Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files\xtab\cmdshell.exe','');
QuarantineFile('C:\Program Files\xtab\browerwatchff.dll','');
QuarantineFile('C:\Program Files\xtab\browerwatchch.dll','');
QuarantineFile('C:\Users\Kappa\AppData\Roaming\SLKNFBM.exe','');
QuarantineFile('C:\Users\Kappa\AppData\Roaming\newSI_23\s_inst.exe','');
QuarantineFile('C:\Users\Kappa\AppData\Roaming\JHBYN.exe','');
QuarantineFile('C:\Users\Kappa\AppData\Roaming\JB.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-7.exe','');
QuarantineFile('C:\Program Files\globalUpdate\Update\GoogleUpdate.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-6.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-5.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-4.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-3.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-10.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-1-7.exe','');
QuarantineFile('C:\Users\Kappa\AppData\Roaming\AKGTYZ.exe','');
QuarantineFile('C:\Program Files\GoHDV04.04\952847c5-7303-401c-beab-bf5524f661ac-7.exe','');
QuarantineFile('C:\Program Files\GoHDV04.04\952847c5-7303-401c-beab-bf5524f661ac-6.exe','');
QuarantineFile('C:\Program Files\GoHDV04.04\952847c5-7303-401c-beab-bf5524f661ac-5.exe','');
QuarantineFile('C:\Program Files\GoHDV04.04\952847c5-7303-401c-beab-bf5524f661ac-4.exe','');
QuarantineFile('C:\Program Files\GoHDV04.04\952847c5-7303-401c-beab-bf5524f661ac-3.exe','');
QuarantineFile('C:\Program Files\GoHDV04.04\952847c5-7303-401c-beab-bf5524f661ac-1-7.exe','');
QuarantineFile('C:\Program Files\GoHDV04.04\952847c5-7303-401c-beab-bf5524f661ac-10.exe','');
DelBHO('{84C9B457-C48F-46CC-90C0-5A310C64108A}');
DelBHO('{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}');
QuarantineFile('C:\Program Files\Аудио и видео скачивание\IE\x86\Downloader.dll','');
QuarantineFile('C:\Program Files\XTab\SupTab.dll','');
QuarantineFile('C:\iexplore.bat','');
QuarantineFile('C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\system.vbs','');
QuarantineFile('C:\Users\Kappa\AppData\Roaming\eTranslator\eTranslator.exe','');
QuarantineFile('C:\Users\Kappa\AppData\Roaming\ASPackage\ASPackage.exe','');
QuarantineFile('C:\Users\Kappa\AppData\Local\chrome.bat','');
QuarantineFile('C:\Program Files\Google\chrome.bat','');
DeleteService('QMUdisk');
DeleteService('VCL');
SetServiceStart('xyhigysy', 4);
DeleteService('xyhigysy');
SetServiceStart('WindowsMangerProtect', 4);
DeleteService('WindowsMangerProtect');
SetServiceStart('lyqiweky', 4);
DeleteService('lyqiweky');
SetServiceStart('IHProtect Service', 4);
DeleteService('IHProtect Service');
SetServiceStart('futehuke', 4);
DeleteService('futehuke');
QuarantineFile('C:\Windows\system32\VCL.dll','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV03.04\cd0c738d-636b-45c3-bdca-b87a6eba0eb1.dll','');
TerminateProcessByName('c:\users\kappa\appdata\local\9ab01780-1428101832-1016-880f-d4dc8f22008f\snsdfb9f.tmp');
QuarantineFile('c:\users\kappa\appdata\local\9ab01780-1428101832-1016-880f-d4dc8f22008f\snsdfb9f.tmp','');
TerminateProcessByName('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe');
QuarantineFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','');
TerminateProcessByName('c:\program files\xtab\protectservice.exe');
QuarantineFile('c:\program files\xtab\protectservice.exe','');
TerminateProcessByName('c:\users\kappa\appdata\roaming\9ab01780-1428090795-1016-880f-d4dc8f22008f\nspc202.tmp');
QuarantineFile('c:\users\kappa\appdata\roaming\9ab01780-1428090795-1016-880f-d4dc8f22008f\nspc202.tmp','');
TerminateProcessByName('c:\users\kappa\appdata\roaming\9ab01780-1428090795-1016-880f-d4dc8f22008f\jnsmbae5.tmp');
QuarantineFile('c:\users\kappa\appdata\roaming\9ab01780-1428090795-1016-880f-d4dc8f22008f\jnsmbae5.tmp','');
TerminateProcessByName('c:\users\kappa\appdata\local\9ab01780-1428247008-1016-880f-d4dc8f22008f\insje1e8.tmp');
QuarantineFile('c:\users\kappa\appdata\local\9ab01780-1428247008-1016-880f-d4dc8f22008f\insje1e8.tmp','');
TerminateProcessByName('c:\program files\xtab\hpnotify.exe');
QuarantineFile('c:\program files\xtab\hpnotify.exe','');
TerminateProcessByName('c:\program files\cinemaplus-3.2cv03.04\fb883eda-b1f3-469b-9103-da175af9362b-6.exe');
QuarantineFile('c:\program files\cinemaplus-3.2cv03.04\fb883eda-b1f3-469b-9103-da175af9362b-6.exe','');
TerminateProcessByName('c:\program files\cinemaplus-3.2cv03.04\fb883eda-b1f3-469b-9103-da175af9362b-10.exe');
QuarantineFile('c:\program files\cinemaplus-3.2cv03.04\fb883eda-b1f3-469b-9103-da175af9362b-10.exe','');
TerminateProcessByName('c:\users\kappa\appdata\local\9ab01780-1428101817-1016-880f-d4dc8f22008f\cnsnbeef.tmp');
QuarantineFile('c:\users\kappa\appdata\local\9ab01780-1428101817-1016-880f-d4dc8f22008f\cnsnbeef.tmp','');
TerminateProcessByName('c:\program files\application assistance\apphelper.exe');
QuarantineFile('c:\program files\application assistance\apphelper.exe','');
TerminateProcessByName('c:\program files\gohdv04.04\952847c5-7303-401c-beab-bf5524f661ac-6.exe');
QuarantineFile('c:\program files\gohdv04.04\952847c5-7303-401c-beab-bf5524f661ac-6.exe','');
TerminateProcessByName('c:\program files\gohdv04.04\952847c5-7303-401c-beab-bf5524f661ac-10.exe');
QuarantineFile('c:\program files\gohdv04.04\952847c5-7303-401c-beab-bf5524f661ac-10.exe','');
DeleteFile('c:\program files\gohdv04.04\952847c5-7303-401c-beab-bf5524f661ac-10.exe','32');
DeleteFile('c:\program files\gohdv04.04\952847c5-7303-401c-beab-bf5524f661ac-6.exe','32');
DeleteFile('c:\program files\application assistance\apphelper.exe','32');
DeleteFile('c:\users\kappa\appdata\local\9ab01780-1428101817-1016-880f-d4dc8f22008f\cnsnbeef.tmp','32');
DeleteFile('c:\program files\cinemaplus-3.2cv03.04\fb883eda-b1f3-469b-9103-da175af9362b-10.exe','32');
DeleteFile('c:\program files\cinemaplus-3.2cv03.04\fb883eda-b1f3-469b-9103-da175af9362b-6.exe','32');
DeleteFile('c:\program files\xtab\hpnotify.exe','32');
DeleteFile('c:\users\kappa\appdata\local\9ab01780-1428247008-1016-880f-d4dc8f22008f\insje1e8.tmp','32');
DeleteFile('c:\users\kappa\appdata\roaming\9ab01780-1428090795-1016-880f-d4dc8f22008f\jnsmbae5.tmp','32');
DeleteFile('c:\users\kappa\appdata\roaming\9ab01780-1428090795-1016-880f-d4dc8f22008f\nspc202.tmp','32');
DeleteFile('c:\program files\xtab\protectservice.exe','32');
DeleteFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','32');
DeleteFile('c:\users\kappa\appdata\local\9ab01780-1428101832-1016-880f-d4dc8f22008f\snsdfb9f.tmp','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV03.04\cd0c738d-636b-45c3-bdca-b87a6eba0eb1.dll','32');
DeleteFile('C:\Windows\system32\VCL.dll','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\10.6.15950.224\QMUdisk.sys','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','apphelper');
DeleteFile('C:\Program Files\Google\chrome.bat','32');
DeleteFile('C:\Users\Kappa\AppData\Local\chrome.bat','32');
DeleteFile('C:\Users\Kappa\AppData\Roaming\ASPackage\ASPackage.exe','32');
DeleteFile('C:\Users\Kappa\AppData\Roaming\eTranslator\eTranslator.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','eTranslator Update');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','Update');
DeleteFile('C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\system.vbs','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SystemScript');
DeleteFile('C:\iexplore.bat','32');
DeleteFile('C:\Program Files\XTab\SupTab.dll','32');
DeleteFile('C:\Program Files\Аудио и видео скачивание\IE\x86\Downloader.dll','32');
DeleteFile('C:\Windows\Tasks\952847c5-7303-401c-beab-bf5524f661ac-1-7.job','32');
DeleteFile('C:\Windows\Tasks\952847c5-7303-401c-beab-bf5524f661ac-10_user.job','32');
DeleteFile('C:\Program Files\GoHDV04.04\952847c5-7303-401c-beab-bf5524f661ac-10.exe','32');
DeleteFile('C:\Program Files\GoHDV04.04\952847c5-7303-401c-beab-bf5524f661ac-1-7.exe','32');
DeleteFile('C:\Program Files\GoHDV04.04\952847c5-7303-401c-beab-bf5524f661ac-3.exe','32');
DeleteFile('C:\Windows\Tasks\952847c5-7303-401c-beab-bf5524f661ac-3.job','32');
DeleteFile('C:\Windows\Tasks\952847c5-7303-401c-beab-bf5524f661ac-4.job','32');
DeleteFile('C:\Program Files\GoHDV04.04\952847c5-7303-401c-beab-bf5524f661ac-4.exe','32');
DeleteFile('C:\Program Files\GoHDV04.04\952847c5-7303-401c-beab-bf5524f661ac-5.exe','32');
DeleteFile('C:\Windows\Tasks\952847c5-7303-401c-beab-bf5524f661ac-5_user.job','32');
DeleteFile('C:\Windows\Tasks\952847c5-7303-401c-beab-bf5524f661ac-5.job','32');
DeleteFile('C:\Windows\Tasks\952847c5-7303-401c-beab-bf5524f661ac-6.job','32');
DeleteFile('C:\Program Files\GoHDV04.04\952847c5-7303-401c-beab-bf5524f661ac-6.exe','32');
DeleteFile('C:\Program Files\GoHDV04.04\952847c5-7303-401c-beab-bf5524f661ac-7.exe','32');
DeleteFile('C:\Windows\Tasks\952847c5-7303-401c-beab-bf5524f661ac-7.job','32');
DeleteFile('C:\Windows\Tasks\AKGTYZ.job','32');
DeleteFile('C:\Users\Kappa\AppData\Roaming\AKGTYZ.exe','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','32');
DeleteFile('C:\Windows\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-1-7.job','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-1-7.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-10.exe','32');
DeleteFile('C:\Windows\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-10_user.job','32');
DeleteFile('C:\Windows\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-3.job','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-3.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-4.exe','32');
DeleteFile('C:\Windows\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-4.job','32');
DeleteFile('C:\Windows\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-5.job','32');
DeleteFile('C:\Windows\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-5_user.job','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-5.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-6.exe','32');
DeleteFile('C:\Windows\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-6.job','32');
DeleteFile('C:\Windows\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-7.job','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job','32');
DeleteFile('C:\Program Files\globalUpdate\Update\GoogleUpdate.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-7.exe','32');
DeleteFile('C:\Windows\Tasks\JB.job','32');
DeleteFile('C:\Windows\Tasks\JHBYN.job','32');
DeleteFile('C:\Users\Kappa\AppData\Roaming\JB.exe','32');
DeleteFile('C:\Users\Kappa\AppData\Roaming\JHBYN.exe','32');
DeleteFile('C:\Users\Kappa\AppData\Roaming\newSI_23\s_inst.exe','32');
DeleteFile('C:\Windows\Tasks\newSI_23.job','32');
DeleteFile('C:\Windows\Tasks\RegClean Prosch.job','32');
DeleteFile('C:\Windows\Tasks\RegClean Pro_DEFAULT.job','32');
DeleteFile('C:\Program Files\RCP\RegCleanPro.exe','32');
DeleteFile('C:\Windows\Tasks\RegClean Pro_UPDATES.job','32');
DeleteFile('C:\Windows\Tasks\SLKNFBM.job','32');
DeleteFile('C:\Users\Kappa\AppData\Roaming\SLKNFBM.exe','32');
DeleteFile('C:\Windows\system32\Tasks\952847c5-7303-401c-beab-bf5524f661ac-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\952847c5-7303-401c-beab-bf5524f661ac-10_user','32');
DeleteFile('C:\Windows\system32\Tasks\952847c5-7303-401c-beab-bf5524f661ac-3','32');
DeleteFile('C:\Windows\system32\Tasks\952847c5-7303-401c-beab-bf5524f661ac-4','32');
DeleteFile('C:\Windows\system32\Tasks\952847c5-7303-401c-beab-bf5524f661ac-5','32');
DeleteFile('C:\Windows\system32\Tasks\952847c5-7303-401c-beab-bf5524f661ac-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\952847c5-7303-401c-beab-bf5524f661ac-6','32');
DeleteFile('C:\Windows\system32\Tasks\952847c5-7303-401c-beab-bf5524f661ac-7','32');
DeleteFile('C:\Windows\system32\Tasks\AKGTYZ','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','32');
DeleteFile('C:\Windows\system32\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-10_user','32');
DeleteFile('C:\Windows\system32\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-3','32');
DeleteFile('C:\Windows\system32\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-4','32');
DeleteFile('C:\Windows\system32\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-5','32');
DeleteFile('C:\Windows\system32\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-6','32');
DeleteFile('C:\Windows\system32\Tasks\fb883eda-b1f3-469b-9103-da175af9362b-7','32');
DeleteFile('C:\Windows\system32\Tasks\JB','32');
DeleteFile('C:\Windows\system32\Tasks\JHBYN','32');
DeleteFile('C:\Windows\system32\Tasks\newSI_23','32');
DeleteFile('C:\Windows\system32\Tasks\RegClean Pro','32');
DeleteFile('C:\Windows\system32\Tasks\RegClean Prosch','32');
DeleteFile('C:\Windows\system32\Tasks\RegClean Pro_DEFAULT','32');
DeleteFile('C:\Windows\system32\Tasks\RegClean Pro_UPDATES','32');
DeleteFile('C:\Windows\system32\Tasks\SLKNFBM','32');
DeleteFile('C:\Program Files\xtab\browerwatchch.dll','32');
DeleteFile('C:\Program Files\xtab\browerwatchff.dll','32');
DeleteFile('C:\Program Files\xtab\cmdshell.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteREpair(15);
RebootWindows(false);
end.
Компьютер перезагрузится.