Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\simart\AppData\Roaming\Adobe\Manager.exe','');
QuarantineFile('C:\ProgramData\UltimateSecurityPackage\Latough.dll','');
QuarantineFile('C:\Program Files (x86)\sunnyday\otutnetwork.exe','');
QuarantineFile('C:\Users\simart\AppData\Roaming\gplyra\gplyra\start.cmd','');
QuarantineFile('C:\Program Files (x86)\sunnyday\wincom_ZZJ.exe','');
QuarantineFile('C:\Program Files (x86)\sunnyday\wincom_R3A.exe','');
QuarantineFile('C:\Program Files (x86)\LuDaShi\ComputerZTray.exe','');
QuarantineFile('C:\Users\simart\AppData\Roaming\NUIns\NUIns.exe','');
QuarantineFile('C:\Program Files (x86)\DPower\DiskPower.exe','');
QuarantineFile('c:\program files\ziptool\ZipProtect64.sys','');
SetServiceStart('mwescontroller', 4);
DeleteService('mwescontroller');
SetServiceStart('MaohaWifiNetPro', 4);
DeleteService('MaohaWifiNetPro');
QuarantineFile('C:\Program Files\My Web Shield\mweshieldup.exe','');
QuarantineFile('C:\Program Files\My Web Shield\mweshield.exe','');
DeleteService('mweshieldup');
SetServiceStart('mweshield', 4);
DeleteService('mweshield');
SetServiceStart('xihobikezbt', 4);
DeleteService('xihobikezbt');
SetServiceStart('Windows', 4);
DeleteService('Windows');
SetServiceStart('Vosogereofgh Reports', 4);
DeleteService('Vosogereofgh Reports');
QuarantineFile('C:\Program Files (x86)\Mbedrerjent\Vosogereofgh\VosogereofghRprCkkitywasuk.exe','');
SetServiceStart('zigipyro', 4);
DeleteService('zigipyro');
SetServiceStart('Updater.Mail.Ru', 4);
DeleteService('Updater.Mail.Ru');
SetServiceStart('UltimateSecurityPackage', 4);
DeleteService('UltimateSecurityPackage');
SetServiceStart('SoEasySvc', 4);
DeleteService('SoEasySvc');
SetServiceStart('Ronzap', 4);
DeleteService('Ronzap');
SetServiceStart('rijufoze', 4);
DeleteService('rijufoze');
SetServiceStart('MaohaWifiSvr', 4);
DeleteService('MaohaWifiSvr');
SetServiceStart('dowidoly', 4);
DeleteService('dowidoly');
SetServiceStart('CloudPrinter', 4);
DeleteService('CloudPrinter');
QuarantineFile('C:\ProgramData\CloudPrinter\CloudPrinter.exe','');
SetServiceStart('backlh', 4);
DeleteService('backlh');
QuarantineFile('C:\Program Files\ZipTool\ZipProtect64.sys','');
QuarantineFile('C:\Windows\system32\drivers\mwescontroller.sys','');
QuarantineFile('C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaoHaWiFiNet64.sys','');
QuarantineFile('C:\ProgramData\UltimateSecurityPackage\Open-Flex.dll','');
QuarantineFile('C:\Program Files (x86)\GreatMaker\MaohaWiFi\Updater\CheckUpdate.dll','');
QuarantineFile('C:\Program Files (x86)\GreatMaker\MaohaWiFi\tipsdll.dll','');
QuarantineFile('C:\Program Files (x86)\GreatMaker\MaohaWiFi\CrRpt.dll','');
QuarantineFile('C:\Program Files (x86)\GreatMaker\MaohaWiFi\maohasubstat.dll','');
QuarantineFile('C:\Program Files (x86)\DPower\YPJMJWVU3N.exe','');
TerminateProcessByName('C:\Program Files (x86)\DPower\YPJMJWVU3N.exe');
QuarantineFile('C:\Program Files\SpaceSoundPro\wizzcaster.exe','');
TerminateProcessByName('C:\Program Files\SpaceSoundPro\wizzcaster.exe');
QuarantineFile('C:\Program Files (x86)\host\wizzcaster.exe','');
TerminateProcessByName('C:\Program Files (x86)\host\wizzcaster.exe');
TerminateProcessByName('C:\Program Files (x86)\DPower\wemoservice.exe');
QuarantineFile('C:\Program Files (x86)\DPower\wemoservice.exe','');
TerminateProcessByName('c:\programdata\ultimatesecuritypackage\ultimatesecuritypackage.exe');
QuarantineFile('c:\programdata\ultimatesecuritypackage\ultimatesecuritypackage.exe','');
TerminateProcessByName('c:\program files (x86)\sbqh\uc.exe');
QuarantineFile('c:\program files (x86)\sbqh\uc.exe','');
TerminateProcessByName('C:\Windows\svchost.exe');
QuarantineFile('C:\Windows\svchost.exe','');
TerminateProcessByName('c:\program files (x86)\soeasysvc\soeasysvc.exe');
QuarantineFile('c:\program files (x86)\soeasysvc\soeasysvc.exe','');
TerminateProcessByName('c:\programdata\logic handler\set.exe');
QuarantineFile('c:\programdata\logic handler\set.exe','');
TerminateProcessByName('c:\users\simart\appdata\roaming\upupdata\service90132.exe');
QuarantineFile('c:\users\simart\appdata\roaming\upupdata\service90132.exe','');
TerminateProcessByName('c:\users\simart\appdata\roaming\upupdata\service72564.exe');
QuarantineFile('c:\users\simart\appdata\roaming\upupdata\service72564.exe','');
TerminateProcessByName('c:\programdata\ronzap\ronzap.exe');
QuarantineFile('c:\programdata\ronzap\ronzap.exe','');
TerminateProcessByName('c:\users\simart\appdata\roaming\randomdeljihereg.exe');
QuarantineFile('c:\users\simart\appdata\roaming\randomdeljihereg.exe','');
TerminateProcessByName('c:\users\simart\appdata\local\16fe2140-1471046586-11d9-bcd5-5404a6b2de84\qnsddd55.tmp');
QuarantineFile('c:\users\simart\appdata\local\16fe2140-1471046586-11d9-bcd5-5404a6b2de84\qnsddd55.tmp','');
TerminateProcessByName('c:\program files (x86)\note-up\note-up.exe');
QuarantineFile('c:\program files (x86)\note-up\note-up.exe','');
TerminateProcessByName('c:\users\simart\appdata\roaming\upupdata\msiql.exe');
QuarantineFile('c:\users\simart\appdata\roaming\upupdata\msiql.exe','');
QuarantineFile('c:\program files (x86)\ludashi\utils\mobiledevicesrv.exe','');
QuarantineFile('c:\program files (x86)\ludashi\utils\mininews.exe','');
TerminateProcessByName('c:\program files (x86)\greatmaker\maohawifi\maohawifisvr.exe');
QuarantineFile('c:\program files (x86)\greatmaker\maohawifi\maohawifisvr.exe','');
QuarantineFile('C:\Program Files (x86)\DPower\LIMJSSAZK9.exe','');
TerminateProcessByName('c:\program files (x86)\mail.ru\mailruupdater\mailruupdater.exe');
TerminateProcessByName('c:\users\simart\appdata\local\temp\28461\kuaizip_setup_703612525_zzlm_002.exe');
QuarantineFile('c:\users\simart\appdata\local\temp\28461\kuaizip_setup_703612525_zzlm_002.exe','');
TerminateProcessByName('c:\users\simart\appdata\roaming\kpzip.exe');
QuarantineFile('c:\users\simart\appdata\roaming\kpzip.exe','');
TerminateProcessByName('c:\program files (x86)\16fe2140-1471035573-11d9-bcd5-5404a6b2de84\knsse7a4.tmpfs');
QuarantineFile('c:\program files (x86)\16fe2140-1471035573-11d9-bcd5-5404a6b2de84\knsse7a4.tmpfs','');
TerminateProcessByName('c:\program files (x86)\16fe2140-1471035573-11d9-bcd5-5404a6b2de84\jnss7.tmp');
QuarantineFile('c:\program files (x86)\16fe2140-1471035573-11d9-bcd5-5404a6b2de84\jnss7.tmp','');
TerminateProcessByName('C:\Program Files\SpaceSoundPro\idscservice.exe');
QuarantineFile('C:\Program Files\SpaceSoundPro\idscservice.exe','');
TerminateProcessByName('C:\Program Files (x86)\host\idscservice.exe');
QuarantineFile('C:\Program Files (x86)\host\idscservice.exe','');
TerminateProcessByName('c:\program files (x86)\16fe2140-1471035573-11d9-bcd5-5404a6b2de84\hnss213e.tmp');
QuarantineFile('c:\program files (x86)\16fe2140-1471035573-11d9-bcd5-5404a6b2de84\hnss213e.tmp','');
QuarantineFile('C:\ProgramData\hdtask\hdtask.exe','');
TerminateProcessByName('c:\users\simart\appdata\roaming\gplyra\gplyra\gplyra.exe');
QuarantineFile('c:\users\simart\appdata\roaming\gplyra\gplyra\gplyra.exe','');
QuarantineFile('c:\program files (x86)\ludashi\computerztray.exe','');
TerminateProcessByName('c:\users\simart\appdata\local\temp\dbupdater.exe');
QuarantineFile('c:\users\simart\appdata\local\temp\dbupdater.exe','');
TerminateProcessByName('c:\windows\temp\d7dc.tmp');
QuarantineFile('c:\windows\temp\d7dc.tmp','');
TerminateProcessByName('C:\Windows\csrss.exe');
QuarantineFile('C:\Windows\csrss.exe','');
TerminateProcessByName('c:\users\simart\appdata\local\temp\is-3rl97.tmp\autotime.exe');
QuarantineFile('c:\users\simart\appdata\local\temp\is-3rl97.tmp\autotime.exe','');
TerminateProcessByName('c:\users\simart\appdata\local\amigo\application\amigo.exe');
TerminateProcessByName('c:\users\simart\appdata\local\temp\9146.tmp.exe');
QuarantineFile('c:\users\simart\appdata\local\temp\9146.tmp.exe','');
DeleteFile('c:\users\simart\appdata\local\temp\9146.tmp.exe','32');
DeleteFile('c:\users\simart\appdata\local\amigo\application\amigo.exe','32');
DeleteFile('c:\users\simart\appdata\local\temp\is-3rl97.tmp\autotime.exe','32');
DeleteFile('C:\Windows\csrss.exe','32');
DeleteFile('c:\windows\temp\d7dc.tmp','32');
DeleteFile('c:\users\simart\appdata\local\temp\dbupdater.exe','32');
DeleteFile('c:\users\simart\appdata\roaming\gplyra\gplyra\gplyra.exe','32');
DeleteFile('c:\program files (x86)\16fe2140-1471035573-11d9-bcd5-5404a6b2de84\hnss213e.tmp','32');
DeleteFile('C:\Program Files (x86)\host\idscservice.exe','32');
DeleteFile('C:\Program Files\SpaceSoundPro\idscservice.exe','32');
DeleteFile('c:\program files (x86)\16fe2140-1471035573-11d9-bcd5-5404a6b2de84\jnss7.tmp','32');
DeleteFile('c:\program files (x86)\16fe2140-1471035573-11d9-bcd5-5404a6b2de84\knsse7a4.tmpfs','32');
DeleteFile('c:\users\simart\appdata\roaming\kpzip.exe','32');
DeleteFile('c:\users\simart\appdata\local\temp\28461\kuaizip_setup_703612525_zzlm_002.exe','32');
DeleteFile('c:\program files (x86)\mail.ru\mailruupdater\mailruupdater.exe','32');
DeleteFile('c:\program files (x86)\greatmaker\maohawifi\maohawifisvr.exe','32');
DeleteFile('c:\users\simart\appdata\roaming\upupdata\msiql.exe','32');
DeleteFile('c:\program files (x86)\note-up\note-up.exe','32');
DeleteFile('c:\users\simart\appdata\local\16fe2140-1471046586-11d9-bcd5-5404a6b2de84\qnsddd55.tmp','32');
DeleteFile('c:\users\simart\appdata\roaming\randomdeljihereg.exe','32');
DeleteFile('c:\programdata\ronzap\ronzap.exe','32');
DeleteFile('c:\users\simart\appdata\roaming\upupdata\service72564.exe','32');
DeleteFile('c:\users\simart\appdata\roaming\upupdata\service90132.exe','32');
DeleteFile('c:\programdata\logic handler\set.exe','32');
DeleteFile('c:\program files (x86)\soeasysvc\soeasysvc.exe','32');
DeleteFile('C:\Windows\svchost.exe','32');
DeleteFile('c:\program files (x86)\sbqh\uc.exe','32');
DeleteFile('c:\programdata\ultimatesecuritypackage\ultimatesecuritypackage.exe','32');
DeleteFile('C:\Program Files (x86)\DPower\wemoservice.exe','32');
DeleteFile('C:\Program Files (x86)\host\wizzcaster.exe','32');
DeleteFile('C:\Program Files\SpaceSoundPro\wizzcaster.exe','32');
DeleteFile('C:\Program Files (x86)\DPower\YPJMJWVU3N.exe','32');
DeleteFile('C:\Program Files (x86)\GreatMaker\MaohaWiFi\maohasubstat.dll','32');
DeleteFile('C:\Program Files (x86)\GreatMaker\MaohaWiFi\CrRpt.dll','32');
DeleteFile('C:\Program Files (x86)\GreatMaker\MaohaWiFi\tipsdll.dll','32');
DeleteFile('C:\Program Files (x86)\GreatMaker\MaohaWiFi\Updater\CheckUpdate.dll','32');
DeleteFile('C:\ProgramData\UltimateSecurityPackage\Open-Flex.dll','32');
DeleteFile('C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaoHaWiFiNet64.sys','32');
DeleteFile('C:\Windows\system32\drivers\mwescontroller.sys','32');
DeleteFile('C:\ProgramData\CloudPrinter\CloudPrinter.exe','32');
DeleteFile('C:\Program Files (x86)\Mbedrerjent\Vosogereofgh\VosogereofghRprCkkitywasuk.exe','32');
DeleteFile('C:\Program Files\My Web Shield\mweshield.exe','32');
DeleteFile('C:\Program Files\My Web Shield\mweshieldup.exe','32');
DeleteFile('C:\Program Files (x86)\DPower\DiskPower.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','DiskPower');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Note-up');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','apphide');
DeleteFile('C:\Users\simart\AppData\Roaming\NUIns\NUIns.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','Update');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','amigo');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','MailRuUpdater');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','hdtask');
DeleteFile('C:\ProgramData\hdtask\hdtask.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Caster');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','VIB1SQ97S7');
DeleteFile('C:\Program Files (x86)\DPower\LIMJSSAZK9.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Q7AJQZ5IWU');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','QGuan10in12');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','QGuan10in1');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','msiql');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SpaceSoundPro');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOMR3A');
DeleteFile('C:\Program Files (x86)\sunnyday\wincom_R3A.exe','32');
DeleteFile('C:\Program Files (x86)\sunnyday\wincom_ZZJ.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WINCOMZZJ');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gplyra');
DeleteFile('C:\Users\simart\AppData\Roaming\gplyra\gplyra\start.cmd','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','IDSCPRODUCT');
DeleteFile('C:\Program Files (x86)\sunnyday\otutnetwork.exe','32');
DeleteFile('C:\ProgramData\UltimateSecurityPackage\Latough.dll','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OTUTPRODUCT_SSRZU');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','OMEWPRODUCT_A0QOE');
DeleteFile('C:\Users\simart\AppData\Roaming\Adobe\Manager.exe','32');
DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\Multimedia\Manager','64');
DeleteFile('C:\Windows\system32\Tasks\tasklist','64');
DeleteFile('C:\Windows\system32\Tasks\{0E944F92-66BC-4B61-8233-898E94A95271}','64');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.