Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\1lya\appdata\local\temp\csrss\scheduled.exe','');
QuarantineFile('C:\ProgramData\evqoGXESYIglxKVB\DVHNIAg.wsf','');
QuarantineFile('C:\Users\1lya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\geforce.exe','');
QuarantineFile('C:\Windows\system32\drivers\6eaa555ed688b3b0.sys','');
SetServiceStart('6eaa555ed688b3b0', 4);
DeleteService('6eaa555ed688b3b0');
SetServiceStart('backlh', 4);
DeleteService('backlh');
TerminateProcessByName('c:\programdata\logic cramble\set.exe');
QuarantineFile('c:\programdata\logic cramble\set.exe','');
DeleteFile('c:\programdata\logic cramble\set.exe','32');
DeleteFile('C:\Windows\system32\drivers\6eaa555ed688b3b0.sys','32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','32');
DeleteFile('C:\Windows\rss\csrss.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','mysidex');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','BrokenBrook');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ZaxarLoader');
DeleteFile('C:\Users\1lya\AppData\Roaming\mysidex\python\pythonw.exe','32');
DeleteFile('C:\Windows\Tasks\Online Application V2G1.job','32');
DeleteFile('C:\Windows\Tasks\Online Application V2G2.job','32');
DeleteFile('C:\Windows\Tasks\Online Application V2G3.job','32');
DeleteFile('C:\Windows\Tasks\Online Application V2G4.job','32');
DeleteFile('C:\Windows\Tasks\Online Application V2G5.job','32');
DeleteFile('C:\Windows\Tasks\Online Application V2G6.job','32');
DeleteFile('C:\Windows\Tasks\Updater_Online_Application.job','32');
DeleteFile('C:\Windows\system32\Tasks\ef036da1-074b-5f88-49dd705b7de0c08a','64');
DeleteFile('C:\Windows\system32\Tasks\hWCXNUfKMAhYeT','64');
DeleteFile('C:\Windows\system32\Tasks\JjZdVTDNbrP','64');
DeleteFile('C:\Windows\system32\Tasks\mysidex','64');
DeleteFile('C:\Windows\system32\Tasks\mysidex2','64');
DeleteFile('C:\Windows\system32\Tasks\Online Application V2G1','64');
DeleteFile('C:\Windows\system32\Tasks\Online Application V2G2','64');
DeleteFile('C:\Windows\system32\Tasks\Online Application V2G3','64');
DeleteFile('C:\Windows\system32\Tasks\Online Application V2G4','64');
DeleteFile('C:\Windows\system32\Tasks\Online Application V2G5','64');
DeleteFile('C:\Windows\system32\Tasks\Online Application V2G6','64');
DeleteFile('C:\Windows\system32\Tasks\PRGSbBCDnL','64');
DeleteFile('C:\Windows\system32\Tasks\tmBLMunYeFOSp2','64');
DeleteFile('C:\Windows\system32\Tasks\tqDMlZPkltjJjhW2','64');
DeleteFile('C:\Windows\system32\Tasks\ukCSubSnHULQGwloctH2','64');
DeleteFile('C:\Program Files (x86)\fTnWyhevsYDqrjMUfkR\HVYbUAk.dll','32');
DeleteFile('C:\Users\1lya\AppData\Local\UpdaterProBrowser\UpdaterProBrowser.exe','32');
DeleteFile('C:\Program Files (x86)\QPPcQxKasmehC\zNrccRg.dll','32');
DeleteFile('C:\Program Files (x86)\KOgxDRcEU\MjKDxA.dll','32');
DeleteFile('C:\ProgramData\evqoGXESYIglxKVB\DVHNIAg.wsf','32');
DeleteFile('C:\Program Files (x86)\PRGSbBCDnL\PRGSbBCDnL.dll','32');
DeleteFile('C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe','32');
DeleteFile('C:\Program Files (x86)\pgorRVJwSErU2\sMWjhKDDRxqAG.dll','32');
DeleteFile('C:\Program Files (x86)\JjZdVTDNbrP\JjZdVTDNbrP.dll','32');
DeleteFile('C:\Users\1lya\appdata\local\temp\csrss\scheduled.exe','32');
DeleteFile('C:\Users\1lya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\geforce.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.