Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
QuarantineFile('C:\Users\Женя\appdata\local\smartweb\__u.exe','');
QuarantineFile('C:\Users\Женя\AppData\Roaming\WindowsUpdater\Updater.exe','');
QuarantineFile('C:\Users\Женя\AppData\Roaming\repulsion_1033\s_inst.exe','');
QuarantineFile('C:\Users\0982~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-7.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-6.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-5.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-3.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-11.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-10.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-7.exe','');
QuarantineFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-6.exe','');
QuarantineFile('C:\Users\Женя\AppData\Local\qrenTugjSVbgt\KHKcJlUgCnJoCHy1.bat','');
QuarantineFile('C:\Users\Женя\AppData\Roaming\Microsoft Update\UnLoad.exe','');
QuarantineFile('C:\Users\Женя\AppData\Roaming\Microsoft Manager APP\ProxyServer.exe','');
QuarantineFile('C:\Users\Женя\AppData\Local\Mail.Ru\MailRuUpdater.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010155\gmsd_ru_005010155.exe','');
QuarantineFile('C:\Users\Женя\AppData\Local\SmartWeb\SmartWebHelper.exe','');
DeleteService('{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64');
DeleteService('{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64');
DeleteService('{371bcf01-e691-44bf-9345-60788e5d16a5}Gw64');
DeleteService('{4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64');
DeleteService('{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64');
DeleteService('{6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64');
DeleteService('{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64');
QuarantineFile('C:\Windows\system32\drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{371bcf01-e691-44bf-9345-60788e5d16a5}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys','');
SetServiceStart('swsedrvr_vt_1_10_0_25', 4);
DeleteService('swsedrvr_vt_1_10_0_25');
SetServiceStart('hidekoqe', 4);
SetServiceStart('SSFK', 4);
SetServiceStart('swsesrvc_1.10.0.25', 4);
SetServiceStart('zudofote', 4);
QuarantineFile('C:\ProgramData\Zonsoft\Zonsoft.exe','');
DeleteService('Zonsoft');
DeleteService('zudofote');
DeleteService('swsesrvc_1.10.0.25');
DeleteService('SSFK');
DeleteService('hidekoqe');
QuarantineFile('C:\Users\Женя\AppData\Local\SmartWeb\swhk.dll','');
QuarantineFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys','');
TerminateProcessByName('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe');
TerminateProcessByName('c:\programdata\awminiproa\wminipro.exe');
QuarantineFile('c:\programdata\awminiproa\wminipro.exe','');
QuarantineFile('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe','');
TerminateProcessByName('c:\program files (x86)\sfk\ssfk.exe');
QuarantineFile('c:\program files (x86)\sfk\ssfk.exe','');
TerminateProcessByName('c:\users\Женя\appdata\local\smartweb\smartwebapp.exe');
TerminateProcessByName('c:\users\Женя\appdata\local\smartweb\smartwebhelper.exe');
QuarantineFile('c:\users\Женя\appdata\local\smartweb\smartwebhelper.exe','');
QuarantineFile('c:\users\Женя\appdata\local\smartweb\smartwebapp.exe','');
TerminateProcessByName('c:\program files (x86)\6eac5a81-1448027557-11cb-89c3-93454edce0c9\knsy15c4.tmp');
TerminateProcessByName('c:\users\Женя\appdata\local\6eac5a81-1448380584-11cb-89c3-93454edce0c9\qnsm4932.tmp');
QuarantineFile('c:\users\Женя\appdata\local\6eac5a81-1448380584-11cb-89c3-93454edce0c9\qnsm4932.tmp','');
QuarantineFile('c:\program files (x86)\6eac5a81-1448027557-11cb-89c3-93454edce0c9\knsy15c4.tmp','');
DeleteFile('c:\program files (x86)\6eac5a81-1448027557-11cb-89c3-93454edce0c9\knsy15c4.tmp','32');
DeleteFile('c:\users\Женя\appdata\local\6eac5a81-1448380584-11cb-89c3-93454edce0c9\qnsm4932.tmp','32');
DeleteFile('c:\users\Женя\appdata\local\smartweb\smartwebapp.exe','32');
DeleteFile('c:\users\Женя\appdata\local\smartweb\smartwebhelper.exe','32');
DeleteFile('c:\program files (x86)\sfk\ssfk.exe','32');
DeleteFile('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe','32');
DeleteFile('c:\programdata\awminiproa\wminipro.exe','32');
DeleteFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys','32');
DeleteFile('C:\Users\Женя\AppData\Local\SmartWeb\swhk.dll','32');
DeleteFile('C:\ProgramData\Zonsoft\Zonsoft.exe','32');
DeleteFile('C:\Windows\system32\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{371bcf01-e691-44bf-9345-60788e5d16a5}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','C');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SmartWeb');
DeleteFile('C:\Users\Женя\AppData\Local\SmartWeb\SmartWebHelper.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010155\gmsd_ru_005010155.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010155','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DownloadInjectionSQL','command');
DeleteFile('C:\Users\Женя\AppData\Local\Mail.Ru\MailRuUpdater.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MailRuUpdater','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\node-webkit','command');
DeleteFile('C:\Users\Женя\AppData\Roaming\Microsoft Manager APP\ProxyServer.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ProxyServer','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartWeb','command');
DeleteFile('C:\Users\Женя\AppData\Roaming\Microsoft Update\UnLoad.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UnLoad_TorProject','command');
DeleteFile('C:\Users\Женя\AppData\Local\qrenTugjSVbgt\KHKcJlUgCnJoCHy1.bat','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-6.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-7.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-10.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-11.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-3.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-5.exe','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-6.exe','32');
DeleteFile('C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-5_user.job','32');
DeleteFile('C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-5.job','32');
DeleteFile('C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-3.job','32');
DeleteFile('C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-11.job','32');
DeleteFile('C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-10_user.job','32');
DeleteFile('C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-7.job','32');
DeleteFile('C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-6.job','32');
DeleteFile('C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-6.job','32');
DeleteFile('C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-7.exe','32');
DeleteFile('C:\Users\0982~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE','32');
DeleteFile('C:\Users\Женя\AppData\Roaming\repulsion_1033\s_inst.exe','32');
DeleteFile('C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-7.job','32');
DeleteFile('C:\Windows\Tasks\Digital Sites.job','32');
DeleteFile('C:\Windows\Tasks\repulsion_1033.job','32');
DeleteFile('C:\Windows\Tasks\UwzIc6A65aVnz.job','32');
DeleteFile('C:\Windows\system32\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\40db1533-f551-4998-8bca-934da85073e3-11','64');
DeleteFile('C:\Windows\system32\Tasks\40db1533-f551-4998-8bca-934da85073e3-3','64');
DeleteFile('C:\Windows\system32\Tasks\40db1533-f551-4998-8bca-934da85073e3-5','64');
DeleteFile('C:\Windows\system32\Tasks\40db1533-f551-4998-8bca-934da85073e3-6','64');
DeleteFile('C:\Windows\system32\Tasks\40db1533-f551-4998-8bca-934da85073e3-7','64');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task','64');
DeleteFile('C:\Windows\system32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core','64');
DeleteFile('C:\Windows\system32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update','64');
DeleteFile('C:\Windows\system32\Tasks\WindowsUpdater','64');
DeleteFile('C:\Windows\system32\Tasks\repulsion_1033','64');
DeleteFile('C:\Users\Женя\AppData\Roaming\WindowsUpdater\Updater.exe','32');
DeleteFile('C:\Users\Женя\appdata\local\smartweb\__u.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.