Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Света\appdata\roaming\mediahit\shadow\mediahit.update\mediahit.update.process.exe','');
QuarantineFile('C:\Users\Света\AppData\Roaming\eTranslator\eTranslator.exe','');
QuarantineFile('C:\Users\Света\AppData\Roaming\runWIN\Update.exe','');
QuarantineFile('C:\Users\Света\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe','');
QuarantineFile('C:\Users\Света\AppData\Roaming\Mail.RU NewGamesT\Encrypt.exe','');
QuarantineFile('C:\Program Files (x86)\Greener Web\bin\utilGreenerWeb.exe','');
QuarantineFile('C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe','');
DeleteService('Update Greener Web');
SetServiceStart('Util Greener Web', 4);
DeleteService('Util Greener Web');
QuarantineFile('C:\Windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w64.sys','');
TerminateProcessByName('c:\program files (x86)\greener web\bin\utilgreenerweb.exe');
QuarantineFile('c:\program files (x86)\greener web\bin\utilgreenerweb.exe','');
QuarantineFileF('C:\Users\Света\AppData\Roaming\Mail.RU NewGamesT', '*.*', true,'', 0, 0, '', '');
DeleteFile('c:\program files (x86)\greener web\bin\utilgreenerweb.exe','32');
DeleteFile('C:\Windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w64.sys','32');
DeleteFile('C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe','32');
DeleteFile('C:\Program Files (x86)\Greener Web\bin\utilGreenerWeb.exe','32');
DeleteFile('C:\Program Files (x86)\Internet Explorer\iexplore.exe.bat','32');
DeleteFile('C:\Users\Света\AppData\Local\Amigo\Application\amigo.exe','32');
DeleteFile('C:\Users\Света\AppData\Local\Amigo\Application\ok.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','amigo');
DeleteFile('C:\Users\Света\AppData\Local\Amigo\Application\vk.exe','32');
DeleteFile('C:\Users\Света\AppData\Roaming\Mail.RU NewGamesT\Encrypt.exe','32');
DeleteFile('C:\Users\Света\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe','32');
DeleteFile('C:\Users\Света\AppData\Roaming\runWIN\Update.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','NewLoadSystemWIN32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','LoaderSystemWIN');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','RuningWIN32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Encrypt');
DeleteFile('C:\Users\Света\AppData\Roaming\eTranslator\eTranslator.exe','32');
DeleteFile('C:\Windows\system32\Tasks\{86DD7537-D9FF-4537-9AA9-D441B71D6E79}','64');
DeleteFile('C:\Users\Света\appdata\roaming\mediahit\shadow\mediahit.update\mediahit.update.process.exe','32');
DeleteFileMask('C:\Users\Света\AppData\Roaming\runWIN', '*', true);
DeleteDirectory('C:\Users\Света\AppData\Roaming\runWIN');
DeleteFileMask('C:\Users\Света\AppData\Roaming\Mail.RU NewGamesT', '*', true);
DeleteDirectory('C:\Users\Света\AppData\Roaming\Mail.RU NewGamesT');
DeleteFileMask('C:\Program Files (x86)\Greener Web', '*', true);
DeleteDirectory('C:\Program Files (x86)\Greener Web');
DeleteFileMask('C:\Users\Света\AppData\Roaming\eTranslator', '*', true);
DeleteDirectory('C:\Users\Света\AppData\Roaming\eTranslator');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.
Код:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=06a869c8b76f34d89d0bee602ec1b0fc&text={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=06a869c8b76f34d89d0bee602ec1b0fc&text=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=06a869c8b76f34d89d0bee602ec1b0fc&text=
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Спутник@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - (no file)
O2 - BHO: (no name) - {8dec4b69-27c4-405d-a37d-8d45c83f66ab} - (no file)
O2 - BHO: KMP Media Toolbar - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - (no file)
O13 - DefaultPrefix: http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=06a869c8b76f34d89d0bee602ec1b0fc&text=
O20 - AppInit_DLLs:
Сделайте новые логи