Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\user\AppData\Local\PennyBee\pennybee\1.3.9.0\pennybee.exe','');
DelBHO('{769a91da-209f-47fe-88b9-b0321b0982c8}');
QuarantineFile('C:\Program Files (x86)\NetCrawl\NetCrawlBHO.dll','');
QuarantineFile('C:\Users\user\AppData\Local\storegid\storegid.exe','');
QuarantineFile('C:\Users\user\AppData\Local\storegid\storegidup.exe','');
SetServiceStart('{f916f162-d4e9-413b-95d2-589769dc98ff}w64', 4);
DeleteService('{f916f162-d4e9-413b-95d2-589769dc98ff}w64');
SetServiceStart('{cfbbf934-a234-4282-8ef3-310abb84c3e4}w64', 4);
DeleteService('{cfbbf934-a234-4282-8ef3-310abb84c3e4}w64');
SetServiceStart('{cb987b80-b481-4623-9e86-1b830e33479a}w64', 4);
DeleteService('{cb987b80-b481-4623-9e86-1b830e33479a}w64');
SetServiceStart('{b7f87806-4a32-46e7-ad9b-12f73fb810a9}w64', 4);
DeleteService('{b7f87806-4a32-46e7-ad9b-12f73fb810a9}w64');
SetServiceStart('{a67a3db7-d53a-49b6-ad54-991a8bad27b3}w64', 4);
DeleteService('{a67a3db7-d53a-49b6-ad54-991a8bad27b3}w64');
SetServiceStart('{9a9b956a-1677-4d20-830c-6c34a0594e62}w64', 4);
DeleteService('{9a9b956a-1677-4d20-830c-6c34a0594e62}w64');
SetServiceStart('{75d07d19-b619-45eb-aba7-fd8d77feb6b6}w64', 4);
DeleteService('{75d07d19-b619-45eb-aba7-fd8d77feb6b6}w64');
SetServiceStart('{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64', 4);
DeleteService('{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64');
SetServiceStart('{6191cc23-5db4-4079-aaac-546c45b08af1}w64', 4);
DeleteService('{6191cc23-5db4-4079-aaac-546c45b08af1}w64');
SetServiceStart('{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64', 4);
DeleteService('{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64');
SetServiceStart('{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64', 4);
DeleteService('{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64');
SetServiceStart('{45df5bc0-27fc-482b-88e9-68b0812c4d00}w64', 4);
DeleteService('{45df5bc0-27fc-482b-88e9-68b0812c4d00}w64');
SetServiceStart('{3578bab3-f189-4578-b860-1ee0580e735d}w64', 4);
DeleteService('{3578bab3-f189-4578-b860-1ee0580e735d}w64');
SetServiceStart('{1de0dec0-675e-482f-a756-fd24c6796c8e}w64', 4);
DeleteService('{1de0dec0-675e-482f-a756-fd24c6796c8e}w64');
SetServiceStart('storegidfilter', 4);
DeleteService('storegidfilter');
SetServiceStart('Util NetCrawl', 4);
DeleteService('Util NetCrawl');
SetServiceStart('Update NetCrawl', 4);
DeleteService('Update NetCrawl');
SetServiceStart('MaintainerSvc2.04.9173792', 4);
DeleteService('MaintainerSvc2.04.9173792');
QuarantineFile('C:\Windows\system32\drivers\{fb1fd2ab-8c82-40a8-8da5-f16b29c789b4}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{f916f162-d4e9-413b-95d2-589769dc98ff}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{cb987b80-b481-4623-9e86-1b830e33479a}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{b7f87806-4a32-46e7-ad9b-12f73fb810a9}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{a67a3db7-d53a-49b6-ad54-991a8bad27b3}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{9a9b956a-1677-4d20-830c-6c34a0594e62}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{75d07d19-b619-45eb-aba7-fd8d77feb6b6}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{45df5bc0-27fc-482b-88e9-68b0812c4d00}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{3578bab3-f189-4578-b860-1ee0580e735d}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}w64.sys','');
QuarantineFile('C:\Windows\storegidfilter.sys','');
QuarantineFile('C:\Program Files (x86)\NetCrawl\bin\NetCrawl.expextdll.dll','');
TerminateProcessByName('c:\program files (x86)\netcrawl\bin\utilnetcrawl.exe');
QuarantineFile('c:\program files (x86)\netcrawl\bin\utilnetcrawl.exe','');
TerminateProcessByName('c:\program files (x86)\netcrawl\updatenetcrawl.exe');
QuarantineFile('c:\program files (x86)\netcrawl\updatenetcrawl.exe','');
TerminateProcessByName('c:\users\user\appdata\local\storegid\storegid.exe');
QuarantineFile('c:\users\user\appdata\local\storegid\storegid.exe','');
TerminateProcessByName('C:\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe');
QuarantineFile('C:\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe','');
TerminateProcessByName('c:\program files (x86)\netcrawl\bin\netcrawl.expext.exe');
QuarantineFile('c:\program files (x86)\netcrawl\bin\netcrawl.expext.exe','');
TerminateProcessByName('C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter64.exe');
QuarantineFile('C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter64.exe','');
TerminateProcessByName('c:\program files (x86)\netcrawl\bin\netcrawl.browseradapter.exe');
QuarantineFile('c:\program files (x86)\netcrawl\bin\netcrawl.browseradapter.exe','');
TerminateProcessByName('c:\program files (x86)\netcrawl\bin\netcrawl.boasprt.exe');
QuarantineFile('c:\program files (x86)\netcrawl\bin\netcrawl.boasprt.exe','');
TerminateProcessByName('c:\program files (x86)\netcrawl\bin\netcrawl.boashelper.exe');
QuarantineFile('c:\program files (x86)\netcrawl\bin\netcrawl.boashelper.exe','');
TerminateProcessByName('c:\program files (x86)\netcrawl\bin\netcrawl.boas.exe');
QuarantineFile('c:\program files (x86)\netcrawl\bin\netcrawl.boas.exe','');
TerminateProcessByName('c:\programdata\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe');
QuarantineFile('c:\programdata\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe','');
TerminateProcessByName('c:\users\user\appdata\local\pay-by-ads\yahoo! search\1.3.19.2\dsrsetup.exe');
QuarantineFile('c:\users\user\appdata\local\pay-by-ads\yahoo! search\1.3.19.2\dsrsetup.exe','');
TerminateProcessByName('c:\programdata\windows\csrss.exe');
QuarantineFile('c:\programdata\windows\csrss.exe','');
TerminateProcessByName('c:\users\user\appdata\local\pay-by-ads\yahoo! search\1.3.19.2\dsrlte.exe');
QuarantineFile('c:\users\user\appdata\local\pay-by-ads\yahoo! search\1.3.19.2\dsrlte.exe','');
DeleteFile('c:\users\user\appdata\local\pay-by-ads\yahoo! search\1.3.19.2\dsrlte.exe','32');
DeleteFile('c:\programdata\windows\csrss.exe','32');
DeleteFile('c:\users\user\appdata\local\pay-by-ads\yahoo! search\1.3.19.2\dsrsetup.exe','32');
DeleteFile('c:\programdata\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe','32');
DeleteFile('c:\program files (x86)\netcrawl\bin\netcrawl.boas.exe','32');
DeleteFile('c:\program files (x86)\netcrawl\bin\netcrawl.boashelper.exe','32');
DeleteFile('c:\program files (x86)\netcrawl\bin\netcrawl.boasprt.exe','32');
DeleteFile('c:\program files (x86)\netcrawl\bin\netcrawl.browseradapter.exe','32');
DeleteFile('C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter64.exe','32');
DeleteFile('c:\program files (x86)\netcrawl\bin\netcrawl.expext.exe','32');
DeleteFile('C:\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe','32');
DeleteFile('c:\users\user\appdata\local\storegid\storegid.exe','32');
DeleteFile('c:\program files (x86)\netcrawl\updatenetcrawl.exe','32');
DeleteFile('c:\program files (x86)\netcrawl\bin\utilnetcrawl.exe','32');
DeleteFile('C:\Program Files (x86)\NetCrawl\bin\NetCrawl.expextdll.dll','32');
DeleteFile('C:\Windows\storegidfilter.sys','32');
DeleteFile('C:\Windows\system32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{3578bab3-f189-4578-b860-1ee0580e735d}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{45df5bc0-27fc-482b-88e9-68b0812c4d00}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{75d07d19-b619-45eb-aba7-fd8d77feb6b6}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{9a9b956a-1677-4d20-830c-6c34a0594e62}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{a67a3db7-d53a-49b6-ad54-991a8bad27b3}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{b7f87806-4a32-46e7-ad9b-12f73fb810a9}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{cb987b80-b481-4623-9e86-1b830e33479a}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{f916f162-d4e9-413b-95d2-589769dc98ff}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{fb1fd2ab-8c82-40a8-8da5-f16b29c789b4}w64.sys','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Client Server Runtime Subsystem');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Yahoo! Search');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','$crrUnisntlDsply$');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','storegid');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','storegidUpdater');
DeleteFile('C:\Users\user\AppData\Local\storegid\storegidup.exe','32');
DeleteFile('C:\Users\user\AppData\Local\storegid\storegid.exe','32');
DeleteFile('C:\Program Files (x86)\NetCrawl\NetCrawlBHO.dll','32');
DeleteFile('C:\Windows\system32\Tasks\$crrUnisntlDsply$','64');
DeleteFile('C:\Windows\system32\Tasks\$crrUnisntlDsply$ Updater','64');
DeleteFile('C:\Windows\system32\Tasks\Yahoo! Search','64');
DeleteFile('C:\Windows\system32\Tasks\Yahoo! Search Updater','64');
DeleteFile('C:\Users\user\AppData\Local\PennyBee\pennybee\1.3.9.0\pennybee.exe','32');
DeleteFile('C:\Windows\system32\Tasks\{8C03E24C-3BAE-4A12-9DD6-C1A9334CF4B8}','64');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.