Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('c:\users\АНДРЕЙ\appdata\roaming\daemon2.exe');
TerminateProcessByName('c:\program files\gmsd_ru_005010181\gmsd_ru_005010181.exe');
TerminateProcessByName('c:\program files\00000000-1450594659-0000-0000-d43d7ee36b28\hnsa5756.tmp');
TerminateProcessByName('c:\program files\00000000-1450594659-0000-0000-d43d7ee36b28\jnsk2f0c.tmp');
TerminateProcessByName('c:\program files\00000000-1450594659-0000-0000-d43d7ee36b28\knsc4484.tmp');
TerminateProcessByName('c:\users\8883~1\appdata\local\temp\nsha834.tmp');
TerminateProcessByName('c:\users\АНДРЕЙ\appdata\local\00000000-1450605543-0000-0000-d43d7ee36b28\snsf2fb9.tmp');
TerminateProcessByName('c:\program files\sfk\ssfk.exe');
TerminateProcessByName('c:\users\АНДРЕЙ\appdata\local\gmsd_ru_005010181\upgmsd_ru_005010181.exe');
StopService('pugykene');
StopService('rizyqibe');
StopService('woforemu');
StopService('zizusyju');
QuarantineFile('C:\Program Files\Zaxar\ZaxarGameBrowser.exe', '');
QuarantineFile('C:\Program Files\rec_ru_142\rec_ru_142.exe', '');
QuarantineFileF('c:\program files\rec_ru_142\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('c:\program files\rec_en_77\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Users\АНДРЕЙ\appdata\local\smartweb', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('c:\programdata\tmp0x0x\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('c:\program files\oursoft\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFile('C:\Program Files\rec_en_77\rec_en_77.exe', '');
QuarantineFile('C:\Program Files\Zaxar\ZaxarLoader.exe', '');
QuarantineFile('C:\Users\АНДРЕЙ\AppData\Local\coprofit\coprofit_stb.exe', '');
QuarantineFileF('C:\Program Files\SpaceSoundPro\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFile('C:\Users\АНДРЕЙ\AppData\Local\coprofit\config.json', '');
QuarantineFileF('C:\Users\АНДРЕЙ\AppData\Roaming\MyDesktop\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFile('C:\ProgramData\TimeTasks\timetasks.exe', '');
QuarantineFileF('C:\Program Files\Zaxar\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Users\АНДРЕЙ\AppData\Local\coprofit\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\Sound+\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\TimeTasks\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('c:\program files\sfk', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0 , 0);
QuarantineFile('c:\users\АНДРЕЙ\appdata\roaming\daemon2.exe', '');
QuarantineFile('c:\program files\gmsd_ru_005010181\gmsd_ru_005010181.exe', '');
QuarantineFile('c:\program files\00000000-1450594659-0000-0000-d43d7ee36b28\hnsa5756.tmp', '');
QuarantineFile('c:\program files\00000000-1450594659-0000-0000-d43d7ee36b28\jnsk2f0c.tmp', '');
QuarantineFile('c:\program files\00000000-1450594659-0000-0000-d43d7ee36b28\knsc4484.tmp', '');
QuarantineFile('c:\users\8883~1\appdata\local\temp\nsha834.tmp', '');
QuarantineFile('c:\users\АНДРЕЙ\appdata\local\00000000-1450605543-0000-0000-d43d7ee36b28\snsf2fb9.tmp', '');
QuarantineFile('c:\program files\sfk\ssfk.exe', '');
QuarantineFile('c:\users\АНДРЕЙ\appdata\local\gmsd_ru_005010181\upgmsd_ru_005010181.exe', '');
QuarantineFile('C:\ProgramData\jxibVFsASOw\CTFIQnyQhdspVt5.bat', '');
DeleteFile('C:\Program Files\rec_ru_142\rec_ru_142.exe');
DeleteFile('C:\Program Files\rec_en_77\rec_en_77.exe');
DeleteFile('C:\Program Files\Zaxar\ZaxarGameBrowser.exe');
DeleteFile('C:\Program Files\Zaxar\ZaxarLoader.exe');
DeleteFile('C:\Users\АНДРЕЙ\AppData\Local\coprofit\coprofit_stb.exe');
DeleteFile('C:\Users\АНДРЕЙ\AppData\Local\coprofit\config.json');
DeleteFile('C:\ProgramData\TimeTasks\timetasks.exe');
DeleteFile('c:\users\АНДРЕЙ\appdata\roaming\daemon2.exe', '32');
DeleteFile('c:\program files\gmsd_ru_005010181\gmsd_ru_005010181.exe', '32');
DeleteFile('c:\program files\00000000-1450594659-0000-0000-d43d7ee36b28\hnsa5756.tmp', '32');
DeleteFile('c:\program files\00000000-1450594659-0000-0000-d43d7ee36b28\jnsk2f0c.tmp', '32');
DeleteFile('c:\program files\00000000-1450594659-0000-0000-d43d7ee36b28\knsc4484.tmp', '32');
DeleteFile('c:\users\8883~1\appdata\local\temp\nsha834.tmp', '32');
DeleteFile('c:\users\АНДРЕЙ\appdata\local\00000000-1450605543-0000-0000-d43d7ee36b28\snsf2fb9.tmp', '32');
DeleteFile('c:\program files\sfk\ssfk.exe', '32');
DeleteFile('c:\users\АНДРЕЙ\appdata\local\gmsd_ru_005010181\upgmsd_ru_005010181.exe', '32');
DeleteFile('C:\ProgramData\jxibVFsASOw\CTFIQnyQhdspVt5.bat', '32');
DeleteService('pugykene');
DeleteService('rizyqibe');
DeleteService('woforemu');
DeleteService('zizusyju');
DeleteFileMask('c:\program files\rec_ru_142\', '*', true);
DeleteFileMask('c:\program files\rec_en_77\', '*', true);
DeleteFileMask('C:\Users\АНДРЕЙ\appdata\local\smartweb', '*', true);
DeleteFileMask('c:\programdata\tmp0x0x\', '*', true);
DeleteFileMask('C:\Users\АНДРЕЙ\AppData\Roaming\MyDesktop\', '*', true);
DeleteFileMask('C:\Program Files\Zaxar\', '*', true);
DeleteFileMask('C:\Users\АНДРЕЙ\AppData\Local\coprofit\', '*', true);
DeleteFileMask('C:\ProgramData\TimeTasks\', '*', true);
DeleteFileMask('c:\program files\sfk', '*', true);
DeleteDirectory('c:\program files\rec_ru_142\');
DeleteDirectory('C:\Users\АНДРЕЙ\appdata\local\smartweb');
DeleteDirectory('c:\program files\rec_en_77\');
DeleteDirectory('c:\programdata\tmp0x0x\');
DeleteDirectory('C:\Users\АНДРЕЙ\AppData\Roaming\MyDesktop\');
DeleteDirectory('C:\Program Files\Zaxar\');
DeleteDirectory('C:\Users\АНДРЕЙ\AppData\Local\coprofit\');
DeleteDirectory('C:\ProgramData\TimeTasks\');
DeleteDirectory('c:\program files\sfk');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'rec_ru_142');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'rec_en_77');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZaxarGameBrowser');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'coprofit');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZaxarLoader');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Timestasks');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'gmsd_ru_005010181');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'upgmsd_ru_005010181.exe');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'MyDesktop');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Daemon');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','MyDesktop');
BC_ImportALL;
ExecuteSysClean;
BC_DeleteSvc('woforemu');
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.