Код:
begin
SearchRootkit(true, true);
TerminateProcessByName('c:\users\Администратор\appdata\local\temp\svhost.exe');
TerminateProcessByName('c:\program files\gohd\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-1-6.exe');
QuarantineFile('C:\Program Files\xtab\cmdshell.exe', '');
QuarantineFile('C:\Program Files\xtab\browerwatchff.dll', '');
QuarantineFile('C:\Program Files\xtab\browerwatchch.dll', '');
QuarantineFile('C:\Program Files\GoHD\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-3.exe', '');
QuarantineFile('C:\Program Files\GoHD\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-11.exe', '');
QuarantineFile('C:\Program Files\GoHD\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-1-7.exe', '');
QuarantineFile('c:\users\Администратор\appdata\local\temp\svhost.exe', '');
QuarantineFile('c:\program files\gohd\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-1-6.exe', '');
DeleteFile('c:\program files\gohd\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-1-6.exe', '32');
DeleteFile('c:\users\Администратор\appdata\local\temp\svhost.exe', '32');
DeleteFile('C:\Users\Администратор\AppData\Roaming\Browsers\exe.emorhc.bat', '32');
DeleteFile('C:\WINDOWS\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-1-6.job', '32');
DeleteFile('C:\WINDOWS\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-1-7.job', '32');
DeleteFile('C:\Program Files\GoHD\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-1-7.exe', '32');
DeleteFile('C:\Program Files\GoHD\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-10.exe', '32');
DeleteFile('C:\WINDOWS\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-10_user.job', '32');
DeleteFile('C:\WINDOWS\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-11.job', '32');
DeleteFile('C:\Program Files\GoHD\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-11.exe', '32');
DeleteFile('C:\Program Files\GoHD\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-3.exe', '32');
DeleteFile('C:\WINDOWS\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-3.job', '32');
DeleteFile('C:\WINDOWS\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-5.job', '32');
DeleteFile('C:\WINDOWS\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-5_user.job', '32');
DeleteFile('C:\WINDOWS\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-6.job', '32');
DeleteFile('C:\WINDOWS\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-7.job', '32');
DeleteFile('C:\WINDOWS\Tasks\aa613841-cc06-4c6a-ba67-ab2203f62731-1-6.job', '32');
DeleteFile('C:\WINDOWS\Tasks\aa613841-cc06-4c6a-ba67-ab2203f62731-1-7.job', '32');
DeleteFile('C:\WINDOWS\Tasks\aa613841-cc06-4c6a-ba67-ab2203f62731-11.job', '32');
DeleteFile('C:\WINDOWS\Tasks\aa613841-cc06-4c6a-ba67-ab2203f62731-5.job', '32');
DeleteFile('C:\WINDOWS\Tasks\aa613841-cc06-4c6a-ba67-ab2203f62731-5_user.job', '32');
DeleteFile('C:\WINDOWS\Tasks\aa613841-cc06-4c6a-ba67-ab2203f62731-6.job', '32');
DeleteFile('C:\WINDOWS\Tasks\aa613841-cc06-4c6a-ba67-ab2203f62731-7.job', '32');
DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP1.job', '32');
DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP2.job', '32');
DeleteFile('C:\WINDOWS\Tasks\APSnotifierPP3.job', '32');
DeleteFile('C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job', '32');
DeleteFile('C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job', '32');
DeleteFile('C:\WINDOWS\Tasks\Price Fountain.job', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-1-6', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-1-7', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-3', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-5', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-6', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\96d4f2c1-5a31-4bf0-93a4-bc2739f7d30e-7', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\aa613841-cc06-4c6a-ba67-ab2203f62731-1-6', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\aa613841-cc06-4c6a-ba67-ab2203f62731-1-7', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\aa613841-cc06-4c6a-ba67-ab2203f62731-11', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\aa613841-cc06-4c6a-ba67-ab2203f62731-5', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\aa613841-cc06-4c6a-ba67-ab2203f62731-6', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\aa613841-cc06-4c6a-ba67-ab2203f62731-7', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\APSnotifierPP1', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\APSnotifierPP2', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\APSnotifierPP3', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\LaunchPreSignup', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\Price Fountain', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\UNELEVATE_11792', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\{7BBA559D-0BC4-4470-A0C8-8CC0612A048A}', '32');
DeleteFile('C:\WINDOWS\system32\Tasks\{8A4D4B00-A386-4575-8466-ADDBC1045BE7}', '32');
DeleteFile('C:\Program Files\xtab\browerwatchch.dll', '32');
DeleteFile('C:\Program Files\xtab\browerwatchff.dll', '32');
DeleteFile('C:\Program Files\xtab\cmdshell.exe', '32');
DeleteService('QMUdisk');
DeleteService('BAPIDRV');
DelBHO('{b608cc98-54de-4775-96c9-097de398500c}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Windesk Winsearch');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'YTDownloader');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'YTDownloader');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'esdmdjovng');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteRepair(4);
ExecuteRepair(3);
ExecuteWizard('SCU', 2, 2, true);
ExecuteWizard('TSW', 3, 3, true);
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.