Код:
begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(true);
QuarantineFile(GetAVZDirectory+'avz.exe','CRC');
TerminateProcessByName('c:\users\Данияр\ulqkd4vyzd.exe');
TerminateProcessByName('c:\windows\system32\srvany.exe');
TerminateProcessByName('c:\programdata\s2kxo57hco.exe');
TerminateProcessByName('c:\users\Данияр\appdata\local\nvidia corporation\update\daemonupd.exe');
TerminateProcessByName('c:\windows\system32\aaclient.exe');
TerminateProcessByName('c:\windows\system32\28mhr6.exe');
QuarantineFile('C:\Windows\system32\wininet.exe','');
QuarantineFile('C:\Users\Данияр\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe','');
QuarantineFile('c:\windows\system32\wininet.exe','');
QuarantineFile('C:\Windows\system32\svchost','');
QuarantineFile('C:\Windows\system32\svshost.dll','');
QuarantineFile('C:\Windows\system32\userinit.exe','');
QuarantineFile('C:\Windows\system32\aaclient.exe','');
QuarantineFile('C:\Windows\VRT26BA.tmp','');
QuarantineFile('C:\Windows\System32\win32k.sys','');
QuarantineFile('C:\Windows\SkyTel.EXE','');
QuarantineFile('C:\Users\Данияр\tfmuh36xy5.exe','');
QuarantineFile('C:\Users\Данияр\ulqkd4vyzd.exe','');
QuarantineFile('C:\Users\Данияр\s2kxo57hco.exe','');
QuarantineFile('C:\ProgramData\s2kxo57hco.exe','');
QuarantineFile('C:\ProgramData\tfmuh36xy5.exe','');
QuarantineFile('C:\Windows\system32\as2q.dll','');
QuarantineFile('C:\Windows\system32\aygcc485.dll','');
QuarantineFile('C:\Windows\system32\2eapa2.ocx','');
QuarantineFile('C:\Windows\system32\2fq9x7c9.dll','');
QuarantineFile('C:\Windows\system32\2jyy.dll','');
QuarantineFile('C:\Windows\system32\2l.dll','');
QuarantineFile('C:\Windows\system32\2lm4f1vr.dll','');
QuarantineFile('C:\Windows\system32\2s29.dll','');
QuarantineFile('C:\Windows\system32\2z.dll','');
QuarantineFile('C:\Windows\system32\a38wbr9p.dll','');
QuarantineFile('C:\Windows\system32\a4030a.dll','');
QuarantineFile('C:\Windows\system32\a7g8rbmt.dll','');
QuarantineFile('C:\Windows\system32\a8sj.dll','');
QuarantineFile('C:\Windows\system32\aairzjci.dll','');
QuarantineFile('C:\Windows\system32\aak6.dll','');
QuarantineFile('C:\Windows\system32\ad.dll','');
QuarantineFile('C:\Windows\system32\aqslxca9.dll','');
DeleteFile('C:\Windows\system32\aqslxca9.dll');
DeleteFile('C:\Windows\system32\ad.dll');
DeleteFile('C:\Windows\system32\aak6.dll');
DeleteFile('C:\Windows\system32\aairzjci.dll');
DeleteFile('C:\Windows\system32\a8sj.dll');
DeleteFile('C:\Windows\system32\a7g8rbmt.dll');
DeleteFile('C:\Windows\system32\a4030a.dll');
DeleteFile('C:\Windows\system32\a38wbr9p.dll');
DeleteFile('C:\Windows\system32\2z.dll');
DeleteFile('C:\Windows\system32\2s29.dll');
DeleteFile('C:\Windows\system32\2lm4f1vr.dll');
DeleteFile('C:\Windows\system32\2l.dll');
DeleteFile('C:\Windows\system32\2jyy.dll');
DeleteFile('C:\Windows\system32\2fq9x7c9.dll');
DeleteFile('C:\Windows\system32\2eapa2.ocx');
DeleteFile('C:\Windows\system32\aygcc485.dll');
DeleteFile('C:\Windows\system32\as2q.dll');
DeleteFile('C:\ProgramData\tfmuh36xy5.exe');
DeleteFile('C:\ProgramData\s2kxo57hco.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','tfmuh36xy5');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','s2kxo57hco');
DeleteFile('C:\Users\Данияр\s2kxo57hco.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','s2kxo57hco');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','tfmuh36xy5');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ulqkd4vyzd');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Alcmtr');
DeleteFile('C:\Users\Данияр\ulqkd4vyzd.exe');
DeleteFile('C:\Users\Данияр\tfmuh36xy5.exe');
DeleteFile('C:\Windows\VRT26BA.tmp');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','tcpudp');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','tcpudp');
DeleteFile('C:\Windows\system32\aaclient.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','smwcore');
DeleteFile('C:\Windows\system32\svshost.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad','SysRun');
DeleteFile('C:\Windows\Tasks\At1.job');
DeleteFile('C:\Users\Данияр\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe');
DeleteFile('C:\Windows\system32\wininet.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
RebootWindows(true);
end.
Компьютер перезагрузится.