Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Денчик\appdata\roaming\upupdata\service.exe','');
QuarantineFile('C:\PROGRA~1\SHOPPE~1\Sortep.bat','');
QuarantineFile('C:\PROGRA~1\GROOVE~1\Exurlomo.bat','');
QuarantineFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe','');
QuarantineFile('C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll','');
QuarantineFile('C:\ProgramData\msiql.exe','');
QuarantineFile('C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe','');
QuarantineFile('c:\programdata\homepage.exe','');
QuarantineFile('c:\programdata\lightgate.exe','');
QuarantineFile('C:\Users\Денчик\AppData\Roaming\UPUpdata\cessrs.exe','');
QuarantineFile('D:\Documents\systemfile.exe','');
DeleteService('cherimoya');
QuarantineFile('C:\Windows\system32\drivers\cherimoya.sys','');
DeleteService('Lyltuk');
QuarantineFile('C:\Users\Денчик\AppData\Roaming\DijjuIvucn\Udhmoho.exe','');
QuarantineFile('C:\Program Files\ktip\ktip.exe','');
SetServiceStart('wucotusy', 4);
DeleteService('wucotusy');
SetServiceStart('Sovefi', 4);
DeleteService('Sovefi');
SetServiceStart('Khxiekmod', 4);
DeleteService('Khxiekmod');
SetServiceStart('ihpmServer', 4);
DeleteService('ihpmServer');
SetServiceStart('GoogleChromeUpSvc', 4);
DeleteService('GoogleChromeUpSvc');
SetServiceStart('GoogleChromeUpService', 4);
DeleteService('GoogleChromeUpService');
SetServiceStart('gerocyni', 4);
DeleteService('gerocyni');
SetServiceStart('Esedj', 4);
DeleteService('Esedj');
SetServiceStart('dupykupezbt', 4);
DeleteService('dupykupezbt');
QuarantineFile('C:\Users\Денчик\AppData\Roaming\Temitiog\Zoabhel.dll','');
QuarantineFile('C:\Users\Денчик\AppData\Roaming\KoefdHegeuji\Vonsapam.din','');
QuarantineFile('C:\Users\Денчик\AppData\Roaming\Gahbhoey\Saesifus.dll','');
QuarantineFile(':\{9019ACD6-BC11-4308-8C49-92E0601DF38D}\temp\2616\bxsdk32.dll','');
TerminateProcessByName('c:\programdata\windows update\svrupg.exe');
TerminateProcessByName('c:\users\Денчик\appdata\roaming\temitiog\temitiog.exe');
TerminateProcessByName('c:\users\Денчик\appdata\roaming\temitiog\zoabhel.exe');
QuarantineFile('c:\users\Денчик\appdata\roaming\temitiog\zoabhel.exe','');
QuarantineFile('c:\users\Денчик\appdata\roaming\temitiog\temitiog.exe','');
QuarantineFile('c:\programdata\windows update\svrupg.exe','');
TerminateProcessByName('c:\program files (x86)\cleanbrowser\app\bin\nw.exe');
TerminateProcessByName('C:\Users\Денчик\AppData\Roaming\Temitiog\Paepawixz.exe');
TerminateProcessByName('c:\users\Денчик\appdata\roaming\koefdhegeuji\rihesog.exe');
TerminateProcessByName('c:\users\Денчик\appdata\roaming\gahbhoey\saesifus.exe');
TerminateProcessByName('c:\programdata\service.exe');
QuarantineFile('c:\programdata\service.exe','');
QuarantineFile('c:\users\Денчик\appdata\roaming\gahbhoey\saesifus.exe','');
QuarantineFile('c:\users\Денчик\appdata\roaming\koefdhegeuji\rihesog.exe','');
QuarantineFile('C:\Users\Денчик\AppData\Roaming\Temitiog\Paepawixz.exe','');
QuarantineFile('c:\program files (x86)\cleanbrowser\app\bin\nw.exe','');
TerminateProcessByName('c:\program files (x86)\raydld\ihpmserver.exe');
TerminateProcessByName('c:\program files (x86)\4c4c4544-1458295271-5010-8038-b6c04f525331\jnsu9858.tmp');
TerminateProcessByName('c:\program files (x86)\4c4c4544-1458295271-5010-8038-b6c04f525331\knsk809e.tmpfs');
TerminateProcessByName('c:\programdata\msiql.exe');
QuarantineFile('c:\programdata\msiql.exe','');
QuarantineFile('c:\program files (x86)\4c4c4544-1458295271-5010-8038-b6c04f525331\knsk809e.tmpfs','');
QuarantineFile('c:\program files (x86)\4c4c4544-1458295271-5010-8038-b6c04f525331\jnsu9858.tmp','');
QuarantineFile('c:\program files (x86)\raydld\ihpmserver.exe','');
TerminateProcessByName('c:\program files (x86)\4c4c4544-1458295271-5010-8038-b6c04f525331\hnspaec7.tmp');
QuarantineFile('c:\program files (x86)\4c4c4544-1458295271-5010-8038-b6c04f525331\hnspaec7.tmp','');
QuarantineFile('C:\Users\Денчик\AppData\Roaming\Gahbhoey\Guqmisvyga.exe','');
QuarantineFile('c:\users\Денчик\appdata\roaming\gahbhoey\gahbhoey.exe','');
QuarantineFile('c:\programdata\cloudprinter\cloudprinter.exe','');
DeleteFile('C:\Users\Денчик\AppData\Roaming\Gahbhoey\Guqmisvyga.exe','32');
DeleteFile('c:\program files (x86)\4c4c4544-1458295271-5010-8038-b6c04f525331\hnspaec7.tmp','32');
DeleteFile('c:\program files (x86)\raydld\ihpmserver.exe','32');
DeleteFile('c:\program files (x86)\4c4c4544-1458295271-5010-8038-b6c04f525331\jnsu9858.tmp','32');
DeleteFile('c:\program files (x86)\4c4c4544-1458295271-5010-8038-b6c04f525331\knsk809e.tmpfs','32');
DeleteFile('c:\programdata\msiql.exe','32');
DeleteFile('c:\program files (x86)\cleanbrowser\app\bin\nw.exe','32');
DeleteFile('C:\Users\Денчик\AppData\Roaming\Temitiog\Paepawixz.exe','32');
DeleteFile('c:\users\Денчик\appdata\roaming\koefdhegeuji\rihesog.exe','32');
DeleteFile('c:\users\Денчик\appdata\roaming\gahbhoey\saesifus.exe','32');
DeleteFile('c:\programdata\service.exe','32');
DeleteFile('c:\programdata\windows update\svrupg.exe','32');
DeleteFile('c:\users\Денчик\appdata\roaming\temitiog\temitiog.exe','32');
DeleteFile('c:\users\Денчик\appdata\roaming\temitiog\zoabhel.exe','32');
DeleteFile('C:\Program Files (x86)\CleanBrowser\app\bin\libegl.dll','32');
DeleteFile('C:\Program Files (x86)\CleanBrowser\app\bin\libglesv2.dll','32');
DeleteFile('C:\Users\Денчик\AppData\Roaming\Gahbhoey\Saesifus.dll','32');
DeleteFile('C:\Users\Денчик\AppData\Roaming\KoefdHegeuji\Vonsapam.din','32');
DeleteFile('C:\Users\Денчик\AppData\Roaming\Temitiog\Zoabhel.dll','32');
DeleteFile('C:\Users\Денчик\AppData\Roaming\DijjuIvucn\Udhmoho.exe','32');
DeleteFile('C:\Windows\system32\drivers\cherimoya.sys','32');
DeleteFile('D:\Documents\systemfile.exe','32');
DeleteFile('C:\Users\Денчик\AppData\Roaming\UPUpdata\cessrs.exe','32');
DeleteFile('c:\programdata\lightgate.exe','32');
DeleteFile('c:\programdata\homepage.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','HomePageHelper');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','LightGate');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','cessrs.exe -start');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SystemClose');
DeleteFile('C:\ProgramData\msiql.exe','32');
DeleteFile('C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','taskhost');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','msiql');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','IDSCPRODUCT');
DeleteFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SpaceSoundPro');
DeleteFile('C:\PROGRA~1\GROOVE~1\Exurlomo.bat','32');
DeleteFile('C:\Windows\system32\Tasks\Kubetomr','64');
DeleteFile('C:\PROGRA~1\SHOPPE~1\Sortep.bat','32');
DeleteFile('C:\Windows\system32\Tasks\Ogudt','64');
DeleteFile('C:\Users\Денчик\appdata\roaming\upupdata\service.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.