Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files (x86)\Аудио и видео скачивание\IE\x86\Downloader.dll','');
QuarantineFile('C:\Users\Admin\appdata\roaming\x11\engine.exe','');
QuarantineFile('C:\Users\Admin\appdata\roaming\etranslator\etranslator.exe','');
DelBHO('{7CE987D5-11B3-44FC-9C3D-03069360D462}');
DelBHO('{cfda5cac-9fdf-4b62-a646-863ee01a031f}');
DelBHO('{80056886-ac51-49d4-b659-e87017e5e1b2}');
DelBHO('{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6}');
QuarantineFile('C:\Program Files (x86)\ccOpuNko\nuRBOHcduH5YrA.dll','');
QuarantineFile('C:\Program Files (x86)\adsuy\0lyGtiZi7qFQ0W.dll','');
QuarantineFile('C:\Users\Admin\AppData\Roaming\GetNowUpdater\update.0\bin\GetNowUpdater.exe','');
DeleteService('PirritDesktop');
QuarantineFile('C:\Users\Admin\AppData\Local\PirritSuggestor\PirritService.exe','');
QuarantineFile('C:\Users\Admin\AppData\Local\ced660ad8659b41c9a2ecef2fdd87e61\FormatKernelProgram.exe','');
DeleteService('FormatKernelProgram.exe');
DeleteService('9d409da061bee9f.exe');
QuarantineFile('C:\Users\Admin\AppData\Local\6141a8c2bf46d55ce89489d967b73a2f\9d409da061bee9f.exe','');
QuarantineFile('C:\Users\Admin\AppData\Local\fb9ec59501b866b56573d61b41fc2b36\32e5b4cac2c4d13.exe','');
DeleteService('32e5b4cac2c4d13.exe');
SetServiceStart('Update Service for advPlugin', 4);
DeleteService('Update Service for advPlugin');
QuarantineFile('C:\Program Files (x86)\VK Downloader\Interfaces32.dll','');
QuarantineFile('C:\Program Files (x86)\VK Downloader\Toolbar32.dll','');
TerminateProcessByName('c:\users\admin\appdata\roaming\ssleas.exe');
QuarantineFile('c:\users\admin\appdata\roaming\ssleas.exe','');
TerminateProcessByName('c:\program files (x86)\vk downloader\basement\extensionupdaterservice.exe');
QuarantineFile('c:\program files (x86)\vk downloader\basement\extensionupdaterservice.exe','');
TerminateProcessByName('c:\program files (x86)\advplugin\basement\extensionupdaterservice.exe');
QuarantineFile('c:\program files (x86)\advplugin\basement\extensionupdaterservice.exe','');
TerminateProcessByName('c:\programdata\windows\csrss.exe');
QuarantineFile('c:\programdata\windows\csrss.exe','');
TerminateProcessByName('c:\users\admin\appdata\roaming\cppredistx86.exe');
QuarantineFile('c:\users\admin\appdata\roaming\cppredistx86.exe','');
TerminateProcessByName('c:\program files (x86)\vk downloader\backgroundsingleton.exe');
QuarantineFile('c:\program files (x86)\vk downloader\backgroundsingleton.exe','');
DeleteFile('c:\program files (x86)\vk downloader\backgroundsingleton.exe','32');
DeleteFile('c:\users\admin\appdata\roaming\cppredistx86.exe','32');
DeleteFile('c:\programdata\windows\csrss.exe','32');
DeleteFile('c:\program files (x86)\advplugin\basement\extensionupdaterservice.exe','32');
DeleteFile('c:\program files (x86)\vk downloader\basement\extensionupdaterservice.exe','32');
DeleteFile('c:\users\admin\appdata\roaming\ssleas.exe','32');
DeleteFile('C:\Program Files (x86)\VK Downloader\Toolbar32.dll','32');
DeleteFile('C:\Program Files (x86)\VK Downloader\Interfaces32.dll','32');
DeleteFile('C:\Users\Admin\AppData\Local\fb9ec59501b866b56573d61b41fc2b36\32e5b4cac2c4d13.exe','32');
DeleteFile('C:\Users\Admin\AppData\Local\6141a8c2bf46d55ce89489d967b73a2f\9d409da061bee9f.exe','32');
DeleteFile('C:\Users\Admin\AppData\Local\ced660ad8659b41c9a2ecef2fdd87e61\FormatKernelProgram.exe','32');
DeleteFile('C:\Users\Admin\AppData\Local\PirritSuggestor\PirritService.exe','32');
DeleteFile('C:\Program Files (x86)\Mobogenie\DaemonProcess.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon','command');
DeleteFile('C:\Program Files (x86)\eDealsPop\eDealsPop.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eDealsPop','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Client Server Runtime Subsystem');
DeleteFile('C:\Users\Admin\AppData\Roaming\GetNowUpdater\update.0\bin\GetNowUpdater.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GetNowUpdater','command');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Visual C++ 2010');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CMD','command');
DeleteFile('C:\Program Files (x86)\adsuy\0lyGtiZi7qFQ0W.dll','32');
DeleteFile('C:\Program Files (x86)\ccOpuNko\nuRBOHcduH5YrA.dll','32');
DeleteFile('C:\Users\Admin\appdata\roaming\etranslator\etranslator.exe','32');
DeleteFile('C:\Users\Admin\appdata\roaming\x11\engine.exe','32');
DeleteFile('C:\Program Files (x86)\Аудио и видео скачивание\IE\x86\Downloader.dll','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.