Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
QuarantineFile('C:\Users\7636~1\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE','');
QuarantineFile('C:\Program Files (x86)\ver1BlockAndSurf\R0BlockAndSurfQ33.exe','');
DelBHO('{4C2CCED1-FAEC-E751-BDCB-49964375A213}');
DelBHO('{91b8f7a9-1558-40b3-b1e9-824ae5a2089f}');
QuarantineFile('C:\Program Files (x86)\EnterDigital\EnterDigitalBHO.dll','');
QuarantineFile('C:\Program Files (x86)\ver1BlockAndSurf\182.dll','');
QuarantineFile('C:\Users\Павел\AppData\Local\ConvertAd\ConvertAd.exe','');
SetServiceStart('{f1d7e225-e39d-4bcb-8a90-eaa4181b222b}Gw64', 4);
DeleteService('{f1d7e225-e39d-4bcb-8a90-eaa4181b222b}Gw64');
SetServiceStart('{e761f54c-32c6-465c-ba31-504773457b77}Gw64', 4);
DeleteService('{e761f54c-32c6-465c-ba31-504773457b77}Gw64');
SetServiceStart('{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}Gw64', 4);
DeleteService('{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}Gw64');
SetServiceStart('{cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}Gw64', 4);
DeleteService('{cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}Gw64');
SetServiceStart('{bf07813e-aac8-4cea-bf69-7178c16076ac}Gw64', 4);
DeleteService('{bf07813e-aac8-4cea-bf69-7178c16076ac}Gw64');
SetServiceStart('{b28b16f8-524c-4f96-b046-1c8f12a5fe03}Gw64', 4);
DeleteService('{b28b16f8-524c-4f96-b046-1c8f12a5fe03}Gw64');
SetServiceStart('{93feeb25-9f23-4de1-b697-6a2c12816bac}Gw64', 4);
DeleteService('{93feeb25-9f23-4de1-b697-6a2c12816bac}Gw64');
SetServiceStart('{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}Gw64', 4);
DeleteService('{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}Gw64');
SetServiceStart('{8ca7f150-5454-4b4c-9537-1b831c71d329}Gw64', 4);
DeleteService('{8ca7f150-5454-4b4c-9537-1b831c71d329}Gw64');
SetServiceStart('{60fb1691-e7e8-4d48-b26c-c3f85822f710}Gw64', 4);
DeleteService('{60fb1691-e7e8-4d48-b26c-c3f85822f710}Gw64');
SetServiceStart('{16fd1cfd-5f7d-4fb7-ac6e-55eec1f56bf3}Gw64', 4);
DeleteService('{16fd1cfd-5f7d-4fb7-ac6e-55eec1f56bf3}Gw64');
QuarantineFile('C:\Windows\system32\Drivers\webinstrNew.sys','');
SetServiceStart('webinstrNew', 4);
DeleteService('webinstrNew');
QuarantineFile('C:\Users\Павел\AppData\Roaming\VOPackage\VOsrv.exe','');
DeleteService('servervo');
QuarantineFile('C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe','');
DeleteService('MaintainerSvc6.37.565328');
SetServiceStart('Util EnterDigital', 4);
DeleteService('Util EnterDigital');
SetServiceStart('Update EnterDigital', 4);
DeleteService('Update EnterDigital');
QuarantineFile('C:\Windows\system32\drivers\{f1d7e225-e39d-4bcb-8a90-eaa4181b222b}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{f0aab91b-f97e-4d3d-b745-53663865729c}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{e761f54c-32c6-465c-ba31-504773457b77}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{bf07813e-aac8-4cea-bf69-7178c16076ac}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{b28b16f8-524c-4f96-b046-1c8f12a5fe03}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{93feeb25-9f23-4de1-b697-6a2c12816bac}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{8ca7f150-5454-4b4c-9537-1b831c71d329}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{60fb1691-e7e8-4d48-b26c-c3f85822f710}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{16fd1cfd-5f7d-4fb7-ac6e-55eec1f56bf3}Gw64.sys','');
QuarantineFile('C:\Program Files (x86)\EnterDigital\bin\{f0aab91b-f97e-4d3d-b745-53663865729c}.dll','');
QuarantineFile('C:\Program Files (x86)\EnterDigital\bin\f0aab91bf97e4d3db745.dll','');
TerminateProcessByName('c:\program files (x86)\enterdigital\bin\utilenterdigital.exe');
QuarantineFile('c:\program files (x86)\enterdigital\bin\utilenterdigital.exe','');
TerminateProcessByName('c:\program files (x86)\enterdigital\updateenterdigital.exe');
QuarantineFile('c:\program files (x86)\enterdigital\updateenterdigital.exe','');
TerminateProcessByName('C:\Program Files (x86)\EnterDigital\bin\EnterDigital.PurBrowse64.exe');
QuarantineFile('C:\Program Files (x86)\EnterDigital\bin\EnterDigital.PurBrowse64.exe','');
TerminateProcessByName('C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter64.exe');
QuarantineFile('C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter64.exe','');
TerminateProcessByName('c:\program files (x86)\enterdigital\bin\enterdigital.browseradapter.exe');
QuarantineFile('c:\program files (x86)\enterdigital\bin\enterdigital.browseradapter.exe','');
DeleteFile('c:\program files (x86)\enterdigital\bin\enterdigital.browseradapter.exe','32');
DeleteFile('C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter64.exe','32');
DeleteFile('C:\Program Files (x86)\EnterDigital\bin\EnterDigital.PurBrowse64.exe','32');
DeleteFile('c:\program files (x86)\enterdigital\updateenterdigital.exe','32');
DeleteFile('c:\program files (x86)\enterdigital\bin\utilenterdigital.exe','32');
DeleteFile('C:\Program Files (x86)\EnterDigital\bin\f0aab91bf97e4d3db745.dll','32');
DeleteFile('C:\Program Files (x86)\EnterDigital\bin\{f0aab91b-f97e-4d3d-b745-53663865729c}.dll','32');
DeleteFile('C:\Windows\system32\drivers\{16fd1cfd-5f7d-4fb7-ac6e-55eec1f56bf3}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{60fb1691-e7e8-4d48-b26c-c3f85822f710}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{8ca7f150-5454-4b4c-9537-1b831c71d329}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{93feeb25-9f23-4de1-b697-6a2c12816bac}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{b28b16f8-524c-4f96-b046-1c8f12a5fe03}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{bf07813e-aac8-4cea-bf69-7178c16076ac}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{e761f54c-32c6-465c-ba31-504773457b77}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{f0aab91b-f97e-4d3d-b745-53663865729c}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{f1d7e225-e39d-4bcb-8a90-eaa4181b222b}Gw64.sys','32');
DeleteFile('C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe','32');
DeleteFile('C:\Users\Павел\AppData\Roaming\VOPackage\VOsrv.exe','32');
DeleteFile('C:\Windows\system32\Drivers\webinstrNew.sys','32');
DeleteFile('C:\Users\Павел\AppData\Local\ConvertAd\ConvertAd.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ConvertAd');
DeleteFile('C:\Program Files (x86)\ver1BlockAndSurf\182.dll','32');
DeleteFile('C:\Program Files (x86)\EnterDigital\EnterDigitalBHO.dll','32');
DeleteFile('C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','64');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','64');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','64');
DeleteFile('C:\Program Files (x86)\ver1BlockAndSurf\R0BlockAndSurfQ33.exe','32');
DeleteFile('C:\Windows\Tasks\BlockAndSurf Update.job','64');
DeleteFile('C:\Users\7636~1\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE','32');
DeleteFile('C:\Windows\Tasks\Price Fountain.job','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','64');
DeleteFile('C:\Windows\system32\Tasks\BlockAndSurf Update','64');
DeleteFile('C:\Windows\system32\Tasks\Price Fountain','64');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.