMask('C:\Program Files\Common Files\Baidu', '*', true, ' ');
DeleteFileMask('c:\program files\pennybee', '*', true, ' ');
DeleteDirectory('C:\Users\1\AppData\Roaming\runWIN');
DeleteDirectory('C:\Users\1\AppData\Roaming\Mail.RU NewGamesT');
DeleteDirectory('C:\Program Files\Common Files\Baidu');
DeleteDirectory('c:\program files\pennybee');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.443\BaiduProtect.exe');
BC_DeleteFile('C:\windows\system32\DRIVERS\bd0002.sys');
BC_DeleteFile('C:\windows\system32\drivers\BDSafeBrowser.sys');
BC_DeleteFile('C:\windows\system32\DRIVERS\BDMWrench.sys');
BC_DeleteFile('C:\windows\system32\drivers\BDEnhanceBoost.sys');
BC_DeleteFile('C:\windows\system32\DRIVERS\BDArKit.sys');
BC_DeleteFile('C:\windows\system32\DRIVERS\bd0004.sys');
BC_DeleteFile('C:\windows\system32\DRIVERS\bd0001.sys');
BC_DeleteSvc('BDSGRTP');
BC_DeleteSvc('bd0001');
BC_DeleteSvc('bd0004');
BC_DeleteSvc('BDArKit');
BC_DeleteSvc('BDEnhanceBoost');
BC_DeleteSvc('BDMWrench');
BC_DeleteSvc('BDSafeBrowser');
BC_DeleteSvc('bd0002');
BC_Activate;
RebootWindows(false);
end.
Код:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1407749625&from=cor&uid=SAMSUNGXHM250HI_S20TJ9AZ684582
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://hi.ru/search.php?q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://reque.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1407749625&from=cor&uid=SAMSUNGXHM250HI_S20TJ9AZ684582
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1407749625&from=cor&uid=SAMSUNGXHM250HI_S20TJ9AZ684582&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1407749625&from=cor&uid=SAMSUNGXHM250HI_S20TJ9AZ684582&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1407749625&from=cor&uid=SAMSUNGXHM250HI_S20TJ9AZ684582
O4 - HKCU\..\Run: [SystemScript] "C:\Users\1\AppData\Local\Microsoft\Windowssystem.vbs"
O4 - HKCU\..\Run: [LoaderSystemWIN] C:\Users\1\AppData\Roaming\runWIN\Update.exe
O4 - HKCU\..\Run: [RuningWIN32] C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe
O4 - HKCU\..\Run: [NewLoadSystemWIN32] C:\Users\1\AppData\Roaming\runWIN\update.exe
O4 - HKCU\..\Run: [Encrypt] C:\Users\1\AppData\Roaming\Mail.RU NewGamesT\Encrypt.exe
Сделайте повторные логи по