Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\User\AppData\Roaming\Hewlett-Packard\CODEXi\Steam Client','');
QuarantineFile('C:\Users\User\AppData\Roaming\Dorrible\Ribble\d.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Microsoft\Extensions\extsetup.exe','');
QuarantineFile('C:\Program Files (x86)\Microsoft Data\InstallAddons.exe','');
QuarantineFile('C:\Program Files (x86)\ver1SpeedChecker\B6SpeedCheckerd35.exe','');
DelBHO('{7CE987D5-11B3-44FC-9C3D-03069360D462}');
DelBHO('{D28ECF12-7928-0815-8F1B-4773A97655A3}');
DelBHO('{2e32cfe5-df92-4ae5-b0be-609ed0df74a6}');
DelBHO('{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}');
QuarantineFile('C:\Program Files (x86)\advPlugin\Toolbar32.dll','');
QuarantineFile('C:\iexplore.bat','');
QuarantineFile('C:\Users\User\AppData\Roaming\eTranslator\eTranslator.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Microsoft\Windows\system.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Microsoft\Extensions\safebrowser.exe','');
QuarantineFile('C:\Users\User\AppData\Local\Microsoft\Extensions\safebrowser.bat','');
QuarantineFile('C:\Users\User\AppData\Local\18212\Updater.exe','');
QuarantineFile('C:\ProgramData\TimeTasks\TimeTasksSetup.exe','');
QuarantineFile('C:\ProgramData\Schedule\timetasks.exe','');
QuarantineFile('C:\ProgramData\Microsoft\Network\Downloader\downloader.exe','');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','');
QuarantineFile('C:\Program Files (x86)\Twilight Tech\Pretty Search\dummyDlg.exe','');
QuarantineFile('C:\Program Files (x86)\Kinoroom Browser\kinoroom-browser.exe','');
QuarantineFile('C:\Program Files (x86)\Kinoroom Browser\kinoroom-browser.bat','');
QuarantineFile('C:\Program Files (x86)\Common Files\Distribute Application\appdistrib.exe','');
QuarantineFile('C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll','');
QuarantineFile('C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll','');
DeleteService('BDEnhanceBoost');
DeleteService('bd0004');
DeleteService('bd0002');
SetServiceStart('webinstrNHK', 4);
DeleteService('webinstrNHK');
SetServiceStart('BDMWrench_x64', 4);
DeleteService('BDMWrench_x64');
SetServiceStart('bd0001', 4);
DeleteService('bd0001');
QuarantineFile('C:\Program Files (x86)\advPlugin\Basement\ExtensionUpdaterService.exe','');
QuarantineFile('C:\Users\User\AppData\Local\ConvertAd\CASrv.exe','');
DeleteService('serverca');
DeleteService('Update Service for advPlugin');
QuarantineFile('C:\Windows\system32\Drivers\webinstrNHK.sys','');
QuarantineFile('C:\Program Files (x86)\ver1SpeedChecker\186.dll','');
QuarantineFile('C:\Program Files (x86)\SaveSense\SaveSenseIE.dll','');
TerminateProcessByName('c:\users\user\appdata\local\mbot_ru_33\upmbot_ru_33.exe');
QuarantineFile('c:\users\user\appdata\local\mbot_ru_33\upmbot_ru_33.exe','');
TerminateProcessByName('c:\users\user\appdata\roaming\ssleas.exe');
QuarantineFile('c:\users\user\appdata\roaming\ssleas.exe','');
TerminateProcessByName('c:\program files (x86)\ver1speedchecker\speedchecker.exe');
QuarantineFile('c:\program files (x86)\ver1speedchecker\speedchecker.exe','');
TerminateProcessByName('c:\users\user\appdata\roaming\newsi_619\s_inst.exe');
QuarantineFile('c:\users\user\appdata\roaming\newsi_619\s_inst.exe','');
TerminateProcessByName('c:\users\user\appdata\roaming\installer\rot8.exe');
QuarantineFile('c:\users\user\appdata\roaming\installer\rot8.exe','');
TerminateProcessByName('C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\openfiles.exe');
QuarantineFile('C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\openfiles.exe','');
TerminateProcessByName('c:\program files (x86)\mbot_ru_33\mbot_ru_33.exe');
QuarantineFile('c:\program files (x86)\mbot_ru_33\mbot_ru_33.exe','');
TerminateProcessByName('c:\users\user\appdata\local\kometa\kometaup.exe');
QuarantineFile('c:\users\user\appdata\local\kometa\kometaup.exe','');
TerminateProcessByName('c:\users\user\appdata\local\kometa\application\kometa.exe');
QuarantineFile('c:\users\user\appdata\local\kometa\application\kometa.exe','');
TerminateProcessByName('c:\programdata\windows\csrss.exe');
QuarantineFile('c:\programdata\windows\csrss.exe','');
TerminateProcessByName('c:\users\user\appdata\roaming\cppredistx86.exe');
QuarantineFile('c:\users\user\appdata\roaming\cppredistx86.exe','');
TerminateProcessByName('C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe');
QuarantineFile('C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe','');
TerminateProcessByName('c:\program files (x86)\ver1speedchecker\b6speedcheckerd35.exe');
QuarantineFile('c:\program files (x86)\ver1speedchecker\b6speedcheckerd35.exe','');
DeleteFile('c:\program files (x86)\ver1speedchecker\b6speedcheckerd35.exe','32');
DeleteFile('C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe','32');
DeleteFile('c:\users\user\appdata\roaming\cppredistx86.exe','32');
DeleteFile('c:\programdata\windows\csrss.exe','32');
DeleteFile('c:\users\user\appdata\local\kometa\application\kometa.exe','32');
DeleteFile('c:\users\user\appdata\local\kometa\kometaup.exe','32');
DeleteFile('c:\program files (x86)\mbot_ru_33\mbot_ru_33.exe','32');
DeleteFile('C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\openfiles.exe','32');
DeleteFile('c:\users\user\appdata\roaming\installer\rot8.exe','32');
DeleteFile('c:\users\user\appdata\roaming\newsi_619\s_inst.exe','32');
DeleteFile('c:\program files (x86)\ver1speedchecker\speedchecker.exe','32');
DeleteFile('c:\users\user\appdata\roaming\ssleas.exe','32');
DeleteFile('c:\users\user\appdata\local\mbot_ru_33\upmbot_ru_33.exe','32');
DeleteFile('C:\Program Files (x86)\SaveSense\SaveSenseIE.dll','32');
DeleteFile('C:\Program Files (x86)\ver1SpeedChecker\186.dll','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0001.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDMWrench_x64.sys','32');
DeleteFile('C:\Windows\system32\Drivers\webinstrNHK.sys','32');
DeleteFile('C:\Users\User\AppData\Local\ConvertAd\CASrv.exe','32');
DeleteFile('C:\Program Files (x86)\advPlugin\Basement\ExtensionUpdaterService.exe','32');
DeleteFile('C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll','32');
DeleteFile('C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll','32');
DeleteFile('C:\Program Files (x86)\Baidu\BaiduAn\3.0.0.3971\baiduAnTray.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','baiduAnTray');
DeleteFile('C:\Program Files (x86)\Kinoroom Browser\kinoroom-browser.bat','32');
DeleteFile('C:\Program Files (x86)\Kinoroom Browser\kinoroom-browser.exe','32');
DeleteFile('C:\Program Files (x86)\Twilight Tech\Pretty Search\dummyDlg.exe','32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','32');
DeleteFile('C:\Program Files (x86)\baidu\BindEx.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','mbot_ru_33');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','baidu');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ZaxarLoader');
DeleteFile('C:\ProgramData\Schedule\timetasks.exe','32');
DeleteFile('C:\ProgramData\TimeTasks\TimeTasksSetup.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Schedule');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Client Server Runtime Subsystem');
DeleteFile('C:\Users\User\AppData\Local\18212\Updater.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','SwvUpdtr');
DeleteFile('C:\Users\User\AppData\Local\Baidu\Baidu\1.3.1.157\Baidu.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','BaiduClient');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','KometaAutoLaunch_6632489EDE512831E64C7AB45B89EBC1');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','kometaup');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','KometaLaunchPanel');
DeleteFile('C:\Users\User\AppData\Local\Microsoft\Extensions\safebrowser.bat','32');
DeleteFile('C:\Users\User\AppData\Local\Microsoft\Extensions\safebrowser.exe','32');
DeleteFile('C:\Users\User\AppData\Local\Microsoft\Windows\system.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SystemScript');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','SystemScript');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upmbot_ru_33.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','rot8.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','openfiles');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\RunOnce','openfiles');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer','Run');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Command Processor\','Autorun');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Command Processor','AutoRun');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Visual C++ 2010');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','eTranslator Update');
DeleteFile('C:\Users\User\AppData\Roaming\eTranslator\eTranslator.exe','32');
DeleteFile('C:\iexplore.bat','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','BaiduClient');
DeleteFile('c:\users\user\appdata\local\baidu\baidu\1.3.1.157\Baidu.exe','32');
DeleteFile('C:\Program Files (x86)\advPlugin\Toolbar32.dll','32');
DeleteFile('C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','64');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','64');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','64');
DeleteFile('C:\Windows\Tasks\newSI_619.job','64');
DeleteFile('C:\Windows\Tasks\SpeedChecker Update.job','64');
DeleteFile('C:\Program Files (x86)\ver1SpeedChecker\B6SpeedCheckerd35.exe','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','64');
DeleteFile('C:\Program Files (x86)\Microsoft Data\InstallAddons.exe','32');
DeleteFile('C:\Windows\system32\Tasks\chrome5','64');
DeleteFile('C:\Windows\system32\Tasks\chrome5_logon','64');
DeleteFile('C:\Windows\system32\Tasks\extsetup','64');
DeleteFile('C:\Users\User\AppData\Local\Microsoft\Extensions\extsetup.exe','32');
DeleteFile('C:\Windows\system32\Tasks\Kbupdater Utility','64');
DeleteFile('C:\Windows\system32\Tasks\Kinoroom Browser','64');
DeleteFile('C:\Windows\system32\Tasks\newSI_619','64');
DeleteFile('C:\Windows\system32\Tasks\Ribble','64');
DeleteFile('C:\Users\User\AppData\Roaming\Dorrible\Ribble\d.exe','32');
DeleteFile('C:\Windows\system32\Tasks\Safebrowser','64');
DeleteFile('C:\Windows\system32\Tasks\SpeedChecker Update','64');
DeleteFile('C:\Users\User\AppData\Roaming\Hewlett-Packard\CODEXi\Steam Client','32');
DeleteFile('C:\Windows\system32\Tasks\Steam_x64-S-2-106-91','64');
DeleteFileMask('C:\Users\User\AppData\Roaming\Dorrible', '*', true);
DeleteDirectory('C:\Users\User\AppData\Roaming\Dorrible');
DeleteFileMask('C:\Program Files (x86)\ver1SpeedChecker', '*', true);
DeleteDirectory('C:\Program Files (x86)\ver1SpeedChecker');
DeleteFileMask('C:\Program Files (x86)\Microsoft Data', '*', true);
DeleteDirectory('C:\Program Files (x86)\Microsoft Data');
DeleteFileMask('C:\Program Files (x86)\advPlugin', '*', true);
DeleteDirectory('C:\Program Files (x86)\advPlugin');
DeleteFileMask('C:\Users\User\AppData\Roaming\eTranslator', '*', true);
DeleteDirectory('C:\Users\User\AppData\Roaming\eTranslator');
DeleteFileMask('C:\Program Files (x86)\Zaxar', '*', true);
DeleteDirectory('C:\Program Files (x86)\Zaxar');
DeleteFileMask('c:\programdata\schedule', '*', true);
DeleteDirectory('c:\programdata\schedule');
DeleteFileMask('C:\Program Files (x86)\Twilight Tech', '*', true);
DeleteDirectory('C:\Program Files (x86)\Twilight Tech');
DeleteFileMask('C:\Program Files (x86)\SearchProtect', '*', true);
DeleteDirectory('C:\Program Files (x86)\SearchProtect');
DeleteFileMask('C:\Program Files (x86)\Baidu', '*', true);
DeleteDirectory('C:\Program Files (x86)\Baidu');
DeleteFileMask('C:\Users\User\AppData\Local\18212', '*', true);
DeleteDirectory('C:\Users\User\AppData\Local\18212');
DeleteFileMask('C:\Program Files (x86)\Kinoroom Browser', '*', true);
DeleteDirectory('C:\Program Files (x86)\Kinoroom Browser');
DeleteFileMask('C:\Program Files (x86)\AnyProtectEx', '*', true);
DeleteDirectory('C:\Program Files (x86)\AnyProtectEx');
DeleteFileMask('c:\program files (x86)\mbot_ru_33', '*', true);
DeleteDirectory('c:\program files (x86)\mbot_ru_33');
DeleteFileMask('C:\Users\User\AppData\Local\ConvertAd', '*', true);
DeleteDirectory('C:\Users\User\AppData\Local\ConvertAd');
DeleteFileMask('C:\Program Files (x86)\SaveSense', '*', true);
DeleteDirectory('C:\Program Files (x86)\SaveSense');
DeleteFileMask('c:\users\user\appdata\roaming\newsi_619', '*', true);
DeleteDirectory('c:\users\user\appdata\roaming\newsi_619');
DeleteFileMask('c:\users\user\appdata\local\kometa', '*', true);
DeleteDirectory('c:\users\user\appdata\local\kometa');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.