begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
TerminateProcessByName('c:\users\Александр\appdata\local\amigo\application\amigo.exe');
TerminateProcessByName('c:\users\Александр\appdata\local\amigo\application\44.4.2403.3\amigo_cr.exe');
TerminateProcessByName('c:\program files (x86)\3e5fab20-1452436523-11dd-954f-50465d749799\knso3032.tmp');
TerminateProcessByName('c:\programdata\tmp0x0x\protectwindowsmanager.exe');
TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qmchext.exe');
TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qmdl.exe');
TerminateProcessByName('c:\users\Александр\appdata\local\3e5fab20-1452801049-11dd-954f-50465d749799\qnse9224.tmp');
TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\plugins\qmnetmon\qqpcnetflow.exe');
TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qqpcrealtimespeedup.exe');
TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qqpcrtp.exe');
TerminateProcessByName('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qqpctray.exe');
TerminateProcessByName('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe');
TerminateProcessByName('c:\program files (x86)\tdatadld\tdata.exe');
TerminateProcessByName('c:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe');
SetServiceStart('TSSysKit', 4);
SetServiceStart('TSSKX64', 4);
SetServiceStart('tsnethlpx64', 4);
SetServiceStart('TFsFlt', 4);
SetServiceStart('TAOAccelerator', 4);
SetServiceStart('swsedrvr_vt_1_10_0_25', 4);
SetServiceStart('softaal', 4);
SetServiceStart('QQSysMonX64', 4);
SetServiceStart('QMUdisk', 4);
SetServiceStart('zigipyro', 4);
SetServiceStart('WindowsMangerProtect', 4);
SetServiceStart('TDataSvr', 4);
SetServiceStart('swsesrvc_1.10.0.25', 4);
SetServiceStart('QQPCRTP', 4);
QuarantineFile('C:\Users\Александр\appdata\roaming\aspackage\aspackage.exe','');
QuarantineFile('C:\Users\Александр\AppData\Roaming\WindowsUpdater\Updater.exe','');
QuarantineFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe','');
QuarantineFile('C:\Users\8523~1\AppData\Local\Temp\setup.exe','');
QuarantineFile('C:\Program Files (x86)\rec_ru_165\rec_ru_165.exe','');
QuarantineFile('C:\Users\Александр\AppData\Local\profitsaver\config.json','');
QuarantineFile('C:\Users\Александр\AppData\Local\profitsaver\rft_sb.exe','');
QuarantineFile('C:\Users\Александр\AppData\Roaming\MyDesktop\qweeeCL.exe','');
QuarantineFile('C:\Program Files (x86)\MTV20151125\MTView.exe','');
QuarantineFile('C:\Program Files (x86)\IconRunner\MoneyBot.exe','');
QuarantineFile('C:\Program Files (x86)\Company\gupdate\gupdate.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010206\gmsd_ru_005010206.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010205\gmsd_ru_005010205.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010204\gmsd_ru_005010204.exe','');
QuarantineFile('C:\Users\Александр\AppData\Local\gmsd_ru_005010206\upgmsd_ru_005010206.exe','');
QuarantineFile('C:\Windows\system32\DRIVERS\MPCKpt.sys','');
QuarantineFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys','');
QuarantineFile('c:\program files (x86)\tdatadld\tdata.exe','');
QuarantineFile('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe','');
QuarantineFile('c:\users\Александр\appdata\local\3e5fab20-1452801049-11dd-954f-50465d749799\qnse9224.tmp','');
QuarantineFile('c:\programdata\tmp0x0x\protectwindowsmanager.exe','');
QuarantineFile('c:\program files (x86)\3e5fab20-1452436523-11dd-954f-50465d749799\knso3032.tmp','');
DeleteFile('c:\users\Александр\appdata\local\amigo\application\44.4.2403.3\amigo_cr.exe','32');
DeleteFile('c:\users\Александр\appdata\local\amigo\application\amigo.exe','32');
DeleteFile('c:\program files (x86)\3e5fab20-1452436523-11dd-954f-50465d749799\knso3032.tmp','32');
DeleteFile('c:\programdata\tmp0x0x\protectwindowsmanager.exe','32');
DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qmchext.exe','32');
DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qmdl.exe','32');
DeleteFile('c:\users\Александр\appdata\local\3e5fab20-1452801049-11dd-954f-50465d749799\qnse9224.tmp','32');
DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\plugins\qmnetmon\qqpcnetflow.exe','32');
DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qqpcrealtimespeedup.exe','32');
DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qqpcrtp.exe','32');
DeleteFile('c:\program files (x86)\tencent\qqpcmgr\11.3.17203.220\qqpctray.exe','32');
DeleteFile('c:\program files (x86)\swiftsearch_1.10.0.25\service\swsesrvc.exe','32');
DeleteFile('c:\program files (x86)\tdatadld\tdata.exe','32');
DeleteFile('C:\Program Files (x86)\TDataDld\MSVCP100.dll','32');
DeleteFile('C:\Program Files (x86)\TDataDld\MSVCR100.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\AndroidAssistHelper.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\arkGraphic.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\Common.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\communic.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\DLProtectComm.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\dr.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\GameUpgrade.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\GarbageCleaner.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\GF.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\GFCustom.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\GFFtsysCustom.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\jgImage.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMDns.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMEmKit.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMEmMat.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMExt.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\GameSpeedupExposure.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\GameSpeedupGiftBagMgr.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\SpeedupMsg.dll','32');
DeleteFile('C:\ProgramData\Tencent\TSVulFw\TSVulFW.DAT','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\xImage.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\xGraphic32.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TSZip.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TSWebMon.dat','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QMUdisk64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\QQSysMonX64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\softaal64.sys','32');
DeleteFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys','32');
DeleteFile('C:\Windows\system32\Drivers\TAOAccelerator64.sys','32');
DeleteFile('C:\Windows\system32\Drivers\TAOKernel64.sys','32');
DeleteFile('C:\Windows\system32\Drivers\TFsFltX64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TsNetHlpX64.sys','32');
DeleteFile('C:\Windows\System32\drivers\tsskx64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17203.220\TSSysKit64.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\MPCKpt.sys','32');
DeleteFile('C:\Users\Александр\AppData\Local\gmsd_ru_005010206\upgmsd_ru_005010206.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010206\gmsd_ru_005010206.exe','32');
DeleteFile('C:\Program Files (x86)\Company\gupdate\gupdate.exe','32');
DeleteFile('C:\Program Files (x86)\IconRunner\MoneyBot.exe','32');
DeleteFile('C:\Program Files (x86)\MTV20151125\MTView.exe','32');
DeleteFile('C:\Users\Александр\AppData\Roaming\MyDesktop\qweeeCL.exe','32');
DeleteFile('C:\Users\Александр\AppData\Local\profitsaver\rft_sb.exe','32');
DeleteFile('C:\Users\Александр\AppData\Local\profitsaver\config.json','32');
DeleteFile('C:\Program Files (x86)\rec_ru_165\rec_ru_165.exe','32');
DeleteFile('C:\Users\8523~1\AppData\Local\Temp\setup.exe','32');
DeleteFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe','32');
DeleteFile('C:\Users\Александр\AppData\Roaming\OdnUqnxVqtAcmfpq4n\tor\tor.exe','32');
DeleteFile('C:\Users\Александр\AppData\Roaming\WindowsUpdater\Updater.exe','32');
DeleteFile('C:\Windows\system32\Tasks\WindowsUpdater','64');
DeleteFile('C:\Users\Александр\AppData\Local\Temp\nsqB073.tmp\blowfish.dll','32');
DeleteFile('C:\Users\Александр\appdata\roaming\aspackage\aspackage.exe','32');
DeleteFile('C:\Users\Александр\appdata\roaming\aspackage\uninstall.exe','32');
DeleteService('wucotusy');
DeleteService('SSFK');
DeleteService('AppVerifier');
DeleteService('zigipyro');
DeleteService('WindowsMangerProtect');
DeleteService('TDataSvr');
DeleteService('swsesrvc_1.10.0.25');
DeleteService('QQPCRTP');
DeleteService('MPCKpt');
DeleteService('TSSKX64');
DeleteService('tsnethlpx64');
DeleteService('TFsFlt');
DeleteService('TAOAccelerator');
DeleteService('swsedrvr_vt_1_10_0_25');
DeleteService('softaal');
DeleteService('QQSysMonX64');
DeleteService('QMUdisk');
DelCLSID('{63332668-8CE1-445D-A5EE-25929176714E}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TorProject','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpaceSoundPro','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\setup','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\rec_ru_165','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\profitsaver','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyDesktop','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MTview','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IconRunner','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gupdate','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010206','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010205','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010204','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GenieFloater','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EncrypterEpta','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DTS','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\amigo','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved','{63332668-8CE1-445D-A5EE-25929176714E}');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','lsas');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','amigo');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upgmsd_ru_005010206.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','QQPCTray');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.