{Перед использованием скрипта убедиться, что в системе не установлены упомянутые в скрипте антивирусы. Автор скрипта: regist}
var
ProgramData, ProgramFiles, ProgramFiles86, fname, OSVer: string;
PD_folders, PF_folders, O_folders : TStringList;
procedure FillList;
begin
PD_folders := TStringList.Create;
PD_folders.Add('360TotalSecurity');
PD_folders.Add('360safe');
PD_folders.Add('AVAST Software');
PD_folders.Add('Avg');
PD_folders.Add('Avira');
PD_folders.Add('ESET');
PD_folders.Add('Indus');
PD_folders.Add('Kaspersky Lab Setup Files');
PD_folders.Add('Kaspersky Lab');
PD_folders.Add('MB3Install');
PD_folders.Add('Malwarebytes');
PD_folders.Add('McAfee');
PD_folders.Add('Norton');
PD_folders.Add('grizzly');
PD_folders.Add('RealtekHD');
PD_folders.Add('RunDLL');
PD_folders.Add('Setup');
PD_folders.Add('System32');
PD_folders.Add('Windows');
PD_folders.Add('WindowsTask');
PD_folders.Add('install');
PD_folders.Add('bebca3bc90');
PF_folders := TStringList.Create;
PF_folders.Add('360');
PF_folders.Add('AVAST Software');
PF_folders.Add('AVG');
PF_folders.Add('ByteFence');
PF_folders.Add('COMODO');
PF_folders.Add('Cezurity');
PF_folders.Add('Common Files\McAfee');
PF_folders.Add('ESET');
PF_folders.Add('Enigma Software Group');
PF_folders.Add('GRIZZLY Antivirus');
PF_folders.Add('Kaspersky Lab');
PF_folders.Add('Malwarebytes');
PF_folders.Add('Microsoft JDX');
PF_folders.Add('Panda Security');
PF_folders.Add('SpyHunter');
PF_folders.Add('RDP Wrapper');
O_folders := TStringList.Create;
O_folders.Add(NormalDir('%SYSTEMDRIVE%'+'\AdwCleaner'));
O_folders.Add(NormalDir('%SYSTEMDRIVE%'+'\KVRT_Data'));
O_folders.Add(NormalDir('%windir%'+'\NetworkDistribution'));
O_folders.Add(NormalDir('%windir%'+'\speechstracing'));
O_folders.Add(NormalDir('%windir%'+'\Fonts\Mysql'));
end;
procedure Del_folders(path:string; AFL : TStringList);
var
i : integer;
begin
for i := 0 to AFL.Count - 1 do
begin
fname := NormalDir(path + AFL[i]);
if DirectoryExists(fname) then
begin
FSResetSecurity(fname);
QuarantineFileF(fname, '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
DeleteFileMask(fname, '*', true);
DeleteDirectory(fname);
end;
end;
end;
procedure swprv;
begin
ExecuteFile('sc.exe', 'create "swprv" binpath= "%SystemRoot%\System32\svchost.exe -k swprv" type= own start= demand depend= RPCSS', 0, 15000, true);
RegKeyParamDel ('HKLM', 'SYSTEM\CurrentControlSet\Services\swprv', 'wow64');
RegKeyStrParamWrite ('HKLM', 'SYSTEM\CurrentControlSet\Services\swprv', 'Description', '@%SystemRoot%\System32\swprv.dll,-102');
RegKeyStrParamWrite ('HKLM', 'SYSTEM\CurrentControlSet\Services\swprv', 'DisplayName', '@%SystemRoot%\System32\swprv.dll,-103');
RegKeyIntParamWrite ('HKLM', 'SYSTEM\CurrentControlSet\Services\swprv', 'ServiceSidType', '1');
RegKeyParamWrite('HKLM', 'SYSTEM\CurrentControlSet\Services\swprv\Parameters', 'ServiceDll', 'REG_EXPAND_SZ', '%Systemroot%\System32\swprv.dll');
OSVer := RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Windows NT\CurrentVersion','CurrentVersion');
if OSVer > '6.1' then RegKeyIntParamWrite ('HKLM', 'SYSTEM\CurrentControlSet\Services\swprv\Parameters', 'ServiceDllUnloadOnStop', '1');;
ExecuteFile('sc.exe', 'privs "swprv" SeBackupPrivilege/SeChangeNotifyPrivilege/SeCreateGlobalPrivilege/SeCreatePermanentPrivilege/SeImpersonatePrivilege/SeManageVolumePrivilege/SeRestorePrivilege/SeIncreaseBasePriorityPrivilege/SeManageVolumePrivilege/SeRestorePrivilege/SeTcbPrivilege', 0, 15000, true);
ExecuteFile('net.exe', 'start "swprv"', 0, 15000, true);
end;
procedure AV_block_remove;
begin
clearlog;
if GetAVZVersion < 5.18 then begin
ShowMessage('Пожалуйста, используйте актуальную версию AVZ, например из папки AutoLogger-а.');
AddToLog('Текущая версия - '+FormatFloat('#0.00', GetAVZVersion));
exitAVZ;
end;
FillList;
ProgramData := GetEnvironmentVariable('ProgramData');
ProgramFiles := NormalDir('%PF%');
ProgramFiles86 := NormalDir('%PF% (x86)');
Del_folders(ProgramData +'\', PD_folders);
Del_folders(ProgramFiles, PF_folders);
Del_folders(ProgramFiles86, PF_folders);
Del_folders('', O_folders);
if FileExists (ProgramData + 'RDPWinst.exe') then DeleteFile(ProgramData + 'RDPWinst.exe');
ExpRegKey('HKCU','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun','DisallowRun_backup.reg');
RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun');
RegKeyParamDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer','DisallowRun');
RegKeyParamWrite('HKLM', 'SYSTEM\CurrentControlSet\services\TermService\Parameters', 'ServiceDll', 'REG_EXPAND_SZ', '%SystemRoot%\System32\termsrv.dll');
swprv;
if MessageDLG('Удалить пользователя "John" ?'+ #13#10 + 'Если пользователь с таким именем вам не знаком, то нажмите "Да".', mtConfirmation, mbYes+mbNo, 0) = 6 then
ExecuteFile('net.exe', 'user john /delete', 0, 15000, true);
SaveLog(GetAVZDirectory +'AV_block_remove.log');
PD_folders.Free;
PF_folders.Free;
O_folders.Free;
ExecuteWizard('SCU', 2, 3, true);
ExecuteSysClean;
end;
begin
AV_block_remove;
DeleteFile(GetAVZDirectory+'quarantine.7z');
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
end.
Это моя вина, забыл вставить команду перезагрузки.и комп не перезагрузился.
begin
FSResetSecurity('C:\Config.Msi');
QuarantineFile('C:\Windows\WrpYGF74DrEm.ini', '');
QuarantineFileF('C:\Config.Msi', '*', true, '', 0, 0);
DeleteFile('C:\Windows\WrpYGF74DrEm.ini');
DeleteFileMask('C:\Config.Msi', '*', true);
DeleteDirectory('C:\Config.Msi');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','CPUZ','x64');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','CPUZ','x32');
ExecuteSysClean;
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
RebootWindows(true);
end.
Start::
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4019345142-3743239627-1611514205-1001\...\Run: [AdobeBridge] => [X]
S2 RManService; C:\ProgramData\Windows\rutserv.exe [X]
FirewallRules: [{2E78B7C6-003A-4C57-ACEA-D91279EFB498}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{582B66E4-A6FA-4B2E-881E-1554FBB0D09B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C6A51A09-E807-4CAC-9735-382725794D45}] => (Allow) D:\Games Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe => No File
FirewallRules: [{0A31C579-2C56-41C8-9791-1AB7A88EB3A8}] => (Allow) D:\Games Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe => No File
FirewallRules: [{8349CBED-9CE6-433B-A643-7B1BD4C234F0}] => (Allow) C:\Program Files (x86)\Apowersoft\Beecut\BeeCut.exe => No File
FirewallRules: [{D8391A1F-CF1D-41D9-A2A3-0626DF23F351}] => (Allow) C:\Program Files (x86)\Apowersoft\Beecut\BeeCut.exe => No File
FirewallRules: [{E13A60DD-2098-41CC-8E09-8A04E7E7E072}] => (Allow) D:\Games Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{D2E088A7-40D7-42EF-A029-26634D4F7C38}] => (Allow) D:\Games Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{BA7D5BF0-4AAA-4BA7-9FA0-80F61442C97B}] => (Block) LPort=445
FirewallRules: [{DC6A697A-76DA-4196-8801-E67AED336919}] => (Block) LPort=445
FirewallRules: [{A847B0F2-E570-45F8-9E09-04FE029894B3}] => (Block) LPort=139
FirewallRules: [{798E049E-BD86-49EB-B476-0D081E411FF1}] => (Block) LPort=139
FirewallRules: [{6CCEC80E-153E-4CFD-A39E-7DE785FBE5A1}] => (Allow) LPort=3389
FirewallRules: [{2DA798CD-9F3D-479E-866F-FF220C031E85}] => (Allow) LPort=3389
FirewallRules: [{E3DC07C6-2B07-4727-9194-3872E1CA9411}] => (Block) LPort=445
FirewallRules: [{F58C161F-F3EB-4762-8EBE-DA80918A53F7}] => (Block) LPort=445
FirewallRules: [{37C900EA-A4AB-4F24-ABA3-EDA0F2528C56}] => (Block) LPort=139
FirewallRules: [{94501982-1945-489E-AE60-6031956AF3B2}] => (Block) LPort=139
FirewallRules: [{386CC82B-D80C-429F-8CED-12F42111A811}] => (Allow) C:\ProgramData\Windows\rutserv.exe => No File
FirewallRules: [{3CC70F85-FF2E-4423-8F6C-014B60CAFC8B}] => (Block) LPort=139
FirewallRules: [{4582FBDA-8ABD-4132-B75B-16149A4BAD0A}] => (Block) LPort=139
EmptyTemp:
Reboot:
End::
выполнил указания региста, лог отправил. проверил Cure it ничего не обнаружено.Что с проблемой?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?