Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
TerminateProcessByName('c:\program files\webspades\bin\webspades.purbrowse.exe');
TerminateProcessByName('c:\program files\webspades\bin\webspades.browseradapter.exe');
TerminateProcessByName('c:\program files\webspades\bin\utilwebspades.exe');
TerminateProcessByName('c:\program files\webspades\updatewebspades.exe');
QuarantineFile('C:\WINDOWS\system32\drivers\nethfdrv.sys','');
QuarantineFile('C:\WINDOWS\system32\Drivers\nethfdrv.sys','');
QuarantineFile('C:\WINDOWS\system32\hfpapi.dll','');
QuarantineFile('C:\WINDOWS\system32\hfnapi.dll','');
QuarantineFile('C:\Documents and Settings\Home\Application Data\.craftergame\uPlus.exe','');
QuarantineFile('C:\Documents and Settings\Home\Application Data\newSI_4396\s_inst.exe','');
QuarantineFile('/DllName64ToInjectToChrome=b15221dd-9e52-4991-ae76-2823e65df867.dll','');
QuarantineFile('/DllName32ToInjectToChrome=830cc5c4-e92c-4e5e-b34b-1187d548f920.dll','');
QuarantineFile('C:\Program Files\TheGoPhoto.it V10\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-6.exe','');
QuarantineFile('C:\Program Files\TheGoPhoto.it V10\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-5.exe','');
QuarantineFile('C:\Program Files\TheGoPhoto.it V10\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-4.exe','');
QuarantineFile('C:\Program Files\TheGoPhoto.it V10\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-3.exe','');
QuarantineFile('C:\Program Files\TheGoPhoto.it V10\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-2.exe','');
QuarantineFile('C:\Program Files\TheGoPhoto.it V10\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-11.exe','');
QuarantineFile('C:\Program Files\TheTorntv V10\9b77c2a1-04b8-4d92-bd96-1398620df99a-4.exe','');
QuarantineFile('C:\Program Files\WebSpades\WebSpadesBHO.dll','');
QuarantineFile('C:\Program Files\TheGoPhoto.it V10\TheGoPhoto.it V10-bho.dll','');
QuarantineFile('C:\Program Files\TheTorntv V10\TheTorntv V10-bho.dll','');
QuarantineFile('C:\WINDOWS\system32\vegdnwa.dll','');
QuarantineFile('C:\Documents and Settings\Home\Application Data\taskhost.exe','');
QuarantineFile('C:\Documents and Settings\Home\Application Data\eTranslator\eTranslator.exe','');
QuarantineFile('C:\WINDOWS\system32\netupdsrv.exe','');
QuarantineFile('C:\WINDOWS\system32\nethtsrv.exe','');
QuarantineFile('C:\Program Files\WebSpades\bin\utilWebSpades.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}t.sys','');
QuarantineFile('C:\Program Files\WebSpades\bin\{ed7eb956-75ed-460d-8f69-29a93b07afd1}.dll','');
QuarantineFile('c:\program files\webspades\bin\webspades.purbrowse.exe','');
QuarantineFile('c:\program files\webspades\bin\webspades.browseradapter.exe','');
QuarantineFile('c:\program files\webspades\bin\utilwebspades.exe','');
QuarantineFile('c:\program files\webspades\updatewebspades.exe','');
QuarantineFile('c:\documents and settings\home\application data\torntv.com\torntvsvc.exe','');
QuarantineFile('c:\bmwgroup\etklokal\transbase\tbmux32.exe','');
DelBHO('{11111111-1111-1111-1111-110611331113}');
DelBHO('{12e16b46-cabd-485b-b8a8-615f31ebc038}');
DelBHO('{c919d8b2-11e4-43c7-a2c2-9294fd2c4106}');
DelBHO('{11111111-1111-1111-1111-110611331111}');
DeleteFile('c:\program files\webspades\updatewebspades.exe','32');
DeleteFile('c:\program files\webspades\bin\utilwebspades.exe','32');
DeleteFile('c:\program files\webspades\bin\webspades.browseradapter.exe','32');
DeleteFile('c:\program files\webspades\bin\webspades.purbrowse.exe','32');
DeleteFile('C:\Program Files\WebSpades\bin\{ed7eb956-75ed-460d-8f69-29a93b07afd1}.dll','32');
DeleteFile('C:\WINDOWS\system32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}t.sys','32');
BC_DeleteSvc('Util WebSpades');
DeleteFile('C:\Program Files\WebSpades\bin\utilWebSpades.exe','32');
DeleteFile('C:\WINDOWS\system32\nethtsrv.exe','32');
DeleteFile('C:\WINDOWS\system32\netupdsrv.exe','32');
BC_DeleteSvc('NetHttpService');
BC_DeleteSvc('ServiceUpdater');
DeleteFile('C:\Documents and Settings\Home\Application Data\taskhost.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Taskhost','command');
DeleteFile('C:\WINDOWS\system32\vegdnwa.dll','32');
DeleteFile('C:\Program Files\TheTorntv V10\TheTorntv V10-bho.dll','32');
DeleteFile('C:\Program Files\TheGoPhoto.it V10\TheGoPhoto.it V10-bho.dll','32');
DeleteFile('C:\Program Files\WebSpades\WebSpadesBHO.dll','32');
DeleteFile('C:\Program Files\TheTorntv V10\9b77c2a1-04b8-4d92-bd96-1398620df99a-4.exe','32');
DeleteFile('C:\WINDOWS\Tasks\2ea7774b-0700-4331-ac2b-f30fe80e11b3.job','32');
DeleteFile('C:\WINDOWS\Tasks\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-1.job','32');
DeleteFile('C:\Program Files\TheGoPhoto.it V10\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-11.exe','32');
DeleteFile('C:\WINDOWS\Tasks\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-11.job','32');
DeleteFile('C:\Program Files\TheGoPhoto.it V10\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-2.exe','32');
DeleteFile('C:\WINDOWS\Tasks\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-2.job','32');
DeleteFile('C:\Program Files\TheGoPhoto.it V10\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-3.exe','32');
DeleteFile('C:\WINDOWS\Tasks\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-3.job','32');
DeleteFile('C:\Program Files\TheGoPhoto.it V10\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-4.exe','32');
DeleteFile('C:\WINDOWS\Tasks\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-4.job','32');
DeleteFile('C:\WINDOWS\Tasks\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-5.job','32');
DeleteFile('C:\Program Files\TheGoPhoto.it V10\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-5.exe','32');
DeleteFile('C:\Program Files\TheGoPhoto.it V10\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-6.exe','32');
DeleteFile('C:\WINDOWS\Tasks\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-6.job','32');
DeleteFile('/DllName32ToInjectToChrome=830cc5c4-e92c-4e5e-b34b-1187d548f920.dll','32');
DeleteFile('/DllName64ToInjectToChrome=b15221dd-9e52-4991-ae76-2823e65df867.dll','32');
DeleteFile('C:\WINDOWS\Tasks\4d0d823f-aac6-4171-8ab5-5201a74c6fe1-7.job','32');
DeleteFile('C:\WINDOWS\Tasks\9b77c2a1-04b8-4d92-bd96-1398620df99a-1.job','32');
DeleteFile('C:\WINDOWS\Tasks\9b77c2a1-04b8-4d92-bd96-1398620df99a-11.job','32');
DeleteFile('C:\WINDOWS\Tasks\9b77c2a1-04b8-4d92-bd96-1398620df99a-2.job','32');
DeleteFile('C:\WINDOWS\Tasks\9b77c2a1-04b8-4d92-bd96-1398620df99a-3.job','32');
DeleteFile('C:\WINDOWS\Tasks\9b77c2a1-04b8-4d92-bd96-1398620df99a-4.job','32');
DeleteFile('C:\WINDOWS\Tasks\9b77c2a1-04b8-4d92-bd96-1398620df99a-5.job','32');
DeleteFile('C:\WINDOWS\Tasks\9b77c2a1-04b8-4d92-bd96-1398620df99a-6.job','32');
DeleteFile('C:\WINDOWS\Tasks\9b77c2a1-04b8-4d92-bd96-1398620df99a-7.job','32');
DeleteFile('C:\WINDOWS\Tasks\dafaadd4-4f8a-4c58-9797-d8bc8e42cb4a.job','32');
DeleteFile('C:\Documents and Settings\Home\Application Data\newSI_4396\s_inst.exe','32');
DeleteFile('C:\WINDOWS\Tasks\newSI_4396.job','32');
DeleteFile('C:\WINDOWS\Tasks\Utorrent Plus.job','32');
DeleteFile('C:\WINDOWS\system32\hfnapi.dll','32');
DeleteFile('C:\WINDOWS\system32\hfpapi.dll','32');
DeleteFile('C:\WINDOWS\system32\Drivers\nethfdrv.sys','32');
DeleteFile('C:\WINDOWS\system32\drivers\nethfdrv.sys','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.