Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\program files (x86)\movies app\datamngr\datamngrcoordinator.exe');
StopService('F06DEFF2-5B9C-490D-910F-35D3A9119622');
StopService('DatamngrCoordinator');
QuarantineFile('C:\Windows\system32\d3dadapter.dll','');
QuarantineFile('C:\Users\user\AppData\Roaming\istartsurf\UninstallManager.exe','');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\plugins\FileSmash\QMSoftExt.dll','');
QuarantineFile('C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll','');
QuarantineFile('C:\Users\user2\AppData\Local\Temp\11-20150313-154741.exe','');
QuarantineFile('C:\Users\user2\AppData\Local\Pokki\Engine\Launcher.dll','');
QuarantineFile('C:\Users\user2\AppData\Local\Pokki\Engine\pokki.exe','');
QuarantineFile('C:\Users\user2\AppData\Local\Kometa\kometaup.exe','');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\TsDefenseBT64.sys','');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\TS888x64.sys','');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\QMUdisk64.sys','');
QuarantineFile('C:\Windows\system32\drivers\ksapi64.sys','');
QuarantineFile('C:\Windows\system32\DRIVERS\bd0004.sys','');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\QQPCRtp.exe','');
QuarantineFileF('C:\Windows\temp\PCGuangjia\PCGuangjia','*', true,'',0 ,0);
QuarantineFile('C:\Program Files (x86)\Movies App\Datamngr\x64\setmgrc3.cfg','');
QuarantineFile('c:\program files (x86)\movies app\datamngr\datamngrcoordinator.exe','');
QuarantineFileF('C:\Windows\temp\PCGuangjia\15761','*', true,'',0 ,0);
DeleteFile('C:\Program Files (x86)\Movies App\Datamngr\x64\setmgrc3.cfg','32');
DeleteFile('C:\Program Files (x86)\Movies App\Datamngr\DatamngrCoordinator.exe','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\QQPCRtp.exe','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0004.sys','32');
DeleteFile('C:\Windows\system32\drivers\ksapi64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\QMUdisk64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\TS888x64.sys','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\TsDefenseBT64.sys','32');
DeleteFile('C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\baiduAnTray.exe','32');
DeleteFile('C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\baidusdTray.exe','32');
DeleteFile('C:\Users\user2\AppData\Local\Kometa\kometaup.exe','32');
DeleteFile('C:\Users\user2\AppData\Local\MediaGet2\mediaget.exe','32');
DeleteFile('C:\Users\user2\AppData\Local\Temp\11-20150313-154741.exe','32');
DeleteFile('C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.6.15950.224\plugins\FileSmash\QMSoftExt.dll','32');
DeleteFile('C:\Users\user\AppData\Roaming\istartsurf\UninstallManager.exe','32');
DeleteFile('C:\Windows\system32\Tasks\{5B07C2DF-EB5D-4185-A521-68F507614F9C}','64');
DeleteFile('C:\Windows\system32\Tasks\{EEFC7EF1-795E-4ECB-B531-FC7500B2797D}','64');
DeleteFile('C:\Windows\system32\d3dadapter.dll','32');
DelBHO('{05bf0e05-a298-4d0a-b6eb-f55b30a2e662}');
DelCLSID('{754DF2CE-51E8-4895-B53C-6381418B84AE}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\baiduAnTray','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\baidusdTray','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kometaup','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MediaGet2','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','11-20150313-154741');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','gtmkayaoht');
DeleteService('TsDefenseBt');
DeleteService('TS888x64');
DeleteService('QMUdisk');
DeleteService('ksapi64');
DeleteService('bd0004');
DeleteService('F06DEFF2-5B9C-490D-910F-35D3A9119622');
DeleteService('QQPCRTP');
DeleteService('DatamngrCoordinator');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU',2,2,true);
RebootWindows(true);
end.
После перезагрузки выполните скрипт: