Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\admin\AppData\Roaming\Dorrible\Ribble\d.exe','');
DelBHO('{0d0a563f-d67f-47fd-bde5-19e70f362b39}');
DelBHO('{2deb0642-8932-49f8-951c-6b4c1f8dc7df}');
DelBHO('{87ed4851-ac65-4b74-a400-180a3dbd5fa9}');
DelBHO('{9791a02b-8005-4349-86d0-bcf813a071a8}');
DelBHO('{A06E9184-65B3-490A-AF63-E1EC0C4A3307}');
DelBHO('{fe03db4d-e986-4391-a5fc-5c020dc7c1f4}');
QuarantineFile('C:\ProgramData\SmartCompare\BvigxQ9BooZfSV.dll','');
QuarantineFile('C:\Program Files\BonusBerry\Toolbar32.dll','');
QuarantineFile('C:\ProgramData\topabuyEr\5juA9h69hZVVbA.dll','');
QuarantineFile('C:\ProgramData\TicTaCoupon\fQ38w5mljWlrq2.dll','');
QuarantineFile('C:\ProgramData\saferweeb\Wxk3ZOTPqMh2yv.dll','');
QuarantineFile('C:\ProgramData\saferweb\S5TqisThXo5FE6.dll','');
QuarantineFile('C:\Windows\AutosetFrequency.exe','');
QuarantineFile('C:\Users\admin\AppData\Local\WinnerDM\wdm.exe','');
QuarantineFile('C:\Windows\system32\drivers\ttnfd.sys','');
DeleteService('ttnfd');
SetServiceStart('musichelp', 4);
DeleteService('musichelp');
SetServiceStart('ttsvc', 4);
DeleteService('ttsvc');
SetServiceStart('servervo', 4);
DeleteService('servervo');
QuarantineFile('C:\Windows\musichelp.sys','');
QuarantineFile('c:\Program Files\GetDeals\SuperDeals.dll','');
TerminateProcessByName('c:\users\admin\appdata\local\winnerdm\wdm.bin');
QuarantineFile('c:\users\admin\appdata\local\winnerdm\wdm.bin','');
TerminateProcessByName('c:\users\admin\appdata\roaming\vopackage\vosrv.exe');
QuarantineFile('c:\users\admin\appdata\roaming\vopackage\vosrv.exe','');
TerminateProcessByName('c:\program files\termtutor\service\ttsvc.exe');
QuarantineFile('c:\program files\termtutor\service\ttsvc.exe','');
TerminateProcessByName('c:\users\admin\appdata\local\musichelp\musichelp.exe');
QuarantineFile('c:\users\admin\appdata\local\musichelp\musichelp.exe','');
DeleteFile('c:\users\admin\appdata\local\musichelp\musichelp.exe','32');
DeleteFile('c:\program files\termtutor\service\ttsvc.exe','32');
DeleteFile('c:\users\admin\appdata\roaming\vopackage\vosrv.exe','32');
DeleteFile('c:\users\admin\appdata\local\winnerdm\wdm.bin','32');
DeleteFile('C:\Windows\musichelp.sys','32');
DeleteFile('C:\Windows\system32\drivers\ttnfd.sys','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','WinnerDM');
DeleteFile('C:\Users\admin\AppData\Local\WinnerDM\wdm.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','musichelp');
DeleteFile('C:\ProgramData\saferweb\S5TqisThXo5FE6.dll','32');
DeleteFile('C:\ProgramData\saferweeb\Wxk3ZOTPqMh2yv.dll','32');
DeleteFile('C:\ProgramData\TicTaCoupon\fQ38w5mljWlrq2.dll','32');
DeleteFile('C:\ProgramData\topabuyEr\5juA9h69hZVVbA.dll','32');
DeleteFile('C:\Program Files\BonusBerry\Toolbar32.dll','32');
DeleteFile('C:\ProgramData\SmartCompare\BvigxQ9BooZfSV.dll','32');
DeleteFile('C:\Users\admin\AppData\Roaming\Dorrible\Ribble\d.exe','32');
DeleteFile('C:\Windows\system32\Tasks\Ribble','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.