Код:
begin
ExecuteAVUpdate;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('c:\users\Танечка\appdata\roaming\tor project\tor.exe');
TerminateProcessByName('c:\users\Танечка\appdata\roaming\gemware\node-webkit.exe');
SetServiceStart('rezucybo', 4);
SetServiceStart('punutume', 4);
SetServiceStart('fipufuwu', 4);
StopService('skinapp');
StopService('rezucybo');
StopService('punutume');
StopService('fipufuwu');
QuarantineFileF('C:\Users\Танечка\AppData\Local\SystemDir', '*', true, '', 0 , 0);
QuarantineFile('C:\Users\EE73~1\AppData\Local\Temp\IS1242~1\191295_stp\downloader.exe', '');
QuarantineFile('C:\Users\EE73~1\AppData\Local\Temp\IS1242~1\191295_stp', '');
QuarantineFileF('C:\Program Files\CinemaP-1.9cV07.11\', '*.exe, *.dll, *.sys, *.bat, *.vbs', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\TimeTasks\', '*.exe, *.dll, *.sys, *.bat, *.vbs', true, '', 0, 0);
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\goopdate.dll', '');
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdateondemand.exe', '');
QuarantineFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdatebroker.exe', '');
QuarantineFile('C:\Users\Танечка\AppData\Roaming\WindowsUpdater\Updater.exe', '');
QuarantineFile('C:\Users\Танечка\AppData\Local\SystemDir\nethost.exe', '');
QuarantineFile('C:\Users\Танечка\AppData\Local\Microsoft\Extensions\extsetup.exe', '');
QuarantineFile('C:\ProgramData\KRB Updater Utility\krbupdater-utility.exe', '');
QuarantineFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-7.exe', '');
QuarantineFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-11.exe', '');
QuarantineFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-3.exe', '');
QuarantineFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-5.exe', '');
QuarantineFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-4.exe', '');
QuarantineFile('C:\Users\???????\AppData\Roaming\YmAO4c0wCI6J0BfQNupeMw.exe', '');
QuarantineFile('C:\Users\???????\AppData\Roaming\RZQBKT7M4cssswJeJ3mJd.exe ', '');
QuarantineFile('C:\Users\???????\AppData\Roaming\qXJ9z2pdA1a82Yw.exe', '');
QuarantineFile('C:\Users\???????\AppData\Roaming\QRfJRCWnXGLwm68Iyv4OBGnmP.exe', '');
QuarantineFile('C:\Users\???????\AppData\Roaming\olOhpci0wM4FbVFXEJX8nKmfmOU.exe', '');
QuarantineFile('C:\Users\???????\AppData\Roaming\MHS6yUqi.exe', '');
QuarantineFile('C:\Users\???????\AppData\Roaming\mcvxLevWmy0gos9zNz.exe', '');
QuarantineFile('C:\Program Files\globalUpdate\Update\globalupdate.exe', '');
QuarantineFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-10.exe', '');
QuarantineFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-1-6.exe', '');
QuarantineFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-1-7.exe', '');
QuarantineFile('C:\Program Files\Аудио и видео скачивание\IE\x86\Downloader.dll', '');
QuarantineFile('C:\Users\Танечка\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemAutorun.exe', '');
QuarantineFile('C:\Program Files\Mobogenie\DaemonProcess.exe', '');
QuarantineFile('C:\Program Files\Common Files\AppDownloads\496C9ACC-C066-4E94-B59C-C1A903BF999C.exe', '');
QuarantineFile('C:\Users\Танечка\AppData\Local\Microsoft\Macromed\Flash Player\Updater Startup Utility\A96E9AC3-73E5-4CB9-B2B2-9ADC150A4130.exe', '');
QuarantineFile('C:\Users\Танечка\AppData\Roaming\Microsoft Manager APP\InstallMoney.exe', '');
QuarantineFile('C:\Users\Танечка\AppData\Roaming\Microsoft Manager APP\InstallerOrion.exe', '');
QuarantineFile('C:\Users\Танечка\AppData\Roaming\Microsoft Manager APP\DownloadInjectionSQL.exe', '');
QuarantineFile('C:\Users\Танечка\AppData\Roaming\GemWare\DeleteWebkitCookie.exe', '');
QuarantineFile('C:\Users\Танечка\AppData\Roaming\Microsoft Update\UnLoad.exe', '');
QuarantineFile('C:\Users\Танечка\AppData\Roaming\UpdateSocialBotVK.exe', '');
QuarantineFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe', '');
QuarantineFile('C:\Windows\skinapp.sys', '');
QuarantineFile('C:\Program Files\7118C780-1446807275-81E1-2787-5404A642E93E\knswF6D5.tmpfs', '');
QuarantineFile('C:\Program Files\7118C780-1446807275-81E1-2787-5404A642E93E\jnsx1296.tmp', '');
QuarantineFile('C:\Program Files\7118C780-1446807275-81E1-2787-5404A642E93E\hnsc2AC9.tmp', '');
QuarantineFile('c:\users\Танечка\appdata\roaming\tor project\tor.exe', '');
QuarantineFile('c:\users\Танечка\appdata\roaming\gemware\node-webkit.exe', '');
QuarantineFile('C:\Program Files\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe', '');
QuarantineFile('C:\ProgramData\TimeTasks\timetasks.exe', '');
DeleteFile('C:\Users\EE73~1\AppData\Local\Temp\IS1242~1\191295_stp\downloader.exe', '32');
DeleteFile('C:\Users\EE73~1\AppData\Local\Temp\IS1242~1\191295_stp', '32');
DeleteFile('C:\Program Files\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe');
DeleteFile('C:\ProgramData\TimeTasks\timetasks.exe', '32');
DeleteFile('C:\Program Files\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe', '32');
DeleteFile('C:\Windows\system32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update', '32');
DeleteFile('C:\Windows\system32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core', '32');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task', '32');
DeleteFile('C:\Program Files\7118C780-1446807275-81E1-2787-5404A642E93E\hnsc2AC9.tmp', '32');
DeleteFile('C:\Program Files\7118C780-1446807275-81E1-2787-5404A642E93E\jnsx1296.tmp', '32');
DeleteFile('C:\Program Files\7118C780-1446807275-81E1-2787-5404A642E93E\knswF6D5.tmpfs', '32');
DeleteFile('C:\Windows\skinapp.sys', '32');
DeleteFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe', '32');
DeleteFile('C:\Users\Танечка\AppData\Roaming\UpdateSocialBotVK.exe', '32');
DeleteFile('C:\Users\Танечка\AppData\Local\Microsoft\Macromed\Flash Player\Updater Startup Utility\A96E9AC3-73E5-4CB9-B2B2-9ADC150A4130.exe', '32');
DeleteFile('C:\Program Files\Common Files\AppDownloads\496C9ACC-C066-4E94-B59C-C1A903BF999C.exe', '32');
DeleteFile('C:\Program Files\Mobogenie\DaemonProcess.exe', '32');
DeleteFile('C:\Users\Танечка\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemAutorun.exe', '32');
DeleteFile('C:\Program Files\Аудио и видео скачивание\IE\x86\Downloader.dll', '32');
DeleteFile('C:\Windows\Tasks\db8710ea-4cda-409e-8d6b-341b2644eff0-1-6.job', '32');
DeleteFile('C:\Windows\Tasks\db8710ea-4cda-409e-8d6b-341b2644eff0-1-7.job', '32');
DeleteFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-1-7.exe', '32');
DeleteFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-1-6.exe', '32');
DeleteFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-10.exe', '32');
DeleteFile('C:\Windows\Tasks\db8710ea-4cda-409e-8d6b-341b2644eff0-10_user.job', '32');
DeleteFile('C:\Program Files\globalUpdate\Update\globalupdate.exe', '32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job', '32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job', '32');
DeleteFile('C:\Windows\Tasks\mcvxLevWmy0gos9zNz.job', '32');
DeleteFile('C:\Users\???????\AppData\Roaming\mcvxLevWmy0gos9zNz.exe', '32');
DeleteFile('C:\Windows\Tasks\MHS6yUqi.job', '32');
DeleteFile('C:\Users\???????\AppData\Roaming\MHS6yUqi.exe', '32');
DeleteFile('C:\Users\???????\AppData\Roaming\olOhpci0wM4FbVFXEJX8nKmfmOU.exe', '32');
DeleteFile('C:\Users\???????\AppData\Roaming\QRfJRCWnXGLwm68Iyv4OBGnmP.exe', '32');
DeleteFile('C:\Windows\Tasks\QRfJRCWnXGLwm68Iyv4OBGnmP.job', '32');
DeleteFile('C:\Users\???????\AppData\Roaming\qXJ9z2pdA1a82Yw.exe', '32');
DeleteFile('C:\Users\???????\AppData\Roaming\RZQBKT7M4cssswJeJ3mJd.exe ', '32');
DeleteFile('C:\Users\???????\AppData\Roaming\YmAO4c0wCI6J0BfQNupeMw.exe', '32');
DeleteFile('C:\Windows\Tasks\YmAO4c0wCI6J0BfQNupeMw.job', '32');
DeleteFile('C:\Windows\system32\Tasks\db8710ea-4cda-409e-8d6b-341b2644eff0-1-6', '32');
DeleteFile('C:\Windows\system32\Tasks\db8710ea-4cda-409e-8d6b-341b2644eff0-5', '32');
DeleteFile('C:\Windows\system32\Tasks\db8710ea-4cda-409e-8d6b-341b2644eff0-4', '32');
DeleteFile('C:\Windows\system32\Tasks\db8710ea-4cda-409e-8d6b-341b2644eff0-3', '32');
DeleteFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-4.exe', '32');
DeleteFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-5.exe', '32');
DeleteFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-11.exe', '32');
DeleteFile('C:\Program Files\CinemaP-1.9cV07.11\db8710ea-4cda-409e-8d6b-341b2644eff0-7.exe', '32');
DeleteFile('C:\Windows\system32\Tasks\extsetup', '32');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineCore', '32');
DeleteFile('C:\ProgramData\KRB Updater Utility\krbupdater-utility.exe', '32');
DeleteFile('C:\Windows\system32\Tasks\KRB Updater Utility', '32');
DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\496C9ACC-C066-4E94-B59C-C1A903BF999C', '32');
DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\AAC25A4E-C6CB-4865-B95E-605F1654D1CD', '32');
DeleteFile('C:\Users\Танечка\AppData\Local\Microsoft\Extensions\extsetup.exe', '32');
DeleteFile('C:\Users\Танечка\AppData\Local\SystemDir\nethost.exe', '32');
DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\SafeBrowser', '32');
DeleteFile('C:\Windows\system32\Tasks\nethost task', '32');
DeleteFile('C:\Users\Танечка\AppData\Local\SmartWeb\SmartWebHelper.exe', '32');
DeleteFile('C:\Users\Танечка\AppData\Roaming\WindowsUpdater\Updater.exe', '32');
DeleteFile('C:\Windows\system32\Tasks\WindowsUpdater', '32');
DeleteFile('C:\Windows\system32\Tasks\{9FD75B4D-D007-40ED-869A-E324B34B03DB}', '32');
DeleteFile('C:\Windows\system32\Tasks\{A4052E56-39C4-45FA-B34E-AB3E3A67A521}', '32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\goopdate.dll', '32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdateondemand.exe', '32');
DeleteFile('C:\Program Files\globalupdate\update\1.3.25.0\globalupdatebroker.exe', '32');
ExecuteFile('schtasks.exe', '/delete /TN "nethost task" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{9FD75B4D-D007-40ED-869A-E324B34B03DB}" /F', 0, 15000, true);
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
DeleteService('skinapp');
DeleteService('rezucybo');
DeleteService('punutume');
DeleteService('fipufuwu');
DeleteFileMask('C:\Users\Танечка\AppData\Local\SystemDir', '*', true);
DeleteFileMask('C:\Program Files\CinemaP-1.9cV07.11\', '*', true);
DeleteFileMask('C:\ProgramData\TimeTasks\', '*', true);
DeleteDirectory('C:\Users\Танечка\AppData\Local\SystemDir');
DeleteDirectory('C:\Program Files\CinemaP-1.9cV07.11\');
DeleteDirectory('C:\ProgramData\TimeTasks\');
DelBHO('{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}');
DelBHO('{68DE54BD-49C8-4982-BF5E-895C3124931A}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Timestasks');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'SpaceSoundPro');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'UpdateSocialBotVK');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run', 'AAC25A4E-C6CB-4865-B95E-605F1654D1CD');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run', 'AppDownloads');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon', 'command');
BC_ImportALL;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
BC_Activate;
RebootWindows(true);
end.