Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Jinheks\appdata\local\smartweb\__u.exe','');
QuarantineFile('C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe','');
QuarantineFile('C:\Users\Jinheks\AppData\Roaming\rlHrbzWY82DbvhaGeEUv.exe','');
QuarantineFile('C:\Users\Jinheks\AppData\Roaming\Bt0UkTDGUZurKP9aMFfvgEp.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-7.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-6.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-5.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-4.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-3.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-11.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-10.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-1-7.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-1-6.exe','');
DelBHO('{b931a240-e32a-4f2b-97aa-8b01c8e6aa14}');
QuarantineFile('C:\Program Files (x86)\Super Great\SuperGreatbho.dll','');
QuarantineFile('C:\Users\Jinheks\AppData\Roaming\ASPackage\ASPackage.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010117\gmsd_ru_005010117.exe','');
QuarantineFile('C:\Program Files (x86)\baidu\BindEx.exe','');
QuarantineFile('C:\Program Files (x86)\Zaxar\timetasks.exe','');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','');
QuarantineFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','');
SetServiceStart('gyvixodu', 4);
SetServiceStart('hidekoqe', 4);
SetServiceStart('swsesrvc_1.10.0.25', 4);
SetServiceStart('Update Super Great', 4);
SetServiceStart('Util Super Great', 4);
SetServiceStart('zehygiqo', 4);
QuarantineFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe','');
SetServiceStart('swsedrvr_vt_1_10_0_25', 4);
SetServiceStart('{1ad59dc7-dcd5-44f9-87ab-ad091e5dfd42}Gw64', 4);
SetServiceStart('{f472873a-b747-426a-b352-b1899bcc369d}Gw64', 4);
DeleteService('{f472873a-b747-426a-b352-b1899bcc369d}Gw64');
DeleteService('{1ad59dc7-dcd5-44f9-87ab-ad091e5dfd42}Gw64');
DeleteService('swsedrvr_vt_1_10_0_25');
DeleteService('globalUpdatem');
DeleteService('globalUpdate');
DeleteService('zehygiqo');
DeleteService('Util Super Great');
DeleteService('Update Super Great');
DeleteService('swsesrvc_1.10.0.25');
DeleteService('hidekoqe');
DeleteService('gyvixodu');
TerminateProcessByName('c:\program files (x86)\gmsd_ru_005010117\gmsd_ru_005010117.exe');
TerminateProcessByName('c:\program files (x86)\243ee300-1444650136-81e1-3f9f-386077e74419\hnsec76c.tmp');
TerminateProcessByName('c:\program files (x86)\243ee300-1444650136-81e1-3f9f-386077e74419\jnseaf58.tmp');
TerminateProcessByName('c:\program files (x86)\243ee300-1444650136-81e1-3f9f-386077e74419\knsy8a97.tmp');
TerminateProcessByName('C:\Users\Jinheks\AppData\Local\243EE300-1445291126-81E1-3F9F-386077E74419\qnsj728D.tmp');
TerminateProcessByName('c:\users\jinheks\appdata\local\243ee300-1445291126-81e1-3f9f-386077e74419\qnsj728d.tmp');
TerminateProcessByName('c:\windows\syswow64\searchprotectservice.exe');
TerminateProcessByName('c:\users\jinheks\appdata\local\smartweb\smartwebapp.exe');
TerminateProcessByName('c:\users\jinheks\appdata\local\smartweb\smartwebhelper.exe');
TerminateProcessByName('c:\program files (x86)\super great\bin\supergreat.browseradapter.exe');
TerminateProcessByName('C:\Program Files (x86)\Super Great\bin\SuperGreat.BrowserAdapter64.exe');
QuarantineFile('C:\Windows\system32\drivers\{f472873a-b747-426a-b352-b1899bcc369d}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{1ad59dc7-dcd5-44f9-87ab-ad091e5dfd42}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys','');
QuarantineFile('C:\Users\Jinheks\AppData\Local\SmartWeb\swhk.dll','');
TerminateProcessByName('c:\program files (x86)\super great\bin\utilsupergreat.exe');
QuarantineFile('c:\program files (x86)\super great\bin\utilsupergreat.exe','');
TerminateProcessByName('c:\users\jinheks\appdata\local\gmsd_ru_005010117\upgmsd_ru_005010117.exe');
QuarantineFile('c:\users\jinheks\appdata\local\gmsd_ru_005010117\upgmsd_ru_005010117.exe','');
TerminateProcessByName('c:\program files (x86)\super great\updatesupergreat.exe');
TerminateProcessByName('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe');
TerminateProcessByName('C:\Program Files (x86)\Super Great\bin\SuperGreat.PurBrowse64.exe');
QuarantineFile('c:\program files (x86)\super great\updatesupergreat.exe','');
QuarantineFile('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe','');
QuarantineFile('C:\Program Files (x86)\Super Great\bin\SuperGreat.PurBrowse64.exe','');
QuarantineFile('C:\Program Files (x86)\Super Great\bin\SuperGreat.BrowserAdapter64.exe','');
QuarantineFile('c:\program files (x86)\super great\bin\supergreat.browseradapter.exe','');
QuarantineFile('c:\users\jinheks\appdata\local\smartweb\smartwebhelper.exe','');
QuarantineFile('c:\users\jinheks\appdata\local\smartweb\smartwebapp.exe','');
QuarantineFile('c:\windows\syswow64\searchprotectservice.exe','');
QuarantineFile('c:\users\jinheks\appdata\local\243ee300-1445291126-81e1-3f9f-386077e74419\qnsj728d.tmp','');
QuarantineFile('C:\Users\Jinheks\AppData\Local\243EE300-1445291126-81E1-3F9F-386077E74419\qnsj728D.tmp','');
QuarantineFile('c:\program files (x86)\243ee300-1444650136-81e1-3f9f-386077e74419\knsy8a97.tmp','');
QuarantineFile('c:\program files (x86)\243ee300-1444650136-81e1-3f9f-386077e74419\jnseaf58.tmp','');
QuarantineFile('c:\program files (x86)\243ee300-1444650136-81e1-3f9f-386077e74419\hnsec76c.tmp','');
QuarantineFile('c:\program files (x86)\gmsd_ru_005010117\gmsd_ru_005010117.exe','');
DeleteFile('c:\program files (x86)\gmsd_ru_005010117\gmsd_ru_005010117.exe','32');
DeleteFile('c:\program files (x86)\243ee300-1444650136-81e1-3f9f-386077e74419\hnsec76c.tmp','32');
DeleteFile('c:\program files (x86)\243ee300-1444650136-81e1-3f9f-386077e74419\jnseaf58.tmp','32');
DeleteFile('c:\program files (x86)\243ee300-1444650136-81e1-3f9f-386077e74419\knsy8a97.tmp','32');
DeleteFile('C:\Users\Jinheks\AppData\Local\243EE300-1445291126-81E1-3F9F-386077E74419\qnsj728D.tmp','32');
DeleteFile('c:\users\jinheks\appdata\local\243ee300-1445291126-81e1-3f9f-386077e74419\qnsj728d.tmp','32');
DeleteFile('c:\users\jinheks\appdata\local\smartweb\smartwebapp.exe','32');
DeleteFile('c:\users\jinheks\appdata\local\smartweb\smartwebhelper.exe','32');
DeleteFile('c:\program files (x86)\super great\bin\supergreat.browseradapter.exe','32');
DeleteFile('C:\Program Files (x86)\Super Great\bin\SuperGreat.BrowserAdapter64.exe','32');
DeleteFile('C:\Program Files (x86)\Super Great\bin\SuperGreat.PurBrowse64.exe','32');
DeleteFile('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe','32');
DeleteFile('c:\program files (x86)\super great\updatesupergreat.exe','32');
DeleteFile('c:\users\jinheks\appdata\local\gmsd_ru_005010117\upgmsd_ru_005010117.exe','32');
DeleteFile('c:\program files (x86)\super great\bin\utilsupergreat.exe','32');
DeleteFile('C:\Users\Jinheks\AppData\Local\SmartWeb\swhk.dll','32');
DeleteFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys','32');
DeleteFile('C:\Windows\system32\drivers\{1ad59dc7-dcd5-44f9-87ab-ad091e5dfd42}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{f472873a-b747-426a-b352-b1899bcc369d}Gw64.sys','32');
DeleteFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_E3896CA24F65E337A029169A43E4198D','command');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','32');
DeleteFile('C:\Program Files (x86)\Zaxar\timetasks.exe','32');
DeleteFile('C:\Program Files (x86)\baidu\BindEx.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010117\gmsd_ru_005010117.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010117','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010117');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\baidu','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Timestasks','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZaxarLoader','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upgmsd_ru_005010117.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_ru_005010117.exe','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartWeb','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','Update');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Update','command');
DeleteFile('C:\Users\Jinheks\AppData\Roaming\ASPackage\ASPackage.exe','32');
DeleteFile('C:\Program Files (x86)\Super Great\SuperGreatbho.dll','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-1-6.exe','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-1-7.exe','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-10.exe','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-11.exe','32');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-11.job','64');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-10_user.job','64');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-1-7.job','64');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-1-6.job','64');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-3.exe','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-4.exe','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-5.exe','32');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-5_user.job','64');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-5.job','64');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-4.job','64');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-3.job','64');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-6.exe','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-7.exe','32');
DeleteFile('C:\Users\Jinheks\AppData\Roaming\Bt0UkTDGUZurKP9aMFfvgEp.exe','32');
DeleteFile('C:\Windows\Tasks\Crossbrowse.job','64');
DeleteFile('C:\Windows\Tasks\Bt0UkTDGUZurKP9aMFfvgEp.job','64');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-7.job','64');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-6.job','64');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job','64');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job','64');
DeleteFile('C:\Windows\Tasks\rlHrbzWY82DbvhaGeEUv.job','64');
DeleteFile('C:\Users\Jinheks\AppData\Roaming\rlHrbzWY82DbvhaGeEUv.exe','32');
DeleteFile('C:\Windows\system32\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-10_user','64');
DeleteFile('C:\Windows\system32\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-11','64');
DeleteFile('C:\Windows\system32\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-3','64');
DeleteFile('C:\Windows\system32\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-4','64');
DeleteFile('C:\Windows\system32\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-5','64');
DeleteFile('C:\Windows\system32\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-5_user','64');
DeleteFile('C:\Windows\system32\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-6','64');
DeleteFile('C:\Windows\system32\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-7','64');
DeleteFile('C:\Windows\system32\Tasks\Bt0UkTDGUZurKP9aMFfvgEp','64');
DeleteFile('C:\Windows\system32\Tasks\Crossbrowse','64');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineCore','64');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineUA','64');
DeleteFile('C:\Windows\system32\Tasks\rlHrbzWY82DbvhaGeEUv','64');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task','64');
DeleteFile('C:\Windows\system32\Tasks\SpyHunter4Startup','64');
DeleteFile('C:\Windows\system32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core','64');
DeleteFile('C:\Windows\system32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update','64');
DeleteFile('C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe','32');
DeleteFile('C:\Users\Jinheks\appdata\local\smartweb\__u.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.