Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Оксана\appdata\local\smartweb\swhk.dll','');
QuarantineFile('C:\Program Files (x86)\WordWizard_1.10.0.24\Update\WordwizardAutoUpdateClient.exe','');
QuarantineFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\84b4213c-c017-4f3f-88ee-ee46cc378a31-7.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\84b4213c-c017-4f3f-88ee-ee46cc378a31-6.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\84b4213c-c017-4f3f-88ee-ee46cc378a31-5.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\84b4213c-c017-4f3f-88ee-ee46cc378a31-3.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\84b4213c-c017-4f3f-88ee-ee46cc378a31-10.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\84b4213c-c017-4f3f-88ee-ee46cc378a31-1-7.exe','');
QuarantineFile('C:\Program Files (x86)\Shop and Save Up\84b4213c-c017-4f3f-88ee-ee46cc378a31-1-6.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-7.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-6.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-5.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-3.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-11.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-10.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-1-7.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-1-6.exe','');
QuarantineFile('C:\ProgramData\Browsers\browser6.bat','');
QuarantineFile('C:\ProgramData\Browsers\browser0.bat','');
QuarantineFile('C:\Users\Оксана\AppData\Local\gmsd_ru_005010096\upgmsd_ru_005010096.exe','');
QuarantineFile('C:\Users\Оксана\AppData\Local\SmartWeb\SmartWebHelper.exe','');
DeleteService('globalUpdatem');
DeleteService('globalUpdate');
QuarantineFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe','');
SetServiceStart('wwsvc_1.10.0.24', 4);
DeleteService('wwsvc_1.10.0.24');
SetServiceStart('widumipe', 4);
DeleteService('widumipe');
SetServiceStart('WdsManPro', 4);
DeleteService('WdsManPro');
SetServiceStart('Saophase', 4);
DeleteService('Saophase');
SetServiceStart('HHandler Service', 4);
DeleteService('HHandler Service');
QuarantineFile('C:\windows\system32\drivers\wwfd_vt_1_10_0_24.sys','');
TerminateProcessByName('c:\program files (x86)\wordwizard_1.10.0.24\service\wwsvc.exe');
QuarantineFile('c:\program files (x86)\wordwizard_1.10.0.24\service\wwsvc.exe','');
TerminateProcessByName('c:\programdata\bwdsmanprob\wdsmanpro.exe');
QuarantineFile('c:\programdata\bwdsmanprob\wdsmanpro.exe','');
TerminateProcessByName('c:\users\Оксана\appdata\local\gmsd_ru_005010096\upgmsd_ru_005010096.exe');
QuarantineFile('c:\users\Оксана\appdata\local\gmsd_ru_005010096\upgmsd_ru_005010096.exe','');
TerminateProcessByName('c:\program files (x86)\sfk\ssfk.exe');
QuarantineFile('c:\program files (x86)\sfk\ssfk.exe','');
TerminateProcessByName('c:\users\Оксана\appdata\local\smartweb\smartwebhelper.exe');
QuarantineFile('c:\users\Оксана\appdata\local\smartweb\smartwebhelper.exe','');
TerminateProcessByName('c:\users\Оксана\appdata\local\smartweb\smartwebapp.exe');
QuarantineFile('c:\users\Оксана\appdata\local\smartweb\smartwebapp.exe','');
TerminateProcessByName('c:\programdata\saophase\saophase.exe');
QuarantineFile('c:\programdata\saophase\saophase.exe','');
TerminateProcessByName('c:\program files (x86)\ffffffff-1442860459-ffff-ffff-ffffffffffff\knsw8629.tmp');
QuarantineFile('c:\program files (x86)\ffffffff-1442860459-ffff-ffff-ffffffffffff\knsw8629.tmp','');
TerminateProcessByName('c:\program files (x86)\hp defender\hhandler.exe');
QuarantineFile('c:\program files (x86)\hp defender\hhandler.exe','');
DeleteFile('c:\program files (x86)\hp defender\hhandler.exe','32');
DeleteFile('c:\program files (x86)\ffffffff-1442860459-ffff-ffff-ffffffffffff\knsw8629.tmp','32');
DeleteFile('c:\programdata\saophase\saophase.exe','32');
DeleteFile('c:\users\Оксана\appdata\local\smartweb\smartwebapp.exe','32');
DeleteFile('c:\users\Оксана\appdata\local\smartweb\smartwebhelper.exe','32');
DeleteFile('c:\program files (x86)\sfk\ssfk.exe','32');
DeleteFile('c:\users\Оксана\appdata\local\gmsd_ru_005010096\upgmsd_ru_005010096.exe','32');
DeleteFile('c:\programdata\bwdsmanprob\wdsmanpro.exe','32');
DeleteFile('c:\program files (x86)\wordwizard_1.10.0.24\service\wwsvc.exe','32');
DeleteFile('C:\windows\system32\drivers\wwfd_vt_1_10_0_24.sys','32');
DeleteFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe','32');
DeleteFile('C:\Users\Оксана\AppData\Local\SmartWeb\SmartWebHelper.exe','32');
DeleteFile('C:\Users\Оксана\AppData\Local\gmsd_ru_005010096\upgmsd_ru_005010096.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upgmsd_ru_005010096.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SmartWeb');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mailruhomesearchvbm','command');
DeleteFile('C:\Users\Оксана\AppData\Local\Mail.ru\Sputnik\ptls\mailruhomesearchvbm.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter AppIntegrator 64-bit','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter AppIntegrator 32-bit','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter EPM Support','command');
DeleteFile('C:\ProgramData\Browsers\browser0.bat','32');
DeleteFile('C:\ProgramData\Browsers\browser6.bat','32');
DeleteFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-1-6.exe','32');
DeleteFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-1-7.exe','32');
DeleteFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-10.exe','32');
DeleteFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-11.exe','32');
DeleteFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-3.exe','32');
DeleteFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-5.exe','32');
DeleteFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-6.exe','32');
DeleteFile('C:\Program Files (x86)\Cinema_Plus1.2V24.09\5b4b89ff-eeff-4995-a5f4-29014d51fa16-7.exe','32');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\84b4213c-c017-4f3f-88ee-ee46cc378a31-1-6.exe','32');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\84b4213c-c017-4f3f-88ee-ee46cc378a31-1-7.exe','32');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\84b4213c-c017-4f3f-88ee-ee46cc378a31-10.exe','32');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\84b4213c-c017-4f3f-88ee-ee46cc378a31-3.exe','32');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\84b4213c-c017-4f3f-88ee-ee46cc378a31-5.exe','32');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\84b4213c-c017-4f3f-88ee-ee46cc378a31-6.exe','32');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\84b4213c-c017-4f3f-88ee-ee46cc378a31-7.exe','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe','32');
DeleteFile('C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\windows\Tasks\DtAUB38HqWzpf2z4031Q.job','32');
DeleteFile('C:\windows\Tasks\Crossbrowse.job','32');
DeleteFile('C:\windows\Tasks\84b4213c-c017-4f3f-88ee-ee46cc378a31-7.job','32');
DeleteFile('C:\windows\Tasks\84b4213c-c017-4f3f-88ee-ee46cc378a31-6.job','32');
DeleteFile('C:\windows\Tasks\84b4213c-c017-4f3f-88ee-ee46cc378a31-5_user.job','32');
DeleteFile('C:\windows\Tasks\84b4213c-c017-4f3f-88ee-ee46cc378a31-5.job','32');
DeleteFile('C:\windows\Tasks\84b4213c-c017-4f3f-88ee-ee46cc378a31-3.job','32');
DeleteFile('C:\windows\Tasks\84b4213c-c017-4f3f-88ee-ee46cc378a31-10_user.job','32');
DeleteFile('C:\windows\Tasks\84b4213c-c017-4f3f-88ee-ee46cc378a31-1-7.job','32');
DeleteFile('C:\windows\Tasks\84b4213c-c017-4f3f-88ee-ee46cc378a31-1-6.job','32');
DeleteFile('C:\windows\Tasks\5b4b89ff-eeff-4995-a5f4-29014d51fa16-7.job','32');
DeleteFile('C:\windows\Tasks\5b4b89ff-eeff-4995-a5f4-29014d51fa16-6.job','32');
DeleteFile('C:\windows\Tasks\5b4b89ff-eeff-4995-a5f4-29014d51fa16-5_user.job','32');
DeleteFile('C:\windows\Tasks\5b4b89ff-eeff-4995-a5f4-29014d51fa16-5.job','32');
DeleteFile('C:\windows\Tasks\5b4b89ff-eeff-4995-a5f4-29014d51fa16-3.job','32');
DeleteFile('C:\windows\Tasks\5b4b89ff-eeff-4995-a5f4-29014d51fa16-11.job','32');
DeleteFile('C:\windows\Tasks\5b4b89ff-eeff-4995-a5f4-29014d51fa16-10_user.job','32');
DeleteFile('C:\windows\Tasks\5b4b89ff-eeff-4995-a5f4-29014d51fa16-1-7.job','32');
DeleteFile('C:\windows\Tasks\5b4b89ff-eeff-4995-a5f4-29014d51fa16-1-6.job','32');
DeleteFile('C:\windows\Tasks\GoogleUpdateTaskMachineCore.job','32');
DeleteFile('C:\windows\Tasks\yq0xqBW57SLC.job','32');
DeleteFile('C:\windows\system32\Tasks\globalUpdateUpdateTaskMachineCore','64');
DeleteFile('C:\windows\system32\Tasks\globalUpdateUpdateTaskMachineUA','64');
DeleteFile('C:\windows\system32\Tasks\SmartWeb Upgrade Trigger Task','64');
DeleteFile('C:\windows\system32\Tasks\WordWizard Auto Updater 1.10.0.24 Core','64');
DeleteFile('C:\windows\system32\Tasks\WordWizard Auto Updater 1.10.0.24 Pending Update','64');
DeleteFile('C:\Program Files (x86)\WordWizard_1.10.0.24\Update\WordwizardAutoUpdateClient.exe','32');
DeleteFile('C:\Users\Оксана\appdata\local\smartweb\__u.exe','32');
DeleteFile('C:\Users\Оксана\appdata\local\smartweb\swhk.dll','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.