Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\ProgramData\ShopperPro\spbihe.js','');
QuarantineFile('C:\Users\Евгений\AppData\Local\BoBrowser\Application\bobrowser.exe','');
QuarantineFile('C:\Users\Евгений\AppData\Local\SystemDir\nethost.exe','');
QuarantineFile('C:\Users\Евгений\AppData\Local\Microsoft\Extensions\extsetup.exe','');
QuarantineFile('C:\Program Files\Common Files\Distribute Application\appdistrib.exe','');
QuarantineFile('C:\Users\Евгений\AppData\Roaming\YYSBJB.exe','');
QuarantineFile('C:\Users\Евгений\AppData\Roaming\YAXWJ.exe','');
QuarantineFile('C:\Users\Евгений\AppData\Roaming\XBPD.exe','');
QuarantineFile('C:\Users\Евгений\AppData\Roaming\CJVW.exe','');
QuarantineFile('C:\Users\Евгений\AppData\Roaming\BQOK.exe','');
QuarantineFile('C:\Users\Евгений\AppData\Roaming\ALHVX.exe','');
QuarantineFile('C:\Program Files\iWebar\0ad992ad-605a-41d5-86b5-b4a0299f4545-7.exe','');
QuarantineFile('C:\Program Files\iWebar\0ad992ad-605a-41d5-86b5-b4a0299f4545-6.exe','');
QuarantineFile('C:\Program Files\iWebar\0ad992ad-605a-41d5-86b5-b4a0299f4545-5.exe','');
QuarantineFile('C:\Program Files\iWebar\0ad992ad-605a-41d5-86b5-b4a0299f4545-2.exe','');
QuarantineFile('C:\Program Files\iWebar\0ad992ad-605a-41d5-86b5-b4a0299f4545-11.exe','');
QuarantineFile('C:\Program Files\iWebar\iWebar-codedownloader.exe','');
DelBHO('{11111111-1111-1111-1111-110311281150}');
DelBHO('{11111111-1111-1111-1111-110611511123}');
DelBHO('{9c04bb80-5dbb-4704-91d4-299b94246aab}');
DelBHO('{A18EA34C-6D33-4298-8A54-7F16499904C0}');
DelBHO('{f96569dd-def6-40ab-8567-6f31b1e231da}');
QuarantineFile('C:\Program Files\tpeRfectcoouppoun\Qom8DENe5O4Spp.dll','');
QuarantineFile('C:\Program Files\ClickCaption_1.10.0.2\IE\ClickCaptionClientIE.dll','');
QuarantineFile('C:\Program Files\realdeAll\BynXQ1Z4Bw3eBW.dll','');
QuarantineFile('C:\Program Files\iWebar\iWebar-bho.dll','');
QuarantineFile('C:\Program Files\Object Browser\Object Browser-bho.dll','');
QuarantineFile('C:\Users\Евгений\AppData\Local\Microsoft\Extensions\safebrowser.exe','');
QuarantineFile('C:\Users\Евгений\AppData\Local\MediaPlay\MediaPlay.exe','');
QuarantineFile('C:\ProgramData\Windows\csrss.exe','');
QuarantineFile('C:\ProgramData\Kbupdater Utility\kbupdater-utility.exe','');
QuarantineFile('C:\Program Files\YTDownloader\YTDownloader.exe','');
QuarantineFile('C:\Program Files\Kinoroom Browser\kinoroom-browser.exe','');
QuarantineFile('C:\Windows\system32\drivers\wpnfd_1_10_0_6.sys','');
DeleteService('wpnfd_1_10_0_6');
QuarantineFile('C:\Program Files\ShopperPro\JSDriver\1361.0.0.0\jsdrv.sys','');
DeleteService('SPDRIVER_1361.0.0.0');
DeleteService('ccnfd_1_10_0_2');
SetServiceStart('{f69f75dd-7e74-4885-b8d1-87b7e0b79ccb}Gw', 4);
DeleteService('{f69f75dd-7e74-4885-b8d1-87b7e0b79ccb}Gw');
SetServiceStart('{7b7db604-54eb-492b-a629-19e0f0c6ac57}Gw', 4);
DeleteService('{7b7db604-54eb-492b-a629-19e0f0c6ac57}Gw');
SetServiceStart('{72046701-0cbb-49f5-bb97-c718dc285f35}w', 4);
DeleteService('{72046701-0cbb-49f5-bb97-c718dc285f35}w');
QuarantineFile('C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe','');
DeleteService('WindowsMangerProtect');
QuarantineFile('C:\Program Files\ClickCaption_1.10.0.2\Service\ccsvc.exe','');
QuarantineFile('C:\Program Files\Common Files\ShopperPro\spbiu.exe','');
DeleteService('ccsvc_1.10.0.2');
SetServiceStart('SPBIUpd', 4);
DeleteService('SPBIUpd');
QuarantineFile('C:\Windows\system32\drivers\{f69f75dd-7e74-4885-b8d1-87b7e0b79ccb}w.sys','');
QuarantineFile('C:\Windows\system32\drivers\{f69f75dd-7e74-4885-b8d1-87b7e0b79ccb}Gw.sys','');
QuarantineFile('C:\Windows\system32\drivers\{7b7db604-54eb-492b-a629-19e0f0c6ac57}Gw.sys','');
QuarantineFile('C:\Windows\system32\drivers\{72046701-0cbb-49f5-bb97-c718dc285f35}w.sys','');
QuarantineFile('C:\Program Files\Common Files\ShopperPro\spbiw.sys','');
QuarantineFile('c:\Program Files\BorderlineFunc\BorderlineFunc.dll','');
TerminateProcessByName('c:\program files\common files\shopperpro\spbiu.exe');
QuarantineFile('c:\program files\common files\shopperpro\spbiu.exe','');
TerminateProcessByName('c:\programdata\windows\csrss.exe');
QuarantineFile('c:\programdata\windows\csrss.exe','');
DeleteFile('c:\programdata\windows\csrss.exe','32');
DeleteFile('c:\program files\common files\shopperpro\spbiu.exe','32');
DeleteFile('C:\Program Files\Common Files\ShopperPro\spbiw.sys','32');
DeleteFile('C:\Windows\system32\drivers\{72046701-0cbb-49f5-bb97-c718dc285f35}w.sys','32');
DeleteFile('C:\Windows\system32\drivers\{7b7db604-54eb-492b-a629-19e0f0c6ac57}Gw.sys','32');
DeleteFile('C:\Windows\system32\drivers\{f69f75dd-7e74-4885-b8d1-87b7e0b79ccb}Gw.sys','32');
DeleteFile('C:\Windows\system32\drivers\{f69f75dd-7e74-4885-b8d1-87b7e0b79ccb}w.sys','32');
DeleteFile('C:\Program Files\Common Files\ShopperPro\spbiu.exe','32');
DeleteFile('C:\Program Files\ClickCaption_1.10.0.2\Service\ccsvc.exe','32');
DeleteFile('C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe','32');
DeleteFile('C:\Program Files\ShopperPro\JSDriver\1361.0.0.0\jsdrv.sys','32');
DeleteFile('C:\Windows\system32\drivers\wpnfd_1_10_0_6.sys','32');
DeleteFile('C:\Program Files\Kinoroom Browser\kinoroom-browser.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SPDriver');
DeleteFile('C:\Program Files\YTDownloader\YTDownloader.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','YTDownloader');
DeleteFile('C:\ProgramData\Kbupdater Utility\kbupdater-utility.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Client Server Runtime Subsystem');
DeleteFile('C:\ProgramData\Windows\csrss.exe','32');
DeleteFile('C:\Users\Евгений\AppData\Local\MediaPlay\MediaPlay.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','MediaPlay');
DeleteFile('C:\Users\Евгений\AppData\Local\Microsoft\Extensions\safebrowser.exe','32');
DeleteFile('C:\Program Files\Object Browser\Object Browser-bho.dll','32');
DeleteFile('C:\Program Files\iWebar\iWebar-bho.dll','32');
DeleteFile('C:\Program Files\realdeAll\BynXQ1Z4Bw3eBW.dll','32');
DeleteFile('C:\Program Files\ClickCaption_1.10.0.2\IE\ClickCaptionClientIE.dll','32');
DeleteFile('C:\Program Files\tpeRfectcoouppoun\Qom8DENe5O4Spp.dll','32');
DeleteFile('C:\Program Files\iWebar\iWebar-codedownloader.exe','32');
DeleteFile('C:\Windows\Tasks\0ad992ad-605a-41d5-86b5-b4a0299f4545-1.job','32');
DeleteFile('C:\Program Files\iWebar\0ad992ad-605a-41d5-86b5-b4a0299f4545-11.exe','32');
DeleteFile('C:\Windows\Tasks\0ad992ad-605a-41d5-86b5-b4a0299f4545-11.job','32');
DeleteFile('C:\Windows\Tasks\0ad992ad-605a-41d5-86b5-b4a0299f4545-2.job','32');
DeleteFile('C:\Program Files\iWebar\0ad992ad-605a-41d5-86b5-b4a0299f4545-2.exe','32');
DeleteFile('C:\Program Files\iWebar\0ad992ad-605a-41d5-86b5-b4a0299f4545-5.exe','32');
DeleteFile('C:\Windows\Tasks\0ad992ad-605a-41d5-86b5-b4a0299f4545-5.job','32');
DeleteFile('C:\Windows\Tasks\0ad992ad-605a-41d5-86b5-b4a0299f4545-5_user.job','32');
DeleteFile('C:\Program Files\iWebar\0ad992ad-605a-41d5-86b5-b4a0299f4545-6.exe','32');
DeleteFile('C:\Windows\Tasks\0ad992ad-605a-41d5-86b5-b4a0299f4545-6.job','32');
DeleteFile('C:\Program Files\iWebar\0ad992ad-605a-41d5-86b5-b4a0299f4545-7.exe','32');
DeleteFile('C:\Windows\Tasks\0ad992ad-605a-41d5-86b5-b4a0299f4545-7.job','32');
DeleteFile('C:\Users\Евгений\AppData\Roaming\ALHVX.exe','32');
DeleteFile('C:\Windows\Tasks\ALHVX.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','32');
DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Users\Евгений\AppData\Roaming\BQOK.exe','32');
DeleteFile('C:\Windows\Tasks\BQOK.job','32');
DeleteFile('C:\Windows\Tasks\CJVW.job','32');
DeleteFile('C:\Users\Евгений\AppData\Roaming\CJVW.exe','32');
DeleteFile('C:\Windows\Tasks\d973f484-e40c-4968-86ec-f94b63e4e358-1.job','32');
DeleteFile('C:\Windows\Tasks\d973f484-e40c-4968-86ec-f94b63e4e358-11.job','32');
DeleteFile('C:\Windows\Tasks\d973f484-e40c-4968-86ec-f94b63e4e358-2.job','32');
DeleteFile('C:\Windows\Tasks\d973f484-e40c-4968-86ec-f94b63e4e358-5.job','32');
DeleteFile('C:\Windows\Tasks\d973f484-e40c-4968-86ec-f94b63e4e358-5_user.job','32');
DeleteFile('C:\Windows\Tasks\d973f484-e40c-4968-86ec-f94b63e4e358-6.job','32');
DeleteFile('C:\Windows\Tasks\d973f484-e40c-4968-86ec-f94b63e4e358-7.job','32');
DeleteFile('C:\Windows\Tasks\XBPD.job','32');
DeleteFile('C:\Windows\Tasks\YAXWJ.job','32');
DeleteFile('C:\Users\Евгений\AppData\Roaming\XBPD.exe','32');
DeleteFile('C:\Users\Евгений\AppData\Roaming\YAXWJ.exe','32');
DeleteFile('C:\Users\Евгений\AppData\Roaming\YYSBJB.exe','32');
DeleteFile('C:\Windows\Tasks\YYSBJB.job','32');
DeleteFile('C:\Windows\system32\Tasks\0ad992ad-605a-41d5-86b5-b4a0299f4545-1','32');
DeleteFile('C:\Windows\system32\Tasks\0ad992ad-605a-41d5-86b5-b4a0299f4545-11','32');
DeleteFile('C:\Windows\system32\Tasks\0ad992ad-605a-41d5-86b5-b4a0299f4545-2','32');
DeleteFile('C:\Windows\system32\Tasks\0ad992ad-605a-41d5-86b5-b4a0299f4545-5','32');
DeleteFile('C:\Windows\system32\Tasks\0ad992ad-605a-41d5-86b5-b4a0299f4545-6','32');
DeleteFile('C:\Windows\system32\Tasks\0ad992ad-605a-41d5-86b5-b4a0299f4545-7','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','32');
DeleteFile('C:\Windows\system32\Tasks\d973f484-e40c-4968-86ec-f94b63e4e358-1','32');
DeleteFile('C:\Windows\system32\Tasks\d973f484-e40c-4968-86ec-f94b63e4e358-11','32');
DeleteFile('C:\Windows\system32\Tasks\d973f484-e40c-4968-86ec-f94b63e4e358-2','32');
DeleteFile('C:\Windows\system32\Tasks\d973f484-e40c-4968-86ec-f94b63e4e358-5','32');
DeleteFile('C:\Windows\system32\Tasks\d973f484-e40c-4968-86ec-f94b63e4e358-6','32');
DeleteFile('C:\Windows\system32\Tasks\d973f484-e40c-4968-86ec-f94b63e4e358-7','32');
DeleteFile('C:\Users\Евгений\AppData\Local\Microsoft\Extensions\extsetup.exe','32');
DeleteFile('C:\Windows\system32\Tasks\extsetup','32');
DeleteFile('C:\Windows\system32\Tasks\Kbupdater Utility','32');
DeleteFile('C:\Users\Евгений\AppData\Local\SystemDir\nethost.exe','32');
DeleteFile('C:\Windows\system32\Tasks\Safebrowser','32');
DeleteFile('C:\Windows\system32\Tasks\nethost task','32');
DeleteFile('C:\ProgramData\ShopperPro\spbihe.js','32');
DeleteFile('C:\Windows\system32\Tasks\SPBIW_UpdateTask_Time_323332363535363336302d3437415a556c2a3223346c41','32');
DeleteFile('C:\Windows\system32\Tasks\SPDriver','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.