Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Evgeniy\appdata\local\smartweb\__u.exe','');
QuarantineFile('C:\Users\Evgeniy\AppData\Local\Builder Rush\{C802D56B-5B06-471C-610C-6C4E8BE86BA8}\pabk.dll','');
QuarantineFile('C:\Users\Evgeniy\AppData\Local\Builder Rush\{C802D56B-5B06-471C-610C-6C4E8BE86BA8}\BuilderRush.dll','');
QuarantineFile('C:\ProgramData\EsKuHBtLyCzecMa\lAJgIu5.bat','');
QuarantineFile('C:\ProgramData\yKGAwhPPOEdgLaL\BQYRkEinBew5.bat','');
QuarantineFile('C:\ProgramData\RnNrjaCvrqCgtR\KFYQRfLvNXxlU0.bat','');
QuarantineFile('C:\ProgramData\MiScgdYBPRE\mtXnlG0.bat','');
QuarantineFile('C:\Users\Evgeniy\AppData\Local\mdndbhepfbopchbgmdchaoflagepmehg\config.json','');
QuarantineFile('C:\Users\Evgeniy\AppData\Local\mdndbhepfbopchbgmdchaoflagepmehg\stub.exe','');
QuarantineFile('C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe','');
SetServiceStart('WindowsMangerProtect', 4);
DeleteService('WindowsMangerProtect');
SetServiceStart('vodumigi', 4);
DeleteService('vodumigi');
SetServiceStart('roqenufe', 4);
DeleteService('roqenufe');
SetServiceStart('ApplicationHosting', 4);
DeleteService('ApplicationHosting');
TerminateProcessByName('c:\users\evgeniy\appdata\local\gmsd_ru_005010171\upgmsd_ru_005010171.exe');
QuarantineFile('c:\users\evgeniy\appdata\local\gmsd_ru_005010171\upgmsd_ru_005010171.exe','');
TerminateProcessByName('c:\users\evgeniy\appdata\local\smartweb\smartwebhelper.exe');
TerminateProcessByName('c:\users\evgeniy\appdata\local\smartweb\smartwebapp.exe');
QuarantineFile('c:\users\evgeniy\appdata\local\smartweb\smartwebapp.exe','');
QuarantineFile('c:\users\evgeniy\appdata\local\smartweb\smartwebhelper.exe','');
QuarantineFile('c:\users\evgeniy\appdata\local\d42b97a0-1449676668-11e0-b528-bcaec534e00d\qnsu6230.tmp','');
QuarantineFile('c:\programdata\tmp0x0x\protectwindowsmanager.exe','');
QuarantineFile('c:\users\evgeniy\appdata\local\temp\nstb6fd.tmp','');
QuarantineFile('c:\program files (x86)\d42b97a0-1449642279-11e0-b528-bcaec534e00d\knsqa609.tmpfs','');
QuarantineFile('C:\Program Files (x86)\D42B97A0-1449642279-11E0-B528-BCAEC534E00D\knsqA609.tmpfs','');
QuarantineFile('c:\program files (x86)\d42b97a0-1449642279-11e0-b528-bcaec534e00d\jnsueeff.tmp','');
QuarantineFile('c:\program files (x86)\gmsd_ru_005010171\gmsd_ru_005010171.exe','');
TerminateProcessByName('c:\programdata\applicationhosting\applicationhosting.exe');
QuarantineFile('c:\programdata\applicationhosting\applicationhosting.exe','');
DeleteFile('c:\programdata\applicationhosting\applicationhosting.exe','32');
DeleteFile('c:\program files (x86)\gmsd_ru_005010171\gmsd_ru_005010171.exe','32');
DeleteFile('c:\program files (x86)\d42b97a0-1449642279-11e0-b528-bcaec534e00d\jnsueeff.tmp','32');
DeleteFile('C:\Program Files (x86)\D42B97A0-1449642279-11E0-B528-BCAEC534E00D\knsqA609.tmpfs','32');
DeleteFile('c:\program files (x86)\d42b97a0-1449642279-11e0-b528-bcaec534e00d\knsqa609.tmpfs','32');
DeleteFile('c:\users\evgeniy\appdata\local\temp\nstb6fd.tmp','32');
DeleteFile('c:\programdata\tmp0x0x\protectwindowsmanager.exe','32');
DeleteFile('c:\users\evgeniy\appdata\local\d42b97a0-1449676668-11e0-b528-bcaec534e00d\qnsu6230.tmp','32');
DeleteFile('c:\users\evgeniy\appdata\local\smartweb\smartwebhelper.exe','32');
DeleteFile('c:\users\evgeniy\appdata\local\smartweb\smartwebapp.exe','32');
DeleteFile('c:\users\evgeniy\appdata\local\gmsd_ru_005010171\upgmsd_ru_005010171.exe','32');
DeleteFile('C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010171');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upgmsd_ru_005010171.exe');
DeleteFile('C:\Users\Evgeniy\AppData\Local\mdndbhepfbopchbgmdchaoflagepmehg\stub.exe','32');
DeleteFile('C:\Users\Evgeniy\AppData\Local\mdndbhepfbopchbgmdchaoflagepmehg\config.json','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','mdndbhepfbopchbgmdchaoflagepmehg');
DeleteFile('C:\ProgramData\MiScgdYBPRE\mtXnlG0.bat','32');
DeleteFile('C:\ProgramData\RnNrjaCvrqCgtR\KFYQRfLvNXxlU0.bat','32');
DeleteFile('C:\ProgramData\yKGAwhPPOEdgLaL\BQYRkEinBew5.bat','32');
DeleteFile('C:\ProgramData\EsKuHBtLyCzecMa\lAJgIu5.bat','32');
DeleteFile('C:\Users\Evgeniy\AppData\Local\Builder Rush\{C802D56B-5B06-471C-610C-6C4E8BE86BA8}\BuilderRush.dll','32');
DeleteFile('C:\Users\Evgeniy\AppData\Local\Builder Rush\{C802D56B-5B06-471C-610C-6C4E8BE86BA8}\pabk.dll','32');
DeleteFile('C:\Windows\system32\Tasks\Builder Rush2','64');
DeleteFile('C:\Windows\system32\Tasks\Builder Rush','64');
DeleteFile('C:\Users\Evgeniy\appdata\local\smartweb\__u.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.