Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
end;
ClearQuarantine;
TerminateProcessByName('c:\users\zorgen\appdata\roaming\temp\taskshost\thostmgr.exe');
TerminateProcessByName('c:\programdata\sysconfig\sysconfig.exe');
TerminateProcessByName('c:\users\default\appdata\local\microsoft\super fitch x86\superfitch_x86.exe');
TerminateProcessByName('c:\users\default\appdata\local\microsoft\windows\officecompiler\officecompiler.exe');
TerminateProcessByName('c:\program files\media saver\basement\mslsservice.exe');
TerminateProcessByName('c:\program files\media saver\basement\mslserver.exe');
TerminateProcessByName('c:\users\default\appdata\roaming\microsoft\windows\microsoap file manager\microsoapfilemanager.exe');
TerminateProcessByName('c:\users\default\appdata\roaming\microsoft\windows\loadmnge32\loadmnge32.exe');
TerminateProcessByName('c:\programdata\host32manager\host32manager.exe');
TerminateProcessByName('c:\program files\media saver\basement\extensionupdaterservice.exe');
TerminateProcessByName('c:\programdata\firewall integrity checker\firewallintegritychecker.exe');
TerminateProcessByName('c:\users\default\appdata\local\microsoft\windows\default settings protector\dsp.exe');
TerminateProcessByName('c:\windows\bcore.exe');
TerminateProcessByName('c:\users\zorgen\appdata\roaming\microsoft\windows\ieupdate\aitagent.exe');
SetServiceStart('Sysconfig', 4);
SetServiceStart('SuperFitch_x86', 4);
SetServiceStart('Officecompiler', 4);
SetServiceStart('MSLSService', 4);
SetServiceStart('MicrosoapFileManager', 4);
SetServiceStart('Loadmnge32', 4);
SetServiceStart('Host32manager', 4);
SetServiceStart('FirewallIntegrityChecker', 4);
SetServiceStart('dsp', 4);
StopService('Sysconfig');
StopService('SuperFitch_x86');
StopService('Officecompiler');
StopService('MSLSService');
StopService('MicrosoapFileManager');
StopService('Loadmnge32');
StopService('Host32manager');
StopService('FirewallIntegrityChecker');
StopService('dsp');
QuarantineFile('C:\Users\Zorgen\appdata\roaming\x11\a\engine.exe','');
QuarantineFile('C:\Windows\c1.exe','');
QuarantineFile('C:\Windows\System32\5997de\WB5253B.EXE','');
QuarantineFile('C:\Users\Zorgen\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe','');
QuarantineFile('C:\ProgramData\Windows\csrss.exe','');
QuarantineFile('C:\Program Files\WordProser_1.10.0.2\Service\wpsvc.exe','');
QuarantineFile('c:\users\zorgen\appdata\roaming\temp\taskshost\thostmgr.exe','');
QuarantineFile('c:\programdata\sysconfig\sysconfig.exe','');
QuarantineFile('c:\users\default\appdata\local\microsoft\super fitch x86\superfitch_x86.exe','');
QuarantineFile('c:\users\default\appdata\local\microsoft\windows\officecompiler\officecompiler.exe','');
QuarantineFile('c:\program files\media saver\basement\mslsservice.exe','');
QuarantineFile('c:\program files\media saver\basement\mslserver.exe','');
QuarantineFile('c:\users\default\appdata\roaming\microsoft\windows\microsoap file manager\microsoapfilemanager.exe','');
QuarantineFile('c:\users\default\appdata\roaming\microsoft\windows\loadmnge32\loadmnge32.exe','');
QuarantineFile('c:\programdata\host32manager\host32manager.exe','');
QuarantineFile('c:\program files\media saver\basement\extensionupdaterservice.exe','');
QuarantineFile('c:\programdata\firewall integrity checker\firewallintegritychecker.exe','');
QuarantineFile('c:\users\default\appdata\local\microsoft\windows\default settings protector\dsp.exe','');
QuarantineFile('c:\windows\bcore.exe','');
QuarantineFile('c:\users\zorgen\appdata\roaming\microsoft\windows\ieupdate\aitagent.exe','');
DeleteFile('c:\windows\bcore.exe','32');
DeleteFile('c:\program files\media saver\basement\mslserver.exe','32');
DeleteFile('c:\users\zorgen\appdata\roaming\temp\taskshost\thostmgr.exe','32');
DeleteFile('C:\Users\Default\AppData\Local\Microsoft\Windows\Default settings protector\dsp.exe','32');
DeleteFile('C:\ProgramData\Firewall Integrity Checker\FirewallIntegrityChecker.exe','32');
DeleteFile('C:\ProgramData\Host32manager\Host32manager.exe','32');
DeleteFile('C:\Users\Default\AppData\Roaming\Microsoft\Windows\Loadmnge32\Loadmnge32.exe','32');
DeleteFile('C:\Users\Default\AppData\Roaming\Microsoft\Windows\Microsoap File Manager\MicrosoapFileManager.exe','32');
DeleteFile('C:\Program Files\Media Saver\Basement\MSLSService.exe','32');
DeleteFile('C:\Users\Default\AppData\Local\Microsoft\Windows\Officecompiler\Officecompiler.exe','32');
DeleteFile('C:\Users\Default\AppData\Local\Microsoft\Super Fitch x86\SuperFitch_x86.exe','32');
DeleteFile('C:\ProgramData\Sysconfig\Sysconfig.exe','32');
DeleteFile('C:\Program Files\Media Saver\Basement\ExtensionUpdaterService.exe','32');
DeleteFile('C:\Program Files\Jads\Jads\InjectorServiceProject.exe','32');
DeleteFile('C:\Program Files\Jads\Jads\VersionUpdaterService.exe','32');
DeleteFile('C:\Program Files\WordProser_1.10.0.2\Service\wpsvc.exe','32');
DeleteFile('C:\Windows\system32\drivers\wpnfd_1_10_0_2.sys','32');
DeleteFile('C:\ProgramData\Windows\csrss.exe','32');
DeleteFile('C:\Users\Zorgen\AppData\Roaming\Microsoft\Windows\IEUpdate\aitagent.exe','32');
DeleteFile('C:\Users\Zorgen\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe','32');
DeleteFile('C:\Windows\System32\5997de\WB5253B.EXE','32');
DeleteFile('C:\Windows\system32\Tasks\AmiUpdXp','32');
DeleteFile('C:\Windows\system32\Tasks\UpnCH','32');
DeleteFile('C:\Windows\c1.exe','32');
DeleteFile('C:\Users\Zorgen\appdata\roaming\x11\a\engine.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Client Server Runtime Subsystem');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','aitagent');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\RunOnce','aitagent');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Command Processor','AutoRun');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Command Processor\','Autorun');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer','Run');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','mmc');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\9B212F','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\040394','command');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
DeleteService('wpnfd_1_10_0_2');
DeleteService('wpsvc_1.10.0.2');
DeleteService('VersionUpdService');
DeleteService('NTService1');
DeleteService('Update Service for Media Saver');
DeleteService('Sysconfig');
DeleteService('SuperFitch_x86');
DeleteService('Officecompiler');
DeleteService('MSLSService');
DeleteService('MicrosoapFileManager');
DeleteService('Loadmnge32');
DeleteService('Host32manager');
DeleteService('FirewallIntegrityChecker');
DeleteService('dsp');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.