Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe','');
QuarantineFile('C:\Users\admin\AppData\Local\SmartWeb\SmartWebHelper.exe','');
QuarantineFile('C:\Users\admin\AppData\Roaming\sAWTIkbI2J3.exe','');
QuarantineFile('C:\Users\admin\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE','');
QuarantineFile('C:\Users\admin\AppData\Roaming\kUUgKytTuj.exe','');
QuarantineFile('C:\Users\admin\AppData\Roaming\I3CcsprArVggXodEcTA49hiDJGg.exe','');
QuarantineFile('C:\Program Files\globalUpdate\Update\globalupdate.exe','');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe','');
QuarantineFile('C:\Users\admin\AppData\Local\30718\Updater.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV12.08\955d424c-337e-4501-a581-62262e86c3bf-5.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV12.08\955d424c-337e-4501-a581-62262e86c3bf-4.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV12.08\955d424c-337e-4501-a581-62262e86c3bf-11.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV12.08\955d424c-337e-4501-a581-62262e86c3bf-10.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV12.08\955d424c-337e-4501-a581-62262e86c3bf-1-7.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV12.08\955d424c-337e-4501-a581-62262e86c3bf-1-6.exe','');
QuarantineFile('C:\Users\admin\AppData\Roaming\5OZFBydKkU3XiRNE.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-5.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-4.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-11.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-10.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-1-7.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-1-6.exe','');
QuarantineFile('C:\Program Files\Shop and Save Up\3aebf479-2e56-4e7a-abad-be6722780bd1-5.exe','');
QuarantineFile('C:\Program Files\Shop and Save Up\3aebf479-2e56-4e7a-abad-be6722780bd1-4.exe','');
QuarantineFile('C:\Program Files\Shop and Save Up\3aebf479-2e56-4e7a-abad-be6722780bd1-11.exe','');
QuarantineFile('C:\Program Files\Shop and Save Up\3aebf479-2e56-4e7a-abad-be6722780bd1-10.exe','');
QuarantineFile('C:\Program Files\Shop and Save Up\3aebf479-2e56-4e7a-abad-be6722780bd1-1-7.exe','');
QuarantineFile('C:\Program Files\Shop and Save Up\3aebf479-2e56-4e7a-abad-be6722780bd1-1-6.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV11.08\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-5.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV11.08\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-4.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV11.08\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-11.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV11.08\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-10.exe','');
QuarantineFile('C:\Program Files\CiPlus-4.5vV11.08\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-1-6.exe','');
DelBHO('{50F4150A-48B2-417A-BE4C-C83F580FB904}');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','');
SetServiceStart('rsdsys', 4);
DeleteService('TsDefenseBt');
DeleteService('QMUdisk');
DeleteService('TS888');
DeleteService('Tsksp');
DeleteService('TSSK');
DeleteService('RsMgrSvc');
DeleteService('QQPCRtp');
DeleteFile('C:\Windows\system32\drivers\protreg.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\TSDefenseBt.sys','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\10.10.16443.223\QQPCRtp.exe','32');
DeleteFile('C:\Program Files\Rising\RSD\RsMgrSvc.exe','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\10.10.16443.223\QMUdisk.sys','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\10.10.16443.223\TS888.sys','32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\10.10.16443.223\TSKsp.sys','32');
DeleteFile('C:\Windows\system32\tssk.sys','32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','GoogleChromeAutoLaunch_35F47CA955883AC80F45949DB9B0CAE0');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','RSDTRAY');
DeleteFile('C:\Program Files\Rising\RSD\popwndexe.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','QQPCTray');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\10.10.16443.223\QQPCTRAY.EXE','32');
DeleteFile('C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV11.08\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-1-6.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV11.08\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-1-7.exe','32');
DeleteFile('C:\Windows\Tasks\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-1-7.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV11.08\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-10.exe','32');
DeleteFile('C:\Windows\Tasks\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-10_user.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV11.08\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-11.exe','32');
DeleteFile('C:\Windows\Tasks\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-11.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV11.08\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-4.exe','32');
DeleteFile('C:\Windows\Tasks\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-4.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV11.08\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-5.exe','32');
DeleteFile('C:\Windows\Tasks\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-5.job','32');
DeleteFile('C:\Windows\Tasks\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-5_user.job','32');
DeleteFile('C:\Program Files\Shop and Save Up\3aebf479-2e56-4e7a-abad-be6722780bd1-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\3aebf479-2e56-4e7a-abad-be6722780bd1-1-6.job','32');
DeleteFile('C:\Program Files\Shop and Save Up\3aebf479-2e56-4e7a-abad-be6722780bd1-1-7.exe','32');
DeleteFile('C:\Windows\Tasks\3aebf479-2e56-4e7a-abad-be6722780bd1-1-7.job','32');
DeleteFile('C:\Program Files\Shop and Save Up\3aebf479-2e56-4e7a-abad-be6722780bd1-10.exe','32');
DeleteFile('C:\Windows\Tasks\3aebf479-2e56-4e7a-abad-be6722780bd1-10_user.job','32');
DeleteFile('C:\Program Files\Shop and Save Up\3aebf479-2e56-4e7a-abad-be6722780bd1-11.exe','32');
DeleteFile('C:\Windows\Tasks\3aebf479-2e56-4e7a-abad-be6722780bd1-11.job','32');
DeleteFile('C:\Program Files\Shop and Save Up\3aebf479-2e56-4e7a-abad-be6722780bd1-4.exe','32');
DeleteFile('C:\Windows\Tasks\3aebf479-2e56-4e7a-abad-be6722780bd1-4.job','32');
DeleteFile('C:\Program Files\Shop and Save Up\3aebf479-2e56-4e7a-abad-be6722780bd1-5.exe','32');
DeleteFile('C:\Windows\Tasks\3aebf479-2e56-4e7a-abad-be6722780bd1-5.job','32');
DeleteFile('C:\Windows\Tasks\3aebf479-2e56-4e7a-abad-be6722780bd1-5_user.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\4c932842-d972-4abd-bee3-f3d2f371ef93-1-6.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-1-7.exe','32');
DeleteFile('C:\Windows\Tasks\4c932842-d972-4abd-bee3-f3d2f371ef93-1-7.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-10.exe','32');
DeleteFile('C:\Windows\Tasks\4c932842-d972-4abd-bee3-f3d2f371ef93-10_user.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-11.exe','32');
DeleteFile('C:\Windows\Tasks\4c932842-d972-4abd-bee3-f3d2f371ef93-11.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-4.exe','32');
DeleteFile('C:\Windows\Tasks\4c932842-d972-4abd-bee3-f3d2f371ef93-4.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-5.exe','32');
DeleteFile('C:\Windows\Tasks\4c932842-d972-4abd-bee3-f3d2f371ef93-5.job','32');
DeleteFile('C:\Windows\Tasks\4c932842-d972-4abd-bee3-f3d2f371ef93-5_user.job','32');
DeleteFile('C:\Users\admin\AppData\Roaming\5OZFBydKkU3XiRNE.exe','32');
DeleteFile('C:\Windows\Tasks\5OZFBydKkU3XiRNE.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV12.08\955d424c-337e-4501-a581-62262e86c3bf-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\955d424c-337e-4501-a581-62262e86c3bf-1-6.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV12.08\955d424c-337e-4501-a581-62262e86c3bf-1-7.exe','32');
DeleteFile('C:\Windows\Tasks\955d424c-337e-4501-a581-62262e86c3bf-1-7.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV12.08\955d424c-337e-4501-a581-62262e86c3bf-10.exe','32');
DeleteFile('C:\Windows\Tasks\955d424c-337e-4501-a581-62262e86c3bf-10_user.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV12.08\955d424c-337e-4501-a581-62262e86c3bf-11.exe','32');
DeleteFile('C:\Windows\Tasks\955d424c-337e-4501-a581-62262e86c3bf-11.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV12.08\955d424c-337e-4501-a581-62262e86c3bf-4.exe','32');
DeleteFile('C:\Windows\Tasks\955d424c-337e-4501-a581-62262e86c3bf-4.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV12.08\955d424c-337e-4501-a581-62262e86c3bf-5.exe','32');
DeleteFile('C:\Windows\Tasks\955d424c-337e-4501-a581-62262e86c3bf-5.job','32');
DeleteFile('C:\Windows\Tasks\955d424c-337e-4501-a581-62262e86c3bf-5_user.job','32');
DeleteFile('C:\Windows\Tasks\AmiUpdXp.job','32');
DeleteFile('C:\Windows\Tasks\Crossbrowse.job','32');
DeleteFile('C:\Users\admin\AppData\Local\30718\Updater.exe','32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe','32');
DeleteFile('C:\Program Files\globalUpdate\Update\globalupdate.exe','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job','32');
DeleteFile('C:\Users\admin\AppData\Roaming\I3CcsprArVggXodEcTA49hiDJGg.exe','32');
DeleteFile('C:\Windows\Tasks\I3CcsprArVggXodEcTA49hiDJGg.job','32');
DeleteFile('C:\Users\admin\AppData\Roaming\kUUgKytTuj.exe','32');
DeleteFile('C:\Users\admin\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE','32');
DeleteFile('C:\Users\admin\AppData\Roaming\sAWTIkbI2J3.exe','32');
DeleteFile('C:\Windows\Tasks\sAWTIkbI2J3.job','32');
DeleteFile('C:\Windows\Tasks\Price Fountain.job','32');
DeleteFile('C:\Windows\Tasks\kUUgKytTuj.job','32');
DeleteFile('C:\Windows\system32\Tasks\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-10_user','32');
DeleteFile('C:\Windows\system32\Tasks\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-11','32');
DeleteFile('C:\Windows\system32\Tasks\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-4','32');
DeleteFile('C:\Windows\system32\Tasks\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-5','32');
DeleteFile('C:\Windows\system32\Tasks\24e7b09e-a8fa-4fa2-8c3b-115a2b2d784d-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\3aebf479-2e56-4e7a-abad-be6722780bd1-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\3aebf479-2e56-4e7a-abad-be6722780bd1-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\3aebf479-2e56-4e7a-abad-be6722780bd1-10_user','32');
DeleteFile('C:\Windows\system32\Tasks\3aebf479-2e56-4e7a-abad-be6722780bd1-11','32');
DeleteFile('C:\Windows\system32\Tasks\3aebf479-2e56-4e7a-abad-be6722780bd1-4','32');
DeleteFile('C:\Windows\system32\Tasks\3aebf479-2e56-4e7a-abad-be6722780bd1-5','32');
DeleteFile('C:\Windows\system32\Tasks\3aebf479-2e56-4e7a-abad-be6722780bd1-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\4c932842-d972-4abd-bee3-f3d2f371ef93-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\4c932842-d972-4abd-bee3-f3d2f371ef93-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\4c932842-d972-4abd-bee3-f3d2f371ef93-10_user','32');
DeleteFile('C:\Windows\system32\Tasks\4c932842-d972-4abd-bee3-f3d2f371ef93-11','32');
DeleteFile('C:\Windows\system32\Tasks\4c932842-d972-4abd-bee3-f3d2f371ef93-4','32');
DeleteFile('C:\Windows\system32\Tasks\4c932842-d972-4abd-bee3-f3d2f371ef93-5','32');
DeleteFile('C:\Windows\system32\Tasks\4c932842-d972-4abd-bee3-f3d2f371ef93-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\5OZFBydKkU3XiRNE','32');
DeleteFile('C:\Windows\system32\Tasks\955d424c-337e-4501-a581-62262e86c3bf-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\955d424c-337e-4501-a581-62262e86c3bf-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\955d424c-337e-4501-a581-62262e86c3bf-10_user','32');
DeleteFile('C:\Windows\system32\Tasks\955d424c-337e-4501-a581-62262e86c3bf-11','32');
DeleteFile('C:\Windows\system32\Tasks\955d424c-337e-4501-a581-62262e86c3bf-4','32');
DeleteFile('C:\Windows\system32\Tasks\955d424c-337e-4501-a581-62262e86c3bf-5','32');
DeleteFile('C:\Windows\system32\Tasks\955d424c-337e-4501-a581-62262e86c3bf-5_user','32');
DeleteFile('C:\Windows\system32\Tasks\Crossbrowse','32');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineCore','32');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineUA','32');
DeleteFile('C:\Windows\system32\Tasks\kUUgKytTuj','32');
DeleteFile('C:\Windows\system32\Tasks\Price Fountain','32');
DeleteFile('C:\Windows\system32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}','32');
DeleteFile('C:\PROGRAM FILES\RISING\RAV\rsdelaylauncher.exe','32');
DeleteFile('C:\Windows\system32\Tasks\sAWTIkbI2J3','32');
DeleteFile('C:\Users\admin\AppData\Local\SmartWeb\SmartWebHelper.exe','32');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task','32');
DeleteFile('C:\Program Files\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe','32');
DeleteFile('C:\Windows\system32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core','32');
DeleteFile('C:\Windows\system32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.