Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files\YTDownloader\Updater.exe','');
QuarantineFile('C:\PROGRA~1\COMMON~1\System\SysMenu.dll','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\SFSHTSVK.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\KZKYTKB.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-7.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-6.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-5.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-3.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-1-6.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-1-7.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-10.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-11.exe','');
DelBHO('{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}');
QuarantineFile('C:\Program Files\Application Assistance\ap.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\gmsd_re_194\upgmsd_re_194.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Kometa\kometaup.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.resworb.bat','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.erolpxei.bat','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.emorhc.bat','');
SetServiceStart('sbmntr', 4);
DeleteService('sbmntr');
QuarantineFile('C:\Program Files\globalUpdate\Update\GoogleUpdate.exe','');
DeleteService('globalUpdatem');
DeleteService('globalUpdate');
SetServiceStart('WindowsMangerProtect', 4);
SetServiceStart('pylywusy', 4);
DeleteService('WindowsMangerProtect');
DeleteService('pylywusy');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\982C7580-1428309381-11D5-AAD2-16C67FF75E23\jnse738.tmp','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\982C7580-1428309381-11D5-AAD2-16C67FF75E23\nsn71F.tmpfs','');
SetServiceStart('nitysyli', 4);
DeleteService('nitysyli');
SetServiceStart('BrsHelper', 4);
DeleteService('BrsHelper');
QuarantineFile('C:\PROGRA~1\YTDOWN~1\sbmntr.sys','');
QuarantineFile('C:\WINDOWS\system32\VCL.dll','');
QuarantineFile('C:\Program Files\XTab\SupTab.dll','');
QuarantineFile('C:\Program Files\SavePass 1.1\af95e478-6b0e-4690-abe8-844c6397ec61.dll','');
TerminateProcessByName('c:\program files\ytdownloader\ytdownloader.exe');
QuarantineFile('c:\program files\ytdownloader\ytdownloader.exe','');
TerminateProcessByName('c:\documents and settings\all users\application data\windowsmangerprotect\protectwindowsmanager.exe');
QuarantineFile('c:\documents and settings\all users\application data\windowsmangerprotect\protectwindowsmanager.exe','');
TerminateProcessByName('c:\documents and settings\admin\application data\982c7580-1428309381-11d5-aad2-16c67ff75e23\nsn71f.tmpfs');
QuarantineFile('c:\documents and settings\admin\application data\982c7580-1428309381-11d5-aad2-16c67ff75e23\nsn71f.tmpfs','');
TerminateProcessByName('c:\documents and settings\admin\local settings\application data\kometa\kometaup.exe');
QuarantineFile('c:\documents and settings\admin\local settings\application data\kometa\kometaup.exe','');
TerminateProcessByName('c:\documents and settings\admin\application data\982c7580-1428309381-11d5-aad2-16c67ff75e23\jnse738.tmp');
QuarantineFile('c:\documents and settings\admin\application data\982c7580-1428309381-11d5-aad2-16c67ff75e23\jnse738.tmp','');
TerminateProcessByName('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-6.exe');
QuarantineFile('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-6.exe','');
TerminateProcessByName('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-10.exe');
QuarantineFile('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-10.exe','');
TerminateProcessByName('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-1-6.exe');
QuarantineFile('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-1-6.exe','');
TerminateProcessByName('c:\progra~1\ytdown~1\browse~2.exe');
QuarantineFile('c:\progra~1\ytdown~1\browse~2.exe','');
TerminateProcessByName('c:\progra~1\ytdown~1\browserhelper.exe');
QuarantineFile('c:\progra~1\ytdown~1\browserhelper.exe','');
TerminateProcessByName('c:\program files\application assistance\ap.exe');
QuarantineFile('c:\program files\application assistance\ap.exe','');
DeleteFile('c:\program files\application assistance\ap.exe','32');
DeleteFile('c:\progra~1\ytdown~1\browserhelper.exe','32');
DeleteFile('c:\progra~1\ytdown~1\browse~2.exe','32');
DeleteFile('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-1-6.exe','32');
DeleteFile('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-10.exe','32');
DeleteFile('c:\program files\savepass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-6.exe','32');
DeleteFile('c:\documents and settings\admin\application data\982c7580-1428309381-11d5-aad2-16c67ff75e23\jnse738.tmp','32');
DeleteFile('c:\documents and settings\admin\local settings\application data\kometa\kometaup.exe','32');
DeleteFile('c:\documents and settings\admin\application data\982c7580-1428309381-11d5-aad2-16c67ff75e23\nsn71f.tmpfs','32');
DeleteFile('c:\documents and settings\all users\application data\windowsmangerprotect\protectwindowsmanager.exe','32');
DeleteFile('c:\program files\ytdownloader\ytdownloader.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\af95e478-6b0e-4690-abe8-844c6397ec61.dll','32');
DeleteFile('C:\Program Files\XTab\SupTab.dll','32');
DeleteFile('C:\WINDOWS\system32\VCL.dll','32');
DeleteFile('C:\PROGRA~1\YTDOWN~1\sbmntr.sys','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\982C7580-1428309381-11D5-AAD2-16C67FF75E23\nsn71F.tmpfs','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\982C7580-1428309381-11D5-AAD2-16C67FF75E23\jnse738.tmp','32');
DeleteFile('C:\Program Files\globalUpdate\Update\GoogleUpdate.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.emorhc.bat','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.erolpxei.bat','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\Browsers\exe.resworb.bat','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','kometaup');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Kometa\kometaup.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\gmsd_re_194\upgmsd_re_194.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_re_194.exe');
DeleteFile('C:\Program Files\Application Assistance\ap.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ap');
DeleteFile('C:\Program Files\RCP\systweakasp.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','SystweakASP');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','YTDownloader');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','YTDownloader');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-1-6.job','32');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-1-7.job','32');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-10_user.job','32');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-11.job','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-11.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-10.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-1-7.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-1-6.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-3.exe','32');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-3.job','32');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-5.job','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-5.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-6.exe','32');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-6.job','32');
DeleteFile('C:\Program Files\SavePass 1.1\e3be82cd-7e67-4969-9685-6e31c4f95110-7.exe','32');
DeleteFile('C:\WINDOWS\Tasks\e3be82cd-7e67-4969-9685-6e31c4f95110-7.job','32');
DeleteFile('C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job','32');
DeleteFile('C:\WINDOWS\Tasks\KZKYTKB.job','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\KZKYTKB.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Application Data\SFSHTSVK.exe','32');
DeleteFile('C:\WINDOWS\Tasks\SFSHTSVK.job','32');
DeleteFile('C:\WINDOWS\Tasks\SMupdate1.job','32');
DeleteFile('C:\WINDOWS\Tasks\SMupdate2.job','32');
DeleteFile('C:\WINDOWS\Tasks\SMupdate3.job','32');
DeleteFile('C:\PROGRA~1\COMMON~1\System\SysMenu.dll','32');
DeleteFile('C:\WINDOWS\Tasks\YTDownloader.job','32');
DeleteFile('C:\WINDOWS\Tasks\YTDownloaderUpd.job','32');
DeleteFile('C:\Program Files\YTDownloader\Updater.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteREpair(15);
RebootWindows(false);
end.
Компьютер перезагрузится.