Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\1\appdata\roaming\newsi_2\s_inst.exe','');
QuarantineFile('C:\Users\1\appdata\roaming\newsi_23\s_inst.exe','');
QuarantineFile('C:\Users\1\AppData\Local\Microsoft\Windows\toolbar.exe','');
QuarantineFile('C:\Users\1\AppData\Roaming\newSI_23\s_inst.exe','');
QuarantineFile('C:\Users\1\AppData\Roaming\cdcsuesc\gacgihig.exe','');
QuarantineFile('C:\Users\1\AppData\Roaming\Browsers\exe.resworb.bat','');
QuarantineFile('C:\Users\1\AppData\Roaming\Browsers\exe.erolpxei.bat','');
QuarantineFile('C:\Users\1\AppData\Roaming\Browsers\exe.emorhc.bat','');
QuarantineFile('C:\WINDOWS\system32\drivers\qrnfd_1_10_0_9.sys','');
DeleteService('qrnfd_1_10_0_9');
SetServiceStart('pfnfd_1_10_0_9', 4);
DeleteService('pfnfd_1_10_0_9');
SetServiceStart('xoperoze', 4);
DeleteService('xoperoze');
SetServiceStart('Unchecky', 4);
DeleteService('Unchecky');
QuarantineFile('C:\Users\1\AppData\Roaming\A034CA20-1424168999-81E3-243D-54BEF75762C5\nsnA71A.tmpfs','');
SetServiceStart('sojukity', 4);
DeleteService('sojukity');
SetServiceStart('MaintainerSvc3.22.1827446', 4);
DeleteService('MaintainerSvc3.22.1827446');
SetServiceStart('boxohezi', 4);
DeleteService('boxohezi');
QuarantineFile('C:\WINDOWS\system32\drivers\pfnfd_1_10_0_9.sys','');
TerminateProcessByName('C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe');
TerminateProcessByName('c:\program files (x86)\unchecky\bin\unchecky_bg.exe');
TerminateProcessByName('c:\users\1\appdata\roaming\a034ca20-1424168999-81e3-243d-54bef75762c5\nsna71a.tmpfs');
QuarantineFile('c:\users\1\appdata\roaming\a034ca20-1424168999-81e3-243d-54bef75762c5\nsna71a.tmpfs','');
TerminateProcessByName('c:\users\1\appdata\roaming\a034ca20-1434008713-81e3-243d-54bef75762c5\nsd584e.tmpfs');
QuarantineFile('c:\users\1\appdata\roaming\a034ca20-1434008713-81e3-243d-54bef75762c5\nsd584e.tmpfs','');
TerminateProcessByName('c:\programdata\06154ba7-7ceb-4959-a6bd-bf38bdec8cc6\maintainer.exe');
QuarantineFile('c:\programdata\06154ba7-7ceb-4959-a6bd-bf38bdec8cc6\maintainer.exe','');
TerminateProcessByName('c:\users\1\appdata\roaming\a034ca20-1434008713-81e3-243d-54bef75762c5\jnsz6678.tmp');
QuarantineFile('c:\users\1\appdata\roaming\a034ca20-1434008713-81e3-243d-54bef75762c5\jnsz6678.tmp','');
TerminateProcessByName('c:\users\1\appdata\roaming\a034ca20-1434008713-81e3-243d-54bef75762c5\hnsbea02.tmp');
QuarantineFile('c:\users\1\appdata\roaming\a034ca20-1434008713-81e3-243d-54bef75762c5\hnsbea02.tmp','');
TerminateProcessByName('c:\programdata\windows\csrss.exe');
QuarantineFile('c:\programdata\windows\csrss.exe','');
DeleteFile('c:\programdata\windows\csrss.exe','32');
DeleteFile('c:\users\1\appdata\roaming\a034ca20-1434008713-81e3-243d-54bef75762c5\hnsbea02.tmp','32');
DeleteFile('c:\users\1\appdata\roaming\a034ca20-1434008713-81e3-243d-54bef75762c5\jnsz6678.tmp','32');
DeleteFile('c:\programdata\06154ba7-7ceb-4959-a6bd-bf38bdec8cc6\maintainer.exe','32');
DeleteFile('c:\users\1\appdata\roaming\a034ca20-1434008713-81e3-243d-54bef75762c5\nsd584e.tmpfs','32');
DeleteFile('c:\users\1\appdata\roaming\a034ca20-1424168999-81e3-243d-54bef75762c5\nsna71a.tmpfs','32');
DeleteFile('c:\program files (x86)\unchecky\bin\unchecky_bg.exe','32');
DeleteFile('C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe','32');
DeleteFile('C:\WINDOWS\system32\drivers\pfnfd_1_10_0_9.sys','32');
DeleteFile('C:\Users\1\AppData\Roaming\A034CA20-1424168999-81E3-243D-54BEF75762C5\nsnA71A.tmpfs','32');
DeleteFile('C:\WINDOWS\system32\drivers\qrnfd_1_10_0_9.sys','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Client Server Runtime Subsystem');
DeleteFile('C:\Users\1\AppData\Roaming\Browsers\exe.emorhc.bat','32');
DeleteFile('C:\Users\1\AppData\Roaming\Browsers\exe.erolpxei.bat','32');
DeleteFile('C:\Users\1\AppData\Roaming\Browsers\exe.resworb.bat','32');
DeleteFile('C:\Users\1\AppData\Roaming\cdcsuesc\gacgihig.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Valve');
DeleteFile('C:\Users\1\AppData\Roaming\newSI_23\s_inst.exe','32');
DeleteFile('C:\WINDOWS\Tasks\newSI_23.job','64');
DeleteFile('C:\WINDOWS\system32\Tasks\newSI_23','64');
DeleteFile('C:\Users\1\AppData\Local\Microsoft\Windows\toolbar.exe','32');
DeleteFile('C:\WINDOWS\system32\Tasks\SystemScript','64');
DeleteFile('C:\Users\1\appdata\roaming\newsi_23\s_inst.exe','32');
DeleteFile('C:\Users\1\appdata\roaming\newsi_2\s_inst.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.