begin ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.'); ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile('C:\WINDOWS\system32\LMCServ.exe',''); QuarantineFile('C:\WINDOWS\system32\85.exe',''); QuarantineFile('C:\WINDOWS\system32\84.exe',''); QuarantineFile('C:\WINDOWS\system32\76.exe',''); QuarantineFile('C:\WINDOWS\system32\64.exe',''); QuarantineFile('C:\WINDOWS\system32\62.exe',''); QuarantineFile('C:\WINDOWS\system32\58.exe',''); QuarantineFile('C:\WINDOWS\system32\46.exe',''); QuarantineFile('C:\WINDOWS\system32\45.exe',''); QuarantineFile('C:\WINDOWS\system32\44.exe',''); QuarantineFile('C:\WINDOWS\system32\36.exe',''); QuarantineFile('C:\WINDOWS\system32\28.exe',''); QuarantineFile('C:\WINDOWS\system32\15.exe',''); QuarantineFile('C:\WINDOWS\system32\07.exe',''); QuarantineFile('C:\WINDOWS\system32\06.exe',''); QuarantineFile('G:\autorun.inf',''); QuarantineFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe',''); QuarantineFile('C:\WINDOWS\service.exe',''); QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe',''); QuarantineFile('C:\Documents and Settings\NetworkService\Application Data\lsass.exe',''); QuarantineFile('C:\Documents and Settings\11243\Application Data\lsass.exe',''); TerminateProcessByName('c:\windows\system32\smsc.exe'); QuarantineFile('c:\windows\system32\smsc.exe',''); TerminateProcessByName('c:\windows\aadrive32.exe'); QuarantineFile('c:\windows\aadrive32.exe',''); DeleteFile('c:\windows\aadrive32.exe'); DeleteFile('c:\windows\system32\smsc.exe'); DeleteFile('C:\Documents and Settings\11243\Application Data\lsass.exe'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','kjsdahflkjhnliuyctgbo'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','lsass.exe'); DeleteFile('C:\Documents and Settings\NetworkService\Application Data\lsass.exe'); RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','kjsdahflkjhnliuyctgbo'); RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','lsass.exe'); RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','kjsdahflkjhnliuyctgbo'); RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','lsass.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','lsass.exe'); DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe'); RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Tnaww'); DeleteFile('C:\WINDOWS\service.exe'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Windows Search Svc'); DeleteFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe'); DeleteFile('G:\autorun.inf'); DeleteFile('C:\WINDOWS\system32\06.exe'); DeleteFile('C:\WINDOWS\system32\07.exe'); DeleteFile('C:\WINDOWS\system32\15.exe'); DeleteFile('C:\WINDOWS\system32\28.exe'); DeleteFile('C:\WINDOWS\system32\36.exe'); DeleteFile('C:\WINDOWS\system32\44.exe'); DeleteFile('C:\WINDOWS\system32\45.exe'); DeleteFile('C:\WINDOWS\system32\46.exe'); DeleteFile('C:\WINDOWS\system32\58.exe'); DeleteFile('C:\WINDOWS\system32\62.exe'); DeleteFile('C:\WINDOWS\system32\64.exe'); DeleteFile('C:\WINDOWS\system32\76.exe'); DeleteFile('C:\WINDOWS\system32\84.exe'); DeleteFile('C:\WINDOWS\system32\85.exe'); BC_ImportAll; ExecuteSysClean; BC_Activate; RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman'); RebootWindows(true); end. |