Код:
begin
ExecuteAVUpdate;
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
end;
ClearQuarantine;
TerminateProcessByName('c:\program files\baidu\bindex.exe');
TerminateProcessByName('c:\program files\baidu\baiduan\2.3.0.2225\bdaleakfixer.exe');
TerminateProcessByName('c:\program files\common files\baidu\baiduprotect1.3\1.3.0.443\baiduprotect.exe');
TerminateProcessByName('c:\program files\baidu\baiduan\2.3.0.2225\baiduantray.exe');
TerminateProcessByName('c:\program files\baidu\baiduan\2.3.0.2225\baiduan.exe');
SetServiceStart('BDSafeBrowser', 4);
SetServiceStart('BDMWrench', 4);
SetServiceStart('BDMNetMon', 4);
SetServiceStart('BDEnhanceBoost', 4);
SetServiceStart('BDArKit', 4);
SetServiceStart('bd0004', 4);
SetServiceStart('bd0002', 4);
SetServiceStart('bd0001', 4);
SetServiceStart('BDSGRTP', 4);
StopService('BDSafeBrowser');
StopService('BDMWrench');
StopService('BDMNetMon');
StopService('BDEnhanceBoost');
StopService('BDArKit');
StopService('bd0004');
StopService('bd0002');
StopService('bd0001');
StopService('BDSGRTP');
QuarantineFile('C:\Windows\proxy.exe','');
QuarantineFile('C:\Windows\cuda.exe','');
QuarantineFile('c:\windows\core.exe','');
QuarantineFile('C:\Program Files\Google\chrome.bat','');
QuarantineFile('C:\iexplore.bat','');
DeleteFile('c:\program files\baidu\baiduan\2.3.0.2225\baiduan.exe','32');
DeleteFile('c:\program files\baidu\baiduan\2.3.0.2225\baiduantray.exe','32');
DeleteFile('c:\program files\baidu\baiduan\2.3.0.2225\bdaleakfixer.exe','32');
DeleteFile('c:\program files\baidu\bindex.exe','32');
DeleteFile('C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.443\BaiduProtect.exe','32');
DeleteFile('C:\Windows\system32\drivers\BDSafeBrowser.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDMWrench.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDMNetMon.sys','32');
DeleteFile('C:\Windows\system32\drivers\BDEnhanceBoost.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDArKit.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0004.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0002.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0001.sys','32');
DeleteFile('C:\iexplore.bat','32');
DeleteFile('C:\Program Files\Baidu\BaiduAn\2.3.0.2225\BDSWShellExt.dll','32');
DeleteFile('C:\Program Files\Google\chrome.bat','32');
DeleteFile('c:\windows\core.exe','32');
DeleteFile('C:\Windows\system32\Tasks\UpCH','32');
DeleteFile('C:\Windows\cuda.exe','32');
DeleteFile('C:\Windows\proxy.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','baidu');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','BaiduAnTray');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved','{11292110-6F8D-4D56-863C-44902A1E7880}');
DeleteService('BDSafeBrowser');
DeleteService('BDMWrench');
DeleteService('BDMNetMon');
DeleteService('BDEnhanceBoost');
DeleteService('BDArKit');
DeleteService('bd0004');
DeleteService('bd0002');
DeleteService('bd0001');
DeleteService('BDSGRTP');
DeleteFileMask('c:\program files\baidu', '*', true, ' ');
DeleteFileMask('c:\program files\common files\baidu', '*', true, ' ');
DeleteDirectory('c:\program files\baidu');
DeleteDirectory('c:\program files\common files\baidu');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 2, true);
BC_DeleteFile('c:\program files\baidu\baiduan\2.3.0.2225\baiduan.exe');
BC_DeleteFile('c:\program files\baidu\baiduan\2.3.0.2225\baiduantray.exe');
BC_DeleteFile('c:\program files\common files\baidu\baiduprotect1.3\1.3.0.443\baiduprotect.exe');
BC_DeleteFile('c:\program files\baidu\baiduan\2.3.0.2225\bdaleakfixer.exe');
BC_DeleteFile('c:\program files\baidu\bindex.exe');
BC_DeleteFile('C:\Windows\system32\drivers\BDSafeBrowser.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\BDMWrench.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\BDMNetMon.sys');
BC_DeleteFile('C:\Windows\system32\drivers\BDEnhanceBoost.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\BDArKit.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\bd0004.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\bd0002.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\bd0001.sys');
BC_DeleteFile('C:\Program Files\Baidu\BaiduAn\2.3.0.2225\BDSWShellExt.dll');
BC_DeleteSvc('BDSGRTP');
BC_DeleteSvc('bd0001');
BC_DeleteSvc('bd0002');
BC_DeleteSvc('bd0004');
BC_DeleteSvc('BDArKit');
BC_DeleteSvc('BDEnhanceBoost');
BC_DeleteSvc('BDMNetMon');
BC_DeleteSvc('BDMWrench');
BC_DeleteSvc('BDSafeBrowser');
BC_Activate;
ExecuteRepair(2);
RebootWindows(false);
end.
Код:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=3227f2c39bdaf643babf7750b35b41b0&text={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=3227f2c39bdaf643babf7750b35b41b0&text={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=3227f2c39bdaf643babf7750b35b41b0&text=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=3227f2c39bdaf643babf7750b35b41b0&text=
R3 - URLSearchHook: (no name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - (no file)
O4 - HKCU\..\Run: [baidu] C:\Program Files\baidu\BindEx.exe
O4 - HKCU\..\Run: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
O4 - HKLM\..\Run: [BaiduAnTray] "C:\Program Files\Baidu\BaiduAn\2.3.0.2225\BaiduAnTray.exe" -stmd=3
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
Сделайте повторные логи по