Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
TerminateProcessByName('c:\program files\birdmay\application\chrome.exe');
TerminateProcessByName('c:\program files\winsaber\winsaber.exe');
TerminateProcessByName('c:\programdata\birdmay\birdmay.exe');
TerminateProcessByName('c:\users\Марина\appdata\local\kometa\application\kometa.exe');
StopService('BirdmayP');
StopService('contentdefenderdrv');
StopService('iSafeKrnl');
StopService('iSafeKrnlBoot');
StopService('iSafeKrnlKit');
StopService('iSafeKrnlMon');
StopService('iSafeKrnlR3');
StopService('iSafeNetFilter');
StopService('qkseeService');
StopService('WdMan');
StopService('winsaber');
StopService('winzipersvc');
QuarantineFile('C:\Program Files\Birdmay\Application\chrome.dll','');
QuarantineFile('c:\program files\birdmay\application\chrome.exe','');
QuarantineFile('C:\Program Files\Birdmay\Application\chrome_child.dll','');
QuarantineFile('C:\Program Files\Birdmay\Application\chrome_elf.dll','');
QuarantineFile('C:\Program Files\Birdmay\Application\libegl.dll','');
QuarantineFile('C:\Program Files\Birdmay\Application\libglesv2.dll','');
QuarantineFile('C:\Program Files\Birdmay\Update\BirdmayUpdate.exe','');
QuarantineFile('C:\Program Files\elex-tech\yac\ipcdl.exe','');
QuarantineFile('C:\Program Files\elex-tech\yac\ipcproxy.dll','');
QuarantineFile('C:\Program Files\elex-tech\yac\isafeenginebase.dll','');
QuarantineFile('C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys','');
QuarantineFile('C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys','');
QuarantineFile('C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys','');
QuarantineFile('C:\Program Files\elex-tech\yac\ssleay32.dll','');
QuarantineFile('C:\Program Files\qksee\qkseeSvc.exe','');
QuarantineFile('C:\Program Files\service.exe','');
QuarantineFile('C:\Program Files\Uncheckit\cktSvc.exe','');
QuarantineFile('C:\Program Files\Uncheckit\UncheckitUpdate.exe','');
QuarantineFile('c:\program files\winsaber\winsaber.exe','');
QuarantineFile('C:\Program Files\WinSaber\WinSaber.exe','');
QuarantineFile('C:\Program Files\WinZipper\winzipersvc.exe','');
QuarantineFile('C:\Program Files\WinZipper\wzShellctx.dll','');
QuarantineFile('c:\programdata\birdmay\birdmay.exe','');
QuarantineFile('C:\ProgramData\Birdmay\Birdmay.exe','');
QuarantineFile('C:\ProgramData\TimeTasks\timetasks.exe','');
QuarantineFile('C:\ProgramData\twinpt\WFini.exe','');
QuarantineFile('C:\Users\Марина\AppData\Local\foryougain\stub.exe','');
QuarantineFile('C:\Users\Марина\AppData\Local\Kometa\Application\52.0.2743.82\chrome.dll','');
QuarantineFile('C:\Users\Марина\AppData\Local\Kometa\Application\52.0.2743.82\chrome_child.dll','');
QuarantineFile('C:\Users\Марина\AppData\Local\Kometa\Application\52.0.2743.82\chrome_elf.dll','');
QuarantineFile('C:\Users\Марина\AppData\Local\Kometa\Application\52.0.2743.82\libegl.dll','');
QuarantineFile('C:\Users\Марина\AppData\Local\Kometa\Application\52.0.2743.82\libglesv2.dll','');
QuarantineFile('c:\users\Марина\appdata\local\kometa\application\kometa.exe','');
QuarantineFile('C:\Users\Марина\AppData\Local\Kometa\Application\kometa.exe','');
QuarantineFile('C:\Users\Марина\AppData\Local\Kometa\Panel\KometaLaunchPanel.exe','');
QuarantineFile('C:\Users\0D39~1\AppData\Local\Temp\yvoiifuvjfvvkweuxcjhe.exe','');
QuarantineFile('C:\Windows\system32\Drivers\condef.sys','');
QuarantineFile('C:\Windows\system32\Drivers\contentdefenderdrv.sys','');
QuarantineFile('C:\Windows\system32\drivers\contentdefenderdrv.sys','');
QuarantineFile('lfvmjdpnyrebnwbooq.exe','');
QuarantineFile('C:\Program Files\Muzabaza\Muzabaza player\Muzabaza.exe','');
QuarantineFile('C:\ProgramData\Browsers\browser6.bat', '');
DeleteFile('C:\ProgramData\Browsers\browser6.bat', '32');
DeleteFile('c:\program files\birdmay\application\chrome.exe','32');
DeleteFile('C:\Program Files\Birdmay\Update\BirdmayUpdate.exe','32');
DeleteFile('C:\Program Files\elex-tech\yac\ipcdl.exe','32');
DeleteFile('C:\Program Files\elex-tech\yac\ipcproxy.dll','32');
DeleteFile('C:\Program Files\elex-tech\yac\isafechlp.dll','32');
DeleteFile('C:\Program Files\elex-tech\yac\isafeenginebase.dll','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys','32');
DeleteFile('C:\Program Files\elex-tech\yac\isafekrnlkit.sys','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys','32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys','32');
DeleteFile('C:\Program Files\elex-tech\yac\libcurl.dll','32');
DeleteFile('C:\Program Files\elex-tech\yac\ssleay32.dll','32');
DeleteFile('C:\Program Files\elex-tech\yac\uninstall.exe','32');
DeleteFile('C:\Program Files\qksee\qkseeSvc.exe','32');
DeleteFile('C:\Program Files\service.exe','32');
DeleteFile('C:\Program Files\Uncheckit\cktSvc.exe','32');
DeleteFile('C:\Program Files\Uncheckit\UncheckitUpdate.exe','32');
DeleteFile('c:\program files\winsaber\winsaber.exe','32');
DeleteFile('C:\Program Files\WinSaber\WinSaber.exe','32');
DeleteFile('C:\Program Files\WinZipper\winzipersvc.exe','32');
DeleteFile('C:\Program Files\WinZipper\wzShellctx.dll','32');
DeleteFile('C:\Program Files\winzipper\zlib1.dll','32');
DeleteFile('C:\Program Files\Zaxar\ZaxarGameBrowser.exe','32');
DeleteFile('C:\Program Files\Zaxar\ZaxarLoader.exe','32');
DeleteFile('C:\ProgramData\Birdmay\Birdmay.exe','32');
DeleteFile('c:\programdata\birdmay\birdmay.exe','32');
DeleteFile('C:\ProgramData\TimeTasks\timetasks.exe','32');
DeleteFile('C:\ProgramData\twinpt\WFini.exe','32');
DeleteFile('C:\Users\Марина\AppData\Local\foryougain\config.json','32');
DeleteFile('C:\Users\Марина\AppData\Local\foryougain\stub.exe','32');
DeleteFile('C:\Users\Марина\AppData\Local\Kometa\Application\52.0.2743.82\chrome.dll','32');
DeleteFile('C:\Users\Марина\AppData\Local\Kometa\Application\52.0.2743.82\chrome_child.dll','32');
DeleteFile('C:\Users\Марина\AppData\Local\Kometa\Application\52.0.2743.82\chrome_elf.dll','32');
DeleteFile('C:\Users\Марина\AppData\Local\Kometa\Application\52.0.2743.82\libegl.dll','32');
DeleteFile('C:\Users\Марина\AppData\Local\Kometa\Application\52.0.2743.82\libglesv2.dll','32');
DeleteFile('C:\Users\Марина\AppData\Local\Kometa\Application\kometa.exe','32');
DeleteFile('c:\users\Марина\appdata\local\kometa\application\kometa.exe','32');
DeleteFile('C:\Users\0D39~1\AppData\Local\Temp\yvoiifuvjfvvkweuxcjhe.exe','32');
DeleteFile('C:\Windows\system32\drivers\condef.sys','32');
DeleteFile('C:\Windows\system32\Drivers\condef.sys','32');
DeleteFile('C:\Windows\system32\drivers\contentdefenderdrv.sys','32');
DeleteFile('C:\Windows\system32\Drivers\contentdefenderdrv.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\iSafeKrnlBoot.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\iSafeNetFilter.sys','32');
DeleteFile('C:\Windows\system32\Tasks\BirdmayUpdateTaskMachineCore','32');
DeleteFile('C:\Windows\system32\Tasks\BirdmayUpdateTaskMachineUA','32');
DeleteFile('C:\Windows\system32\Tasks\Open Chrome','32');
DeleteFile('C:\Windows\system32\Tasks\UncheckitTaskMN','32');
DeleteFile('C:\Windows\system32\Tasks\UncheckitUpdateTaskC','32');
DeleteFile('C:\Windows\system32\Tasks\UncheckitUpdateTaskDB','32');
DeleteFile('C:\Windows\Tasks\Open Chrome.job','32');
DeleteService('BirdmayP');
DeleteService('BirdmayU');
DeleteService('condef');
DeleteService('contentdefenderdrv');
DeleteService('iSafeKrnl');
DeleteService('iSafeKrnlBoot');
DeleteService('iSafeKrnlKit');
DeleteService('iSafeKrnlMon');
DeleteService('iSafeKrnlR3');
DeleteService('iSafeNetFilter');
DeleteService('qkseeService');
DeleteService('WdMan');
DeleteService('winsaber');
DeleteService('winzipersvc');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','foryougain');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','KometaAutoLaunch_46B39694CC8D8DC8C47BF0C901742C1C');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','KometaLaunchPanel');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Muzbaza');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ndpcvltnujslty');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','qdmwmzevzlr');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Timestasks');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ZaxarGameBrowser');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ZaxarLoader');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved','{DC638EEA-2BA2-4459-9C46-85A2F0BE6040}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Eventlog\Application\qkseeService','EventMessageFile');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Eventlog\Application\winzipersvc','EventMessageFile');
BC_ImportALL;
ExecuteSysClean;
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteRepair(10);
BC_Activate;
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.