Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
QuarantineFile('C:\Users\8523~1\AppData\Local\Temp\nsy9BF2.tmp\2d2bdd09-8abb-4c14-977f-88a8093f8006-2.exe','');
QuarantineFile('C:\Program Files (x86)\Microsoft Data\nsi.exe','');
QuarantineFile('C:\Users\Александр\AppData\Roaming\newSI_4396\s_inst.exe','');
QuarantineFile('C:\Users\Александр\AppData\Roaming\newSI_21590\s_inst.exe','');
QuarantineFile('C:\Users\Александр\AppData\Roaming\newSI_2\s_inst.exe','');
QuarantineFile('C:\Users\Александр\AppData\Roaming\newSI_1801\s_inst.exe','');
QuarantineFile('C:\Users\8523~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE','');
QuarantineFile('C:\Users\Александр\AppData\Roaming\eTranslator\eTranslator.exe','');
QuarantineFile('C:\Users\Александр\AppData\Roaming\Browsers\exe.erolpxei.bat','');
QuarantineFile('C:\Users\Александр\AppData\Roaming\Browsers\exe.emorhc.bat','');
QuarantineFile('C:\Users\Александр\AppData\Roaming\743E985A\bin.exe','');
QuarantineFile('C:\Users\Александр\AppData\Local\Kometa\kometaup.exe','');
QuarantineFile('C:\Users\Александр\AppData\Local\Kometa\Application\kometa.exe','');
QuarantineFile('C:\ProgramData\Schedule\timetasks.exe','');
QuarantineFile('C:\Windows\system32\drivers\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{dc592624-f532-4311-9fc7-6920126fc404}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{dbec4a38-79aa-4d48-ac2b-d4467b1ded12}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{d997fcb4-42b4-4f84-a147-2e498567c954}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{d428f5a9-a362-4938-a8b7-f0abd920078b}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{b59efc84-8479-4faa-b02a-e5c7e85c7926}Gw64.sys','');
DeleteService('{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64');
DeleteService('{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64');
DeleteService('{dc592624-f532-4311-9fc7-6920126fc404}Gw64');
DeleteService('{dbec4a38-79aa-4d48-ac2b-d4467b1ded12}Gw64');
DeleteService('{d997fcb4-42b4-4f84-a147-2e498567c954}Gw64');
DeleteService('{d428f5a9-a362-4938-a8b7-f0abd920078b}Gw64');
DeleteService('{b59efc84-8479-4faa-b02a-e5c7e85c7926}Gw64');
DeleteService('{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64');
QuarantineFile('C:\Windows\system32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{51b9c91c-8e38-40ae-80de-58a590512b6b}Gw64.sys','');
DeleteService('{94d62e35-4b43-494c-bf52-ba5935df36ef}w64');
DeleteService('{733fb217-c049-41ba-9504-3f2045e61977}Gw64');
DeleteService('{51b9c91c-8e38-40ae-80de-58a590512b6b}Gw64');
DeleteService('{255a824a-3cde-4dee-9785-284605606456}Gw64');
DeleteService('{3cac76e7-8310-45ea-8277-96d048a78c60}Gw64');
QuarantineFile('C:\Windows\system32\drivers\{3cac76e7-8310-45ea-8277-96d048a78c60}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{255a824a-3cde-4dee-9785-284605606456}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64.sys','');
DeleteService('{10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64');
TerminateProcessByName('c:\users\Александр\appdata\local\kometa\kometaup.exe');
QuarantineFile('c:\users\Александр\appdata\local\kometa\kometaup.exe','');
TerminateProcessByName('c:\programdata\windows\csrss.exe');
QuarantineFile('c:\programdata\windows\csrss.exe','');
DeleteFile('c:\programdata\windows\csrss.exe','32');
DeleteFile('c:\users\Александр\appdata\local\kometa\kometaup.exe','32');
DeleteFile('C:\Windows\system32\drivers\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{255a824a-3cde-4dee-9785-284605606456}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{3cac76e7-8310-45ea-8277-96d048a78c60}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{51b9c91c-8e38-40ae-80de-58a590512b6b}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{b59efc84-8479-4faa-b02a-e5c7e85c7926}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{d428f5a9-a362-4938-a8b7-f0abd920078b}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{d997fcb4-42b4-4f84-a147-2e498567c954}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{dbec4a38-79aa-4d48-ac2b-d4467b1ded12}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{dc592624-f532-4311-9fc7-6920126fc404}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64.sys','32');
DeleteFile('C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AnyProtect Scanner','command');
DeleteFile('C:\ProgramData\Schedule\timetasks.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Schedule','command');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Client Server Runtime Subsystem');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','KometaAutoLaunch_C0A18EF8E318A375D66A69ECC3DF11A6');
DeleteFile('C:\Users\Александр\AppData\Local\Kometa\Application\kometa.exe','32');
DeleteFile('C:\Users\Александр\AppData\Local\Kometa\kometaup.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','kometaup');
DeleteFile('C:\Users\Александр\AppData\Roaming\743E985A\bin.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','743E985A');
DeleteFile('C:\Users\Александр\AppData\Roaming\Browsers\exe.emorhc.bat','32');
DeleteFile('C:\Users\Александр\AppData\Roaming\Browsers\exe.erolpxei.bat','32');
DeleteFile('C:\Users\Александр\AppData\Roaming\eTranslator\eTranslator.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eTranslator Update','command');
DeleteFile('C:\Users\8523~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE','32');
DeleteFile('C:\Windows\Tasks\Digital Sites.job','64');
DeleteFile('C:\Windows\Tasks\newSI_1801.job','64');
DeleteFile('C:\Windows\Tasks\newSI_2.job','64');
DeleteFile('C:\Users\Александр\AppData\Roaming\newSI_1801\s_inst.exe','32');
DeleteFile('C:\Users\Александр\AppData\Roaming\newSI_2\s_inst.exe','32');
DeleteFile('C:\Users\Александр\AppData\Roaming\newSI_21590\s_inst.exe','32');
DeleteFile('C:\Users\Александр\AppData\Roaming\newSI_4396\s_inst.exe','32');
DeleteFile('C:\Windows\Tasks\newSI_4396.job','64');
DeleteFile('C:\Windows\Tasks\newSI_21590.job','64');
DeleteFile('C:\Windows\system32\Tasks\2d2bdd09-8abb-4c14-977f-88a8093f8006-2','64');
DeleteFile('C:\Windows\system32\Tasks\2d2bdd09-8abb-4c14-977f-88a8093f8006-6','64');
DeleteFile('C:\Windows\system32\Tasks\chrome5','64');
DeleteFile('C:\Windows\system32\Tasks\chrome5_logon','64');
DeleteFile('C:\Program Files (x86)\Microsoft Data\nsi.exe','32');
DeleteFile('C:\Windows\system32\Tasks\Digital Sites','64');
DeleteFile('C:\Windows\system32\Tasks\newSI_1801','64');
DeleteFile('C:\Windows\system32\Tasks\newSI_2','64');
DeleteFile('C:\Windows\system32\Tasks\newSI_21590','64');
DeleteFile('C:\Windows\system32\Tasks\newSI_4396','64');
DeleteFile('C:\Windows\system32\Tasks\temp_2d2bdd09-8abb-4c14-977f-88a8093f8006-2','64');
DeleteFile('C:\Users\8523~1\AppData\Local\Temp\nsy9BF2.tmp\2d2bdd09-8abb-4c14-977f-88a8093f8006-2.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.