Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
end;
QuarantineFileF('%USERPROFILE%\appdata\roaming\Mail.RU NewGamesT', '*', true, ' ', 0, 0);
QuarantineFileF('%USERPROFILE%\AppData\Roaming\runWIN', '*', true, ' ', 0, 0);
QuarantineFileF('%USERPROFILE%\AppData\Roaming\ICL', '*', true, ' ', 0, 0);
QuarantineFileF('%USERPROFILE%\AppData\Roaming\GemWare', '*', true, ' ', 0, 0);
QuarantineFileF('%USERPROFILE%\AppData\Roaming\Microsoft DB', '*', true, ' ', 0, 0);
QuarantineFile('%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe','');
QuarantineFile('%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Главное меню\Программы\Автозагрузка\runWIN.exe','');
DeleteFile('%USERPROFILE%\AppData\Roaming\runWIN\Update.exe','32');
DeleteFile('%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Главное меню\Программы\Автозагрузка\runWIN.exe','32');
DeleteFile('%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Encrypt');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','RuningWIN32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','LoaderSystemWIN');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','NewLoadSystemWIN32');
DeleteFileMask('%USERPROFILE%\appdata\roaming\Mail.RU NewGamesT', '*', true, ' ');
DeleteFileMask('%USERPROFILE%\AppData\Roaming\runWIN', '*', true, ' ');
DeleteFileMask('%USERPROFILE%\AppData\Roaming\ICL', '*', true, ' ');
DeleteFileMask('%USERPROFILE%\AppData\Roaming\GemWare', '*', true, ' ');
DeleteFileMask('%USERPROFILE%\AppData\Roaming\Microsoft DB', '*', true, ' ');
DeleteDirectory('%USERPROFILE%\appdata\roaming\Mail.RU NewGamesT');
DeleteDirectory('%USERPROFILE%\AppData\Roaming\runWIN');
DeleteDirectory('%USERPROFILE%\AppData\Roaming\ICL');
DeleteDirectory('%USERPROFILE%\AppData\Roaming\GemWare');
DeleteDirectory('%USERPROFILE%\AppData\Roaming\Microsoft DB');
TerminateProcessByName('c:\programdata\iepluginservices\pluginservice.exe');
TerminateProcessByName('c:\program files (x86)\common files\baidu\baiduprotect1.3\1.3.0.542\baiduprotect.exe');
SetServiceStart('BDSafeBrowser', 4);
SetServiceStart('BDMWrench', 4);
SetServiceStart('BDArKit', 4);
SetServiceStart('bd0004', 4);
SetServiceStart('bd0001', 4);
SetServiceStart('IePluginServices', 4);
SetServiceStart('BDSGRTP', 4);
StopService('BDSafeBrowser');
StopService('BDMWrench');
StopService('BDArKit');
StopService('bd0004');
StopService('bd0001');
StopService('IePluginServices');
StopService('BDSGRTP');
QuarantineFile('C:\Users\Андрей\appdata\roaming\mail.ru newgamest\encrypt.exe','');
QuarantineFile('c:\programdata\iepluginservices\pluginservice.exe','');
DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\7z.dll','32');
DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\ad.dll','32');
DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\BDKitUtils.dll','32');
DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\BDLogicUtils.dll','32');
DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\BDMNet.dll','32');
DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\BDMReport.dll','32');
DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\DriverManager.dll','32');
DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\dynplugins\AssistReportPlugin.dll','32');
DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\plugins\BaiduRepair.dll','32');
DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\plugins\HIPS.dll','32');
DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\SafeBrowserDll.dll','32');
DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\BaiduProtect.exe','32');
DeleteFile('C:\ProgramData\IePluginServices\PluginService.exe','32');
DeleteFile('C:\Windows\system32\drivers\BDSafeBrowser.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDMWrench.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDArKit.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0004.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0001.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0002.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDMWrench_x64.sys','32');
DeleteFile('C:\Users\Андрей\appdata\roaming\mail.ru newgamest\encrypt.exe','32');
DeleteService('BDMWrench_x64');
DeleteService('bd0002');
DeleteService('BDSafeBrowser');
DeleteService('BDMWrench');
DeleteService('BDArKit');
DeleteService('bd0004');
DeleteService('bd0001');
DeleteService('IePluginServices');
DeleteService('BDSGRTP');
DeleteFileMask('C:\Program Files (x86)\Common Files\Baidu', '*', true, ' ');
DeleteFileMask('C:\Program Files (x86)\baidu', '*', true, ' ');
DeleteFileMask('C:\ProgramData\Baidu', '*', true, ' ');
DeleteDirectory('C:\Program Files (x86)\Common Files\Baidu');
DeleteDirectory('C:\Program Files (x86)\baidu');
DeleteDirectory('C:\ProgramData\Baidu');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteFile('c:\program files (x86)\common files\baidu\baiduprotect1.3\1.3.0.542\baiduprotect.exe');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\7z.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\ad.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\BDKitUtils.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\BDLogicUtils.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\BDMNet.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\BDMReport.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\DriverManager.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\dynplugins\AssistReportPlugin.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\plugins\BaiduRepair.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\plugins\HIPS.dll');
BC_DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.542\SafeBrowserDll.dll');
BC_DeleteFile('C:\Windows\system32\drivers\BDSafeBrowser.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\BDMWrench.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\BDArKit.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\bd0004.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\bd0001.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\bd0002.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\BDMWrench_x64.sys');
BC_DeleteSvc('BDSGRTP');
BC_DeleteSvc('bd0001');
BC_DeleteSvc('bd0004');
BC_DeleteSvc('BDArKit');
BC_DeleteSvc('BDMWrench');
BC_DeleteSvc('BDSafeBrowser');
BC_DeleteSvc('bd0002');
BC_Activate;
RebootWindows(false);
end.