Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files\UseCalendarEx\UseCalendarEx.sys','');
SetServiceStart('UseCalendarEx', 4);
DeleteService('UseCalendarEx');
QuarantineFile('C:\Program Files\UseCalendarEx\timeService.exe','');
SetServiceStart('timeService.exe', 4);
DeleteService('timeService.exe');
QuarantineFile('C:\Program Files\Rising\RAV\RavMonD.exe','');
SetServiceStart('RsRavMon', 4);
DeleteService('RsRavMon');
SetServiceStart('knbcenter', 4);
DeleteService('knbcenter');
QuarantineFile('C:\Program Files\Doyo\basectrl.dll','');
QuarantineFile('C:\Program Files\Doyo\BaseCore.dll','');
TerminateProcessByName('c:\program files\usecalendarex\usesync.exe');
QuarantineFile('c:\program files\usecalendarex\usesync.exe','');
TerminateProcessByName('c:\program files\usecalendarex\usecalendarex.exe');
QuarantineFile('c:\program files\usecalendarex\usecalendarex.exe','');
TerminateProcessByName('c:\program files\usecalendarex\timeservice.exe');
QuarantineFile('c:\program files\usecalendarex\timeservice.exe','');
TerminateProcessByName('c:\program files\rising\rav\ravmond.exe');
QuarantineFile('c:\program files\rising\rav\ravmond.exe','');
TerminateProcessByName('c:\program files\kuping4\kuping_v4.exe');
QuarantineFile('c:\program files\kuping4\kuping_v4.exe','');
TerminateProcessByName('c:\program files\kuping4\kpquickenfunction.exe');
QuarantineFile('c:\program files\kuping4\kpquickenfunction.exe','');
TerminateProcessByName('c:\program files\kuping4\kpmini.exe');
QuarantineFile('c:\program files\kuping4\kpmini.exe','');
TerminateProcessByName('c:\users\admin\appdata\local\liebao\lbbrowser\knbcenter.exe');
QuarantineFile('c:\users\admin\appdata\local\liebao\lbbrowser\knbcenter.exe','');
TerminateProcessByName('c:\program files\feihuo\feihuospeed\fhspeed.exe');
QuarantineFile('c:\program files\feihuo\feihuospeed\fhspeed.exe','');
TerminateProcessByName('c:\program files\feihuo\feihuo.exe');
QuarantineFile('c:\program files\feihuo\feihuo.exe','');
TerminateProcessByName('c:\program files\doyo\dyservice.exe');
QuarantineFile('c:\program files\doyo\dyservice.exe','');
TerminateProcessByName('c:\program files\doyo\doyo.exe');
QuarantineFile('c:\program files\doyo\doyo.exe','');
DeleteFile('c:\program files\doyo\doyo.exe','32');
DeleteFile('c:\program files\doyo\dyservice.exe','32');
DeleteFile('c:\program files\feihuo\feihuo.exe','32');
DeleteFile('c:\program files\feihuo\feihuospeed\fhspeed.exe','32');
DeleteFile('c:\users\admin\appdata\local\liebao\lbbrowser\knbcenter.exe','32');
DeleteFile('c:\program files\kuping4\kpmini.exe','32');
DeleteFile('c:\program files\kuping4\kpquickenfunction.exe','32');
DeleteFile('c:\program files\kuping4\kuping_v4.exe','32');
DeleteFile('c:\program files\rising\rav\ravmond.exe','32');
DeleteFile('c:\program files\usecalendarex\timeservice.exe','32');
DeleteFile('c:\program files\usecalendarex\usecalendarex.exe','32');
DeleteFile('c:\program files\usecalendarex\usesync.exe','32');
DeleteFile('C:\Program Files\Doyo\BaseCore.dll','32');
DeleteFile('C:\Program Files\Doyo\basectrl.dll','32');
DeleteFile('C:\Program Files\Rising\RAV\RavMonD.exe','32');
DeleteFile('C:\Program Files\UseCalendarEx\timeService.exe','32');
DeleteFile('C:\Program Files\UseCalendarEx\UseCalendarEx.sys','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','doyo');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Feihuo');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','FHSpeed');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','kuping');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','kxesc');
DeleteFileMask('c:\program files\doyo', '*', true);
DeleteDirectory('c:\program files\doyo');
DeleteFileMask('c:\program files\feihuo', '*', true);
DeleteDirectory('c:\program files\feihuo');
DeleteFileMask('C:\Program Files\VPets', '*', true);
DeleteDirectory('C:\Program Files\VPets');
DeleteFileMask('c:\program files\kuping4', '*', true);
DeleteDirectory('c:\program files\kuping4');
DeleteFileMask('c:\program files\rising', '*', true);
DeleteDirectory('c:\program files\rising');
DeleteFileMask('c:\program files\usecalendarex', '*', true);
DeleteDirectory('c:\program files\usecalendarex');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.