Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\WINDOWS\system32\svсhost.exe','');
QuarantineFile('C:\WINDOWS\system32\regedit.exe','');
QuarantineFile('c:\documents and settings\user\wuaucldt.exe','');
QuarantineFile('C:\ma_e\ti_si_smece\norah.exe','');
QuarantineFile('C:\Temp\Adobe\Reader_sl.exe','');
QuarantineFile('C:\Temp\KB214646687.exe','');
QuarantineFile('C:\WINDOWS\SysWOW64\svсhost.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-8441\1p1117r8.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-84167181\137rtr8.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-8416181\13rtr8.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-92181681\1344dq8.exe','');
QuarantineFile('C:\Temp\227F885B-FED7ADD5-9B276977-2CF37962\5O7yqvTAVba.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-166110941\z6106911.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18115371\1dr608.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186600441\1d167r8.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186771\177d167r8.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-84112131\13gaa17r8.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-135723581\z177ss61.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1352841\z6222s61.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1351881\z6yys61.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13152841\z62122s61.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13518811\z621yys61.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13141841\z621311.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-131521841\z623441.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-131141841\z6421311.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-131110941\z610911.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-11818371\1d45081.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-118183711\15y081.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-118115371\1dbr608.exe','');
QuarantineFile('C:\Program Files\Common Files\CreativeAudio\ofvjkphyr.exe','');
QuarantineFile('C:\Program Files\Common Files\CreativeAudio\nrmhzdjtb.exe','');
QuarantineFile('C:\Documents and Settings\user\Application Data\VOLGOGRAD\unvise32.exe','');
QuarantineFile('C:\Documents and Settings\user\Application Data\Identities\Joxwxf.exe','');
QuarantineFile('C:\DOCUME~1\ALLUSE~1\mslpt.exe','');
TerminateProcessByName('c:\temp\et7xu.exe');
QuarantineFile('c:\temp\et7xu.exe','');
QuarantineFile('c:\windows\system32\startservice.exe','');
TerminateProcessByName('c:\documents and settings\user\application data\volgograd\explorer.exe');
QuarantineFile('c:\documents and settings\user\application data\volgograd\explorer.exe','');
DeleteFile('c:\documents and settings\user\application data\volgograd\explorer.exe','32');
DeleteFile('c:\temp\et7xu.exe','32');
DeleteFile('C:\DOCUME~1\ALLUSE~1\mslpt.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','11257504');
DeleteFile('C:\Documents and Settings\user\Application Data\Identities\Joxwxf.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Joxwxf');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','explorer.exe');
DeleteFile('C:\Documents and Settings\user\Application Data\VOLGOGRAD\unvise32.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\unvise32.exe','command');
DeleteFile('C:\Program Files\Common Files\CreativeAudio\nrmhzdjtb.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','CreativeAudio');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','CreativeAudio');
DeleteFile('C:\Program Files\Common Files\CreativeAudio\ofvjkphyr.exe','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-118115371\1dbr608.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\2drb8v0','command');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-118183711\15y081.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','2d47u1v0');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','2d45g11v0');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-11818371\1d45081.exe','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-131110941\z610911.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\e611093a','command');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-131141841\z6421311.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\e61453a','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\e614144a','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\e6722344a','command');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-131521841\z623441.exe','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13141841\z621311.exe','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13518811\z621yys61.exe','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13152841\z62122s61.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\e6721ta','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\e67u21uta','command');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1351881\z6yys61.exe','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1352841\z6222s61.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\e672ta','command');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-135723581\z177ss61.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\e771s3a','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\e6116093a','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\2dr8v0','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\2pd16600','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\27700','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\23gaa1q8','command');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-84112131\13gaa17r8.exe','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186771\177d167r8.exe','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186600441\1d167r8.exe','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18115371\1dr608.exe','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-166110941\z6106911.exe','32');
DeleteFile('C:\Temp\227F885B-FED7ADD5-9B276977-2CF37962\5O7yqvTAVba.exe','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-92181681\1344dq8.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\23456g7dq8','command');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','23456g7dq8');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\6p41588','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\23dqrrt','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\2p2qrrt','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\23gerrt','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\2p2qr1r1t','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\23r7tr2q8','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\23rtr2q8','command');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-8416181\13rtr8.exe','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-84167181\137rtr8.exe','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-8441\1p1117r8.exe','32');
DeleteFile('C:\Temp\KB214646687.exe','32');
DeleteFile('C:\Temp\Adobe\Reader_sl.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Adobe System Incorporated');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe System Incorporated','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MicrosoftSfCnt','command');
DeleteFile('C:\ma_e\ti_si_smece\norah.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YoungBlood','command');
DeleteFile('c:\documents and settings\user\wuaucldt.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\wuaucldt','command');
DeleteFile('C:\WINDOWS\system32\regedit.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Regedit32','command');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(9);
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
RebootWindows(false);
end.
Компьютер перезагрузится.