Выполните скрипт в AVZ
Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('d:\windows\system32\wmphn32.exe');
TerminateProcessByName('d:\windows\aadrive32.exe');
TerminateProcessByName('d:\documents and settings\papa\application data\10.tmp');
QuarantineFile('D:\Documents and Settings\papa\Application Data\Xtbkbh.exe','');
QuarantineFile('D:\WINDOWS\system32\wmphn32.exe','');
QuarantineFile('D:\WINDOWS\system32\50.exe','');
QuarantineFile('D:\WINDOWS\system32\68.exe','');
QuarantineFile('D:\WINDOWS\system32\73.exe','');
QuarantineFile('D:\WINDOWS\system32\74.exe','');
QuarantineFile('D:\WINDOWS\aadrive32.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe','');
QuarantineFile('d:\documents and settings\papa\application data\10.tmp','');
QuarantineFileF('d:\documents and settings\papa\application data', '*.tmp', false,'', 0, 0, '13.01.2012', '27.01.2012');
DeleteFile('d:\documents and settings\papa\application data\1.tmp');
DeleteFile('d:\documents and settings\papa\application data\2.tmp');
DeleteFile('d:\documents and settings\papa\application data\3.tmp');
DeleteFile('d:\documents and settings\papa\application data\4.tmp');
DeleteFile('d:\documents and settings\papa\application data\5.tmp');
DeleteFile('d:\documents and settings\papa\application data\6.tmp');
DeleteFile('d:\documents and settings\papa\application data\7.tmp');
DeleteFile('d:\documents and settings\papa\application data\8.tmp');
DeleteFile('d:\documents and settings\papa\application data\9.tmp');
DeleteFile('d:\documents and settings\papa\application data\A.tmp');
DeleteFile('d:\documents and settings\papa\application data\B.tmp');
DeleteFile('d:\documents and settings\papa\application data\C.tmp');
DeleteFile('d:\documents and settings\papa\application data\D.tmp');
DeleteFile('d:\documents and settings\papa\application data\E.tmp');
DeleteFile('d:\documents and settings\papa\application data\F.tmp');
DeleteFile('d:\documents and settings\papa\application data\10.tmp');
DeleteFile('d:\documents and settings\papa\application data\11.tmp');
DeleteFile('d:\documents and settings\papa\application data\12.tmp');
DeleteFile('d:\documents and settings\papa\application data\14.tmp');
DeleteFile('d:\documents and settings\papa\application data\15.tmp');
DeleteFile('d:\documents and settings\papa\application data\16.tmp');
DeleteFile('d:\windows\aadrive32.exe');
DeleteFile('d:\windows\system32\wmphn32.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe');
DeleteFile('D:\Documents and Settings\papa\Application Data\Xtbkbh.exe');
DeleteFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\scleaner.exe');
DeleteFile('D:\WINDOWS\system32\50.exe');
DeleteFile('D:\WINDOWS\system32\68.exe');
DeleteFile('D:\WINDOWS\system32\73.exe');
DeleteFile('D:\WINDOWS\system32\74.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','zaber0');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Xtbkbh');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Driver Setup');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Driver Setup');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','D:\Documents and Settings\papa\Application Data\3.tmp');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list','D:\WINDOWS\system32\wmphn32.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list','D:\WINDOWS\system32\wmphn32.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
RebootWindows(true);
end.
Компьютер перезагрузится.
Выполните скрипт в AVZ
Код:
begin
CreateQurantineArchive('c:\quarantine.zip');
end.
Отправьте c:\quarantine.zip при помощи этой формы
Внимание! Официальная поддержка (и выпуск обновлений) для Windows XP SP2 прекращена
Установите SP3 (может потребоваться активация) + все новые обновления для Windows
Установите Internet Explorer 8 (даже если им не пользуетесь)
Сделайте новые логи |
