Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files\windows nt\symsrv.exe','');
DeleteService('rcdll');
QuarantineFile('C:\Users\Toster\AppData\Local\Temp\rcdll.exe','');
TerminateProcessByName('c:\users\toster\appdata\roaming\0umat1wcbhz\v3oharpqtyw.exe');
TerminateProcessByName('c:\users\toster\appdata\local\temp\is-rq1n6.tmp\v3oharpqtyw.tmp');
QuarantineFile('c:\users\toster\appdata\local\temp\is-rq1n6.tmp\v3oharpqtyw.tmp','');
QuarantineFile('c:\users\toster\appdata\roaming\0umat1wcbhz\v3oharpqtyw.exe','');
TerminateProcessByName('c:\users\toster\appdata\local\temp\is-78m20.tmp\suoalvwzfzy.tmp');
QuarantineFile('c:\users\toster\appdata\local\temp\is-78m20.tmp\suoalvwzfzy.tmp','');
TerminateProcessByName('c:\users\toster\appdata\roaming\qyr0cj32mmz\suoalvwzfzy.exe');
QuarantineFile('c:\users\toster\appdata\roaming\qyr0cj32mmz\suoalvwzfzy.exe','');
TerminateProcessByName('c:\users\toster\appdata\local\temp\is-ooemm.tmp\smrizrjlvqs.tmp');
QuarantineFile('c:\users\toster\appdata\local\temp\is-ooemm.tmp\smrizrjlvqs.tmp','');
TerminateProcessByName('c:\users\toster\appdata\roaming\1f4h0txpr2f\smrizrjlvqs.exe');
QuarantineFile('c:\users\toster\appdata\roaming\1f4h0txpr2f\smrizrjlvqs.exe','');
TerminateProcessByName('c:\users\toster\appdata\local\temp\is-kskl5.tmp\pgf3gvuojjg.tmp');
QuarantineFile('c:\users\toster\appdata\local\temp\is-kskl5.tmp\pgf3gvuojjg.tmp','');
TerminateProcessByName('c:\users\toster\appdata\roaming\0xhy4fzxqoo\pgf3gvuojjg.exe');
QuarantineFile('c:\users\toster\appdata\roaming\0xhy4fzxqoo\pgf3gvuojjg.exe','');
TerminateProcessByName('c:\users\toster\appdata\local\temp\is-ocq6q.tmp\f2yprrh1cap.tmp');
QuarantineFile('c:\users\toster\appdata\local\temp\is-ocq6q.tmp\f2yprrh1cap.tmp','');
TerminateProcessByName('c:\users\toster\appdata\roaming\p0gmowjvmzy\f2yprrh1cap.exe');
QuarantineFile('c:\users\toster\appdata\roaming\p0gmowjvmzy\f2yprrh1cap.exe','');
TerminateProcessByName('c:\users\toster\appdata\local\temp\is-13k8e.tmp\evilpill.tmp');
QuarantineFile('c:\users\toster\appdata\local\temp\is-13k8e.tmp\evilpill.tmp','');
TerminateProcessByName('c:\users\toster\appdata\local\temp\is-h0gin.tmp\evilpill.exe');
QuarantineFile('c:\users\toster\appdata\local\temp\is-h0gin.tmp\evilpill.exe','');
TerminateProcessByName('c:\users\toster\appdata\local\temp\is-7e2i8.tmp\evilpill.tmp');
QuarantineFile('c:\users\toster\appdata\local\temp\is-7e2i8.tmp\evilpill.tmp','');
TerminateProcessByName('c:\users\toster\appdata\local\temp\is-vnel3.tmp\evilpill.exe');
QuarantineFile('c:\users\toster\appdata\local\temp\is-vnel3.tmp\evilpill.exe','');
TerminateProcessByName('c:\users\toster\appdata\roaming\rd33g3mn5u1\djf2s4wben0.exe');
TerminateProcessByName('c:\users\toster\appdata\local\temp\is-7iaqa.tmp\djf2s4wben0.tmp');
TerminateProcessByName('c:\users\toster\appdata\roaming\3pasqwevqz0\ehqiruvhany.exe');
TerminateProcessByName('c:\users\toster\appdata\local\temp\is-59hpn.tmp\ehqiruvhany.tmp');
QuarantineFile('c:\users\toster\appdata\local\temp\is-59hpn.tmp\ehqiruvhany.tmp','');
QuarantineFile('c:\users\toster\appdata\roaming\3pasqwevqz0\ehqiruvhany.exe','');
QuarantineFile('c:\users\toster\appdata\local\temp\is-7iaqa.tmp\djf2s4wben0.tmp','');
QuarantineFile('c:\users\toster\appdata\roaming\rd33g3mn5u1\djf2s4wben0.exe','');
DeleteFile('c:\users\toster\appdata\roaming\rd33g3mn5u1\djf2s4wben0.exe','32');
DeleteFile('c:\users\toster\appdata\local\temp\is-7iaqa.tmp\djf2s4wben0.tmp','32');
DeleteFile('c:\users\toster\appdata\roaming\3pasqwevqz0\ehqiruvhany.exe','32');
DeleteFile('c:\users\toster\appdata\local\temp\is-59hpn.tmp\ehqiruvhany.tmp','32');
DeleteFile('c:\users\toster\appdata\local\temp\is-vnel3.tmp\evilpill.exe','32');
DeleteFile('c:\users\toster\appdata\local\temp\is-7e2i8.tmp\evilpill.tmp','32');
DeleteFile('c:\users\toster\appdata\local\temp\is-h0gin.tmp\evilpill.exe','32');
DeleteFile('c:\users\toster\appdata\local\temp\is-13k8e.tmp\evilpill.tmp','32');
DeleteFile('c:\users\toster\appdata\roaming\p0gmowjvmzy\f2yprrh1cap.exe','32');
DeleteFile('c:\users\toster\appdata\local\temp\is-ocq6q.tmp\f2yprrh1cap.tmp','32');
DeleteFile('c:\users\toster\appdata\roaming\0xhy4fzxqoo\pgf3gvuojjg.exe','32');
DeleteFile('c:\users\toster\appdata\local\temp\is-kskl5.tmp\pgf3gvuojjg.tmp','32');
DeleteFile('c:\users\toster\appdata\roaming\1f4h0txpr2f\smrizrjlvqs.exe','32');
DeleteFile('c:\users\toster\appdata\local\temp\is-ooemm.tmp\smrizrjlvqs.tmp','32');
DeleteFile('c:\users\toster\appdata\roaming\qyr0cj32mmz\suoalvwzfzy.exe','32');
DeleteFile('c:\users\toster\appdata\local\temp\is-78m20.tmp\suoalvwzfzy.tmp','32');
DeleteFile('c:\users\toster\appdata\roaming\0umat1wcbhz\v3oharpqtyw.exe','32');
DeleteFile('c:\users\toster\appdata\local\temp\is-rq1n6.tmp\v3oharpqtyw.tmp','32');
DeleteFile('C:\Users\Toster\AppData\Local\Temp\rcdll.exe','64');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','3271024','x32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1846747','x32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1906092','x32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1479473','x32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','3022521','x32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','7407169','x32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','5825126','x32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','4442049','x32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1012463','x32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','3271024','x64');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1846747','x64');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1906092','x64');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1479473','x64');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','3022521','x64');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','7407169','x64');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','5825126','x64');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','4442049','x64');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1012463','x64');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','Web Companion','x64');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.