Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Windows\system32\VSProtectProxy.dll','');
QuarantineFile('C:\Program Files (x86)\YTDownloader\updater.exe','');
QuarantineFile('C:\ProgramData\ShopperPro\spbihe.js','');
QuarantineFile('C:\Program Files (x86)\ShopperPro\updater.exe','');
QuarantineFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe','');
QuarantineFile('C:\Users\Ольга\AppData\Local\14070\Updater.exe','');
QuarantineFile('Browser\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-11.exe','');
QuarantineFile('Browser\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-1-7.exe','');
QuarantineFile('Browser\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-1-6.exe','');
QuarantineFile('C:\Program Files (x86)\iWebar\18e0c443-1977-41b2-b880-60bf7fadb224-4.exe','');
QuarantineFile('C:\Program Files (x86)\iWebar\18e0c443-1977-41b2-b880-60bf7fadb224-5.exe','');
QuarantineFile('C:\Program Files (x86)\iWebar\18e0c443-1977-41b2-b880-60bf7fadb224-11.exe','');
QuarantineFile('C:\Program Files (x86)\iWebar\18e0c443-1977-41b2-b880-60bf7fadb224-1-7.exe','');
QuarantineFile('C:\Program Files (x86)\iWebar\18e0c443-1977-41b2-b880-60bf7fadb224-1-6.exe','');
QuarantineFile('C:\Program Files\Internet Explorer\iexplore.bat','');
QuarantineFile('C:\Users\Ольга\AppData\Roaming\Browsers\exe.erolpxei.bat','');
QuarantineFile('C:\Program Files (x86)\YTDownloader\YTDownloader.exe','');
QuarantineFile('C:\Users\Ольга\AppData\Local\SmartWeb\SmartWebHelper.exe','');
QuarantineFile('C:\Program Files (x86)\parol_ot_failov\svchost.exe','');
QuarantineFile('C:\IQIYI Video\Common\QyKernel.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010073\gmsd_ru_005010073.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010072\gmsd_ru_005010072.exe','');
DeleteService('TSSysKit');
DeleteService('TSSKX64');
DeleteService('TSDefenseBt');
DeleteService('TS888x64');
DeleteService('sbmntr');
DeleteService('QQSysMonX64');
DeleteService('QMUdisk');
DeleteService('wsafd_1_10_0_19');
SetServiceStart('TAOKernelDriver', 4);
DeleteService('TAOKernelDriver');
SetServiceStart('TAOAccelerator', 4);
DeleteService('TAOAccelerator');
SetServiceStart('sysmon', 4);
DeleteService('sysmon');
SetServiceStart('ppfd_vt_1_10_0_21', 4);
DeleteService('ppfd_vt_1_10_0_21');
SetServiceStart('rsutils', 4);
DeleteService('rsutils');
DeleteService('RsRavMon');
DeleteService('QQPCRTP');
SetServiceStart('VSProtectProxy', 4);
DeleteService('VSProtectProxy');
QuarantineFile('C:\Windows\system32\drivers\ppfd_vt_1_10_0_21.sys','');
QuarantineFile('C:\Windows\system32\drivers\wsafd_1_10_0_19.sys','');
QuarantineFile('C:\Program Files (x86)\Visual Protect Service\VSProtectCert.dll','');
TerminateProcessByName('c:\program files (x86)\visual protect service\vsprotectproxy.exe');
QuarantineFile('c:\program files (x86)\visual protect service\vsprotectproxy.exe','');
DeleteFile('c:\program files (x86)\visual protect service\vsprotectproxy.exe','32');
DeleteFile('C:\Program Files (x86)\Visual Protect Service\VSProtectCert.dll','32');
DeleteFile('C:\Program Files (x86)\Visual Protect Service\smime3.dll','32');
DeleteFile('C:\Program Files (x86)\Visual Protect Service\plds4.dll','32');
DeleteFile('C:\Program Files (x86)\Visual Protect Service\plc4.dll','32');
DeleteFile('C:\Program Files (x86)\Visual Protect Service\nssutil3.dll','32');
DeleteFile('C:\Program Files (x86)\Visual Protect Service\nss3.dll','32');
DeleteFile('C:\Program Files (x86)\Visual Protect Service\nspr4.dll','32');
DeleteFile('C:\Windows\system32\drivers\wsafd_1_10_0_19.sys','32');
DeleteFile('C:\Windows\System32\Drivers\TAOKernel64.sys','32');
DeleteFile('C:\Windows\system32\Drivers\TAOAccelerator64.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\sysmon.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\rsutils.sys','32');
DeleteFile('C:\Windows\system32\drivers\ppfd_vt_1_10_0_21.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCRtp.exe','32');
DeleteFile('C:\Program Files (x86)\Rising\RAV\ravmond.exe','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TSSysKit64.sys','32');
DeleteFile('C:\Windows\system32\drivers\tsskx64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TsDefenseBT64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TS888x64.sys','32');
DeleteFile('C:\PROGRA~2\YTDOWN~1\sbmntr.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQSysMonX64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMUdisk64.sys','32');
DeleteFile('C:\Windows\system32\Drivers\TAOKernel64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCTRAY.EXE','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ QQPCTray','command');
DeleteFile('C:\Program Files (x86)\baidu\pps.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010072\gmsd_ru_005010072.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010073\gmsd_ru_005010073.exe','32');
DeleteFile('C:\IQIYI Video\Common\QyKernel.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HCDNClient','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_60D5B51D75B48714F4CEDCE2A348094D','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010073','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010072','command');
DeleteFile('C:\Program Files (x86)\parol_ot_failov\svchost.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\progrmma','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RavTRAY','command');
DeleteFile('C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE','32');
DeleteFile('C:\Program Files (x86)\Rising\RSD\popwndexe.exe','32');
DeleteFile('C:\Users\Ольга\AppData\Local\SmartWeb\SmartWebHelper.exe','32');
DeleteFile('C:\Program Files (x86)\YTDownloader\YTDownloader.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YTDownloader','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartWeb','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RSDTRAY','command');
DeleteFile('C:\Users\Ольга\AppData\Roaming\Browsers\exe.erolpxei.bat','32');
DeleteFile('C:\Program Files\Internet Explorer\iexplore.bat','32');
DeleteFile('C:\Users\Ольга\AppData\Local\Amigo\Application\amigo.exe','32');
DeleteFile('C:\Windows\Tasks\0d45df37-be3f-4ca3-ac86-9537803748f1-5_user.job','32');
DeleteFile('C:\Windows\Tasks\18e0c443-1977-41b2-b880-60bf7fadb224-1-6.job','32');
DeleteFile('C:\Program Files (x86)\iWebar\18e0c443-1977-41b2-b880-60bf7fadb224-1-6.exe','32');
DeleteFile('C:\Program Files (x86)\iWebar\18e0c443-1977-41b2-b880-60bf7fadb224-1-7.exe','32');
DeleteFile('C:\Program Files (x86)\iWebar\18e0c443-1977-41b2-b880-60bf7fadb224-11.exe','32');
DeleteFile('C:\Windows\Tasks\18e0c443-1977-41b2-b880-60bf7fadb224-11.job','32');
DeleteFile('C:\Windows\Tasks\18e0c443-1977-41b2-b880-60bf7fadb224-1-7.job','32');
DeleteFile('C:\Windows\Tasks\18e0c443-1977-41b2-b880-60bf7fadb224-4.job','32');
DeleteFile('C:\Windows\Tasks\18e0c443-1977-41b2-b880-60bf7fadb224-5.job','32');
DeleteFile('C:\Windows\Tasks\18e0c443-1977-41b2-b880-60bf7fadb224-5_user.job','32');
DeleteFile('C:\Program Files (x86)\iWebar\18e0c443-1977-41b2-b880-60bf7fadb224-5.exe','32');
DeleteFile('C:\Program Files (x86)\iWebar\18e0c443-1977-41b2-b880-60bf7fadb224-4.exe','32');
DeleteFile('C:\Windows\Tasks\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-1-6.job','32');
DeleteFile('Browser\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-1-6.exe','32');
DeleteFile('Browser\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-1-7.exe','32');
DeleteFile('C:\Windows\Tasks\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-1-7.job','32');
DeleteFile('C:\Windows\Tasks\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-11.job','32');
DeleteFile('Browser\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-11.exe','32');
DeleteFile('C:\Windows\Tasks\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-4.job','32');
DeleteFile('C:\Windows\Tasks\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-5.job','32');
DeleteFile('C:\Windows\Tasks\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-5_user.job','32');
DeleteFile('C:\Windows\Tasks\AmiUpdXp.job','32');
DeleteFile('C:\Users\Ольга\AppData\Local\14070\Updater.exe','32');
DeleteFile('C:\Windows\Tasks\d48ad28d-0f8e-4f92-b04b-c683ce7019bb-1-6.job','32');
DeleteFile('C:\Windows\Tasks\d48ad28d-0f8e-4f92-b04b-c683ce7019bb-1-7.job','32');
DeleteFile('C:\Windows\Tasks\d48ad28d-0f8e-4f92-b04b-c683ce7019bb-11.job','32');
DeleteFile('C:\Windows\Tasks\d48ad28d-0f8e-4f92-b04b-c683ce7019bb-4.job','32');
DeleteFile('C:\Windows\Tasks\d48ad28d-0f8e-4f92-b04b-c683ce7019bb-5.job','32');
DeleteFile('C:\Windows\Tasks\d48ad28d-0f8e-4f92-b04b-c683ce7019bb-5_user.job','32');
DeleteFile('C:\Windows\system32\Tasks\18e0c443-1977-41b2-b880-60bf7fadb224-1-6','64');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job','32');
DeleteFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\Windows\system32\Tasks\18e0c443-1977-41b2-b880-60bf7fadb224-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\18e0c443-1977-41b2-b880-60bf7fadb224-11','64');
DeleteFile('C:\Windows\system32\Tasks\18e0c443-1977-41b2-b880-60bf7fadb224-4','64');
DeleteFile('C:\Windows\system32\Tasks\18e0c443-1977-41b2-b880-60bf7fadb224-5','64');
DeleteFile('C:\Windows\system32\Tasks\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-11','64');
DeleteFile('C:\Windows\system32\Tasks\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-4','64');
DeleteFile('C:\Windows\system32\Tasks\58ae5a47-201c-43a6-a4d4-cf0aaaeaab6f-5','64');
DeleteFile('C:\Windows\system32\Tasks\d48ad28d-0f8e-4f92-b04b-c683ce7019bb-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\d48ad28d-0f8e-4f92-b04b-c683ce7019bb-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\d48ad28d-0f8e-4f92-b04b-c683ce7019bb-11','64');
DeleteFile('C:\Windows\system32\Tasks\d48ad28d-0f8e-4f92-b04b-c683ce7019bb-4','64');
DeleteFile('C:\Windows\system32\Tasks\d48ad28d-0f8e-4f92-b04b-c683ce7019bb-5','64');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineCore','64');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineUA','64');
DeleteFile('C:\Windows\system32\Tasks\ShopperProJSUpd','64');
DeleteFile('C:\Program Files (x86)\ShopperPro\updater.exe','32');
DeleteFile('C:\Windows\system32\Tasks\SPBIW_UpdateTask_Time_343036383533343936342d5b5b4a346c4123452a5a556c','64');
DeleteFile('C:\ProgramData\ShopperPro\spbihe.js','32');
DeleteFile('C:\Windows\system32\Tasks\YTDownloaderUpd','64');
DeleteFile('C:\Program Files (x86)\YTDownloader\updater.exe','32');
DeleteFile('C:\Windows\system32\VSProtectProxy.dll','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteREpair(15);
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.