Код:
Function RegKeyResetSecurityEx(ARoot, AName : string) : boolean;
var
i : integer;
KeyList : TStringList;
KeyName : string;
begin
RegKeyResetSecurity(ARoot, AName);
KeyList := TStringList.Create;
RegKeyEnumKey(ARoot, AName, KeyList);
for i := 0 to KeyList.Count-1 do
begin
KeyName := AName+'\'+KeyList[i];
RegKeyResetSecurity(ARoot, KeyName);
RegKeyResetSecurityEx(ARoot, KeyName);
end;
KeyList.Free;
end;
Function BC_ServiceKill(AServiceName : string; AIsSvcHosted : boolean = true) : byte;
var
i : integer;
KeyList : TStringList;
KeyName : string;
begin
Result := 0;
if StopService(AServiceName) then Result := Result or 1;
if DeleteService(AServiceName, not(AIsSvcHosted)) then Result := Result or 2;
KeyList := TStringList.Create;
RegKeyEnumKey('HKLM','SYSTEM', KeyList);
for i := 0 to KeyList.Count-1 do
if pos('controlset', LowerCase(KeyList[i])) > 0 then begin
KeyName := 'SYSTEM\'+KeyList[i]+'\Services\'+AServiceName;
if RegKeyExistsEx('HKLM', KeyName) then begin
Result := Result or 4;
RegKeyResetSecurityEx('HKLM', KeyName);
RegKeyDel('HKLM', KeyName);
if RegKeyExistsEx('HKLM', KeyName) then
Result := Result or 8;
end;
end;
if AIsSvcHosted then
BC_DeleteSvcReg(AServiceName)
else
BC_DeleteSvc(AServiceName);
KeyList.Free;
end;
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\WINDOWS\system32\aucsvwop.dll','');
QuarantineFile('C:\Documents and Settings\takeoff\Application Data\bowcav.exe','');
QuarantineFile('C:\WINDOWS\system32\msvmiode.exe','');
QuarantineFile('C:\WINDOWS\system32\88.exe','');
QuarantineFile('C:\WINDOWS\system32\85.exe','');
QuarantineFile('C:\WINDOWS\system32\84.exe','');
QuarantineFile('C:\WINDOWS\system32\80.exe','');
QuarantineFile('C:\WINDOWS\system32\78.exe','');
QuarantineFile('C:\WINDOWS\system32\77.exe','');
QuarantineFile('C:\WINDOWS\system32\76.exe','');
QuarantineFile('C:\WINDOWS\system32\75.exe','');
QuarantineFile('C:\WINDOWS\system32\74.exe','');
QuarantineFile('C:\WINDOWS\system32\73.exe','');
QuarantineFile('C:\WINDOWS\system32\72.exe','');
QuarantineFile('C:\WINDOWS\system32\71.exe','');
QuarantineFile('C:\WINDOWS\system32\70.exe','');
QuarantineFile('C:\WINDOWS\system32\68.exe','');
QuarantineFile('C:\WINDOWS\system32\66.exe','');
QuarantineFile('C:\WINDOWS\system32\61.exe','');
QuarantineFile('C:\WINDOWS\system32\60.exe','');
QuarantineFile('C:\WINDOWS\system32\58.exe','');
QuarantineFile('C:\WINDOWS\system32\56.exe','');
QuarantineFile('C:\WINDOWS\system32\55.exe','');
QuarantineFile('C:\WINDOWS\system32\54.exe','');
QuarantineFile('C:\WINDOWS\system32\52.exe','');
QuarantineFile('C:\WINDOWS\system32\51.exe','');
QuarantineFile('C:\WINDOWS\system32\46.exe','');
QuarantineFile('C:\WINDOWS\system32\45.exe','');
QuarantineFile('C:\WINDOWS\system32\44.exe','');
QuarantineFile('C:\WINDOWS\system32\42.exe','');
QuarantineFile('C:\WINDOWS\system32\41.exe','');
QuarantineFile('C:\WINDOWS\system32\40.exe','');
QuarantineFile('C:\WINDOWS\system32\37.exe','');
QuarantineFile('C:\WINDOWS\system32\35.exe','');
QuarantineFile('C:\WINDOWS\system32\34.exe','');
QuarantineFile('C:\WINDOWS\system32\33.exe','');
QuarantineFile('C:\WINDOWS\system32\31.exe','');
QuarantineFile('C:\WINDOWS\system32\30.exe','');
QuarantineFile('C:\WINDOWS\system32\28.exe','');
QuarantineFile('C:\WINDOWS\system32\27.exe','');
QuarantineFile('C:\WINDOWS\system32\26.exe','');
QuarantineFile('C:\WINDOWS\system32\24.exe','');
QuarantineFile('C:\WINDOWS\system32\22.exe','');
QuarantineFile('C:\WINDOWS\system32\21.exe','');
QuarantineFile('C:\WINDOWS\system32\20.exe','');
QuarantineFile('C:\WINDOWS\system32\17.exe','');
QuarantineFile('C:\WINDOWS\system32\16.exe','');
QuarantineFile('C:\WINDOWS\system32\13.exe','');
QuarantineFile('C:\WINDOWS\system32\12.exe','');
QuarantineFile('C:\WINDOWS\system32\10.exe','');
QuarantineFile('C:\WINDOWS\system32\08.exe','');
QuarantineFile('C:\WINDOWS\system32\07.exe','');
QuarantineFile('C:\WINDOWS\system32\05.exe','');
QuarantineFile('C:\WINDOWS\system32\04.scr','');
QuarantineFile('C:\WINDOWS\system32\04.exe','');
QuarantineFile('C:\WINDOWS\system32\02.exe','');
QuarantineFile('C:\WINDOWS\system32\01.exe','');
QuarantineFile('C:\WINDOWS\system32\00.exe','');
DeleteService('tmurjyowispafw');
QuarantineFile('C:\WINDOWS\system32\drivers\qliqqdfn.sys','');
DeleteService('oxzfelvwwmx');
QuarantineFile('C:\WINDOWS\system32\drivers\hyiuobwu.sys','');
DeleteService('grpuzpemgrud');
QuarantineFile('C:\WINDOWS\system32\drivers\nmwzooxw.sys','');
DeleteFile('C:\WINDOWS\system32\drivers\nmwzooxw.sys');
BC_DeleteSvc('grpuzpemgrud');
DeleteFile('C:\WINDOWS\system32\drivers\hyiuobwu.sys');
BC_DeleteSvc('oxzfelvwwmx');
DeleteFile('C:\WINDOWS\system32\drivers\qliqqdfn.sys');
BC_DeleteSvc('tmurjyowispafw');
DeleteFile('C:\WINDOWS\system32\aucsvwop.dll');
DeleteFile('C:\Documents and Settings\takeoff\Application Data\bowcav.exe');
DeleteFile('C:\WINDOWS\system32\00.exe');
DeleteFile('C:\WINDOWS\system32\01.exe');
DeleteFile('C:\WINDOWS\system32\02.exe');
DeleteFile('C:\WINDOWS\system32\04.exe');
DeleteFile('C:\WINDOWS\system32\04.scr');
DeleteFile('C:\WINDOWS\system32\05.exe');
DeleteFile('C:\WINDOWS\system32\07.exe');
DeleteFile('C:\WINDOWS\system32\08.exe');
DeleteFile('C:\WINDOWS\system32\10.exe');
DeleteFile('C:\WINDOWS\system32\12.exe');
DeleteFile('C:\WINDOWS\system32\13.exe');
DeleteFile('C:\WINDOWS\system32\16.exe');
DeleteFile('C:\WINDOWS\system32\17.exe');
DeleteFile('C:\WINDOWS\system32\20.exe');
DeleteFile('C:\WINDOWS\system32\21.exe');
DeleteFile('C:\WINDOWS\system32\22.exe');
DeleteFile('C:\WINDOWS\system32\24.exe');
DeleteFile('C:\WINDOWS\system32\26.exe');
DeleteFile('C:\WINDOWS\system32\27.exe');
DeleteFile('C:\WINDOWS\system32\28.exe');
DeleteFile('C:\WINDOWS\system32\30.exe');
DeleteFile('C:\WINDOWS\system32\31.exe');
DeleteFile('C:\WINDOWS\system32\33.exe');
DeleteFile('C:\WINDOWS\system32\34.exe');
DeleteFile('C:\WINDOWS\system32\35.exe');
DeleteFile('C:\WINDOWS\system32\37.exe');
DeleteFile('C:\WINDOWS\system32\40.exe');
DeleteFile('C:\WINDOWS\system32\41.exe');
DeleteFile('C:\WINDOWS\system32\42.exe');
DeleteFile('C:\WINDOWS\system32\44.exe');
DeleteFile('C:\WINDOWS\system32\45.exe');
DeleteFile('C:\WINDOWS\system32\46.exe');
DeleteFile('C:\WINDOWS\system32\51.exe');
DeleteFile('C:\WINDOWS\system32\52.exe');
DeleteFile('C:\WINDOWS\system32\54.exe');
DeleteFile('C:\WINDOWS\system32\55.exe');
DeleteFile('C:\WINDOWS\system32\56.exe');
DeleteFile('C:\WINDOWS\system32\58.exe');
DeleteFile('C:\WINDOWS\system32\60.exe');
DeleteFile('C:\WINDOWS\system32\61.exe');
DeleteFile('C:\WINDOWS\system32\66.exe');
DeleteFile('C:\WINDOWS\system32\68.exe');
DeleteFile('C:\WINDOWS\system32\70.exe');
DeleteFile('C:\WINDOWS\system32\71.exe');
DeleteFile('C:\WINDOWS\system32\72.exe');
DeleteFile('C:\WINDOWS\system32\73.exe');
DeleteFile('C:\WINDOWS\system32\74.exe');
DeleteFile('C:\WINDOWS\system32\75.exe');
DeleteFile('C:\WINDOWS\system32\76.exe');
DeleteFile('C:\WINDOWS\system32\77.exe');
DeleteFile('C:\WINDOWS\system32\78.exe');
DeleteFile('C:\WINDOWS\system32\80.exe');
DeleteFile('C:\WINDOWS\system32\84.exe');
DeleteFile('C:\WINDOWS\system32\85.exe');
DeleteFile('C:\WINDOWS\system32\88.exe');
DeleteFile('C:\WINDOWS\system32\msvmiode.exe');
BC_DeleteFile('C:\WINDOWS\system32\msvmiode.exe');
BC_DeleteFile('C:\Documents and Settings\takeoff\Application Data\bowcav.exe');
BC_ImportAll;
ExecuteSysClean;
AddToLog(inttostr(BC_ServiceKill('ofebctnt')) );
SaveLog(GetAVZDirectory+'avz_log.txt');
SetAVZPMStatus(True);
ExecuteWizard('TSW',2,3,true);
BC_Activate;
RebootWindows(true);
end.