Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\USER\appdata\roaming\digita~1\update~1\update~1.exe','');
QuarantineFile('C:\Users\USER\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE','');
QuarantineFile('C:\Windows\aus_ddss.scr','');
QuarantineFile('C:\Users\USER\AppData\Roaming\Identities\pooda\pooda.exe','');
QuarantineFile('C:\Users\USER\AppData\Local\Temp\KB16966419.exe','');
QuarantineFile('C:\Users\USER\AppData\Local\Temp\Adobe\Reader_sl.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1464710\fd861221.exe','');
QuarantineFile('C:\ProgramData\CreativeAudio\lwqpzxels.exe','');
QuarantineFile('C:\Windows\system32\drivers\wkszddnv.sys','');
QuarantineFile('C:\Windows\system32\drivers\sgiqihqh.sys','');
QuarantineFile('C:\Windows\system32\drivers\rxulphbb.sys','');
QuarantineFile('C:\Windows\system32\drivers\rnzifvmj.sys','');
QuarantineFile('C:\Windows\system32\drivers\rimkelhv.sys','');
QuarantineFile('C:\Windows\system32\drivers\pwjcoakn.sys','');
QuarantineFile('C:\Windows\system32\drivers\piazqowe.sys','');
QuarantineFile('C:\Windows\system32\drivers\oubxjtvx.sys','');
QuarantineFile('C:\Windows\system32\drivers\nvfglnbs.sys','');
QuarantineFile('C:\Windows\system32\drivers\nryixgil.sys','');
QuarantineFile('C:\Windows\system32\drivers\nhbnfqzf.sys','');
QuarantineFile('C:\Windows\system32\drivers\liogqqcg.sys','');
QuarantineFile('C:\Windows\system32\drivers\ksewfwgn.sys','');
QuarantineFile('C:\Windows\system32\drivers\jyljcqvs.sys','');
QuarantineFile('C:\Windows\system32\drivers\jnminqqi.sys','');
QuarantineFile('C:\Windows\system32\drivers\ivvuaypn.sys','');
QuarantineFile('C:\Windows\system32\drivers\iksjifms.sys','');
QuarantineFile('C:\Windows\system32\drivers\fcdmvkgk.sys','');
QuarantineFile('C:\Windows\system32\drivers\doxznkfl.sys','');
QuarantineFile('C:\Windows\system32\drivers\biaaepvx.sys','');
QuarantineFile('C:\Windows\system32\drivers\armudqva.sys','');
QuarantineFile('C:\PROGRA~2\mszlzui.exe','');
DeleteService('wkszddnv');
DeleteService('sgiqihqh');
DeleteService('rxulphbb');
DeleteService('rnzifvmj');
DeleteService('rimkelhv');
DeleteService('pwjcoakn');
DeleteService('piazqowe');
DeleteService('oubxjtvx');
DeleteService('nvfglnbs');
DeleteService('nryixgil');
DeleteService('nhbnfqzf');
DeleteService('liogqqcg');
DeleteService('ksewfwgn');
DeleteService('jyljcqvs');
DeleteService('jnminqqi');
DeleteService('ivvuaypn');
DeleteService('iksjifms');
DeleteService('fcdmvkgk');
DeleteService('doxznkfl');
DeleteService('biaaepvx');
DeleteService('armudqva');
DeleteFile('C:\PROGRA~2\mszlzui.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','3202068248');
DeleteFile('C:\Windows\system32\drivers\armudqva.sys','32');
DeleteFile('C:\Windows\system32\drivers\biaaepvx.sys','32');
DeleteFile('C:\Windows\system32\drivers\doxznkfl.sys','32');
DeleteFile('C:\Windows\system32\drivers\fcdmvkgk.sys','32');
DeleteFile('C:\Windows\system32\drivers\ivvuaypn.sys','32');
DeleteFile('C:\Windows\system32\drivers\iksjifms.sys','32');
DeleteFile('C:\Windows\system32\drivers\jnminqqi.sys','32');
DeleteFile('C:\Windows\system32\drivers\jyljcqvs.sys','32');
DeleteFile('C:\Windows\system32\drivers\ksewfwgn.sys','32');
DeleteFile('C:\Windows\system32\drivers\liogqqcg.sys','32');
DeleteFile('C:\Windows\system32\drivers\nhbnfqzf.sys','32');
DeleteFile('C:\Windows\system32\drivers\nryixgil.sys','32');
DeleteFile('C:\Windows\system32\drivers\nvfglnbs.sys','32');
DeleteFile('C:\Windows\system32\drivers\oubxjtvx.sys','32');
DeleteFile('C:\Windows\system32\drivers\piazqowe.sys','32');
DeleteFile('C:\Windows\system32\drivers\pwjcoakn.sys','32');
DeleteFile('C:\Windows\system32\drivers\rimkelhv.sys','32');
DeleteFile('C:\Windows\system32\drivers\rnzifvmj.sys','32');
DeleteFile('C:\Windows\system32\drivers\rxulphbb.sys','32');
DeleteFile('C:\Windows\system32\drivers\sgiqihqh.sys','32');
DeleteFile('C:\Windows\system32\drivers\wkszddnv.sys','32');
DeleteFile('C:\ProgramData\CreativeAudio\lwqpzxels.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','CreativeAudio');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1464710\fd861221.exe','32');
DeleteFile('C:\Users\USER\AppData\Local\Temp\KB16966419.exe','32');
DeleteFile('C:\Users\USER\AppData\Roaming\Identities\pooda\pooda.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','MicrosoftPerfWD');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Adobe System Incorporated');
DeleteFile('C:\Windows\system32\Tasks\Digital Sites','32');
DeleteFile('C:\Windows\Tasks\Digital Sites.job','32');
DeleteFile('C:\Users\USER\appdata\roaming\digita~1\update~1\update~1.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(9);
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
RebootWindows(false);
end.
Компьютер перезагрузится.