Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
SetServiceStart('{f8280ede-2ab0-420d-ae0f-169ba406978b}Gw64', 4);
DeleteService('{f8280ede-2ab0-420d-ae0f-169ba406978b}Gw64');
SetServiceStart('{ea2115a6-5989-483c-b1ee-19fba43198ff}Gw64', 4);
DeleteService('{ea2115a6-5989-483c-b1ee-19fba43198ff}Gw64');
SetServiceStart('{cf9dbb3a-fbdd-44ad-8691-de2ae76a11d7}Gw64', 4);
DeleteService('{cf9dbb3a-fbdd-44ad-8691-de2ae76a11d7}Gw64');
SetServiceStart('{c89879cb-75b8-4cb6-bc13-07c704396fd0}Gw64', 4);
DeleteService('{c89879cb-75b8-4cb6-bc13-07c704396fd0}Gw64');
SetServiceStart('{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64', 4);
DeleteService('{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64');
SetServiceStart('{b35afcf6-0992-4551-b2da-3af8a5dc5119}Gw64', 4);
DeleteService('{b35afcf6-0992-4551-b2da-3af8a5dc5119}Gw64');
SetServiceStart('{94538859-34de-4cd4-9dc6-aa29e98ff214}Gw64', 4);
DeleteService('{94538859-34de-4cd4-9dc6-aa29e98ff214}Gw64');
SetServiceStart('{9307392e-ba24-447f-958f-5a785f03634f}Gw64', 4);
DeleteService('{9307392e-ba24-447f-958f-5a785f03634f}Gw64');
SetServiceStart('{6cfec6a5-9d93-4492-985a-470a68eff4e9}Gw64', 4);
DeleteService('{6cfec6a5-9d93-4492-985a-470a68eff4e9}Gw64');
SetServiceStart('{3c63e588-2804-44de-9c53-4848a16d847a}Gw64', 4);
DeleteService('{3c63e588-2804-44de-9c53-4848a16d847a}Gw64');
SetServiceStart('{38f72c19-9857-4bc2-b729-9d00bd429872}Gw64', 4);
DeleteService('{38f72c19-9857-4bc2-b729-9d00bd429872}Gw64');
SetServiceStart('{2ac9eb83-636e-4a51-ab66-bf4f388a02ab}Gw64', 4);
DeleteService('{2ac9eb83-636e-4a51-ab66-bf4f388a02ab}Gw64');
SetServiceStart('{2429c312-24d3-4127-94ed-c247fe9e02fc}Gw64', 4);
DeleteService('{2429c312-24d3-4127-94ed-c247fe9e02fc}Gw64');
SetServiceStart('{1fe5a9eb-d0ad-44c6-8e0e-e079118db915}Gw64', 4);
DeleteService('{1fe5a9eb-d0ad-44c6-8e0e-e079118db915}Gw64');
SetServiceStart('{0c7dc56c-1fb8-4d6b-a40f-10611881a3b6}Gw64', 4);
DeleteService('{0c7dc56c-1fb8-4d6b-a40f-10611881a3b6}Gw64');
SetServiceStart('Util ClearThink', 4);
DeleteService('Util ClearThink');
SetServiceStart('Update ClearThink', 4);
DeleteService('Update ClearThink');
SetServiceStart('MaintainerSvc3.38.8461645', 4);
DeleteService('MaintainerSvc3.38.8461645');
QuarantineFile('C:\WINDOWS\system32\drivers\{fe90d265-3be8-45cd-8d93-3ca3523fd9ea}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{f8280ede-2ab0-420d-ae0f-169ba406978b}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{ea2115a6-5989-483c-b1ee-19fba43198ff}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{cf9dbb3a-fbdd-44ad-8691-de2ae76a11d7}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{c89879cb-75b8-4cb6-bc13-07c704396fd0}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{b35afcf6-0992-4551-b2da-3af8a5dc5119}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{94538859-34de-4cd4-9dc6-aa29e98ff214}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{9307392e-ba24-447f-958f-5a785f03634f}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{6cfec6a5-9d93-4492-985a-470a68eff4e9}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{3c63e588-2804-44de-9c53-4848a16d847a}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{38f72c19-9857-4bc2-b729-9d00bd429872}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{2ac9eb83-636e-4a51-ab66-bf4f388a02ab}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{2429c312-24d3-4127-94ed-c247fe9e02fc}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{1fe5a9eb-d0ad-44c6-8e0e-e079118db915}Gw64.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{0c7dc56c-1fb8-4d6b-a40f-10611881a3b6}Gw64.sys','');
TerminateProcessByName('c:\program files (x86)\clearthink\bin\utilclearthink.exe');
QuarantineFile('c:\program files (x86)\clearthink\bin\utilclearthink.exe','');
TerminateProcessByName('c:\program files (x86)\clearthink\updateclearthink.exe');
QuarantineFile('c:\program files (x86)\clearthink\updateclearthink.exe','');
TerminateProcessByName('c:\programdata\5fd2ca9d-b04a-4998-b7e8-2d30ebba8fbe\maintainer.exe');
QuarantineFile('c:\programdata\5fd2ca9d-b04a-4998-b7e8-2d30ebba8fbe\maintainer.exe','');
TerminateProcessByName('c:\users\ed\appdata\local\pay-by-ads\yahoo! search\1.3.15.4\dsrlte.exe');
QuarantineFile('c:\users\ed\appdata\local\pay-by-ads\yahoo! search\1.3.15.4\dsrlte.exe','');
DeleteFile('c:\users\ed\appdata\local\pay-by-ads\yahoo! search\1.3.15.4\dsrlte.exe','32');
DeleteFile('c:\programdata\5fd2ca9d-b04a-4998-b7e8-2d30ebba8fbe\maintainer.exe','32');
DeleteFile('c:\program files (x86)\clearthink\updateclearthink.exe','32');
DeleteFile('c:\program files (x86)\clearthink\bin\utilclearthink.exe','32');
DeleteFile('C:\WINDOWS\system32\drivers\{0c7dc56c-1fb8-4d6b-a40f-10611881a3b6}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{1fe5a9eb-d0ad-44c6-8e0e-e079118db915}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{2429c312-24d3-4127-94ed-c247fe9e02fc}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{2ac9eb83-636e-4a51-ab66-bf4f388a02ab}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{38f72c19-9857-4bc2-b729-9d00bd429872}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{3c63e588-2804-44de-9c53-4848a16d847a}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{6cfec6a5-9d93-4492-985a-470a68eff4e9}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{9307392e-ba24-447f-958f-5a785f03634f}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{94538859-34de-4cd4-9dc6-aa29e98ff214}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{b35afcf6-0992-4551-b2da-3af8a5dc5119}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{c89879cb-75b8-4cb6-bc13-07c704396fd0}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{cf9dbb3a-fbdd-44ad-8691-de2ae76a11d7}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{ea2115a6-5989-483c-b1ee-19fba43198ff}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{f8280ede-2ab0-420d-ae0f-169ba406978b}Gw64.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{fe90d265-3be8-45cd-8d93-3ca3523fd9ea}Gw64.sys','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Yahoo! Search');
DeleteFile('C:\WINDOWS\system32\Tasks\Yahoo! Search','64');
DeleteFile('C:\WINDOWS\system32\Tasks\Yahoo! Search Updater','64');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.