Код:
Procedure DelAppInit_DLLsByFileName(Name : string);
var
AppInit_DLLs: string;
i, j, c, s: integer;
endSearch, found: boolean;
begin
if Name = '' then
exit;
AppInit_DLLs := RegKeyStrParamRead('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows NT\CurrentVersion\Windows', 'AppInit_DLLs');
endSearch := false;
while not endSearch do
begin
found := false;
for i := 1 to length(AppInit_DLLs) do
begin
s := 0;
c := i;
for j := 1 to length(Name) do
if copy(AppInit_DLLs, c, 1) = copy(Name, j, 1) then
begin
s := s + 1;
if s = length(Name) then
begin
if ((i = 1) and (length(Name) = length(AppInit_DLLs)))
or ((i = 1) and (pos(copy(AppInit_DLLs, i + length(Name), 1), ', ') > 0))
or ((i + length(Name) - 1 = length(AppInit_DLLs)) and (pos(copy(AppInit_DLLs, i - 1, 1), ', ') > 0))
or ((pos(copy(AppInit_DLLs, i - 1, 1), ', ') > 0) and (pos(copy(AppInit_DLLs, i + length(Name), 1), ', ') > 0)) then
begin
found := true;
Delete(AppInit_DLLs, i, length(Name));
end;
end;
c := c + 1;
end
else
break;
if found then
break;
end;
if not found then
endSearch := true;
end;
i := 1;
while i < length(AppInit_DLLs) do
begin
if pos(copy(AppInit_DLLs, i, 1), ', ') > 0 then
if pos(copy(AppInit_DLLs, i + 1, 1), ', ') > 0 then
begin
Delete(AppInit_DLLs, i, 1);
i := i - 1;
end;
i := i + 1;
end;
if copy(AppInit_DLLs, 1, 1) = ',' then
Delete(AppInit_DLLs, 1, 1);
if copy(AppInit_DLLs, length(AppInit_DLLs), 1) = ',' then
Delete(AppInit_DLLs, length (AppInit_DLLs), 1);
AppInit_DLLs := Trim(AppInit_DLLs);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows NT\CurrentVersion\Windows', 'AppInit_DLLs', AppInit_DLLs);
end;
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\DOCUME~1\9335~1\LOCALS~1\Temp\l.dll','');
DeleteFile('C:\DOCUME~1\9335~1\LOCALS~1\Temp\l.dll');
DelAppInit_DLLsByFileName('C:\DOCUME~1\9335~1\LOCALS~1\Temp\l.dll');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 1); {IE - запретить запуск программ и файлов в IFRAME без запроса}
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3); {IE - запретить автоматические запросы элементов управления ActiveX}
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3); {IE - запретить загрузку неподписанных элементов ActiveX}
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1); {IE - запретить загрузку подписанных элементов ActiveX без запроса}
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3); {IE - запретить использование ActiveX, не помеченных как безопасные}
DeleteFileMask('C:\WINDOWS\TEMP\', '*.*', true);
DeleteFileMask(GetEnvironmentVariable ('Temp'), '*.*', true);
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(16); {восстановление ключа запуска explorer}
BC_Activate;
RebootWindows(true);
end.
Система перезагрузится.