Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Максим\appdata\local\smartweb\__u.exe','');
QuarantineFile('C:\Windows\system32\romwln.dll','');
DelBHO('{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}');
DelBHO('{ebfbdd44-c0e0-4f63-a8e6-ee5f34765238}');
QuarantineFile('C:\Program Files (x86)\Edu App\EduAppbho.dll','');
QuarantineFile('C:\Program Files (x86)\XTab\SupTab.dll','');
QuarantineFile('C:\iexplore.bat','');
QuarantineFile('C:\Users\Максим\AppData\Roaming\ASPackage\ASPackage.exe','');
QuarantineFile('C:\Program Files (x86)\Zaxar\timetasks.exe','');
QuarantineFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','');
QuarantineFile('C:\Windows\system32\drivers\tiodzwad.sys','');
DeleteService('tiodzwad');
QuarantineFile('C:\Windows\system32\drivers\pfnfd_1_10_0_9.sys','');
DeleteService('pfnfd_1_10_0_9');
DeleteService('lomodjmz');
QuarantineFile('C:\Windows\system32\drivers\lomodjmz.sys','');
QuarantineFile('C:\Windows\system32\drivers\gnkrlxtn.sys','');
DeleteService('gnkrlxtn');
SetServiceStart('{e2590817-40ca-4d03-8e1f-67fd8517bae9}Gw64', 4);
DeleteService('{e2590817-40ca-4d03-8e1f-67fd8517bae9}Gw64');
SetServiceStart('{848705a5-8a27-403e-9b59-732d0608bcbc}w64', 4);
DeleteService('{848705a5-8a27-403e-9b59-732d0608bcbc}w64');
SetServiceStart('{6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}w64', 4);
DeleteService('{6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}w64');
SetServiceStart('{3f1219df-4a4d-40a3-9537-f2a95f4016b3}w64', 4);
DeleteService('{3f1219df-4a4d-40a3-9537-f2a95f4016b3}w64');
SetServiceStart('{36ed28a4-ac0a-4653-91ff-10beb4246550}w64', 4);
DeleteService('{36ed28a4-ac0a-4653-91ff-10beb4246550}w64');
SetServiceStart('{11944e07-3e46-4956-b8c7-7e52c7a44c1d}Gw64', 4);
DeleteService('{11944e07-3e46-4956-b8c7-7e52c7a44c1d}Gw64');
DeleteService('innfd_1_10_0_13');
SetServiceStart('WindowsMangerProtect', 4);
DeleteService('WindowsMangerProtect');
SetServiceStart('Util Edu App', 4);
DeleteService('Util Edu App');
SetServiceStart('Update Edu App', 4);
DeleteService('Update Edu App');
SetServiceStart('insvc_1.10.0.13', 4);
DeleteService('insvc_1.10.0.13');
SetServiceStart('IHProtect Service', 4);
DeleteService('IHProtect Service');
SetServiceStart('buwomyre', 4);
DeleteService('buwomyre');
SetServiceStart('AppMgr6.49.325397', 4);
DeleteService('AppMgr6.49.325397');
QuarantineFile('C:\Windows\system32\drivers\{e2590817-40ca-4d03-8e1f-67fd8517bae9}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{e2590817-40ca-4d03-8e1f-67fd8517bae9}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{848705a5-8a27-403e-9b59-732d0608bcbc}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{3f1219df-4a4d-40a3-9537-f2a95f4016b3}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{36ed28a4-ac0a-4653-91ff-10beb4246550}w64.sys','');
QuarantineFile('C:\Windows\system32\drivers\{11944e07-3e46-4956-b8c7-7e52c7a44c1d}Gw64.sys','');
QuarantineFile('C:\Windows\system32\drivers\innfd_1_10_0_13.sys','');
QuarantineFile('C:\Users\Максим\AppData\Local\SmartWeb\swhk.dll','');
QuarantineFile('C:\Program Files (x86)\Edu App\bin\36ed28a4ac0a465391ff10beb4246550.dll','');
TerminateProcessByName('c:\program files (x86)\edu app\bin\utileduapp.exe');
QuarantineFile('c:\program files (x86)\edu app\bin\utileduapp.exe','');
TerminateProcessByName('c:\users\Максим\appdata\local\gmsd_ru_258\upgmsd_ru_258.exe');
QuarantineFile('c:\users\Максим\appdata\local\gmsd_ru_258\upgmsd_ru_258.exe','');
TerminateProcessByName('c:\users\Максим\appdata\local\gmsd_ru_239\upgmsd_ru_239.exe');
QuarantineFile('c:\users\Максим\appdata\local\gmsd_ru_239\upgmsd_ru_239.exe','');
TerminateProcessByName('c:\program files (x86)\edu app\updateeduapp.exe');
TerminateProcessByName('c:\users\Максим\appdata\local\smartweb\smartwebhelper.exe');
QuarantineFile('c:\users\Максим\appdata\local\smartweb\smartwebhelper.exe','');
TerminateProcessByName('c:\users\Максим\appdata\local\smartweb\smartwebapp.exe');
QuarantineFile('c:\users\Максим\appdata\local\smartweb\smartwebapp.exe','');
TerminateProcessByName('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe');
QuarantineFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','');
TerminateProcessByName('c:\program files (x86)\xtab\protectservice.exe');
QuarantineFile('c:\program files (x86)\xtab\protectservice.exe','');
TerminateProcessByName('c:\programdata\appmgr6.49.325397\1\plugin.exe');
QuarantineFile('c:\programdata\appmgr6.49.325397\1\plugin.exe','');
TerminateProcessByName('c:\users\Максим\appdata\roaming\8b41ccc0-1431538628-e111-a47b-dc0ea1fbb830\nsz30da.tmp');
QuarantineFile('c:\users\Максим\appdata\roaming\8b41ccc0-1431538628-e111-a47b-dc0ea1fbb830\nsz30da.tmp','');
TerminateProcessByName('c:\users\Максим\appdata\roaming\8b41ccc0-1431538628-e111-a47b-dc0ea1fbb830\jnsr3356.tmp');
QuarantineFile('c:\users\Максим\appdata\roaming\8b41ccc0-1431538628-e111-a47b-dc0ea1fbb830\jnsr3356.tmp','');
TerminateProcessByName('c:\program files (x86)\infonaut_1.10.0.13\service\insvc.exe');
QuarantineFile('c:\program files (x86)\infonaut_1.10.0.13\service\insvc.exe','');
TerminateProcessByName('c:\program files (x86)\gmsd_ru_258\gmsd_ru_258.exe');
QuarantineFile('c:\program files (x86)\gmsd_ru_258\gmsd_ru_258.exe','');
TerminateProcessByName('c:\program files (x86)\gmsd_ru_254\gmsd_ru_254.exe');
QuarantineFile('c:\program files (x86)\gmsd_ru_254\gmsd_ru_254.exe','');
TerminateProcessByName('c:\program files (x86)\gmsd_ru_244\gmsd_ru_244.exe');
QuarantineFile('c:\program files (x86)\gmsd_ru_244\gmsd_ru_244.exe','');
TerminateProcessByName('c:\program files (x86)\gmsd_ru_239\gmsd_ru_239.exe');
QuarantineFile('c:\program files (x86)\gmsd_ru_239\gmsd_ru_239.exe','');
TerminateProcessByName('C:\Program Files (x86)\Edu App\bin\EduApp.PurBrowse64.exe');
QuarantineFile('C:\Program Files (x86)\Edu App\bin\EduApp.PurBrowse64.exe','');
TerminateProcessByName('c:\program files (x86)\edu app\bin\eduapp.expext.exe');
QuarantineFile('c:\program files (x86)\edu app\bin\eduapp.expext.exe','');
TerminateProcessByName('C:\Program Files (x86)\Edu App\bin\EduApp.BrowserAdapter64.exe');
QuarantineFile('C:\Program Files (x86)\Edu App\bin\EduApp.BrowserAdapter64.exe','');
TerminateProcessByName('c:\program files (x86)\edu app\bin\eduapp.browseradapter.exe');
QuarantineFile('c:\program files (x86)\edu app\bin\eduapp.browseradapter.exe','');
TerminateProcessByName('c:\programdata\appmgr6.49.325397\appmgr.exe');
QuarantineFile('c:\programdata\appmgr6.49.325397\appmgr.exe','');
DeleteFile('c:\programdata\appmgr6.49.325397\appmgr.exe','32');
DeleteFile('c:\program files (x86)\edu app\bin\eduapp.browseradapter.exe','32');
DeleteFile('C:\Program Files (x86)\Edu App\bin\EduApp.BrowserAdapter64.exe','32');
DeleteFile('c:\program files (x86)\edu app\bin\eduapp.expext.exe','32');
DeleteFile('C:\Program Files (x86)\Edu App\bin\EduApp.PurBrowse64.exe','32');
DeleteFile('c:\program files (x86)\gmsd_ru_239\gmsd_ru_239.exe','32');
DeleteFile('c:\program files (x86)\gmsd_ru_244\gmsd_ru_244.exe','32');
DeleteFile('c:\program files (x86)\gmsd_ru_254\gmsd_ru_254.exe','32');
DeleteFile('c:\program files (x86)\gmsd_ru_258\gmsd_ru_258.exe','32');
DeleteFile('c:\program files (x86)\infonaut_1.10.0.13\service\insvc.exe','32');
DeleteFile('c:\users\Максим\appdata\roaming\8b41ccc0-1431538628-e111-a47b-dc0ea1fbb830\jnsr3356.tmp','32');
DeleteFile('c:\users\Максим\appdata\roaming\8b41ccc0-1431538628-e111-a47b-dc0ea1fbb830\nsz30da.tmp','32');
DeleteFile('c:\programdata\appmgr6.49.325397\1\plugin.exe','32');
DeleteFile('c:\program files (x86)\xtab\protectservice.exe','32');
DeleteFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','32');
DeleteFile('c:\users\Максим\appdata\local\smartweb\smartwebapp.exe','32');
DeleteFile('c:\users\Максим\appdata\local\smartweb\smartwebhelper.exe','32');
DeleteFile('c:\program files (x86)\edu app\updateeduapp.exe','32');
DeleteFile('c:\users\Максим\appdata\local\gmsd_ru_239\upgmsd_ru_239.exe','32');
DeleteFile('c:\users\Максим\appdata\local\gmsd_ru_258\upgmsd_ru_258.exe','32');
DeleteFile('c:\program files (x86)\edu app\bin\utileduapp.exe','32');
DeleteFile('C:\Program Files (x86)\Edu App\bin\36ed28a4ac0a465391ff10beb4246550.dll','32');
DeleteFile('C:\Users\Максим\AppData\Local\SmartWeb\swhk.dll','32');
DeleteFile('C:\Windows\system32\drivers\innfd_1_10_0_13.sys','32');
DeleteFile('C:\Windows\system32\drivers\{11944e07-3e46-4956-b8c7-7e52c7a44c1d}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{36ed28a4-ac0a-4653-91ff-10beb4246550}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{3f1219df-4a4d-40a3-9537-f2a95f4016b3}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{848705a5-8a27-403e-9b59-732d0608bcbc}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{e2590817-40ca-4d03-8e1f-67fd8517bae9}Gw64.sys','32');
DeleteFile('C:\Windows\system32\drivers\{e2590817-40ca-4d03-8e1f-67fd8517bae9}w64.sys','32');
DeleteFile('C:\Windows\system32\drivers\gnkrlxtn.sys','32');
DeleteFile('C:\Windows\system32\drivers\lomodjmz.sys','32');
DeleteFile('C:\Windows\system32\drivers\pfnfd_1_10_0_9.sys','32');
DeleteFile('C:\Windows\system32\drivers\tiodzwad.sys','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','32');
DeleteFile('C:\Program Files (x86)\Mobogenie\DaemonProcess.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon','command');
DeleteFile('C:\Program Files (x86)\Zaxar\timetasks.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Timestasks');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_239');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_244');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_254');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_258');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SmartWeb');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upgmsd_ru_239.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upgmsd_ru_258.exe');
DeleteFile('C:\Users\Максим\AppData\Roaming\ASPackage\ASPackage.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','Update');
DeleteFile('C:\iexplore.bat','32');
DeleteFile('C:\Program Files (x86)\XTab\SupTab.dll','32');
DeleteFile('C:\Program Files (x86)\Edu App\EduAppbho.dll','32');
DeleteFile('C:\Users\Максим\AppData\Local\Host installer\2789627844_monster.exe','32');
DeleteFile('C:\Windows\Tasks\kYrPm9cz7bNN8DZBbyDqhp7le.job','64');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task','64');
DeleteFile('C:\Windows\system32\Tasks\Soft installer','64');
DeleteFile('C:\$Recycle.Bin\S-1-5-21-1628434993-288853323-3394052507-1001\$ROD5YR7.tmp\blowfish.dll','32');
DeleteFile('C:\Users\Максим\appdata\local\smartweb\__u.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.