Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
TerminateProcessByName('c:\program files\6c94e600-1447815029-b465-f913-009c0222eb04\knspe2eb.tmp');
TerminateProcessByName('c:\users\user\appdata\local\temp\nsgb13.tmp');
TerminateProcessByName('c:\users\user\appdata\local\smartweb\smartwebhelper.exe');
StopService('A0F4419A-16DE-4E82-bAE1-E52AC058B7F1');
StopService('ApplicationHosting');
StopService('BDEnhanceBoost');
StopService('bovewomy');
StopService('bsdriver');
StopService('bykesute');
StopService('cherimoya');
StopService('csrcc');
StopService('DhrhevHeok');
StopService('ginoquci');
StopService('groover251120150708 Updater');
StopService('Jourgirat');
StopService('myfejozi');
StopService('SSFK');
StopService('swsedrvr_vt_1_10_0_25');
StopService('WindowsMangerProtect');
DeleteService('A0F4419A-16DE-4E82-bAE1-E52AC058B7F1');
DeleteService('ApplicationHosting');
DeleteService('BDEnhanceBoost');
DeleteService('bovewomy');
DeleteService('bsdriver');
DeleteService('bykesute');
DeleteService('cherimoya');
DeleteService('csrcc');
DeleteService('DhrhevHeok');
DeleteService('ginoquci');
DeleteService('groover251120150708 Updater');
DeleteService('Jourgirat');
DeleteService('myfejozi');
DeleteService('SSFK');
DeleteService('swsedrvr_vt_1_10_0_25');
DeleteService('WindowsMangerProtect');
QuarantineFile('C:\Program Files\6C94E600-1447815029-B465-F913-009C0222EB04\hnsmCEF4.tmp','');
QuarantineFile('C:\Program Files\6C94E600-1447815029-B465-F913-009C0222EB04\jnsh8343.tmp','');
QuarantineFile('c:\program files\6c94e600-1447815029-b465-f913-009c0222eb04\knspe2eb.tmp','');
QuarantineFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','');
QuarantineFile('C:\Program Files\baidu\BindEx.exe','');
QuarantineFile('C:\Program Files\gmsd_ru_005010149\gmsd_ru_005010149.exe','');
QuarantineFile('C:\Program Files\gmsd_ru_005010155\gmsd_ru_005010155.exe','');
QuarantineFile('C:\Program Files\gmsd_ru_005010156\gmsd_ru_005010156.exe','');
QuarantineFile('C:\Program Files\gmsd_ru_005010162\gmsd_ru_005010162.exe','');
QuarantineFile('C:\Program Files\gmsd_ru_005010167\gmsd_ru_005010167.exe','');
QuarantineFile('c:\program files\groover251120150708\csrcc.exe','');
QuarantineFile('C:\Program Files\groover251120150708\Foehcu.exe','');
QuarantineFile('C:\Program Files\groover251120150708\Jourgirat.exe','');
QuarantineFile('C:\Program Files\groover251120150708\Lajra.exe','');
QuarantineFile('C:\Program Files\groover251120150708\XuuihKudo.exe','');
QuarantineFile('C:\Program Files\rec_en_77\rec_en_77.exe','');
QuarantineFile('C:\Program Files\SFK\SSFK.exe','');
QuarantineFile('C:\Program Files\Sound+\Sound+.exe','');
QuarantineFile('C:\Program Files\Zaxar\ZaxarGameBrowser.exe','');
QuarantineFile('C:\Program Files\Zaxar\ZaxarLoader.exe','');
QuarantineFile('c:\programdata\airtop\airtop.exe','');
QuarantineFile('C:\ProgramData\ApplicationHosting\ApplicationHosting.exe','');
QuarantineFile('C:\ProgramData\KRB Updater Utility\krbupdater-utility.exe','');
QuarantineFile('C:\ProgramData\TimeTasks\timetasks.exe','');
QuarantineFile('c:\programdata\tmp0x0x\protectwindowsmanager.exe','');
QuarantineFile('C:\PROGRA~1\GROOVE~1\Pajteajp.bat','');
QuarantineFile('C:\Users\user\AppData\Local\Birds\birds365.exe','');
QuarantineFile('c:\users\user\appdata\local\gmsd_ru_005010167\upgmsd_ru_005010167.exe','');
QuarantineFile('C:\Users\user\AppData\Local\SmartWeb\SmartWebHelper.exe','');
QuarantineFile('C:\Users\user\appdata\local\smartweb\swhk.dll','');
QuarantineFile('C:\Users\user\appdata\local\smartweb\__u.exe','');
QuarantineFile('C:\Users\user\AppData\Local\Temp\Adobe\Reader_sl.exe','');
QuarantineFile('C:\Users\user\AppData\Local\Temp\nsgB13.tmp','');
QuarantineFile('C:\Users\user\AppData\Roaming\Identities\Jviuid.exe','');
QuarantineFile('C:\Windows\system32\drivers\BDEnhanceBoost.sys','');
QuarantineFile('C:\Windows\system32\drivers\bsdriver.sys','');
QuarantineFile('C:\Windows\system32\drivers\cherimoya.sys','');
QuarantineFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys','');
QuarantineFile('C:\Windows\system32\Jourgirat.dll','');
QuarantineFile('C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe','');
QuarantineFileF('C:\ProgramData\8WMi', '*', false,'', 0, 0);
DeleteFile('C:\Program Files\6C94E600-1447815029-B465-F913-009C0222EB04\hnsmCEF4.tmp','32');
DeleteFile('C:\Program Files\6C94E600-1447815029-B465-F913-009C0222EB04\jnsh8343.tmp','32');
DeleteFile('c:\program files\6c94e600-1447815029-b465-f913-009c0222eb04\knspe2eb.tmp','32');
DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Program Files\baidu\BindEx.exe','32');
DeleteFile('C:\Program Files\gmsd_ru_005010149\gmsd_ru_005010149.exe','32');
DeleteFile('C:\Program Files\gmsd_ru_005010155\gmsd_ru_005010155.exe','32');
DeleteFile('C:\Program Files\gmsd_ru_005010156\gmsd_ru_005010156.exe','32');
DeleteFile('C:\Program Files\gmsd_ru_005010162\gmsd_ru_005010162.exe','32');
DeleteFile('C:\Program Files\gmsd_ru_005010167\gmsd_ru_005010167.exe','32');
DeleteFile('c:\program files\groover251120150708\csrcc.exe','32');
DeleteFile('C:\Program Files\groover251120150708\Foehcu.exe','32');
DeleteFile('C:\Program Files\groover251120150708\Jourgirat.exe','32');
DeleteFile('C:\Program Files\groover251120150708\Lajra.exe','32');
DeleteFile('C:\Program Files\groover251120150708\XuuihKudo.exe','32');
DeleteFile('C:\Program Files\rec_en_77\rec_en_77.exe','32');
DeleteFile('c:\program files\sfk\ssfk.exe','32');
DeleteFile('c:\program files\sound+\sound+.exe','32');
DeleteFile('C:\Program Files\Zaxar\ZaxarGameBrowser.exe','32');
DeleteFile('C:\Program Files\Zaxar\ZaxarLoader.exe','32');
DeleteFile('C:\ProgramData\ApplicationHosting\ApplicationHosting.exe','32');
DeleteFile('C:\ProgramData\KRB Updater Utility\krbupdater-utility.exe','32');
DeleteFile('C:\ProgramData\TimeTasks\timetasks.exe','32');
DeleteFile('c:\programdata\tmp0x0x\protectwindowsmanager.exe','32');
DeleteFile('C:\PROGRA~1\GROOVE~1\Pajteajp.bat','32');
DeleteFile('c:\users\user\appdata\local\gmsd_ru_005010167\upgmsd_ru_005010167.exe','32');
DeleteFile('C:\Users\user\AppData\Local\SmartWeb\SmartWebHelper.exe','32');
DeleteFile('C:\Users\user\appdata\local\smartweb\swhk.dll','32');
DeleteFile('C:\Users\user\appdata\local\smartweb\__u.exe','32');
DeleteFile('C:\Users\user\AppData\Local\Temp\Adobe\Reader_sl.exe','32');
DeleteFile('c:\users\user\appdata\local\temp\nsgb13.tmp','32');
DeleteFile('C:\Users\user\AppData\Roaming\Identities\Jviuid.exe','32');
DeleteFile('C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe','32');
DeleteFile('C:\Windows\system32\drivers\BDEnhanceBoost.sys','32');
DeleteFile('C:\Windows\system32\drivers\bsdriver.sys','32');
DeleteFile('C:\Windows\system32\drivers\cherimoya.sys','32');
DeleteFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys','32');
DeleteFile('C:\Windows\system32\Jourgirat.dll','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','32');
DeleteFile('C:\Windows\system32\Tasks\KRB Updater Utility','32');
DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\KRBUUS\KRB Updater Utility Service','32');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task','32');
DeleteFile('C:\Windows\system32\Tasks\Vuaczad','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','32');
DeleteFileMask('C:\ProgramData\8WMi', '*', true, ' ');
DeleteDirectory('C:\ProgramData\8WMi');
DeleteFileMask('C:\Users\user\appdata\local\smartweb', '*', true, ' ');
DeleteDirectory('C:\Users\user\appdata\local\smartweb');
DeleteFileMask('c:\users\user\appdata\local\gmsd_ru_005010167', '*', true, ' ');
DeleteDirectory('c:\users\user\appdata\local\gmsd_ru_005010167');
DeleteFileMask('C:\ProgramData\TimeTasks', '*', true, ' ');
DeleteDirectory('C:\ProgramData\TimeTasks');
DeleteFileMask('C:\ProgramData\KRB Updater Utility', '*', true, ' ');
DeleteDirectory('C:\ProgramData\KRB Updater Utility');
DeleteFileMask('C:\ProgramData\ApplicationHosting', '*', true, ' ');
DeleteDirectory('C:\ProgramData\ApplicationHosting');
DeleteFileMask('C:\Program Files\Zaxar', '*', true, ' ');
DeleteDirectory('C:\Program Files\Zaxar');
DeleteFileMask('c:\program files\sfk', '*', true, ' ');
DeleteDirectory('c:\program files\sfk');
DeleteFileMask('C:\Program Files\gmsd_ru_005010149', '*', true, ' ');
DeleteDirectory('C:\Program Files\gmsd_ru_005010149');
DeleteFileMask('C:\Program Files\gmsd_ru_005010155', '*', true, ' ');
DeleteDirectory('C:\Program Files\gmsd_ru_005010155');
DeleteFileMask('C:\Program Files\gmsd_ru_005010156', '*', true, ' ');
DeleteDirectory('C:\Program Files\gmsd_ru_005010156');
DeleteFileMask('C:\Program Files\gmsd_ru_005010162', '*', true, ' ');
DeleteDirectory('C:\Program Files\gmsd_ru_005010162');
DeleteFileMask('C:\Program Files\gmsd_ru_005010167', '*', true, ' ');
DeleteDirectory('C:\Program Files\gmsd_ru_005010167');
DeleteFileMask('C:\Program Files\groover251120150708', '*', true, ' ');
DeleteDirectory('C:\Program Files\groover251120150708');
DeleteFileMask('C:\Program Files\AnyProtectEx', '*', true, ' ');
DeleteDirectory('C:\Program Files\AnyProtectEx');
DeleteFileMask('C:\Program Files\baidu', '*', true, ' ');
DeleteDirectory('C:\Program Files\baidu');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Adobe System Incorporated');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Jviuid');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\baidu','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Birds','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010149','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010155','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010156','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010162','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZaxarGameBrowser','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZaxarLoader','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010167');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','rec_en_77');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SmartWeb');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Sound+');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Timestasks');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upgmsd_ru_005010167.exe');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(2);
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteRepair(14);
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.