Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Home\AppData\Local\pricehorse\pricehorse\1.3.17.0\playsetup.exe','');
QuarantineFile('C:\Users\Home\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\f025b33d-4fe1-43d1-9072-60df121c2890.exe','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\80c98f6a-6bad-44f9-af51-09a88eb6c02b-7.exe','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\80c98f6a-6bad-44f9-af51-09a88eb6c02b-6.exe','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\80c98f6a-6bad-44f9-af51-09a88eb6c02b-5.exe','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\80c98f6a-6bad-44f9-af51-09a88eb6c02b-4.exe','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\80c98f6a-6bad-44f9-af51-09a88eb6c02b-2.exe','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\80c98f6a-6bad-44f9-af51-09a88eb6c02b-11.exe','');
QuarantineFile('C:\Program Files (x86)\Ge-Force\Ge-Force-codedownloader.exe','');
QuarantineFile('C:\Users\Home\AppData\Local\Temp\3fdc6.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\5432e15e-8b38-4917-9568-a8baef47582c.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\50d4aed4-2aaa-454f-abde-2027603ed4ce-7.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\50d4aed4-2aaa-454f-abde-2027603ed4ce-6.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\50d4aed4-2aaa-454f-abde-2027603ed4ce-5.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\50d4aed4-2aaa-454f-abde-2027603ed4ce-4.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\50d4aed4-2aaa-454f-abde-2027603ed4ce-2.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\50d4aed4-2aaa-454f-abde-2027603ed4ce-11.exe','');
QuarantineFile('C:\Program Files (x86)\FastestTube\2.2.9.3\WombatBHO.dll','');
QuarantineFile('C:\Users\Home\AppData\Roaming\ZZima\zzima_loader\nloader.exe','');
QuarantineFile('C:\Users\Home\AppData\Roaming\FunSpace\VKMusicUpd\FunSpace.Update.Process.exe','');
QuarantineFile('C:\Users\Home\AppData\Local\Kometa\kometaup.exe','');
QuarantineFile('C:\Users\Home\AppData\Local\Kometa\Application\kometa.exe','');
QuarantineFile('C:\Users\Home\AppData\Local\ConvertAd\ConvertAd.exe','');
SetServiceStart('{d441afc2-977b-40eb-b688-431b09118e9e}w64', 4);
DeleteService('{d441afc2-977b-40eb-b688-431b09118e9e}w64');
SetServiceStart('{c0915853-fd66-4086-a9ce-b80496d49b3f}w64', 4);
DeleteService('{c0915853-fd66-4086-a9ce-b80496d49b3f}w64');
SetServiceStart('{b4f0db47-e6e9-4c42-81c6-12810a72f643}Gw64', 4);
DeleteService('{b4f0db47-e6e9-4c42-81c6-12810a72f643}Gw64');
SetServiceStart('{921265c3-88e5-40e1-8d74-df5314572900}w64', 4);
DeleteService('{921265c3-88e5-40e1-8d74-df5314572900}w64');
SetServiceStart('{87b5a11e-3b54-42d2-9102-0a7cb1f79ebf}w64', 4);
DeleteService('{87b5a11e-3b54-42d2-9102-0a7cb1f79ebf}w64');
SetServiceStart('{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}w64', 4);
DeleteService('{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}w64');
SetServiceStart('{4bd643ce-8ef9-41bb-9b43-501b4f8fae85}w64', 4);
DeleteService('{4bd643ce-8ef9-41bb-9b43-501b4f8fae85}w64');
SetServiceStart('{4889ddce-7a83-45e6-afc9-1e4f1149fff4}w64', 4);
DeleteService('{4889ddce-7a83-45e6-afc9-1e4f1149fff4}w64');
SetServiceStart('{4622aef0-e33e-4e1f-9b62-ca3f18b46b25}w64', 4);
DeleteService('{4622aef0-e33e-4e1f-9b62-ca3f18b46b25}w64');
SetServiceStart('{3560b757-0519-45b3-a215-cfb94afd0821}w64', 4);
DeleteService('{3560b757-0519-45b3-a215-cfb94afd0821}w64');
SetServiceStart('{20915d52-1148-4fc2-8788-129eeb5e27dd}w64', 4);
DeleteService('{20915d52-1148-4fc2-8788-129eeb5e27dd}w64');
SetServiceStart('{1f01bfa6-8fc1-4c12-a219-da77269427c2}w64', 4);
DeleteService('{1f01bfa6-8fc1-4c12-a219-da77269427c2}w64');
SetServiceStart('webinstrNHKT', 4);
DeleteService('webinstrNHKT');
SetServiceStart('SPBIUpdd', 4);
DeleteService('SPBIUpdd');
SetServiceStart('WindowsMangerProtect', 4);
DeleteService('WindowsMangerProtect');
SetServiceStart('Update Service for advPlugin', 4);
DeleteService('Update Service for advPlugin');
SetServiceStart('SPBIUpd', 4);
DeleteService('SPBIUpd');
SetServiceStart('ReimageRealTimeProtector', 4);
DeleteService('ReimageRealTimeProtector');
SetServiceStart('PennyBee', 4);
DeleteService('PennyBee');
QuarantineFile('C:\Windows\system32\drivers\{e1c3d314-467f-412b-b7f3-f01dce3a38ae}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{e1c3d314-467f-412b-b7f3-f01dce3a38ae}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{d441afc2-977b-40eb-b688-431b09118e9e}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{c0915853-fd66-4086-a9ce-b80496d49b3f}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{b4f0db47-e6e9-4c42-81c6-12810a72f643}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{87b5a11e-3b54-42d2-9102-0a7cb1f79ebf}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{4bd643ce-8ef9-41bb-9b43-501b4f8fae85}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{4889ddce-7a83-45e6-afc9-1e4f1149fff4}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{4622aef0-e33e-4e1f-9b62-ca3f18b46b25}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{3560b757-0519-45b3-a215-cfb94afd0821}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{20915d52-1148-4fc2-8788-129eeb5e27dd}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{1f01bfa6-8fc1-4c12-a219-da77269427c2}w64.sys','');
QuarantineFile('C:\Windows\system32\Drivers\webinstrNHKT.sys','');
QuarantineFile('C:\Program Files\Common Files\ShopperPro\spbiw.sys','');
TerminateProcessByName('c:\users\home\appdata\local\gmsd_ru_83\upgmsd_ru_83.exe');
QuarantineFile('c:\users\home\appdata\local\gmsd_ru_83\upgmsd_ru_83.exe','');
TerminateProcessByName('C:\Program Files\Common Files\ShopperPro\spbiu.exe');
QuarantineFile('C:\Program Files\Common Files\ShopperPro\spbiu.exe','');
TerminateProcessByName('C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe');
QuarantineFile('C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe','');
TerminateProcessByName('C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe');
QuarantineFile('C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe','');
TerminateProcessByName('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe');
QuarantineFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','');
TerminateProcessByName('c:\users\home\appdata\local\pricehorse\pricehorse\1.3.17.0\pricehorse.exe');
QuarantineFile('c:\users\home\appdata\local\pricehorse\pricehorse\1.3.17.0\pricehorse.exe','');
TerminateProcessByName('c:\users\home\appdata\local\pricehorse\pricehorse\1.3.17.0\playsetup.exe');
QuarantineFile('c:\users\home\appdata\local\pricehorse\pricehorse\1.3.17.0\playsetup.exe','');
TerminateProcessByName('c:\program files (x86)\pennybee\pennybee.exe');
QuarantineFile('c:\program files (x86)\pennybee\pennybee.exe','');
TerminateProcessByName('c:\program files (x86)\gmsd_ru_83\gmsd_ru_83.exe');
QuarantineFile('c:\program files (x86)\gmsd_ru_83\gmsd_ru_83.exe','');
TerminateProcessByName('c:\program files (x86)\advplugin\basement\extensionupdaterservice.exe');
QuarantineFile('c:\program files (x86)\advplugin\basement\extensionupdaterservice.exe','');
DeleteFile('c:\program files (x86)\advplugin\basement\extensionupdaterservice.exe','32');
DeleteFile('c:\program files (x86)\gmsd_ru_83\gmsd_ru_83.exe','32');
DeleteFile('c:\program files (x86)\pennybee\pennybee.exe','32');
DeleteFile('c:\users\home\appdata\local\pricehorse\pricehorse\1.3.17.0\playsetup.exe','32');
DeleteFile('c:\users\home\appdata\local\pricehorse\pricehorse\1.3.17.0\pricehorse.exe','32');
DeleteFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','32');
DeleteFile('C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe','32');
DeleteFile('C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe','32');
DeleteFile('C:\Program Files\Common Files\ShopperPro\spbiu.exe','32');
DeleteFile('c:\users\home\appdata\local\gmsd_ru_83\upgmsd_ru_83.exe','32');
DeleteFile('C:\Program Files\Common Files\ShopperPro\spbiw.sys','32');
DeleteFile('C:\Windows\system32\Drivers\webinstrNHKT.sys','32');
DeleteFile('C:\Windows\system32\drivers\{1f01bfa6-8fc1-4c12-a219-da77269427c2}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{20915d52-1148-4fc2-8788-129eeb5e27dd}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{3560b757-0519-45b3-a215-cfb94afd0821}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{4622aef0-e33e-4e1f-9b62-ca3f18b46b25}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{4889ddce-7a83-45e6-afc9-1e4f1149fff4}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{4bd643ce-8ef9-41bb-9b43-501b4f8fae85}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{87b5a11e-3b54-42d2-9102-0a7cb1f79ebf}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{b4f0db47-e6e9-4c42-81c6-12810a72f643}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{c0915853-fd66-4086-a9ce-b80496d49b3f}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{d441afc2-977b-40eb-b688-431b09118e9e}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{e1c3d314-467f-412b-b7f3-f01dce3a38ae}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{e1c3d314-467f-412b-b7f3-f01dce3a38ae}w64.sys','32');
DeleteFile('C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_83');
DeleteFile('C:\Users\Home\AppData\Local\Amigo\Application\amigo.exe','32');
DeleteFile('C:\Users\Home\AppData\Local\Amigo\Application\vk.exe','32');
DeleteFile('C:\Users\Home\AppData\Local\ConvertAd\ConvertAd.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConvertAd','command');
DeleteFile('C:\Users\Home\AppData\Local\Kometa\Application\kometa.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KometaAutoLaunch_9D0CA477C174F9D039E7B39A6DA2A7E7','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kometaup','command');
DeleteFile('C:\Users\Home\AppData\Local\Kometa\kometaup.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upgmsd_ru_83.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Price-Horse');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','$crrUnisntlDsply$');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VKMusic update process','command');
DeleteFile('C:\Users\Home\AppData\Roaming\FunSpace\VKMusicUpd\FunSpace.Update.Process.exe','32');
DeleteFile('C:\Users\Home\AppData\Roaming\ZZima\zzima_loader\nloader.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\qloader','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DevidAgent','command');
DeleteFile('C:\Windows\Tasks\50d4aed4-2aaa-454f-abde-2027603ed4ce-1.job','64');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\50d4aed4-2aaa-454f-abde-2027603ed4ce-11.exe','32');
DeleteFile('C:\Windows\Tasks\50d4aed4-2aaa-454f-abde-2027603ed4ce-11.job','64');
DeleteFile('C:\Windows\Tasks\50d4aed4-2aaa-454f-abde-2027603ed4ce-2.job','64');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\50d4aed4-2aaa-454f-abde-2027603ed4ce-2.exe','32');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\50d4aed4-2aaa-454f-abde-2027603ed4ce-4.exe','32');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\50d4aed4-2aaa-454f-abde-2027603ed4ce-5.exe','32');
DeleteFile('C:\Windows\Tasks\50d4aed4-2aaa-454f-abde-2027603ed4ce-5_user.job','64');
DeleteFile('C:\Windows\Tasks\50d4aed4-2aaa-454f-abde-2027603ed4ce-5.job','64');
DeleteFile('C:\Windows\Tasks\50d4aed4-2aaa-454f-abde-2027603ed4ce-4.job','64');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\50d4aed4-2aaa-454f-abde-2027603ed4ce-6.exe','32');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\50d4aed4-2aaa-454f-abde-2027603ed4ce-7.exe','32');
DeleteFile('C:\Windows\Tasks\50d4aed4-2aaa-454f-abde-2027603ed4ce-7.job','64');
DeleteFile('C:\Windows\Tasks\50d4aed4-2aaa-454f-abde-2027603ed4ce-6.job','64');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\5432e15e-8b38-4917-9568-a8baef47582c.exe','32');
DeleteFile('C:\Users\Home\AppData\Local\Temp\3fdc6.exe','32');
DeleteFile('C:\Windows\Tasks\72xpnwk.job','64');
DeleteFile('C:\Windows\Tasks\5432e15e-8b38-4917-9568-a8baef47582c.job','64');
DeleteFile('C:\Windows\Tasks\80c98f6a-6bad-44f9-af51-09a88eb6c02b-1.job','64');
DeleteFile('C:\Program Files (x86)\Ge-Force\Ge-Force-codedownloader.exe','32');
DeleteFile('C:\Program Files (x86)\Ge-Force\80c98f6a-6bad-44f9-af51-09a88eb6c02b-11.exe','32');
DeleteFile('C:\Windows\Tasks\80c98f6a-6bad-44f9-af51-09a88eb6c02b-11.job','64');
DeleteFile('C:\Program Files (x86)\Ge-Force\80c98f6a-6bad-44f9-af51-09a88eb6c02b-2.exe','32');
DeleteFile('C:\Windows\Tasks\80c98f6a-6bad-44f9-af51-09a88eb6c02b-2.job','64');
DeleteFile('C:\Windows\Tasks\80c98f6a-6bad-44f9-af51-09a88eb6c02b-4.job','64');
DeleteFile('C:\Program Files (x86)\Ge-Force\80c98f6a-6bad-44f9-af51-09a88eb6c02b-4.exe','32');
DeleteFile('C:\Program Files (x86)\Ge-Force\80c98f6a-6bad-44f9-af51-09a88eb6c02b-5.exe','32');
DeleteFile('C:\Windows\Tasks\80c98f6a-6bad-44f9-af51-09a88eb6c02b-5.job','64');
DeleteFile('C:\Windows\Tasks\80c98f6a-6bad-44f9-af51-09a88eb6c02b-5_user.job','64');
DeleteFile('C:\Program Files (x86)\Ge-Force\80c98f6a-6bad-44f9-af51-09a88eb6c02b-6.exe','32');
DeleteFile('C:\Windows\Tasks\80c98f6a-6bad-44f9-af51-09a88eb6c02b-6.job','64');
DeleteFile('C:\Windows\Tasks\80c98f6a-6bad-44f9-af51-09a88eb6c02b-7.job','64');
DeleteFile('C:\Program Files (x86)\Ge-Force\80c98f6a-6bad-44f9-af51-09a88eb6c02b-7.exe','32');
DeleteFile('C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','64');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','64');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','64');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\f025b33d-4fe1-43d1-9072-60df121c2890.exe','32');
DeleteFile('C:\Windows\Tasks\f025b33d-4fe1-43d1-9072-60df121c2890.job','64');
DeleteFile('C:\Windows\Tasks\PennyBee.job','64');
DeleteFile('C:\Users\Home\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE','32');
DeleteFile('C:\Windows\Tasks\SpeedUpMyPC Maintenance.job','64');
DeleteFile('C:\Windows\Tasks\SpeedUpMyPC Startup.job','64');
DeleteFile('C:\Windows\Tasks\SpeedUpMyPC Subscription.job','64');
DeleteFile('C:\Windows\system32\Tasks\$crrUnisntlDsply$','64');
DeleteFile('C:\Windows\system32\Tasks\$crrUnisntlDsply$ Updater','64');
DeleteFile('C:\Users\Home\AppData\Local\pricehorse\pricehorse\1.3.17.0\playsetup.exe','32');
DeleteFile('C:\Windows\system32\Tasks\72xpnwk','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','64');
DeleteFile('C:\Windows\system32\Tasks\Price-Horse','64');
DeleteFile('C:\Windows\system32\Tasks\Price-Horse Updater','64');
DeleteFile('C:\Windows\system32\Tasks\Reimage Reminder','64');
DeleteFile('C:\Windows\system32\Tasks\ReimageUpdater','64');
DeleteFile('C:\Windows\system32\Tasks\SPDriver','64');
DeleteFile('C:\Windows\system32\Tasks\SpeedUpMyPC Maintenance','64');
DeleteFile('C:\Windows\system32\Tasks\SpeedUpMyPC Startup','64');
DeleteFile('C:\Windows\system32\Tasks\SpeedUpMyPC Subscription','64');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.