Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
end;
ClearQuarantine;
QuarantineFile('C:\Users\User\AppData\Roaming\Dorrible\Ribble\d.exe','');
QuarantineFile('C:\iexplore.bat','');
QuarantineFile('C:\Users\User\AppData\Local\vk.bat','');
QuarantineFile('C:\Users\User\AppData\Local\ok.bat','');
QuarantineFile('C:\Users\User\AppData\Local\amigo.bat','');
QuarantineFile('C:\Users\User\AppData\Local\Google\chrome.bat','');
DeleteService('{fe0c5df8-6353-4020-a876-2550aa3760cf}w64');
DeleteService('{df8d93ab-56ab-414d-b711-87b0e2749bbd}w64');
DeleteService('{d025c1f1-c366-4b43-8131-ad1c8300487b}w64');
DeleteService('{cfbbf934-a234-4282-8ef3-310abb84c3e4}w64');
DeleteService('{a00759f4-8f6e-4f04-880d-18a7306588c3}w64');
DeleteService('{9cdb10b4-16db-41f0-b75d-2e3cfff0fbde}w64');
DeleteService('{8c345751-8420-408b-b348-58a70dc555b2}w64');
DeleteService('{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w64');
DeleteService('{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64');
DeleteService('{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64');
DeleteService('{6191cc23-5db4-4079-aaac-546c45b08af1}w64');
DeleteService('{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w64');
DeleteService('{3c9eada7-386c-4a04-ab1e-4eb122397ced}w64');
DeleteService('{0c6ad4fc-d56b-44cb-a06e-debba12bf68a}w64');
QuarantineFile('C:\Windows\system32\drivers\{fe0c5df8-6353-4020-a876-2550aa3760cf}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{df8d93ab-56ab-414d-b711-87b0e2749bbd}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{d025c1f1-c366-4b43-8131-ad1c8300487b}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{a00759f4-8f6e-4f04-880d-18a7306588c3}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{9cdb10b4-16db-41f0-b75d-2e3cfff0fbde}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{8c345751-8420-408b-b348-58a70dc555b2}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{0c6ad4fc-d56b-44cb-a06e-debba12bf68a}w64.sys','');
DeleteFile('C:\Windows\system32\drivers\{0c6ad4fc-d56b-44cb-a06e-debba12bf68a}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{8c345751-8420-408b-b348-58a70dc555b2}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{9cdb10b4-16db-41f0-b75d-2e3cfff0fbde}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{a00759f4-8f6e-4f04-880d-18a7306588c3}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{d025c1f1-c366-4b43-8131-ad1c8300487b}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{df8d93ab-56ab-414d-b711-87b0e2749bbd}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{fe0c5df8-6353-4020-a876-2550aa3760cf}w64.sys','32');
DeleteFile('C:\Users\User\AppData\Local\Google\chrome.bat','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Search','command');
DeleteFile('C:\Users\User\AppData\Local\amigo.bat','32');
DeleteFile('C:\Users\User\AppData\Local\ok.bat','32');
DeleteFile('C:\Users\User\AppData\Local\vk.bat','32');
DeleteFile('C:\iexplore.bat','32');
DeleteFile('C:\Users\User\AppData\Roaming\Dorrible\Ribble\d.exe','32');
DeleteFile('C:\Windows\system32\Tasks\Ribble','64');
DeleteFile('C:\Windows\system32\Tasks\Yahoo! Search','64');
DeleteFile('C:\Windows\system32\Tasks\Yahoo! Search Updater','64');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(2);
RebootWindows(false);
end.
Код:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=c5d289ddc5fccc0b671e5bfd7fd44c5c&text={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=c5d289ddc5fccc0b671e5bfd7fd44c5c&text={searchTerms}
R3 - URLSearchHook: (no name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - (no file)
Сделайте повторные логи по