Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
QuarantineFile('C:\Program Files\xtab\cmdshell.exe','');
QuarantineFile('C:\Program Files\xtab\browerwatchff.dll','');
QuarantineFile('C:\Program Files\xtab\browerwatchch.dll','');
QuarantineFile('C:\Program Files\anyprotectex\anyprotect.exe','');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-6.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-7.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-5.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-4.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-3.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-11.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-10.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-1-7.exe','');
QuarantineFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-1-6.exe','');
DelBHO('{ebfbdd44-c0e0-4f63-a8e6-ee5f34765238}');
QuarantineFile('C:\Program Files\Edu App\EduAppbho.dll','');
QuarantineFile('C:\Users\Санек\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe','');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','');
SetServiceStart('innfd_1_10_0_14', 4);
DeleteService('innfd_1_10_0_14');
QuarantineFile('C:\Program Files\Edu App\bin\utilEduApp.exe','');
QuarantineFile('C:\Program Files\Edu App\updateEduApp.exe','');
DeleteService('Util Edu App');
DeleteService('Update Edu App');
DeleteService('jyguliqe');
SetServiceStart('sowukymo', 4);
DeleteService('sowukymo');
SetServiceStart('insvc_1.10.0.14', 4);
DeleteService('insvc_1.10.0.14');
QuarantineFile('C:\Windows\system32\drivers\innfd_1_10_0_14.sys','');
TerminateProcessByName('c:\users\Санек\appdata\local\smartweb\smartwebhelper.exe');
QuarantineFile('c:\users\Санек\appdata\local\smartweb\smartwebhelper.exe','');
TerminateProcessByName('c:\users\Санек\appdata\local\smartweb\smartwebapp.exe');
QuarantineFile('c:\users\Санек\appdata\local\smartweb\smartwebapp.exe','');
TerminateProcessByName('c:\users\Санек\appdata\roaming\de813636-1431622131-bade-4d80-00248cae7bc5\nsu8db9.tmp');
QuarantineFile('c:\users\Санек\appdata\roaming\de813636-1431622131-bade-4d80-00248cae7bc5\nsu8db9.tmp','');
TerminateProcessByName('c:\program files\infonaut_1.10.0.14\service\insvc.exe');
QuarantineFile('c:\program files\infonaut_1.10.0.14\service\insvc.exe','');
DeleteFile('c:\program files\infonaut_1.10.0.14\service\insvc.exe','32');
DeleteFile('c:\users\Санек\appdata\roaming\de813636-1431622131-bade-4d80-00248cae7bc5\nsu8db9.tmp','32');
DeleteFile('c:\users\Санек\appdata\local\smartweb\smartwebapp.exe','32');
DeleteFile('c:\users\Санек\appdata\local\smartweb\smartwebhelper.exe','32');
DeleteFile('C:\Windows\system32\drivers\innfd_1_10_0_14.sys','32');
DeleteFile('C:\Program Files\Edu App\updateEduApp.exe','32');
DeleteFile('C:\Program Files\Edu App\bin\utilEduApp.exe','32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','GoogleChromeAutoLaunch_07C102E237BA2CE5CDC1E97A59156BC6');
DeleteFile('C:\Users\Санек\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','AppsHat');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SmartWeb');
DeleteFile('C:\Program Files\Edu App\EduAppbho.dll','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-1-6.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-1-7.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-10.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-11.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-3.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-4.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-5.exe','32');
DeleteFile('C:\Windows\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-5_user.job','32');
DeleteFile('C:\Windows\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-5.job','32');
DeleteFile('C:\Windows\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-4.job','32');
DeleteFile('C:\Windows\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-3.job','32');
DeleteFile('C:\Windows\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-11.job','32');
DeleteFile('C:\Windows\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-10_user.job','32');
DeleteFile('C:\Windows\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-1-7.job','32');
DeleteFile('C:\Windows\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-1-6.job','32');
DeleteFile('C:\Windows\Tasks\575fd677-c37e-4128-bf90-b7346da77838.job','32');
DeleteFile('C:\Windows\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-6.job','32');
DeleteFile('C:\Windows\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-7.job','32');
DeleteFile('C:\Windows\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-1-6.job','32');
DeleteFile('C:\Windows\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-1-7.job','32');
DeleteFile('C:\Windows\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-10_user.job','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-7.exe','32');
DeleteFile('C:\Program Files\CinemaPlus-3.2cV14.05\73e1d639-ef1c-422b-8891-9cb26a444f2e-6.exe','32');
DeleteFile('C:\Windows\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-11.job','32');
DeleteFile('C:\Windows\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-4.job','32');
DeleteFile('C:\Windows\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-5.job','32');
DeleteFile('C:\Windows\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-5_user.job','32');
DeleteFile('C:\Windows\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-6.job','32');
DeleteFile('C:\Windows\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-7.job','32');
DeleteFile('C:\Windows\Tasks\Crossbrowse.job','32');
DeleteFile('C:\Windows\Tasks\DMcf4dKeb3mzacp0HAgLB.job','32');
DeleteFile('C:\Windows\Tasks\tDtXu97wFW6jB.job','32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe','32');
DeleteFile('C:\Windows\system32\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-11','32');
DeleteFile('C:\Windows\system32\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-3','32');
DeleteFile('C:\Windows\system32\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-4','32');
DeleteFile('C:\Windows\system32\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-5','32');
DeleteFile('C:\Windows\system32\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-6','32');
DeleteFile('C:\Windows\system32\Tasks\73e1d639-ef1c-422b-8891-9cb26a444f2e-7','32');
DeleteFile('C:\Windows\system32\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-11','32');
DeleteFile('C:\Windows\system32\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-4','32');
DeleteFile('C:\Windows\system32\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-5','32');
DeleteFile('C:\Windows\system32\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-6','32');
DeleteFile('C:\Windows\system32\Tasks\cf7db3c1-1bd8-413d-8639-cff8dc0fa57a-7','32');
DeleteFile('C:\Windows\system32\Tasks\Crossbrowse','32');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task','32');
DeleteFile('C:\Windows\system32\Tasks\Soft installer','32');
DeleteFile('C:\Users\Санек\AppData\Local\Host installer\2494886086_monster.exe','32');
DeleteFile('C:\Program Files\anyprotectex\anyprotect.exe','32');
DeleteFile('C:\Users\Санек\AppData\Local\Temp\nsx7C42.tmp\blowfish.dll','32');
DeleteFile('C:\Users\Санек\AppData\Local\Temp\nsm3CE1.tmp\blowfish.dll','32');
DeleteFile('C:\Users\Санек\AppData\Local\Temp\nshD53A.tmp\blowfish.dll','32');
DeleteFile('C:\Users\Санек\AppData\Local\Temp\nsh31CA.tmp\blowfish.dll','32');
DeleteFile('C:\Program Files\xtab\browerwatchch.dll','32');
DeleteFile('C:\Program Files\xtab\browerwatchff.dll','32');
DeleteFile('C:\Program Files\xtab\cmdshell.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.