Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Windows\system32\Drivers\cherimoya.sys','');
QuarantineFile('C:\PROGRA~1\groover300120161259\Eumolhon.bat','');
DelBHO('{FAB2DE0E-8E4E-462B-a545-C2203C7FC9BD}');
QuarantineFile('C:\Program Files\groover300120161259\Wicnuwn.dll','');
QuarantineFile('C:\ProgramData\koaubfsTHC\QMPfOaVEns5.bat','');
QuarantineFile('C:\Users\swen\AppData\Local\ZetaGamesViewer\zetaviewer.exe','');
QuarantineFile('C:\Users\swen\AppData\Local\ZetaGamesNews\zeta.exe','');
QuarantineFile('C:\Users\swen\AppData\Local\Blacount\config.json','');
QuarantineFile('C:\Users\swen\AppData\Local\Blacount\stub.exe','');
DeleteService('RegFltrX86');
QuarantineFile('C:\Users\swen\AppData\Local\9a7fecd125beae794d59f36bc8ff336e\RegFltrX86.sys','');
SetServiceStart('csrcc', 4);
SetServiceStart('D2945419-9557-4F9E-8658-4389D5880B96', 4);
SetServiceStart('groover300120161259 Updater', 4);
SetServiceStart('HSystem', 4);
SetServiceStart('pucufecozbt', 4);
SetServiceStart('rowugoqo', 4);
SetServiceStart('SSFK', 4);
SetServiceStart('WdMan', 4);
DeleteService('WdMan');
DeleteService('SSFK');
DeleteService('rowugoqo');
DeleteService('pucufecozbt');
DeleteService('HSystem');
DeleteService('groover300120161259 Updater');
DeleteService('D2945419-9557-4F9E-8658-4389D5880B96');
DeleteService('csrcc');
QuarantineFile('C:\Windows\system32\DNSAPI.dll','');
QuarantineFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.dll','');
QuarantineFile('C:\Program Files\groover300120161259\Kucyg.DLL','');
QuarantineFile('C:\Program Files\groover300120161259\Jajnyknu.DLL','');
QuarantineFile('C:\Program Files\groover300120161259\Ehogcob.DLL','');
QuarantineFile('C:\Program Files\groover300120161259\Dimywo.DLL','');
TerminateProcessByName('c:\users\swen\appdata\local\gmsd_ru_005010222\upgmsd_ru_005010222.exe');
TerminateProcessByName('c:\programdata\iwdmi\wdman.exe');
TerminateProcessByName('c:\program files\groover300120161259\yeiutipr.exe');
TerminateProcessByName('c:\program files\wedsoft\zxfwwd.exe');
QuarantineFile('c:\program files\wedsoft\zxfwwd.exe','');
QuarantineFile('c:\program files\groover300120161259\yeiutipr.exe','');
QuarantineFile('c:\programdata\iwdmi\wdman.exe','');
QuarantineFile('c:\users\swen\appdata\local\gmsd_ru_005010222\upgmsd_ru_005010222.exe','');
TerminateProcessByName('c:\program files\sfk\ssfk.exe');
TerminateProcessByName('c:\program files\spacesoundpro\spacesoundpro.exe');
TerminateProcessByName('c:\program files\spacesondpro_v53.12547\spacesondpro_service.exe');
TerminateProcessByName('c:\users\swen\appdata\local\44919020-1454017844-11df-ad0f-485b39512967\snsi3de2.tmp');
QuarantineFile('c:\users\swen\appdata\local\44919020-1454017844-11df-ad0f-485b39512967\snsi3de2.tmp','');
QuarantineFile('c:\program files\spacesondpro_v53.12547\spacesondpro_service.exe','');
QuarantineFile('c:\program files\sfk\ssfk.exe','');
QuarantineFile('c:\program files\spacesoundpro\spacesoundpro.exe','');
TerminateProcessByName('c:\program files\rec_en_77\rec_en_77.exe');
QuarantineFile('c:\program files\rec_en_77\rec_en_77.exe','');
QuarantineFile('c:\users\swen\appdata\local\44919020-1454170192-11df-ad0f-485b39512967\qnsnc23.tmp','');
TerminateProcessByName('c:\program files\groover300120161259\laayf.exe');
TerminateProcessByName('c:\program files\groover300120161259\lontirr.exe');
TerminateProcessByName('c:\program files\44919020-1453996150-11df-ad0f-485b39512967\knsz4ddd.tmp');
QuarantineFile('c:\program files\44919020-1453996150-11df-ad0f-485b39512967\knsz4ddd.tmp','');
TerminateProcessByName('c:\program files\spacesondpro_v53.12547\ioproduct.exe');
QuarantineFile('c:\program files\spacesondpro_v53.12547\ioproduct.exe','');
TerminateProcessByName('c:\program files\gmsd_ru_005010222\gmsd_ru_005010222.exe');
QuarantineFile('c:\program files\gmsd_ru_005010222\gmsd_ru_005010222.exe','');
TerminateProcessByName('c:\program files\groover300120161259\csrcc.exe');
QuarantineFile('c:\program files\groover300120161259\csrcc.exe','');
DeleteFile('c:\program files\groover300120161259\csrcc.exe','32');
DeleteFile('c:\program files\gmsd_ru_005010222\gmsd_ru_005010222.exe','32');
DeleteFile('c:\program files\44919020-1453996150-11df-ad0f-485b39512967\knsz4ddd.tmp','32');
DeleteFile('c:\program files\groover300120161259\laayf.exe','32');
DeleteFile('c:\program files\groover300120161259\lontirr.exe','32');
DeleteFile('c:\users\swen\appdata\local\44919020-1454170192-11df-ad0f-485b39512967\qnsnc23.tmp','32');
DeleteFile('c:\program files\rec_en_77\rec_en_77.exe','32');
DeleteFile('c:\program files\spacesoundpro\spacesoundpro.exe','32');
DeleteFile('c:\program files\sfk\ssfk.exe','32');
DeleteFile('c:\program files\spacesondpro_v53.12547\spacesondpro_service.exe','32');
DeleteFile('c:\users\swen\appdata\local\44919020-1454017844-11df-ad0f-485b39512967\snsi3de2.tmp','32');
DeleteFile('c:\users\swen\appdata\local\gmsd_ru_005010222\upgmsd_ru_005010222.exe','32');
DeleteFile('c:\programdata\iwdmi\wdman.exe','32');
DeleteFile('c:\program files\groover300120161259\yeiutipr.exe','32');
DeleteFile('c:\program files\wedsoft\zxfwwd.exe','32');
DeleteFile('C:\Program Files\groover300120161259\Dimywo.DLL','32');
DeleteFile('C:\Program Files\groover300120161259\Ehogcob.DLL','32');
DeleteFile('C:\Program Files\groover300120161259\Jajnyknu.DLL','32');
DeleteFile('C:\Program Files\groover300120161259\Kucyg.DLL','32');
DeleteFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.dll','32');
DeleteFile('C:\Users\swen\AppData\Local\9a7fecd125beae794d59f36bc8ff336e\RegFltrX86.sys','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SpaceSoundPro');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010222');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','rec_en_77');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','IOPROTECT');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upgmsd_ru_005010222.exe');
DeleteFile('C:\Users\swen\AppData\Local\Blacount\stub.exe','32');
DeleteFile('C:\Users\swen\AppData\Local\Blacount\config.json','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Blacount','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mailruhomesearch','command');
DeleteFile('C:\Users\swen\AppData\Local\ZetaGamesNews\zeta.exe','32');
DeleteFile('C:\Users\swen\AppData\Local\ZetaGamesViewer\zetaviewer.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZetaGamesViewer','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZetaGamesNews','command');
DeleteFile('C:\ProgramData\koaubfsTHC\QMPfOaVEns5.bat','32');
DeleteFile('C:\Program Files\groover300120161259\Wicnuwn.dll','32');
DeleteFile('C:\PROGRA~1\groover300120161259\Eumolhon.bat','32');
DeleteFile('C:\Windows\system32\Tasks\Xieugjaa','32');
DeleteFile('C:\Users\swen\AppData\Local\Temp\nstCD60.tmp\blowfish.dll','32');
DeleteFile('C:\Users\swen\AppData\Local\Temp\nss2933.tmp\blowfish.dll','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.