Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Владелец\appdata\local\smartweb\swhk.dll','');
QuarantineFile('c:\task.vbs','');
QuarantineFile('C:\Program Files\NixSrv\packages\64f825fb-3f4e-4e9e-be41-d95a7ed01c7c\NixHost.exe','');
QuarantineFile('C:\Program Files\NixSrv\packages\64f825fb-3f4e-4e9e-be41-d95a7ed01c7c\temp\InstallChrome.exe','');
QuarantineFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\cf626183-f7ca-40cb-abe4-0735ecea7956-5.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\cf626183-f7ca-40cb-abe4-0735ecea7956-11.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\cf626183-f7ca-40cb-abe4-0735ecea7956-10.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\cf626183-f7ca-40cb-abe4-0735ecea7956-1-7.exe','');
QuarantineFile('C:\Program Files (x86)\SavePass 1.1\cf626183-f7ca-40cb-abe4-0735ecea7956-1-6.exe','');
DelBHO('{9a8e897c-6cf8-4049-b901-7fc2137c4d4f}');
QuarantineFile('C:\Program Files (x86)\Maximum Maker\Extensions\9a8e897c-6cf8-4049-b901-7fc2137c4d4f.dll','');
QuarantineFile('C:\Users\Владелец\AppData\Roaming\Browsers\exe.resworb.bat','');
QuarantineFile('C:\Users\Владелец\AppData\Roaming\Browsers\exe.erolpxei.bat','');
QuarantineFile('C:\Users\Владелец\AppData\Roaming\Browsers\exe.emorhc.bat','');
QuarantineFile('C:\Users\Владелец\AppData\Local\SmartWeb\SmartWebHelper.exe','');
QuarantineFile('C:\Windows\system32\drivers\ppfd_vt_1_10_0_24.sys','');
DeleteService('ppfd_vt_1_10_0_24');
DeleteService('LiveUpdateSvc');
QuarantineFile('C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe','');
SetServiceStart('totyseku', 4);
DeleteService('totyseku');
SetServiceStart('Saophase', 4);
DeleteService('Saophase');
SetServiceStart('kopytyme', 4);
DeleteService('kopytyme');
SetServiceStart('jimocoso', 4);
DeleteService('jimocoso');
DeleteService('ExtTag');
QuarantineFile('c:\program files (x86)\fastoplayer\vsupdater.exe','');
QuarantineFile('c:\program files (x86)\visual protect service\vsprotectproxy.exe','');
QuarantineFile('c:\program files (x86)\visual protect service\vsprotector.exe','');
TerminateProcessByName('c:\program files (x86)\7de7ce5b-1441285874-ab83-8e3e-d850e6de4d5d\vnsv6ff.tmp');
QuarantineFile('c:\program files (x86)\7de7ce5b-1441285874-ab83-8e3e-d850e6de4d5d\vnsv6ff.tmp','');
QuarantineFile('c:\programdata\saophase\saophase.exe','');
QuarantineFile('C:\Program Files (x86)\OLBPre\OLBPre.exe','');
TerminateProcessByName('c:\users\Владелец\appdata\local\kometa\kometaup.exe');
QuarantineFile('c:\users\Владелец\appdata\local\kometa\kometaup.exe','');
TerminateProcessByName('c:\program files (x86)\7de7ce5b-1441285874-ab83-8e3e-d850e6de4d5d\knsee693.tmp');
QuarantineFile('c:\program files (x86)\7de7ce5b-1441285874-ab83-8e3e-d850e6de4d5d\knsee693.tmp','');
QuarantineFile('c:\programdata\saophase\geo-cof.exe','');
TerminateProcessByName('c:\program files (x86)\7de7ce5b-1441285874-ab83-8e3e-d850e6de4d5d\jnsq72fb.tmp');
QuarantineFile('c:\program files (x86)\7de7ce5b-1441285874-ab83-8e3e-d850e6de4d5d\jnsq72fb.tmp','');
TerminateProcessByName('c:\program files (x86)\7de7ce5b-1441285874-ab83-8e3e-d850e6de4d5d\hnsl89b8.tmp');
QuarantineFile('c:\program files (x86)\7de7ce5b-1441285874-ab83-8e3e-d850e6de4d5d\hnsl89b8.tmp','');
QuarantineFile('c:\programdata\exttag\exttag.exe','');
DeleteFile('c:\program files (x86)\7de7ce5b-1441285874-ab83-8e3e-d850e6de4d5d\hnsl89b8.tmp','32');
DeleteFile('c:\program files (x86)\7de7ce5b-1441285874-ab83-8e3e-d850e6de4d5d\jnsq72fb.tmp','32');
DeleteFile('c:\program files (x86)\7de7ce5b-1441285874-ab83-8e3e-d850e6de4d5d\knsee693.tmp','32');
DeleteFile('c:\users\Владелец\appdata\local\kometa\kometaup.exe','32');
DeleteFile('c:\program files (x86)\7de7ce5b-1441285874-ab83-8e3e-d850e6de4d5d\vnsv6ff.tmp','32');
DeleteFile('C:\ProgramData\Saophase\Saophase.exe','32');
DeleteFile('C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe','32');
DeleteFile('C:\Windows\system32\drivers\ppfd_vt_1_10_0_24.sys','32');
DeleteFile('C:\Users\Владелец\AppData\Local\SmartWeb\SmartWebHelper.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SmartWeb');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','kometaup');
DeleteFile('C:\Users\Владелец\AppData\Roaming\Browsers\exe.emorhc.bat','32');
DeleteFile('C:\Users\Владелец\AppData\Roaming\Browsers\exe.erolpxei.bat','32');
DeleteFile('C:\Users\Владелец\AppData\Roaming\Browsers\exe.resworb.bat','32');
DeleteFile('C:\Program Files (x86)\Maximum Maker\Extensions\9a8e897c-6cf8-4049-b901-7fc2137c4d4f.dll','32');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\cf626183-f7ca-40cb-abe4-0735ecea7956-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\cf626183-f7ca-40cb-abe4-0735ecea7956-1-6.job','32');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\cf626183-f7ca-40cb-abe4-0735ecea7956-1-7.exe','32');
DeleteFile('C:\Windows\Tasks\cf626183-f7ca-40cb-abe4-0735ecea7956-1-7.job','32');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\cf626183-f7ca-40cb-abe4-0735ecea7956-10.exe','32');
DeleteFile('C:\Windows\Tasks\cf626183-f7ca-40cb-abe4-0735ecea7956-10_user.job','32');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\cf626183-f7ca-40cb-abe4-0735ecea7956-11.exe','32');
DeleteFile('C:\Windows\Tasks\cf626183-f7ca-40cb-abe4-0735ecea7956-11.job','32');
DeleteFile('C:\Program Files (x86)\SavePass 1.1\cf626183-f7ca-40cb-abe4-0735ecea7956-5.exe','32');
DeleteFile('C:\Windows\Tasks\cf626183-f7ca-40cb-abe4-0735ecea7956-5.job','32');
DeleteFile('C:\Windows\Tasks\cf626183-f7ca-40cb-abe4-0735ecea7956-5_user.job','32');
DeleteFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job','32');
DeleteFile('C:\Program Files\NixSrv\packages\64f825fb-3f4e-4e9e-be41-d95a7ed01c7c\temp\InstallChrome.exe','32');
DeleteFile('C:\Windows\Tasks\Install Google Chrome.job','32');
DeleteFile('C:\Program Files\NixSrv\packages\64f825fb-3f4e-4e9e-be41-d95a7ed01c7c\NixHost.exe','32');
DeleteFile('C:\Windows\system32\Tasks\cf626183-f7ca-40cb-abe4-0735ecea7956-11','64');
DeleteFile('C:\Windows\system32\Tasks\cf626183-f7ca-40cb-abe4-0735ecea7956-5','64');
DeleteFile('C:\Windows\system32\Tasks\LaunchPreSignup','64');
DeleteFile('C:\Windows\system32\Tasks\updateTask','64');
DeleteFile('c:\task.vbs','32');
DeleteFile('C:\Windows\system32\Tasks\VSProtector','64');
DeleteFile('C:\Users\Владелец\AppData\Roaming\istartsurf\UninstallManager.exe','32');
DeleteFile('C:\Windows\system32\Tasks\{38E970D9-C0E0-4A20-89AC-3DD36A1BB553}','64');
DeleteFile('C:\Windows\system32\Tasks\{C262EFB7-D669-40ED-A18F-60231B538FD9}','64');
DeleteFile('C:\Users\Владелец\appdata\local\smartweb\swhk.dll','32');
DeleteFile('C:\Users\Владелец\appdata\local\smartweb\__u.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.