begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
TerminateProcessByName('c:\programdata\airtostrong\airtostrong.exe');
TerminateProcessByName('C:\Program Files\BitTorrent\BitTorrent.exe');
TerminateProcessByName('c:\programdata\ocep\ocep.exe');
TerminateProcessByName('c:\programdata\logic handler\set.exe');
TerminateProcessByName('c:\programdata\xifs\xifs.exe');
SetServiceStart('xifs', 4);
SetServiceStart('ocep', 4);
SetServiceStart('BitTorrent', 4);
SetServiceStart('backlh', 4);
SetServiceStart('Airtostrong', 4);
QuarantineFile('C:\Program Files\BitTorrent\BitTorrent.exe','');
QuarantineFile('c:\programdata\airtostrong\airtostrong.exe','');
QuarantineFile('c:\programdata\xifs\xifs.exe','');
QuarantineFile('c:\programdata\ocep\ocep.exe','');
QuarantineFile('c:\programdata\logic handler\set.exe','');
DeleteFile('c:\programdata\logic handler\set.exe','32');
DeleteFile('c:\programdata\ocep\ocep.exe','32');
DeleteFile('c:\programdata\xifs\xifs.exe','32');
DeleteFile('c:\programdata\airtostrong\airtostrong.exe','32');
DeleteFile('C:\Program Files\BitTorrent\BitTorrent.exe','32');
DeleteService('Airtostrong');
DeleteService('backlh');
DeleteService('BitTorrent');
DeleteService('ocep');
DeleteService('xifs');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
begin
CreateQurantineArchive('c:\quarantine.zip');
end.
begin
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RebootWindows(false);
end.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK-pqbkLbcxo1P1Hz0Fys-sh0ffhmjGDswELtQytFBHN-4IqQ8n7k53DyUgr3iejURa3_QQLx6GCmvAIAsLIryD7ii1qGoOdSKtBKKGR9Cc7kEsPILs6n9-Cz41BwoTFq58Vc-DDuuBXSOUO5uQJTtbOecIMdv&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK-pqbkLbcxo1P1Hz0Fys-sh0ffhmjGDswELtQytFBHN-4IqQ8n7k53DyUgr3iejURa3_QQLx6GCmvAIAsLIryD7ii1qGoOdSKtBKKGR9Cc7kEsPILs6n9-Cz41BwoTFq58Vc-DDuuBXSOUO5uQJTtbOecIMdv&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK-pqbkLbcxo1P1Hz0Fys-sh0ffhmjGDswELtQytFBHN-4IqQ8n7k53DyUgr3iejURa3_QQLx6GCmvAIAsLIryD7ii1qGoOdSKtBKKGR9Cc7kEsPILs6n9-Cz41BwoTFq58Vc-DDuuBXSOUO5uQJTtbOecIMdv&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK-pqbkLbcxo1P1Hz0Fys-sh0ffhmjGDswELtQytFBHN-4IqQ8n7k53DyUgr3iejURa3_QQLx6GCmvDHwT7BPUyLUEOkoEBVIxuGcfibLrxLcjVB-VFhcRVz-7AEILHwCBtslNdZRnp8dgMNnPI_8hdk3zj3kW
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK-pqbkLbcxo1P1Hz0Fys-sh0ffhmjGDswELtQytFBHN-4IqQ8n7k53DyUgr3iejURa3_QQLx6GCmvAIAsLIryD7ii1qGoOdSKtBKKGR9Cc7kEsPILs6n9-Cz41BwoTFq58Vc-DDuuBXSOUO5uQJTtbOecIMdv&q={searchTerms}
O2 - BHO: (no name) - {A692062A-11A1-461B-BE98-B520F01F96FC} - (no file)
>>> "C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk" -> ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" =>> %SNP%]
>>> "C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk" -> ["C:\Program Files\Internet Explorer\iexplore.exe" =>> %SNP%]
>>> "C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk" -> ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" =>> %SNP%]
>>> "C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk" -> ["C:\Program Files (x86)\Mozilla Firefox\firefox.exe" =>> %SNF%]
>>> "C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk" -> ["C:\Program Files\Internet Explorer\iexplore.exe" =>> %SNP%]
>>> "C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex\Yandex.lnk" -> ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" =>> %SNP%]
>>> "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" -> ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" =>> %SNP%]
>>> "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk" -> ["C:\Program Files (x86)\Mozilla Firefox\firefox.exe" =>> %SNF%]
start
CreateRestorePoint:
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс\Менеджер браузеров\Менеджер браузеров.lnk -> C:\Users\User\AppData\Local\Yandex\BrowserManager\BrowserManager.exe (No File)
FF Extension: (supermegabest) - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\jid1-n5ARdBzHkUEdAA@jetpack.xpi [2016-03-21]
CHR HKLM-x32\...\Chrome\Extension: [geidjeefddhgefeplhdlegoldlgiodon] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilhapdfjlmhfdgdbefpinebijmhjijpn] - hxxps://clients2.google.com/service/update2/crx
2016-08-09 11:52 - 2016-08-09 11:52 - 2936289 _____ () C:\Program Files\Common Files\doaxlzmi.exe
2016-08-02 01:53 - 2016-08-02 01:53 - 2944864 _____ () C:\Program Files\Common Files\scomsstl.exe
2016-08-04 13:10 - 2016-08-04 13:10 - 2940996 _____ () C:\Program Files\Common Files\tb0fcpzn.exe
File: C:\Users\User\AppData\Roaming\Sanlax.exe
File: C:\Users\User\AppData\Roaming\Silzap.exe
File: C:\Users\User\AppData\Local\quoquote.exe.config
EmptyTemp:
Reboot:
end
start
CreateRestorePoint:
Менеджер браузеров (x32 Version: 2.2.1.614 - Яндекс) Hidden
2016-08-01 22:51 - 2016-08-01 22:48 - 0681984 _____ () C:\Users\User\AppData\Roaming\Sanlax.exe
2016-08-01 22:51 - 2016-08-01 22:51 - 1906512 _____ () C:\Users\User\AppData\Roaming\Sanlax.tst
2016-08-01 22:50 - 2016-08-01 22:48 - 0681984 _____ () C:\Users\User\AppData\Roaming\Silzap.exe
2016-08-01 22:50 - 2016-08-01 22:50 - 0072713 _____ () C:\Users\User\AppData\Roaming\Silzap.tst
EmptyTemp:
Reboot:
end
После этого скрипта - появится.В установках и удалении менеджера браузеров - нет!
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?