Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Администратор\appdata\roaming\aspackage\aspackage.exe','');
QuarantineFile('C:\Program Files\Advanced PC Care\advancedpccare.exe','');
QuarantineFile('C:\Users\Администратор\AppData\Roaming\WindowsUpdater\Updater.exe','');
QuarantineFile('C:\Users\Администратор\Documents\Application Data\explorer.exe','');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','');
QuarantineFile('C:\ext\Instplug.exe','');
QuarantineFile('C:\Users\Администратор\AppData\Local\SmartWeb\SmartWebHelper.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010162\gmsd_ru_005010162.exe','');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_254\gmsd_ru_254.exe','');
QuarantineFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','');
QuarantineFile('C:\Users\Администратор\AppData\Roaming\ASPackage\ASPackage.exe','');
SetServiceStart('swsedrvr_vt_1_10_0_25', 4);
SetServiceStart('innfd_1_10_0_14', 4);
DeleteService('innfd_1_10_0_14');
DeleteService('swsedrvr_vt_1_10_0_25');
DeleteService('QMUdisk');
DeleteService('mihejupe');
DeleteService('pupivyhi');
DeleteService('ryrojiry');
DeleteService('SSFK');
DeleteService('swsesrvc_1.10.0.25');
DeleteService('WdsManPro');
DeleteService('xenyduje');
QuarantineFile('C:\Users\Администратор\AppData\Local\03000200-1448920283-0500-0006-000700080009\snsg1E5A.tmp','');
QuarantineFile('C:\ProgramData\cWMiniProc\WMiniPro.exe','');
QuarantineFile('C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe','');
QuarantineFile('C:\Program Files (x86)\SFK\SSFK.exe','');
QuarantineFile('C:\Program Files (x86)\03000200-1448902206-0500-0006-000700080009\hnss7047.tmp','');
QuarantineFile('C:\Program Files (x86)\03000200-1448902206-0500-0006-000700080009\jnst5952.tmp','');
QuarantineFile('C:\Program Files (x86)\03000200-1448902206-0500-0006-000700080009\knslFDEA.tmp','');
QuarantineFile('C:\Users\Администратор\AppData\Local\03000200-1448999100-0500-0006-000700080009\qnsl233D.tmp','');
DeleteService('demynohe');
DeleteService('fobyvuqo');
QuarantineFile('C:\Program Files (x86)\03000200-1449074924-0500-0006-000700080009\knsvE8AA.tmpfs','');
QuarantineFile('C:\Program Files (x86)\03000200-1449074924-0500-0006-000700080009\jnsb3BA.tmp','');
QuarantineFile('C:\ProgramData\Appverifier\AppVerifierService.exe','');
QuarantineFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys','');
QuarantineFile('C:\Windows\system32\drivers\innfd_1_10_0_14.sys','');
DeleteFile('C:\Windows\system32\drivers\innfd_1_10_0_14.sys','32');
DeleteFile('C:\Windows\system32\drivers\swsedrvr_vt_1_10_0_25.sys','32');
DeleteFile('C:\Program Files (x86)\03000200-1449074924-0500-0006-000700080009\jnsb3BA.tmp','32');
DeleteFile('C:\Program Files (x86)\03000200-1449074924-0500-0006-000700080009\knsvE8AA.tmpfs','32');
DeleteFile('C:\Users\Администратор\AppData\Local\03000200-1448999100-0500-0006-000700080009\qnsl233D.tmp','32');
DeleteFile('C:\Program Files (x86)\03000200-1448902206-0500-0006-000700080009\knslFDEA.tmp','32');
DeleteFile('C:\Program Files (x86)\03000200-1448902206-0500-0006-000700080009\jnst5952.tmp','32');
DeleteFile('C:\Program Files (x86)\03000200-1448902206-0500-0006-000700080009\hnss7047.tmp','32');
DeleteFile('C:\Program Files (x86)\SFK\SSFK.exe','32');
DeleteFile('C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe','32');
DeleteFile('C:\ProgramData\cWMiniProc\WMiniPro.exe','32');
DeleteFile('C:\Users\Администратор\AppData\Local\03000200-1448920283-0500-0006-000700080009\snsg1E5A.tmp','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.5.15816.217\QMUdisk64.sys','32');
DeleteFile('C:\Users\Администратор\AppData\Roaming\ASPackage\ASPackage.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','Update');
DeleteFile('C:\Program Files\Advanced PC Care\advancedpccare.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced PC Care_logon','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\amigo','command');
DeleteFile('C:\Users\Администратор\AppData\Local\Amigo\Application\amigo.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010162','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_254','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_2E97E79495C2EE918393804007FA94E4','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\insplg','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mailruhomesearch','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon','command');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_254\gmsd_ru_254.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010162\gmsd_ru_005010162.exe','32');
DeleteFile('C:\Users\Администратор\AppData\Local\SmartWeb\SmartWebHelper.exe','32');
DeleteFile('C:\ext\Instplug.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\stuffs','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartWeb','command');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','32');
DeleteFile('C:\Users\Администратор\Documents\Application Data\explorer.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\~backup~','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZaxarLoader','command');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task','64');
DeleteFile('C:\Windows\system32\Tasks\WindowsUpdater','64');
DeleteFile('C:\Users\Администратор\AppData\Roaming\WindowsUpdater\Updater.exe','32');
DeleteFile('C:\Windows\system32\Tasks\Advanced PC Care_Logon','64');
DeleteFile('C:\Users\Администратор\appdata\roaming\aspackage\aspackage.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.