Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarGameBrowser.exe','');
QuarantineFile('C:\ProgramData\TimeTasks\timetasks.exe','');
QuarantineFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe','');
QuarantineFile('C:\Users\Рина\AppData\Local\SmartWeb\SmartWebHelper.exe','');
QuarantineFile('C:\Users\Рина\AppData\Local\lcoupon\config.json','');
QuarantineFile('C:\Users\Рина\AppData\Local\lcoupon\foygnstb.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010152\gmsd_ru_005010152.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010151\gmsd_ru_005010151.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010150\gmsd_ru_005010150.exe','');
SetServiceStart('swsedrvr_vt_1_10_0_25', 4);
DeleteService('swsedrvr_vt_1_10_0_25');
SetServiceStart('myfejozi', 4);
SetServiceStart('ReimageRealTimeProtector', 4);
SetServiceStart('SSFK', 4);
SetServiceStart('swsesrvc_1.10.0.25', 4);
SetServiceStart('WdsManPro', 4);
SetServiceStart('ziroqere', 4);
DeleteService('ziroqere');
DeleteService('WdsManPro');
DeleteService('swsesrvc_1.10.0.25');
DeleteService('SSFK');
DeleteService('ReimageRealTimeProtector');
DeleteService('myfejozi');
SetServiceStart('ihpmServer', 4);
SetServiceStart('ginoquci', 4);
SetServiceStart('bykesute', 4);
DeleteService('bykesute');
DeleteService('ginoquci');
DeleteService('ihpmServer');
QuarantineFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys','');
TerminateProcessByName('c:\program files (x86)\sfk\ssfk.exe');
TerminateProcessByName('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe');
TerminateProcessByName('c:\programdata\8wminipro8\wminipro.exe');
TerminateProcessByName('c:\programdata\zonsoft\zonsoft.exe');
QuarantineFile('c:\programdata\zonsoft\zonsoft.exe','');
QuarantineFile('c:\programdata\8wminipro8\wminipro.exe','');
QuarantineFile('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe','');
QuarantineFile('c:\program files (x86)\sfk\ssfk.exe','');
TerminateProcessByName('c:\program files (x86)\1f006180-1447880756-0900-6093-bcaec534b3c7\hnst8af1.tmp');
TerminateProcessByName('c:\program files (x86)\raydld\ihpmserver.exe');
TerminateProcessByName('c:\program files (x86)\1f006180-1447880756-0900-6093-bcaec534b3c7\jnsd74ef.tmp');
TerminateProcessByName('c:\program files (x86)\1f006180-1447880756-0900-6093-bcaec534b3c7\knsh97e5.tmp');
TerminateProcessByName('c:\users\6165~1\appdata\local\temp\nsref2d.tmp');
TerminateProcessByName('C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe');
TerminateProcessByName('C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe');
QuarantineFile('C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe','');
QuarantineFile('C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe','');
QuarantineFile('c:\users\6165~1\appdata\local\temp\nsref2d.tmp','');
QuarantineFile('c:\program files (x86)\1f006180-1447880756-0900-6093-bcaec534b3c7\knsh97e5.tmp','');
QuarantineFile('c:\program files (x86)\1f006180-1447880756-0900-6093-bcaec534b3c7\jnsd74ef.tmp','');
QuarantineFile('c:\program files (x86)\raydld\ihpmserver.exe','');
QuarantineFile('c:\program files (x86)\1f006180-1447880756-0900-6093-bcaec534b3c7\hnst8af1.tmp','');
DeleteFile('c:\program files (x86)\1f006180-1447880756-0900-6093-bcaec534b3c7\hnst8af1.tmp','32');
DeleteFile('c:\program files (x86)\raydld\ihpmserver.exe','32');
DeleteFile('c:\program files (x86)\1f006180-1447880756-0900-6093-bcaec534b3c7\jnsd74ef.tmp','32');
DeleteFile('c:\program files (x86)\1f006180-1447880756-0900-6093-bcaec534b3c7\knsh97e5.tmp','32');
DeleteFile('c:\users\6165~1\appdata\local\temp\nsref2d.tmp','32');
DeleteFile('C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe','32');
DeleteFile('C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe','32');
DeleteFile('c:\program files (x86)\sfk\ssfk.exe','32');
DeleteFile('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe','32');
DeleteFile('c:\programdata\8wminipro8\wminipro.exe','32');
DeleteFile('c:\programdata\zonsoft\zonsoft.exe','32');
DeleteFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010150\gmsd_ru_005010150.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010151\gmsd_ru_005010151.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010152\gmsd_ru_005010152.exe','32');
DeleteFile('C:\Users\Рина\AppData\Local\lcoupon\foygnstb.exe','32');
DeleteFile('C:\Users\Рина\AppData\Local\lcoupon\config.json','32');
DeleteFile('C:\Users\Рина\AppData\Local\SmartWeb\SmartWebHelper.exe','32');
DeleteFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe','32');
DeleteFile('C:\ProgramData\TimeTasks\timetasks.exe','32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarGameBrowser.exe','32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZaxarLoader','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZaxarGameBrowser','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Timestasks','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpaceSoundPro','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartWeb','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MailRuUpdater','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lcoupon','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010152','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010151','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010150','command');
DeleteFile('C:\Windows\Tasks\ekuaWTIRA1GeGplSfL1mb.job','32');
DeleteFile('C:\Windows\Tasks\OtW2s6xfTW3JSBa230.job','32');
DeleteFile('C:\Windows\Tasks\yXXCWwrr0I.job','32');
DeleteFile('C:\Windows\system32\Tasks\Reimage Reminder','64');
DeleteFile('C:\Windows\system32\Tasks\ReimageUpdater','64');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task','64');
DeleteFile('C:\Windows\system32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core','64');
DeleteFile('C:\Windows\system32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update','64');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.