Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
TerminateProcessByName('c:\program files\gamesrs\gupdater.exe');
SetServiceStart('nethfdrv', 4);
SetServiceStart('ServiceUpdater', 4);
SetServiceStart('NetHttpService', 4);
SetServiceStart('{29b136c9-938d-4d3d-8df8-d649d9b74d02}t', 4);
SetServiceStart('{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gt', 4);
SetServiceStart('qknfd', 4);
SetServiceStart('MgAssistService', 4);
SetServiceStart('GamesRS', 4);
SetServiceStart('ClickAndMark', 4);
QuarantineFile('C:\WINDOWS\system32\drivers\qknfd.sys','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\ContextualFileNative\RegFltrX86.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}t.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gt.sys','');
QuarantineFile('C:\WINDOWS\system32\hfpapi.dll','');
QuarantineFile('C:\WINDOWS\system32\hfnapi.dll','');
QuarantineFile('c:\program files\gamesrs\gupdater.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\41\a18467.exe','');
QuarantineFile('C:\Program Files\Carambis\Driver Updater\dupdater.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\PirritSuggestor\PirritService.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\MBRMemoryRecycle\MBRMemoryRecycle.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\ContextualFileNative\ContextualFileNative.exe','');
QuarantineFile('c:\windows\syswow64\netupdsrv.exe','');
QuarantineFile('c:\windows\syswow64\nethtsrv.exe','');
QuarantineFile('C:\windows\SysWOW64\hfpapi.dll','');
QuarantineFile('C:\windows\SysWOW64\hfnapi.dll','');
QuarantineFile('c:\windows\system32\drivers\nethfdrv.sys','');
DeleteFile('C:\Documents and Settings\Admin\Application Data\41\a18467.exe','32');
DeleteFile('C:\WINDOWS\Tasks\AmiUpdXp.job','32');
DeleteFile('C:\WINDOWS\Tasks\At1.job','32');
DeleteFile('C:\WINDOWS\Tasks\At2.job','32');
DeleteFile('C:\WINDOWS\Tasks\ClickAndMark Update.job','32');
DeleteFile('C:\WINDOWS\Tasks\ClickAndMark_wd.job','32');
DeleteFile('C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job','32');
DeleteFile('C:\WINDOWS\Tasks\pricemetertask.job','32');
DeleteFile('C:\WINDOWS\Tasks\pricemeterwatcher.job','32');
DeleteFile('c:\program files\gamesrs\gupdater.exe','32');
DeleteFile('C:\WINDOWS\system32\hfnapi.dll','32');
DeleteFile('C:\WINDOWS\system32\hfpapi.dll','32');
DeleteFile('C:\WINDOWS\system32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gt.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}t.sys','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\ContextualFileNative\RegFltrX86.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\qknfd.sys','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\ContextualFileNative\ContextualFileNative.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\MBRMemoryRecycle\MBRMemoryRecycle.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\PirritSuggestor\PirritService.exe','32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Yandex\YandexBrowser\Application\browser.url','32');
DeleteService('{29b136c9-938d-4d3d-8df8-d649d9b74d02}t');
DeleteService('{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gt');
DeleteService('MgAssistService');
DeleteService('GamesRS');
DeleteService('ClickAndMark');
DeleteService('NetHttpService');
DeleteService('ServiceUpdater');
DeleteService('nethfdrv');
DeleteService('qknfd');
DeleteService('PirritDesktop');
DeleteService('MBRMemoryRecycle.exe');
DeleteService('ContextualFileNative.exe');
DelBHO('{323C6E6D-1621-470F-8A52-4FDEC4E75E40}');
DelBHO('{8c1023bf-a56f-46ac-905e-189ef96190a1}');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce','Del1833656');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce','Del1833656');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','LinkDel');
RegKeyParamDel('HKEY_USERS','S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run','LinkDel');
RegKeyParamDel('HKEY_USERS','S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run','LinkDel');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','LinkDel');
DeleteFileMask('C:\Documents and Settings\Admin\Local Settings\Application Data\ContextualFileNative', '*', true);
DeleteDirectory('C:\Documents and Settings\Admin\Local Settings\Application Data\ContextualFileNative');
DeleteFileMask('C:\Documents and Settings\Admin\Local Settings\Application Data\MBRMemoryRecycle', '*', true);
DeleteDirectory('C:\Documents and Settings\Admin\Local Settings\Application Data\MBRMemoryRecycle');
DeleteFileMask('C:\Documents and Settings\Admin\Local Settings\Application Data\PirritSuggestor', '*', true);
DeleteDirectory('C:\Documents and Settings\Admin\Local Settings\Application Data\PirritSuggestor');
DeleteFileMask('C:\Documents and Settings\Admin\Application Data\41', '*', true);
DeleteDirectory('C:\Documents and Settings\Admin\Application Data\41');
DeleteFileMask('c:\program files\gamesrs', '*', true);
DeleteDirectory('c:\program files\gamesrs');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.