Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
end;
TerminateProcessByName('c:\users\anzor\appdata\roaming\cppredistx86.exe');
TerminateProcessByName('c:\users\anzor\appdata\local\microsoft\windows\toolbar.exe');
TerminateProcessByName('c:\users\anzor\appdata\roaming\ssleas.exe');
QuarantineFile('C:\Users\anzor\appdata\roaming\x11\a\engine.exe','');
QuarantineFile('C:\Users\anzor\AppData\Roaming\sweet-page\UninstallManager.exe','');
QuarantineFile('C:\Users\anzor\AppData\Local\Temp\start.exe','');
QuarantineFile('C:\PROGRA~1\COMMON~1\System\SysMenu.dll','');
QuarantineFile('C:\Program Files (x86)\Microsoft Data\InstallAddons.exe','');
QuarantineFile('C:\Users\anzor\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE','');
QuarantineFile('C:\Users\anzor\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE','');
QuarantineFile('C:\ProgramData\Windows\csrss.exe','');
QuarantineFile('C:\ProgramData\Schedule\timetasks.exe','');
QuarantineFile('C:\Program Files (x86)\Hold Page\updateHoldPage.exe','');
QuarantineFile('C:\Program Files (x86)\Faster Light\updateFasterLight.exe','');
QuarantineFile('C:\Windows\system32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{55318141-dabf-4786-b4b2-f50790587c26}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\ttnfd.sys','');
QuarantineFile('c:\users\anzor\appdata\local\microsoft\windows\toolbar.exe','');
QuarantineFile('c:\users\anzor\appdata\roaming\ssleas.exe','');
QuarantineFile('C:\Users\anzor\AppData\Roaming\cppredistx86.exe','');
QuarantineFile('C:\Users\anzor\AppData\Roaming\Browsers\exe.erolpxei.bat','');
QuarantineFile('C:\Users\anzor\AppData\Roaming\Browsers\exe.emorhc.bat','');
QuarantineFile('C:\Users\anzor\AppData\Local\Microsoft\Windows\toolbar.exe','');
DeleteFile('C:\Users\anzor\AppData\Local\Microsoft\Windows\toolbar.exe','32');
DeleteFile('C:\Users\anzor\AppData\Roaming\Browsers\exe.emorhc.bat','32');
DeleteFile('C:\Users\anzor\AppData\Roaming\Browsers\exe.erolpxei.bat','32');
DeleteFile('C:\Users\anzor\AppData\Roaming\cppredistx86.exe','32');
DeleteFile('c:\users\anzor\appdata\roaming\ssleas.exe','32');
DeleteFile('c:\users\anzor\appdata\local\microsoft\windows\toolbar.exe','32');
DeleteFile('C:\Windows\system32\drivers\ttnfd.sys','32');
DeleteFile('C:\Windows\system32\drivers\{55318141-dabf-4786-b4b2-f50790587c26}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}w64.sys','32');
DeleteFile('C:\Program Files (x86)\Faster Light\updateFasterLight.exe','32');
DeleteFile('C:\Program Files (x86)\Hold Page\updateHoldPage.exe','32');
DeleteFile('C:\Program Files (x86)\YTDownloader\YTDownloader.exe','32');
DeleteFile('C:\ProgramData\Schedule\timetasks.exe','32');
DeleteFile('C:\ProgramData\Windows\csrss.exe','32');
DeleteFile('C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','64');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','64');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','64');
DeleteFile('C:\Users\anzor\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE','32');
DeleteFile('C:\Users\anzor\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE','32');
DeleteFile('C:\Windows\Tasks\Digital Sites.job','64');
DeleteFile('C:\Windows\Tasks\Price Fountain.job','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','64');
DeleteFile('C:\Program Files (x86)\Microsoft Data\InstallAddons.exe','32');
DeleteFile('C:\Windows\system32\Tasks\chrome5','64');
DeleteFile('C:\Windows\system32\Tasks\chrome5_logon','64');
DeleteFile('C:\Windows\system32\Tasks\Digital Sites','64');
DeleteFile('C:\Users\anzor\AppData\Local\Temp\start.exe','32');
DeleteFile('C:\Windows\system32\Tasks\WdfHG','64');
DeleteFile('C:\Windows\system32\Tasks\SystemScript','64');
DeleteFile('C:\Windows\system32\Tasks\YTDownloader','64');
DeleteFile('C:\Users\anzor\AppData\Roaming\sweet-page\UninstallManager.exe','32');
DeleteFile('C:\Windows\system32\Tasks\{C05984F4-4A7A-4E35-BD51-5A82931AA8FF}','64');
DeleteFile('C:\Users\anzor\appdata\roaming\x11\a\engine.exe','32');
DeleteService('Update Hold Page');
DeleteService('Update Faster Light');
DeleteService('ttnfd');
DeleteService('{55318141-dabf-4786-b4b2-f50790587c26}w64');
DeleteService('{df47b99d-26f5-45f4-85c5-97b4da365f21}w64');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Client Server Runtime Subsystem');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','CMD');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YTDownloader','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Schedule');
DeleteFileMask('C:\Users\anzor\appdata\roaming\x11', '*', true);
DeleteDirectory('C:\Users\anzor\appdata\roaming\x11');
DeleteFileMask('C:\Users\anzor\AppData\Roaming\sweet-page', '*', true);
DeleteDirectory('C:\Users\anzor\AppData\Roaming\sweet-page');
DeleteFileMask('C:\Program Files (x86)\Microsoft Data', '*', true);
DeleteDirectory('C:\Program Files (x86)\Microsoft Data');
DeleteFileMask('C:\Users\anzor\AppData\Roaming\DIGITA~2', '*', true);
DeleteDirectory('C:\Users\anzor\AppData\Roaming\DIGITA~2');
DeleteFileMask('C:\Users\anzor\AppData\Roaming\PRICEF~1', '*', true);
DeleteDirectory('C:\Users\anzor\AppData\Roaming\PRICEF~1');
DeleteFileMask('C:\ProgramData\Schedule', '*', true);
DeleteDirectory('C:\ProgramData\Schedule');
DeleteFileMask('C:\Program Files (x86)\Hold Page', '*', true);
DeleteDirectory('C:\Program Files (x86)\Hold Page');
DeleteFileMask('C:\Program Files (x86)\Faster Light', '*', true);
DeleteDirectory('C:\Program Files (x86)\Faster Light');
DeleteFileMask('C:\Users\anzor\AppData\Roaming\Browsers', '*', true);
DeleteDirectory('C:\Users\anzor\AppData\Roaming\Browsers');
DeleteFileMask('C:\Program Files (x86)\YTDownloader', '*', true);
DeleteDirectory('C:\Program Files (x86)\YTDownloader');
DeleteFileMask('C:\Program Files (x86)\AnyProtectEx', '*', true);
DeleteDirectory('C:\Program Files (x86)\AnyProtectEx');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.