Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
TerminateProcessByName('c:\program files\savepass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-10.exe');
TerminateProcessByName('c:\program files\savepass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-6.exe');
TerminateProcessByName('c:\program files\00000000-1437561022-0000-0000-00241d8d3826\hnsr1e2.tmp');
TerminateProcessByName('c:\program files\00000000-1437561022-0000-0000-00241d8d3826\jnsz1dd.tmp');
TerminateProcessByName('c:\documents and settings\userxp\local settings\application data\smartweb\smartwebapp.exe');
TerminateProcessByName('c:\documents and settings\userxp\local settings\application data\smartweb\smartwebhelper.exe');
StopService('comyninu');
StopService('hyverumu');
StopService('jigofyvy');
StopService('wsafd_1_10_0_19');
QuarantineFile('C:\Documents and Settings\UserXP\Local Settings\Application Data\gmsd_ru_005010037\upgmsd_ru_005010037.exe','');
QuarantineFile('C:\Documents and Settings\UserXP\Local Settings\Application Data\gmsd_ru_005010038\upgmsd_ru_005010038.exe','');
QuarantineFile('c:\documents and settings\userxp\local settings\application data\smartweb\smartwebapp.exe','');
QuarantineFile('c:\documents and settings\userxp\local settings\application data\smartweb\smartwebhelper.exe','');
QuarantineFile('C:\Documents and Settings\UserXP\Local Settings\Application Data\SmartWeb\swhk.dll','');
QuarantineFile('c:\program files\00000000-1437561022-0000-0000-00241d8d3826\hnsr1e2.tmp','');
QuarantineFile('C:\Program Files\00000000-1437561022-0000-0000-00241D8D3826\jnsz1DD.tmp','');
QuarantineFile('c:\program files\00000000-1437561022-0000-0000-00241d8d3826\knsb1c8.tmpfs','');
QuarantineFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','');
QuarantineFile('C:\Program Files\Checker\check.exe','');
QuarantineFile('C:\Program Files\Cinema_Plus_3.5V22.07\f7aa40be-f373-4ef2-ade7-3b85ecd26692-10.exe','');
QuarantineFile('C:\Program Files\Cinema_Plus_3.5V22.07\f7aa40be-f373-4ef2-ade7-3b85ecd26692-3.exe','');
QuarantineFile('C:\Program Files\Cinema_Plus_3.5V22.07\f7aa40be-f373-4ef2-ade7-3b85ecd26692-4.exe','');
QuarantineFile('C:\Program Files\Cinema_Plus_3.5V22.07\f7aa40be-f373-4ef2-ade7-3b85ecd26692-6.exe','');
QuarantineFile('C:\Program Files\Cinema_Plus_3.5V22.07\f7aa40be-f373-4ef2-ade7-3b85ecd26692-7.exe','');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe','');
QuarantineFile('c:\program files\gmsd_ru_005010038\gmsd_ru_005010038.exe','');
QuarantineFile('C:\Program Files\PokerStars\PokerStarsUpdate.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\6e77c255-d721-4e18-8828-77f5d99039c4.dll','');
QuarantineFile('C:\Program Files\SavePass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-1-7.exe','');
QuarantineFile('c:\program files\savepass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-10.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-3.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-4.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-5.exe','');
QuarantineFile('c:\program files\savepass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-6.exe','');
QuarantineFile('C:\Program Files\SavePass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-7.exe','');
QuarantineFile('C:\Program Files\Shop and Save Up\542b8970-7fa1-4a29-8c06-2b5ba711272f-1-6.exe','');
QuarantineFile('C:\Program Files\Shop and Save Up\542b8970-7fa1-4a29-8c06-2b5ba711272f-10.exe','');
QuarantineFile('C:\Program Files\Shop and Save Up\542b8970-7fa1-4a29-8c06-2b5ba711272f-6.exe','');
QuarantineFile('C:\Program Files\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe','');
QuarantineFile('C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\wsafd_1_10_0_19.sys','');
DeleteFile('C:\Documents and Settings\UserXP\Local Settings\Application Data\gmsd_ru_005010037\upgmsd_ru_005010037.exe','32');
DeleteFile('c:\documents and settings\userxp\local settings\application data\gmsd_ru_005010038\upgmsd_ru_005010038.exe','32');
DeleteFile('c:\documents and settings\userxp\local settings\application data\smartweb\smartwebapp.exe','32');
DeleteFile('C:\Documents and Settings\UserXP\Local Settings\Application Data\SmartWeb\SmartWebHelper.exe','32');
DeleteFile('C:\Documents and Settings\UserXP\Local Settings\Application Data\SmartWeb\swhk.dll','32');
DeleteFile('c:\program files\00000000-1437561022-0000-0000-00241d8d3826\hnsr1e2.tmp','32');
DeleteFile('c:\program files\00000000-1437561022-0000-0000-00241d8d3826\jnsz1dd.tmp','32');
DeleteFile('C:\Program Files\00000000-1437561022-0000-0000-00241D8D3826\knsb1C8.tmpfs','32');
DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Program Files\Cinema_Plus_3.5V22.07\f7aa40be-f373-4ef2-ade7-3b85ecd26692-10.exe','32');
DeleteFile('C:\Program Files\Cinema_Plus_3.5V22.07\f7aa40be-f373-4ef2-ade7-3b85ecd26692-3.exe','32');
DeleteFile('C:\Program Files\Cinema_Plus_3.5V22.07\f7aa40be-f373-4ef2-ade7-3b85ecd26692-4.exe','32');
DeleteFile('C:\Program Files\Cinema_Plus_3.5V22.07\f7aa40be-f373-4ef2-ade7-3b85ecd26692-6.exe','32');
DeleteFile('C:\Program Files\Cinema_Plus_3.5V22.07\f7aa40be-f373-4ef2-ade7-3b85ecd26692-7.exe','32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe','32');
DeleteFile('c:\program files\gmsd_ru_005010038\gmsd_ru_005010038.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\6e77c255-d721-4e18-8828-77f5d99039c4.dll','32');
DeleteFile('C:\Program Files\SavePass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-1-7.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-10.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-3.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-4.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-5.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-6.exe','32');
DeleteFile('C:\Program Files\SavePass 1.1\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-7.exe','32');
DeleteFile('C:\Program Files\Shop and Save Up\542b8970-7fa1-4a29-8c06-2b5ba711272f-1-6.exe','32');
DeleteFile('C:\Program Files\Shop and Save Up\542b8970-7fa1-4a29-8c06-2b5ba711272f-10.exe','32');
DeleteFile('C:\Program Files\Shop and Save Up\542b8970-7fa1-4a29-8c06-2b5ba711272f-6.exe','32');
DeleteFile('C:\Program Files\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe','32');
DeleteFileMask('C:\Program Files\WordSurfer_1.10.0.19', '*', true, ' ');
DeleteDirectory('C:\Program Files\WordSurfer_1.10.0.19');
DeleteFileMask('C:\Program Files\Shop and Save Up', '*', true, ' ');
DeleteDirectory('C:\Program Files\Shop and Save Up');
DeleteFileMask('C:\Program Files\SavePass 1.1', '*', true, ' ');
DeleteDirectory('C:\Program Files\SavePass 1.1');
DeleteFileMask('c:\program files\gmsd_ru_005010038', '*', true, ' ');
DeleteDirectory('c:\program files\gmsd_ru_005010038');
DeleteFileMask('C:\Program Files\Crossbrowse', '*', true, ' ');
DeleteDirectory('C:\Program Files\Crossbrowse');
DeleteFileMask('C:\Program Files\Cinema_Plus_3.5V22.07', '*', true, ' ');
DeleteDirectory('C:\Program Files\Cinema_Plus_3.5V22.07');
DeleteFileMask('C:\Program Files\AnyProtectEx', '*', true, ' ');
DeleteDirectory('C:\Program Files\AnyProtectEx');
DeleteFileMask('C:\Documents and Settings\UserXP\Local Settings\Application Data\SmartWeb', '*', true, ' ');
DeleteDirectory('C:\Documents and Settings\UserXP\Local Settings\Application Data\SmartWeb');
DeleteFileMask('c:\documents and settings\userxp\local settings\application data\gmsd_ru_005010038', '*', true, ' ');
DeleteDirectory('c:\documents and settings\userxp\local settings\application data\gmsd_ru_005010038');
DeleteFileMask('c:\documents and settings\userxp\local settings\application data\gmsd_ru_005010037', '*', true, ' ');
DeleteDirectory('c:\documents and settings\userxp\local settings\application data\gmsd_ru_005010037');
DeleteFileMask('c:\program files\00000000-1437561022-0000-0000-00241d8d3826', '*', true, ' ');
DeleteDirectory('c:\program files\00000000-1437561022-0000-0000-00241d8d3826');
DeleteFile('C:\WINDOWS\system32\drivers\wsafd_1_10_0_19.sys','32');
DeleteFile('C:\WINDOWS\Tasks\542b8970-7fa1-4a29-8c06-2b5ba711272f-1-6.job','32');
DeleteFile('C:\WINDOWS\Tasks\542b8970-7fa1-4a29-8c06-2b5ba711272f-10_user.job','32');
DeleteFile('C:\WINDOWS\Tasks\542b8970-7fa1-4a29-8c06-2b5ba711272f-6.job','32');
DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP1.job','32');
DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP2.job','32');
DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP3.job','32');
DeleteFile('C:\WINDOWS\Tasks\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-1-7.job','32');
DeleteFile('C:\WINDOWS\Tasks\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-10_user.job','32');
DeleteFile('C:\WINDOWS\Tasks\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-3.job','32');
DeleteFile('C:\WINDOWS\Tasks\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-4.job','32');
DeleteFile('C:\WINDOWS\Tasks\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-5.job','32');
DeleteFile('C:\WINDOWS\Tasks\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-6.job','32');
DeleteFile('C:\WINDOWS\Tasks\bf253a6c-05bb-4a59-a8ba-9a002b1ebdcb-7.job','32');
DeleteFile('C:\WINDOWS\Tasks\Crossbrowse.job','32');
DeleteFile('C:\WINDOWS\Tasks\f7aa40be-f373-4ef2-ade7-3b85ecd26692-10_user.job','32');
DeleteFile('C:\WINDOWS\Tasks\f7aa40be-f373-4ef2-ade7-3b85ecd26692-3.job','32');
DeleteFile('C:\WINDOWS\Tasks\f7aa40be-f373-4ef2-ade7-3b85ecd26692-4.job','32');
DeleteFile('C:\WINDOWS\Tasks\f7aa40be-f373-4ef2-ade7-3b85ecd26692-6.job','32');
DeleteFile('C:\WINDOWS\Tasks\f7aa40be-f373-4ef2-ade7-3b85ecd26692-7.job','32');
DeleteFile('C:\WINDOWS\Tasks\SmartWeb Upgrade Trigger Task.job','32');
DeleteFile('C:\WINDOWS\Tasks\WordSurfer Auto Updater 1.10.0.19 Core.job','32');
DeleteFile('C:\WINDOWS\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update.job','32');
DeleteService('comyninu');
DeleteService('hyverumu');
DeleteService('jigofyvy');
DeleteService('wsafd_1_10_0_19');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','GoogleChromeAutoLaunch_6FB2CEF47C1CB6481F2811F229035ED3');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010038');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SmartWeb');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_ru_005010037.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','upgmsd_ru_005010038.exe');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.