Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
end;
ClearQuarantine;
QuarantineFileF('%USERPROFILE%\appdata\roaming\mail.ru newgamest', '*', true, ' ', 0, 0);
QuarantineFileF('%USERPROFILE%\AppData\Roaming\runWIN', '*', true, ' ', 0, 0);
QuarantineFileF('%USERPROFILE%\AppData\Roaming\ICL', '*', true, ' ', 0, 0);
QuarantineFileF('%USERPROFILE%\AppData\Roaming\GemWare', '*', true, ' ', 0, 0);
QuarantineFileF('%USERPROFILE%\AppData\Roaming\Microsoft DB', '*', true, ' ', 0, 0);
QuarantineFile('%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe','');
QuarantineFile('%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Главное меню\Программы\Автозагрузка\runWIN.exe','');
DeleteFile('%USERPROFILE%\AppData\Roaming\runWIN\Update.exe','32');
DeleteFile('%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Главное меню\Программы\Автозагрузка\runWIN.exe','32');
DeleteFile('%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Encrypt');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','RuningWIN32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','LoaderSystemWIN');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','NewLoadSystemWIN32');
DeleteFileMask('%USERPROFILE%\appdata\roaming\mail.ru newgamest', '*', true, ' ');
DeleteFileMask('%USERPROFILE%\AppData\Roaming\runWIN', '*', true, ' ');
DeleteFileMask('%USERPROFILE%\AppData\Roaming\ICL', '*', true, ' ');
DeleteFileMask('%USERPROFILE%\AppData\Roaming\GemWare', '*', true, ' ');
DeleteFileMask('%USERPROFILE%\AppData\Roaming\Microsoft DB', '*', true, ' ');
DeleteDirectory('%USERPROFILE%\appdata\roaming\mail.ru newgamest');
DeleteDirectory('%USERPROFILE%\AppData\Roaming\runWIN');
DeleteDirectory('%USERPROFILE%\AppData\Roaming\ICL');
DeleteDirectory('%USERPROFILE%\AppData\Roaming\GemWare');
DeleteDirectory('%USERPROFILE%\AppData\Roaming\Microsoft DB');
TerminateProcessByName('c:\program files (x86)\internet speed checker\e62e4b67-a5d1-4d26-b79b-2db096bc77fa.exe');
TerminateProcessByName('c:\program files (x86)\common files\baidu\baiduprotect1.3\1.3.0.443\baiduprotect.exe');
TerminateProcessByName('c:\program files (x86)\internet speed checker\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-6.exe');
SetServiceStart('BDSafeBrowser', 4);
SetServiceStart('BDArKit', 4);
SetServiceStart('bd0004', 4);
SetServiceStart('bd0001', 4);
StopService('BDSafeBrowser');
StopService('BDArKit');
StopService('bd0004');
StopService('bd0001');
QuarantineFile('C:\Program Files (x86)\Microsoft Data\InstallAddons.exe','');
QuarantineFile('C:\Users\Хитрый\AppData\Local\23818\Updater.exe','');
QuarantineFile('C:\iexplore.bat','');
QuarantineFile('C:\Users\Хитрый\AppData\Roaming\newnext.me\nengine.dll','');
QuarantineFile('C:\Program Files (x86)\Google\chrome.bat','');
QuarantineFile('c:\program files (x86)\internet speed checker\e62e4b67-a5d1-4d26-b79b-2db096bc77fa.exe','');
QuarantineFile('c:\program files (x86)\internet speed checker\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-6.exe','');
DeleteFile('c:\program files (x86)\internet speed checker\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-6.exe','32');
DeleteFile('c:\program files (x86)\common files\baidu\baiduprotect1.3\1.3.0.443\baiduprotect.exe','32');
DeleteFile('c:\program files (x86)\internet speed checker\e62e4b67-a5d1-4d26-b79b-2db096bc77fa.exe','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0001.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0004.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDArKit.sys','32');
DeleteFile('C:\Windows\system32\drivers\BDSafeBrowser.sys','32');
DeleteFile('C:\PROGRA~2\SupTab\SEARCH~1.DLL','32');
DeleteFile('C:\PROGRA~2\SupTab\SEARCH~2.DLL','32');
DeleteFile('C:\Program Files (x86)\Google\chrome.bat','32');
DeleteFile('C:\Program Files (x86)\baidu\BindEx.exe','32');
DeleteFile('C:\Users\Хитрый\AppData\Roaming\newnext.me\nengine.dll','32');
DeleteFile('C:\iexplore.bat','32');
DeleteFile('C:\Windows\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-1.job','64');
DeleteFile('C:\Windows\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-11.job','64');
DeleteFile('C:\Windows\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-2.job','64');
DeleteFile('C:\Windows\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-4.job','64');
DeleteFile('C:\Windows\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-5.job','64');
DeleteFile('C:\Windows\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-5_user.job','64');
DeleteFile('C:\Windows\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-6.job','64');
DeleteFile('C:\Windows\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-7.job','64');
DeleteFile('C:\Windows\Tasks\DigitalSite.job','64');
DeleteFile('C:\Windows\Tasks\e009d383-f45f-4fb6-b1c8-fcbb844932f5.job','64');
DeleteFile('C:\Windows\Tasks\e62e4b67-a5d1-4d26-b79b-2db096bc77fa.job','64');
DeleteFile('C:\Windows\system32\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-1','64');
DeleteFile('C:\Windows\system32\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-11','64');
DeleteFile('C:\Windows\system32\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-2','64');
DeleteFile('C:\Windows\system32\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-4','64');
DeleteFile('C:\Windows\system32\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-5','64');
DeleteFile('C:\Windows\system32\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-6','64');
DeleteFile('C:\Windows\system32\Tasks\4d217c21-1b3c-40e0-9ae9-c2ff7a59697f-7','64');
DeleteFile('C:\Windows\system32\Tasks\AmiUpdXp','64');
DeleteFile('C:\Users\Хитрый\AppData\Local\23818\Updater.exe','32');
DeleteFile('C:\Windows\system32\Tasks\chrome5','64');
DeleteFile('C:\Program Files (x86)\Microsoft Data\InstallAddons.exe','32');
DeleteFile('C:\Windows\system32\Tasks\chrome5_logon','64');
DeleteFile('C:\Windows\system32\Tasks\DigitalSite','64');
DeleteFile('C:\Windows\system32\Tasks\e62e4b67-a5d1-4d26-b79b-2db096bc77fa','64');
DeleteFile('C:\Windows\system32\Tasks\LaunchSignup','64');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\baidu','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive','command');
DeleteService('BDSafeBrowser');
DeleteService('BDArKit');
DeleteService('bd0004');
DeleteService('bd0001');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteFile('C:\Windows\system32\DRIVERS\bd0001.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\bd0004.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\BDArKit.sys');
BC_DeleteFile('C:\Windows\system32\drivers\BDSafeBrowser.sys');
BC_DeleteSvc('bd0001');
BC_DeleteSvc('bd0004');
BC_DeleteSvc('BDArKit');
BC_DeleteSvc('BDSafeBrowser');
BC_Activate;
ExecuteRepair(3);
RebootWindows(false);
end.