Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\psuser.dll','');
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\psmachine.dll','');
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\npglobalupdateupdate4.dll','');
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\goopdateres_en.dll','');
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\goopdate.dll','');
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdateondemand.exe','');
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdatebroker.exe','');
QuarantineFile('C:\Users\ADMIN\appdata\roaming\jgsrf.exe','');
QuarantineFile('C:\Users\ADMIN\appdata\roaming\aspackage\aspackage.exe','');
QuarantineFile('C:\ProgramData\ShopperPro\spbihe.js','');
QuarantineFile('C:\Users\ADMIN\AppData\Local\Hostinstaller\1781501126_monster.exe','');
QuarantineFile('C:\Users\ADMIN\AppData\Local\Kit Car\xBin\KitCar.dll','');
QuarantineFile('C:\Users\ADMIN\AppData\Local\Download Kingdom\xBin\DownloadKingdom.dll','');
QuarantineFile('C:\Users\ADMIN\AppData\Roaming\PRHSC.exe','');
QuarantineFile('C:\Users\ADMIN\AppData\Roaming\JGSRF.exe','');
QuarantineFile('C:\Program Files\Sense\a9dfa1be-1a70-4855-a003-7143eb21ad20-7.exe','');
QuarantineFile('C:\Program Files\Sense\a9dfa1be-1a70-4855-a003-7143eb21ad20-6.exe','');
QuarantineFile('C:\Program Files\Sense\a9dfa1be-1a70-4855-a003-7143eb21ad20-5.exe','');
QuarantineFile('C:\Program Files\Sense\Sense-codedownloader.exe','');
QuarantineFile('C:\Program Files\Ge-Force\851c41b7-2424-469b-a553-3a8fe911bab0-6.exe','');
QuarantineFile('C:\Program Files\Ge-Force\851c41b7-2424-469b-a553-3a8fe911bab0-5.exe','');
QuarantineFile('C:\Program Files\Ge-Force\851c41b7-2424-469b-a553-3a8fe911bab0-11.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV03.04\2962972e-f58e-4d16-b7d1-1cc8baf861f3-11.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV03.04\2962972e-f58e-4d16-b7d1-1cc8baf861f3-10.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV03.04\2962972e-f58e-4d16-b7d1-1cc8baf861f3-1-7.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV03.04\2962972e-f58e-4d16-b7d1-1cc8baf861f3-1-6.exe','');
QuarantineFile('C:\Program Files\GoHD\01a862f1-b62c-4220-8f89-f739e243cac3-5.exe','');
QuarantineFile('C:\Program Files\GoHD\01a862f1-b62c-4220-8f89-f739e243cac3-11.exe','');
QuarantineFile('C:\Program Files\GoHD\01a862f1-b62c-4220-8f89-f739e243cac3-1-7.exe','');
QuarantineFile('C:\Program Files\GoHD\01a862f1-b62c-4220-8f89-f739e243cac3-1-6.exe','');
QuarantineFile('C:\Program Files\Google\chrome.bat','');
QuarantineFile('C:\Program Files\YTDownloader\YTDownloader.exe','');
SetServiceStart('gikojuzi', 4);
SetServiceStart('hocifuto', 4);
SetServiceStart('reruhine', 4);
SetServiceStart('tylucywe', 4);
DeleteService('tylucywe');
DeleteService('reruhine');
DeleteService('hocifuto');
DeleteService('gikojuzi');
TerminateProcessByName('c:\users\admin\appdata\local\03000200-1446736773-0500-0006-000700080009\snssc092.tmp');
QuarantineFile('c:\users\admin\appdata\local\03000200-1446736773-0500-0006-000700080009\snssc092.tmp','');
TerminateProcessByName('c:\program files\03000200-1446729522-0500-0006-000700080009\knst4920.tmp');
QuarantineFile('c:\program files\03000200-1446729522-0500-0006-000700080009\knst4920.tmp','');
TerminateProcessByName('c:\program files\03000200-1446729522-0500-0006-000700080009\jnsc2099.tmp');
QuarantineFile('c:\program files\03000200-1446729522-0500-0006-000700080009\jnsc2099.tmp','');
TerminateProcessByName('c:\program files\03000200-1446729522-0500-0006-000700080009\hnsn3802.tmp');
QuarantineFile('c:\program files\03000200-1446729522-0500-0006-000700080009\hnsn3802.tmp','');
TerminateProcessByName('c:\program files\cinemaplus-3.2cv03.04\2962972e-f58e-4d16-b7d1-1cc8baf861f3-1-6.exe');
QuarantineFile('c:\program files\cinemaplus-3.2cv03.04\2962972e-f58e-4d16-b7d1-1cc8baf861f3-1-6.exe','');
TerminateProcessByName('c:\program files\gohd\01a862f1-b62c-4220-8f89-f739e243cac3-1-6.exe');
QuarantineFile('c:\program files\gohd\01a862f1-b62c-4220-8f89-f739e243cac3-1-6.exe','');
DeleteFile('c:\program files\gohd\01a862f1-b62c-4220-8f89-f739e243cac3-1-6.exe','32');
DeleteFile('c:\program files\cinemaplus-3.2cv03.04\2962972e-f58e-4d16-b7d1-1cc8baf861f3-1-6.exe','32');
DeleteFile('c:\program files\03000200-1446729522-0500-0006-000700080009\hnsn3802.tmp','32');
DeleteFile('c:\program files\03000200-1446729522-0500-0006-000700080009\jnsc2099.tmp','32');
DeleteFile('c:\program files\03000200-1446729522-0500-0006-000700080009\knst4920.tmp','32');
DeleteFile('c:\users\admin\appdata\local\03000200-1446736773-0500-0006-000700080009\snssc092.tmp','32');
DeleteFile('C:\Program Files\YTDownloader\YTDownloader.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YTDownloader','command');
DeleteFile('C:\Program Files\Google\chrome.bat','32');
DeleteFile('C:\Program Files\GoHD\01a862f1-b62c-4220-8f89-f739e243cac3-1-6.exe','32');
DeleteFile('C:\Program Files\GoHD\01a862f1-b62c-4220-8f89-f739e243cac3-1-7.exe','32');
DeleteFile('C:\Program Files\GoHD\01a862f1-b62c-4220-8f89-f739e243cac3-11.exe','32');
DeleteFile('C:\Program Files\GoHD\01a862f1-b62c-4220-8f89-f739e243cac3-5.exe','32');
DeleteFile('C:\Windows\Tasks\01a862f1-b62c-4220-8f89-f739e243cac3-5_user.job','32');
DeleteFile('C:\Windows\Tasks\01a862f1-b62c-4220-8f89-f739e243cac3-5.job','32');
DeleteFile('C:\Windows\Tasks\01a862f1-b62c-4220-8f89-f739e243cac3-11.job','32');
DeleteFile('C:\Windows\Tasks\01a862f1-b62c-4220-8f89-f739e243cac3-1-7.job','32');
DeleteFile('C:\Windows\Tasks\01a862f1-b62c-4220-8f89-f739e243cac3-1-6.job','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV03.04\2962972e-f58e-4d16-b7d1-1cc8baf861f3-1-6.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV03.04\2962972e-f58e-4d16-b7d1-1cc8baf861f3-1-7.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV03.04\2962972e-f58e-4d16-b7d1-1cc8baf861f3-10.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV03.04\2962972e-f58e-4d16-b7d1-1cc8baf861f3-11.exe','32');
DeleteFile('C:\Windows\Tasks\2962972e-f58e-4d16-b7d1-1cc8baf861f3-11.job','32');
DeleteFile('C:\Windows\Tasks\2962972e-f58e-4d16-b7d1-1cc8baf861f3-10_user.job','32');
DeleteFile('C:\Windows\Tasks\2962972e-f58e-4d16-b7d1-1cc8baf861f3-1-7.job','32');
DeleteFile('C:\Windows\Tasks\2962972e-f58e-4d16-b7d1-1cc8baf861f3-1-6.job','32');
DeleteFile('C:\Program Files\Ge-Force\851c41b7-2424-469b-a553-3a8fe911bab0-11.exe','32');
DeleteFile('C:\Program Files\Ge-Force\851c41b7-2424-469b-a553-3a8fe911bab0-5.exe','32');
DeleteFile('C:\Program Files\Ge-Force\851c41b7-2424-469b-a553-3a8fe911bab0-6.exe','32');
DeleteFile('C:\Windows\Tasks\851c41b7-2424-469b-a553-3a8fe911bab0-6.job','32');
DeleteFile('C:\Windows\Tasks\851c41b7-2424-469b-a553-3a8fe911bab0-5_user.job','32');
DeleteFile('C:\Windows\Tasks\851c41b7-2424-469b-a553-3a8fe911bab0-11.job','32');
DeleteFile('C:\Program Files\Sense\Sense-codedownloader.exe','32');
DeleteFile('C:\Program Files\Sense\a9dfa1be-1a70-4855-a003-7143eb21ad20-5.exe','32');
DeleteFile('C:\Program Files\Sense\a9dfa1be-1a70-4855-a003-7143eb21ad20-6.exe','32');
DeleteFile('C:\Program Files\Sense\a9dfa1be-1a70-4855-a003-7143eb21ad20-7.exe','32');
DeleteFile('C:\Windows\Tasks\a9dfa1be-1a70-4855-a003-7143eb21ad20-7.job','32');
DeleteFile('C:\Windows\Tasks\a9dfa1be-1a70-4855-a003-7143eb21ad20-6.job','32');
DeleteFile('C:\Windows\Tasks\a9dfa1be-1a70-4855-a003-7143eb21ad20-5_user.job','32');
DeleteFile('C:\Windows\Tasks\a9dfa1be-1a70-4855-a003-7143eb21ad20-5.job','32');
DeleteFile('C:\Windows\Tasks\a9dfa1be-1a70-4855-a003-7143eb21ad20-1.job','32');
DeleteFile('C:\Users\ADMIN\AppData\Roaming\JGSRF.exe','32');
DeleteFile('C:\Users\ADMIN\AppData\Roaming\PRHSC.exe','32');
DeleteFile('C:\Windows\Tasks\PRHSC.job','32');
DeleteFile('C:\Windows\Tasks\JGSRF.job','32');
DeleteFile('C:\Windows\system32\Tasks\01a862f1-b62c-4220-8f89-f739e243cac3-1-6','32');
DeleteFile('C:\Windows\Tasks\temp_2962972e-f58e-4d16-b7d1-1cc8baf861f3-1-6.job','32');
DeleteFile('C:\Windows\system32\Tasks\01a862f1-b62c-4220-8f89-f739e243cac3-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\01a862f1-b62c-4220-8f89-f739e243cac3-11','32');
DeleteFile('C:\Windows\system32\Tasks\01a862f1-b62c-4220-8f89-f739e243cac3-5','32');
DeleteFile('C:\Windows\system32\Tasks\2962972e-f58e-4d16-b7d1-1cc8baf861f3-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\2962972e-f58e-4d16-b7d1-1cc8baf861f3-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\2962972e-f58e-4d16-b7d1-1cc8baf861f3-11','32');
DeleteFile('C:\Users\ADMIN\AppData\Local\Hostinstaller\1781501126_monster.exe','32');
DeleteFile('C:\Windows\system32\Tasks\Soft installer','32');
DeleteFile('C:\ProgramData\ShopperPro\spbihe.js','32');
DeleteFile('C:\Windows\system32\Tasks\SPBIW_UpdateTask_Time_343033323433323838322d3437415a556c2a3223346c41','32');
DeleteFile('C:\Windows\system32\Tasks\temp_2962972e-f58e-4d16-b7d1-1cc8baf861f3-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\YTDownloader','32');
DeleteFile('C:\Users\ADMIN\appdata\roaming\aspackage\aspackage.exe','32');
DeleteFile('C:\Users\ADMIN\appdata\roaming\jgsrf.exe','32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdatebroker.exe','32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdateondemand.exe','32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\goopdate.dll','32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\goopdateres_en.dll','32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\npglobalupdateupdate4.dll','32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\psmachine.dll','32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\psuser.dll','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.