Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('D:\Music\[ad] Flash (MP3)\Mixes\2004 [ad] flash - Plazentura\CD04 (11.04.04)\07.D-Tek - Earth-quake.mp3','');
QuarantineFile('D:\Music\[ad] Flash (MP3)\Mixes\2001 [ad] flash - Spirit of Silence\101.Oforia - Raw (Psy Sex remix) (Code Green. Noise Technolo.mp3','');
QuarantineFile('D:\Music\[ad] Flash (MP3)\Mixes\2004 [ad] flash - Plazentura\CD03 (10.04.04)\04.Hux Flux - Num-bers.mp3','');
QuarantineFile('C:\Users\Артур\l2napil.exe','');
QuarantineFile('C:\Users\Артур\gatherNenet.exe','');
QuarantineFile('C:\Users\Артур\atiurdps.exe','');
QuarantineFile('C:\Users\Артур\XAudEap3.exe','');
QuarantineFile('C:\Users\Артур\AppData\Roaming\Stvyvq.scr','');
QuarantineFile('C:\Users\Артур\AppData\Roaming\Rsvyvp.scr','');
QuarantineFile('C:\Users\Артур\AppData\Roaming\Nsvyvl.scr','');
QuarantineFile('C:\Users\Артур\AppData\Roaming\A229.exe','');
QuarantineFile('C:\Users\Артур\AppData\Roaming\18A9.exe','');
QuarantineFile('C:\Users\E8E5~1\AppData\Local\Temp\ctfmon.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14699\brenasa.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12389\newcont9rnd8.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12387\newcont8rnd7.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12367\newcont7rnd6.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12356\newcont6rnd5.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12352\newcont5rnd4.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12341\newcont4rnd3.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12340\newcont1rnd.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12330\newcont3rnd2.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12310\newcont2rnd1.exe','');
TerminateProcessByName('c:\users\Артур\xactenatt.exe');
QuarantineFile('c:\users\Артур\xactenatt.exe','');
TerminateProcessByName('c:\users\Артур\appdata\roaming\2d1e.exe');
QuarantineFile('c:\users\Артур\appdata\roaming\2d1e.exe','');
TerminateProcessByName('c:\users\Артур\appdata\roaming\22cc.exe');
QuarantineFile('c:\users\Артур\appdata\roaming\22cc.exe','');
TerminateProcessByName('c:\users\Артур\appdata\roaming\18a9.exe');
QuarantineFile('c:\users\Артур\appdata\roaming\18a9.exe','');
DeleteFile('c:\users\Артур\appdata\roaming\18a9.exe');
DeleteFile('c:\users\Артур\appdata\roaming\22cc.exe');
DeleteFile('c:\users\Артур\appdata\roaming\2d1e.exe');
DeleteFile('c:\users\Артур\xactenatt.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12310\newcont2rnd1.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12310\newcont2rnd1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12341\newcont4rnd3.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12340\newcont1rnd.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12330\newcont3rnd2.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12352\newcont5rnd4.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12367\newcont7rnd6.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12389\newcont9rnd8.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12356\newcont6rnd5.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12387\newcont8rnd7.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14699\brenasa.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,Explorer.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12330\newcont3rnd2.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','newcontr2nd1');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','newcontr3nd2');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12340\newcont1rnd.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12341\newcont4rnd3.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','newcontr4nd3');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','newcontr1nd');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12352\newcont5rnd4.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12356\newcont6rnd5.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','newcontr6nd5');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','newcontr5nd4');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12367\newcont7rnd6.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12387\newcont8rnd7.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12389\newcont9rnd8.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14699\brenasa.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','zaber0');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','tbrena');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','newcontr9nd8');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','newcontr8nd7');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','newcontr7nd6');
DeleteFile('C:\Users\E8E5~1\AppData\Local\Temp\ctfmon.exe');
DeleteFile('C:\Users\Артур\AppData\Roaming\18A9.exe');
DeleteFile('C:\Users\Артур\AppData\Roaming\A229.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ctfmon.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','MSSMARTMON1');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','MSSMARTMON');
DeleteFile('C:\Users\Артур\AppData\Roaming\Nsvyvl.scr');
DeleteFile('C:\Users\Артур\AppData\Roaming\Rsvyvp.scr');
DeleteFile('C:\Users\Артур\AppData\Roaming\Stvyvq.scr');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Stvyvq');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Rsvyvp');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Nsvyvl');
DeleteFile('C:\Users\Артур\XAudEap3.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','N0Y3MzY2RTQ0MzM1MUU2Nz');
DeleteFile('C:\Users\Артур\atiurdps.exe');
DeleteFile('C:\Users\Артур\gatherNenet.exe');
DeleteFile('C:\Users\Артур\l2napil.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ODI5Q0NCRDUzMTM1QTk2Q0');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','OTFBNTc1Njg1QjgzRjcwNk');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','QUNGMzk1OUJCOTg1QjYxNk');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','MEVEQTY5QTBEMzU1QUJENU');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.