Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Петр\appdata\roaming\newsi_1\s_inst.exe','');
QuarantineFile('C:\Users\Петр\appdata\roaming\newsi_21\s_inst.exe','');
QuarantineFile('C:\Users\Петр\appdata\roaming\newsi_10\s_inst.exe','');
QuarantineFile('C:\Users\Петр\AppData\Local\PriceMeter\pricemeterd.exe','');
QuarantineFile('C:\Users\Петр\AppData\Roaming\Ice-Pick Lodge\googleupd.exe','');
QuarantineFile('C:\Users\B19A~1\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE','');
QuarantineFile('C:\Users\B19A~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE','');
QuarantineFile('C:\Users\Петр\AppData\Roaming\newSI_1\s_inst.exe','');
QuarantineFile('C:\Users\Петр\AppData\Roaming\newSI_21\s_inst.exe','');
QuarantineFile('C:\Users\B19A~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE','');
QuarantineFile('c:\progra~2\movies~1\datamngr\x64\mgrldr.dll','');
QuarantineFile('c:\progra~2\movies~1\datamngr\mgrldr.dll','');
DelBHO('{1D355335-BE86-4418-AC98-2436CC3D6D74}');
DelBHO('{4BC4CBE1-2827-2107-E4B3-2DA00A936E70}');
DelBHO('{4F3C10F8-9B89-4A2E-B523-33F2FB682DC2}');
DelBHO('{A06E9184-65B3-490A-AF63-E1EC0C4A3307}');
QuarantineFile('C:\Program Files (x86)\BonusBerry\Toolbar32.dll','');
QuarantineFile('C:\Program Files (x86)\Аудио и видео скачивание\IE\x86\Downloader.dll','');
QuarantineFile('C:\ProgramData\costmin\51d15c58d70ab.dll','');
QuarantineFile('C:\Program Files (x86)\Media Saver\Toolbar32.dll','');
QuarantineFile('C:\Users\Петр\AppData\Roaming\runWIN\Update.exe','');
QuarantineFile('C:\Users\Петр\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe','');
QuarantineFile('C:\Users\Петр\AppData\Local\PriceMeter\pricemeterw.exe','');
QuarantineFile('C:\Users\Петр\AppData\Local\Microsoft\Extensions\safebrowser.exe','');
QuarantineFile('C:\ProgramData\Kbrowser utility\kbrowser-updater-utility.exe','');
QuarantineFile('C:\Program Files (x86)\baidu\BindEx.exe','');
QuarantineFile('C:\Program Files (x86)\Adobe\install_flash_player_13_plugin.exe','');
QuarantineFile('C:\Users\Петр\AppData\Local\MinimalNativeSymbolic\RegFltrX64.sys','');
DeleteService('RegFltrX64');
QuarantineFile('C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe','');
QuarantineFile('C:\Program Files (x86)\BonusBerry\Basement\ExtensionUpdaterService.exe','');
QuarantineFile('C:\Program Files (x86)\Media Saver\Basement\ExtensionUpdaterService.exe','');
QuarantineFile('C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe','');
DeleteService('Util Mega Browse');
DeleteService('Update Service for Media Saver');
DeleteService('Update Service for BonusBerry');
DeleteService('Update Mega Browse');
DeleteService('pricemeterliveUpdate');
DeleteService('pricemeterliveUpdatem');
DeleteService('servervo');
QuarantineFile('C:\Users\Петр\AppData\Roaming\VOPackage\VOsrv.exe','');
QuarantineFile('C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe','');
QuarantineFile('C:\Program Files (x86)\PC Speed Up\PCSUService.exe','');
DeleteService('PCSUService');
DeleteService('GamesRS');
QuarantineFile('C:\Program Files (x86)\GamesRS\GUpdater.exe','');
DeleteService('BDSGRTP');
TerminateProcessByName('c:\program files (x86)\pricemeterliveupdate\update\pricemeterliveupdate.exe');
QuarantineFile('c:\program files (x86)\pricemeterliveupdate\update\pricemeterliveupdate.exe','');
DeleteFile('c:\program files (x86)\pricemeterliveupdate\update\pricemeterliveupdate.exe','32');
DeleteFile('C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.443\BaiduProtect.exe','32');
DeleteFile('C:\Program Files (x86)\GamesRS\GUpdater.exe','32');
DeleteFile('C:\Program Files (x86)\PC Speed Up\PCSUService.exe','32');
DeleteFile('C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe','32');
DeleteFile('C:\Users\Петр\AppData\Roaming\VOPackage\VOsrv.exe','32');
DeleteFile('C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe','32');
DeleteFile('C:\Program Files (x86)\Media Saver\Basement\ExtensionUpdaterService.exe','32');
DeleteFile('C:\Program Files (x86)\BonusBerry\Basement\ExtensionUpdaterService.exe','32');
DeleteFile('C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe','32');
DeleteFile('C:\Users\Петр\AppData\Local\MinimalNativeSymbolic\RegFltrX64.sys','32');
DeleteFile('C:\Program Files (x86)\Kinoroom Browser\kinoroom-browser.exe.bat','32');
DeleteFile('C:\Program Files (x86)\baidu\BindEx.exe','32');
DeleteFile('C:\ProgramData\Kbrowser utility\kbrowser-updater-utility.exe','32');
DeleteFile('C:\Users\Петр\AppData\Local\Microsoft\Extensions\safebrowser.exe','32');
DeleteFile('C:\Users\Петр\AppData\Local\PriceMeter\pricemeterw.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','PriceMeterW');
DeleteFile('C:\Users\Петр\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe','32');
DeleteFile('C:\Users\Петр\AppData\Roaming\newnext.me\nengine.dll','32');
DeleteFile('C:\Users\Петр\AppData\Roaming\runWIN\Update.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','NewLoadSystemWIN32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','LoaderSystemWIN');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','NextLive');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','RuningWIN32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Encrypt');
DeleteFile('C:\Program Files (x86)\Media Saver\Toolbar32.dll','32');
DeleteFile('C:\ProgramData\costmin\51d15c58d70ab.dll','32');
DeleteFile('C:\Program Files (x86)\Аудио и видео скачивание\IE\x86\Downloader.dll','32');
DeleteFile('C:\Program Files (x86)\BonusBerry\Toolbar32.dll','32');
DeleteFile('c:\progra~2\movies~1\datamngr\mgrldr.dll','32');
DeleteFile('c:\progra~2\movies~1\datamngr\x64\mgrldr.dll','32');
DeleteFile('C:\iexplore.bat','32');
DeleteFile('C:\Users\B19A~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE','32');
DeleteFile('C:\Windows\Tasks\Digital Sites.job','64');
DeleteFile('C:\Windows\Tasks\newSI_1.job','64');
DeleteFile('C:\Windows\Tasks\newSI_21.job','64');
DeleteFile('C:\Users\Петр\AppData\Roaming\newSI_21\s_inst.exe','32');
DeleteFile('C:\Users\Петр\AppData\Roaming\newSI_1\s_inst.exe','32');
DeleteFile('C:\Windows\Tasks\PC SpeedUp Service Deactivator.job','64');
DeleteFile('C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job','64');
DeleteFile('C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job','64');
DeleteFile('C:\Windows\Tasks\PriceMeterUpdater.job','64');
DeleteFile('C:\Windows\Tasks\SaveSense.job','64');
DeleteFile('C:\Users\B19A~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE','32');
DeleteFile('C:\Users\B19A~1\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE','32');
DeleteFile('C:\Windows\system32\Tasks\Digital Sites','64');
DeleteFile('C:\Users\Петр\AppData\Roaming\Ice-Pick Lodge\googleupd.exe','32');
DeleteFile('C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI','64');
DeleteFile('C:\Windows\system32\Tasks\kbrowser-updater-utility','64');
DeleteFile('C:\Windows\system32\Tasks\newSI_1','64');
DeleteFile('C:\Windows\system32\Tasks\newSI_21','64');
DeleteFile('C:\Users\Петр\AppData\Local\PriceMeter\pricemeterd.exe','32');
DeleteFile('C:\Windows\system32\Tasks\pricemeterdownloader','64');
DeleteFile('C:\Windows\system32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore','64');
DeleteFile('C:\Windows\system32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA','64');
DeleteFile('C:\Windows\system32\Tasks\PriceMeterUpdater','64');
DeleteFile('C:\Windows\system32\Tasks\Safebrowser','64');
DeleteFile('C:\Windows\system32\Tasks\SaveSense','64');
DeleteFile('C:\Users\Петр\appdata\roaming\newsi_10\s_inst.exe','32');
DeleteFile('C:\Users\Петр\appdata\roaming\newsi_21\s_inst.exe','32');
DeleteFile('C:\Users\Петр\appdata\roaming\newsi_1\s_inst.exe','32');
DeleteFileMask('C:\Users\Петр\AppData\Roaming\runWIN', '*', true);
DeleteDirectory('C:\Users\Петр\AppData\Roaming\runWIN');
DeleteFileMask('C:\Users\Петр\AppData\Roaming\Mail.RU NewGamesT', '*', true);
DeleteDirectory('C:\Users\Петр\AppData\Roaming\Mail.RU NewGamesT');
DeleteFileMask('C:\Users\Петр\appdata\roaming\newsi_1', '*', true);
DeleteDirectory('C:\Users\Петр\appdata\roaming\newsi_1');
DeleteFileMask('C:\Users\Петр\appdata\roaming\newsi_21', '*', true);
DeleteDirectory('C:\Users\Петр\appdata\roaming\newsi_21');
DeleteFileMask('C:\Users\Петр\appdata\roaming\newsi_10', '*', true);
DeleteDirectory('C:\Users\Петр\appdata\roaming\newsi_10');
DeleteFileMask('C:\Users\Петр\AppData\Local\PriceMeter', '*', true);
DeleteDirectory('C:\Users\Петр\AppData\Local\PriceMeter');
DeleteFileMask('C:\Users\Петр\AppData\Roaming\Ice-Pick Lodge', '*', true);
DeleteDirectory('C:\Users\Петр\AppData\Roaming\Ice-Pick Lodge');
DeleteFileMask('C:\Users\B19A~1\AppData\Roaming\DIGITA~1', '*', true);
DeleteDirectory('C:\Users\B19A~1\AppData\Roaming\DIGITA~1');
DeleteFileMask('c:\progra~2\movies~1', '*', true);
DeleteDirectory('c:\progra~2\movies~1');
DeleteFileMask('C:\Program Files (x86)\BonusBerry', '*', true);
DeleteDirectory('C:\Program Files (x86)\BonusBerry');
DeleteFileMask('C:\Program Files (x86)\Аудио и видео скачивание', '*', true);
DeleteDirectory('C:\Program Files (x86)\Аудио и видео скачивание');
DeleteFileMask('C:\ProgramData\costmin', '*', true);
DeleteDirectory('C:\ProgramData\costmin');
DeleteFileMask('C:\Program Files (x86)\Media Saver', '*', true);
DeleteDirectory('C:\Program Files (x86)\Media Saver');
DeleteFileMask('C:\Program Files (x86)\baidu', '*', true);
DeleteDirectory('C:\Program Files (x86)\baidu');
DeleteFileMask('C:\Users\Петр\AppData\Local\MinimalNativeSymbolic', '*', true);
DeleteDirectory('C:\Users\Петр\AppData\Local\MinimalNativeSymbolic');
DeleteFileMask('C:\Program Files (x86)\Mega Browse', '*', true);
DeleteDirectory('C:\Program Files (x86)\Mega Browse');
DeleteFileMask('C:\ProgramData\Kbrowser utility', '*', true);
DeleteDirectory('C:\ProgramData\Kbrowser utility');
DeleteFileMask('C:\Users\Петр\AppData\Roaming\VOPackage', '*', true);
DeleteDirectory('C:\Users\Петр\AppData\Roaming\VOPackage');
DeleteFileMask('C:\Program Files (x86)\PriceMeterLiveUpdate', '*', true);
DeleteDirectory('C:\Program Files (x86)\PriceMeterLiveUpdate');
DeleteFileMask('C:\Program Files (x86)\PC Speed Up', '*', true);
DeleteDirectory('C:\Program Files (x86)\PC Speed Up');
DeleteFileMask('C:\Program Files (x86)\GamesRS', '*', true);
DeleteDirectory('C:\Program Files (x86)\GamesRS');
DeleteFileMask('C:\Program Files (x86)\Common Files\Baidu', '*', true);
DeleteDirectory('C:\Program Files (x86)\Common Files\Baidu');
DeleteFileMask('C:\Users\Петр\AppData\Roaming\newnext.me', '*', true);
DeleteDirectory('C:\Users\Петр\AppData\Roaming\newnext.me');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('bd0001');
BC_DeleteSvc('bd0004');
BC_DeleteSvc('BDArKit');
BC_DeleteSvc('BDSafeBrowser');
BC_DeleteFile('C:\Windows\system32\DRIVERS\bd0001.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\bd0004.sys');
BC_DeleteFile('C:\Windows\system32\DRIVERS\BDArKit.sys');
BC_DeleteFile('C:\Windows\system32\drivers\BDSafeBrowser.sys');
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.