Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
TerminateProcessByName('c:\documents and settings\admin\local settings\application data\22818f60-1448273112-11dc-ac01-001d6075039c\snsp129.tmp');
TerminateProcessByName('c:\documents and settings\all users\application data\8wminipro8\wminipro.exe');
TerminateProcessByName('c:\program files\22818f60-1448262192-11dc-ac01-001d6075039c\jnsff9.tmp');
TerminateProcessByName('c:\documents and settings\admin\local settings\application data\kometa\kometaup.exe');
TerminateProcessByName('c:\docume~1\admin\locals~1\temp\nst544.tmp');
StopService('ginoquci');
StopService('logotedy');
StopService('QMUdisk');
StopService('SSFK');
StopService('UniversalUpdater');
StopService('vezolife');
StopService('WdsManPro');
DeleteService('ginoquci');
DeleteService('logotedy');
DeleteService('QMUdisk');
DeleteService('SSFK');
DeleteService('UniversalUpdater');
DeleteService('vezolife');
DeleteService('WdsManPro');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\22818F60-1448273112-11DC-AC01-001D6075039C\snsp129.tmp','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Chromium\Application\45.0.2433.0\Installer\updater\updater.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Image Follow\zBin\ImageFollow.dll','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Image Follow\zBin\zjytv.dll','');
QuarantineFile('c:\documents and settings\admin\local settings\application data\iqwsoft\d9f757bd.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\IQWsoft\MciagenPlugin.dll','');
QuarantineFile('c:\documents and settings\admin\local settings\application data\kometa\kometaup.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\mdndbhepfbopchbgmdchaoflagepmehg\config.json','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\mdndbhepfbopchbgmdchaoflagepmehg\stub.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\MediaGet2\mediaget.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Uszhmedia\divCommsLib80.dll','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Yandex\YandexBrowser\Application\browser.bat','');
QuarantineFile('c:\documents and settings\all users\application data\8wminipro8\wminipro.exe','');
QuarantineFile('c:\docume~1\admin\locals~1\temp\nst544.tmp','');
QuarantineFile('C:\Program Files\22818F60-1448262192-11DC-AC01-001D6075039C\jnsfF9.tmp','');
QuarantineFile('C:\Program Files\f552dd4c52e3\a7d12b5975b4.exe','');
QuarantineFile('C:\Program Files\f552dd4c52e3\b786bdb3c67d.exe','');
QuarantineFile('C:\Program Files\gmsd_ru_005010154\gmsd_ru_005010154.exe','');
QuarantineFile('C:\Program Files\SFK\SSFK.exe','');
QuarantineFile('C:\Program Files\Szgzjnty1yziwzdb\zgjjmzz2y3mwbdb.exe','');
QuarantineFile('C:\Program Files\Tencent\QQPCMgr\10.6.15950.224\QMUdisk.sys','');
QuarantineFile('C:\Program Files\Universal Updater\CrashMon.exe','');
QuarantineFile('c:\program files\universal updater\updaterservice.exe','');
QuarantineFile('C:\Program Files\Zaxar\ZaxarGameBrowser.exe','');
QuarantineFile('C:\Program Files\Zaxar\ZaxarLoader.exe','');
QuarantineFile('C:\ProgramData\TimeTasks\timetasks.exe','');
QuarantineFile('C:\windows\system32\drivers\b786bdb3c67d.sys','');
QuarantineFile('C:\windows\system32\drivers\Salus.sys','');
QuarantineFile('C:\WINDOWS\system32\regsvr32.exe C:\Documents and Settings\Admin\Local Settings\Application Data\IQWsoft\MciagenPlugin.dll','');
QuarantineFile('regsvr32.exe C:\Documents and Settings\Admin\Local Settings\Application Data\Uszhmedia\divCommsLib80.dll','');
DeleteFile('c:\documents and settings\admin\local settings\application data\22818f60-1448273112-11dc-ac01-001d6075039c\snsp129.tmp','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Image Follow\zBin\ImageFollow.dll','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Image Follow\zBin\zjytv.dll','32');
DeleteFile('c:\documents and settings\admin\local settings\application data\iqwsoft\d9f757bd.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\IQWsoft\MciagenPlugin.dll','32');
DeleteFile('c:\documents and settings\admin\local settings\application data\kometa\kometaup.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\mdndbhepfbopchbgmdchaoflagepmehg\config.json','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\mdndbhepfbopchbgmdchaoflagepmehg\stub.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\MediaGet2\mediaget.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Uszhmedia\divCommsLib80.dll','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Yandex\YandexBrowser\Application\browser.bat','32');
DeleteFile('c:\documents and settings\all users\application data\8wminipro8\wminipro.exe','32');
DeleteFile('C:\DOCUME~1\Admin\LOCALS~1\Temp\nst544.tmp','32');
DeleteFile('C:\Program Files\22818F60-1448262192-11DC-AC01-001D6075039C\jnsfF9.tmp','32');
DeleteFile('C:\Program Files\f552dd4c52e3\a7d12b5975b4.exe','32');
DeleteFile('C:\Program Files\f552dd4c52e3\b786bdb3c67d.exe','32');
DeleteFile('c:\program files\gmsd_ru_005010154\gmsd_ru_005010154.exe','32');
DeleteFile('C:\Program Files\SFK\SSFK.exe','32');
DeleteFile('C:\Program Files\Szgzjnty1yziwzdb\zgjjmzz2y3mwbdb.exe','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\10.6.15950.224\QMUdisk.sys','32');
DeleteFile('c:\program files\universal updater\crashmon.exe','32');
DeleteFile('c:\program files\universal updater\updaterservice.exe','32');
DeleteFile('C:\Program Files\Zaxar\ZaxarGameBrowser.exe','32');
DeleteFile('C:\Program Files\Zaxar\ZaxarLoader.exe','32');
DeleteFile('C:\ProgramData\TimeTasks\timetasks.exe','32');
DeleteFile('C:\WINDOWS\system32\regsvr32.exe C:\Documents and Settings\Admin\Local Settings\Application Data\IQWsoft\MciagenPlugin.dll','32');
DeleteFile('C:\windows\Tasks\Image Follow.job','32');
DeleteFile('regsvr32.exe C:\Documents and Settings\Admin\Local Settings\Application Data\Uszhmedia\divCommsLib80.dll','32');
DeleteFileMask('C:\Documents and Settings\Admin\Local Settings\Application Data\Uszhmedia', '*', true, ' ');
DeleteDirectory('C:\Documents and Settings\Admin\Local Settings\Application Data\Uszhmedia');
DeleteFileMask('C:\Documents and Settings\Admin\Local Settings\Application Data\Image Follow', '*', true, ' ');
DeleteDirectory('C:\Documents and Settings\Admin\Local Settings\Application Data\Image Follow');
DeleteFileMask('c:\documents and settings\admin\local settings\application data\iqwsoft', '*', true, ' ');
DeleteDirectory('c:\documents and settings\admin\local settings\application data\iqwsoft');
DeleteFileMask('c:\documents and settings\admin\local settings\application data\kometa', '*', true, ' ');
DeleteDirectory('c:\documents and settings\admin\local settings\application data\kometa');
DeleteFileMask('C:\Program Files\Zaxar', '*', true, ' ');
DeleteDirectory('C:\Program Files\Zaxar');
DeleteFileMask('c:\program files\gmsd_ru_005010154', '*', true, ' ');
DeleteDirectory('c:\program files\gmsd_ru_005010154');
DeleteFileMask('C:\Program Files\SFK', '*', true, ' ');
DeleteDirectory('C:\Program Files\SFK');
DeleteFileMask('C:\Program Files\f552dd4c52e3', '*', true, ' ');
DeleteDirectory('C:\Program Files\f552dd4c52e3');
DeleteFileMask('C:\Program Files\Szgzjnty1yziwzdb', '*', true, ' ');
DeleteDirectory('C:\Program Files\Szgzjnty1yziwzdb');
DeleteFileMask('c:\program files\universal updater', '*', true, ' ');
DeleteDirectory('c:\program files\universal updater');
DeleteFileMask('C:\ProgramData\TimeTask', '*', true, ' ');
DeleteDirectory('C:\ProgramData\TimeTask');
DeleteFileMask('C:\Program Files\22818F60-1448262192-11DC-AC01-001D6075039C', '*', true, ' ');
DeleteDirectory('C:\Program Files\22818F60-1448262192-11DC-AC01-001D6075039C');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Edxction');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','IQWsoft');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','kometaup');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','mdndbhepfbopchbgmdchaoflagepmehg');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Uszhmedia');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MediaGet2','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Salus CrashMon','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Salus','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','CrashMon');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010154');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Timestasks');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ZaxarGameBrowser');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ZaxarLoader');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','zgzjnty1yziwzdb');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad','CDBurn');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(3);
ExecuteRepair(4);
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.