Function RegKeyResetSecurityEx(ARoot, AName : string) : boolean; var i : integer; KeyList : TStringList; KeyName : string; begin RegKeyResetSecurity(ARoot, AName); KeyList := TStringList.Create; RegKeyEnumKey(ARoot, AName, KeyList); for i := 0 to KeyList.Count-1 do begin KeyName := AName+'\'+KeyList[i]; RegKeyResetSecurity(ARoot, KeyName); RegKeyResetSecurityEx(ARoot, KeyName); end; KeyList.Free; end; Function BC_ServiceKill(AServiceName : string; AIsSvcHosted : boolean = true) : byte; var i : integer; KeyList : TStringList; KeyName : string; begin Result := 0; if StopService(AServiceName) then Result := Result or 1; if DeleteService(AServiceName, not(AIsSvcHosted)) then Result := Result or 2; KeyList := TStringList.Create; RegKeyEnumKey('HKLM','SYSTEM', KeyList); for i := 0 to KeyList.Count-1 do if pos('controlset', LowerCase(KeyList[i])) > 0 then begin KeyName := 'SYSTEM\'+KeyList[i]+'\Services\'+AServiceName; if RegKeyExistsEx('HKLM', KeyName) then begin Result := Result or 4; RegKeyResetSecurityEx('HKLM', KeyName); RegKeyDel('HKLM', KeyName); if RegKeyExistsEx('HKLM', KeyName) then Result := Result or 8; end; end; if AIsSvcHosted then BC_DeleteSvcReg(AServiceName) else BC_DeleteSvc(AServiceName); KeyList.Free; end; begin ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.'); ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); ExecuteStdScr(5); {обновление баз AVZ с автоматической настройкой} SearchRootkit(true, true); SetAVZGuardStatus(True); BC_ServiceKill('MCIDRV_2600_6_0'); BC_ServiceKill('XDva359'); DeleteFile('j:\documents and settings\admin\local settings\application data\{66c6b90d-21e6-eafa-70ad-81b80b691d86}\.exe'); DeleteFile('J:\WINDOWS\system32\drivers\nqrmmr.sys'); DeleteFile('J:\WINDOWS\system32\XDva359.sys'); DeleteFile('J:\WINDOWS\system32\5a26e483.exe'); DeleteFile('J:\WINDOWS\system32\6535b259.exe'); DeleteFile('J:\WINDOWS\system32\fc04c54e.exe'); DeleteFile('J:\WINDOWS\system32\sijwst.exe'); DeleteFile('J:\WINDOWS\system32\uhsgka.exe'); DeleteFile('J:\WINDOWS\system32\userini.exe'); DeleteFile('\\?\globalroot\systemroot\system32\2hp2bAJ.exe'); DeleteFile('\\?\globalroot\systemroot\system32\s5Xsys6.exe'); RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 1); RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3); RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3); RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1); RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3); BC_ImportAll; ExecuteSysClean; SetAVZPMStatus(true); BC_Activate; RebootWindows(true); end. |