Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\program files\dripkix\packages\950196f1-1d17-4d35-9169-af1360dcebf3\drip.exe');
TerminateProcessByName('c:\program files\dripkix\dripkix.exe');
TerminateProcessByName('c:\program files\44124716-1446601153-486a-3fa8-b8763f12d57b\jnslf72.tmp');
TerminateProcessByName('c:\program files\44124716-1446601153-486a-3fa8-b8763f12d57b\knsl4b4f.tmp');
TerminateProcessByName('c:\users\user\appdata\local\temp\nsf131a.tmp');
TerminateProcessByName('c:\program files\sfk\ssfk.exe');
TerminateProcessByName('c:\users\user\appdata\local\gmsd_ru_005010152\upgmsd_ru_005010152.exe');
TerminateProcessByName('c:\programdata\ewminiproe\wminipro.exe');
TerminateProcessByName('c:\programdata\zitenop\zitenop.exe');
StopService('Dripkix');
StopService('ginoquci');
StopService('lewyxuro');
StopService('SSFK');
StopService('WdsManPro');
StopService('zemyjemo');
StopService('Zitenop');
StopService('bsdriver');
QuarantineFile('c:\program files\dripkix\packages\950196f1-1d17-4d35-9169-af1360dcebf3\drip.exe', '');
QuarantineFile('c:\program files\dripkix\dripkix.exe', '');
QuarantineFile('c:\program files\44124716-1446601153-486a-3fa8-b8763f12d57b\jnslf72.tmp', '');
QuarantineFile('c:\program files\44124716-1446601153-486a-3fa8-b8763f12d57b\knsl4b4f.tmp', '');
QuarantineFile('c:\users\user\appdata\local\temp\nsf131a.tmp', '');
QuarantineFile('c:\program files\sfk\ssfk.exe', '');
QuarantineFile('c:\users\user\appdata\local\gmsd_ru_005010152\upgmsd_ru_005010152.exe', '');
QuarantineFile('c:\programdata\ewminiproe\wminipro.exe', '');
QuarantineFile('c:\programdata\zitenop\zitenop.exe', '');
QuarantineFile('C:\Program Files\groover211120150646\Iauvojo.DLL', '');
QuarantineFile('C:\Windows\system32\drivers\bsdriver.sys', '');
QuarantineFile('C:\Users\user\AppData\Local\SmartWeb\SmartWebHelper.exe', '');
QuarantineFile('C:\Program Files\gmsd_ru_005010152\gmsd_ru_005010152.exe', '');
QuarantineFile('C:\Windows\system32\GroupPolicy\Machine\Registry.pol', '');
QuarantineFile('C:\Windows\system32\GroupPolicy\Machine\R', '');
QuarantineFile('C:\Program Files\Lucky Bright\Extensions\d47f39c7-2f7f-43e5-ba53-faffe2da42af.dll', '');
QuarantineFile('C:\Program Files\PlusHD_1.02mV09.08\59acf12a-3c64-4be8-ad9c-16dd07bba4c4-1-6.exe', '');
QuarantineFile('C:\Program Files\PlusHD_1.02mV09.08\59acf12a-3c64-4be8-ad9c-16dd07bba4c4-1-7.exe', '');
QuarantineFile('C:\Program Files\PlusHD_1.02mV09.08\59acf12a-3c64-4be8-ad9c-16dd07bba4c4-10.exe', '');
QuarantineFile('C:\Program Files\PlusHD_1.02mV09.08\59acf12a-3c64-4be8-ad9c-16dd07bba4c4-3.exe', '');
QuarantineFile('C:\Program Files\PlusHD_1.02mV09.08\59acf12a-3c64-4be8-ad9c-16dd07bba4c4-5.exe', '');
QuarantineFile('C:\Program Files\PlusHD_1.02mV09.08\59acf12a-3c64-4be8-ad9c-16dd07bba4c4-6.exe', '');
QuarantineFile('C:\Program Files\PlusHD_1.02mV09.08\59acf12a-3c64-4be8-ad9c-16dd07bba4c4-7.exe', '');
QuarantineFile('C:\PROGRA~1\GROOVE~1\Zhpus.bat', '');
QuarantineFile('C:\PROGRA~1\GROOVE~1\Tongowbo.bat', '');
QuarantineFile('C:\Users\user\AppData\Local\Temp\Updater.exe', '');
QuarantineFile('C:\Users\user\AppData\Local\Hostinstaller\3335849046_monster.exe', '');
QuarantineFile('C:\Program Files\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe', '');
QuarantineFile('c:\task.vbs', '');
QuarantineFile('C:\Users\user\AppData\Local\Temp\nss4A63.tmp\blowfish.dll', '');
QuarantineFile('C:\Users\user\appdata\local\smartweb\smartwebapp.exe', '');
QuarantineFile('C:\Users\user\appdata\local\smartweb\swhk.dll', '');
QuarantineFile('C:\Users\user\appdata\local\smartweb\__u.exe', '');
QuarantineFile('C:\Users\user\AppData\Local\44124716-1448375291-486A-3FA8-B8763F12D57B\qnscC00A.tmp', '');
QuarantineFile('C:\Program Files\baidu\ppt.exe', '');
QuarantineFile('C:\Windows\system32\Asaibe.dll', '');
QuarantineFile('C:\Windows\SYSTEM32\DNSAPI.dll', '');
DeleteFile('c:\program files\dripkix\packages\950196f1-1d17-4d35-9169-af1360dcebf3\drip.exe', '32');
DeleteFile('c:\program files\dripkix\dripkix.exe', '32');
DeleteFile('c:\program files\44124716-1446601153-486a-3fa8-b8763f12d57b\jnslf72.tmp', '32');
DeleteFile('c:\program files\44124716-1446601153-486a-3fa8-b8763f12d57b\knsl4b4f.tmp', '32');
DeleteFile('c:\users\user\appdata\local\temp\nsf131a.tmp', '32');
DeleteFile('c:\program files\sfk\ssfk.exe', '32');
DeleteFile('c:\users\user\appdata\local\gmsd_ru_005010152\upgmsd_ru_005010152.exe', '32');
DeleteFile('c:\programdata\ewminiproe\wminipro.exe', '32');
DeleteFile('c:\programdata\zitenop\zitenop.exe', '32');
DeleteFile('C:\Windows\system32\Asaibe.dll', '32');
DeleteFile('C:\Program Files\groover211120150646\Iauvojo.DLL', '32');
DeleteFile('C:\Windows\system32\drivers\bsdriver.sys', '32');
DeleteFile('C:\Users\user\AppData\Local\SmartWeb\SmartWebHelper.exe', '32');
DeleteFile('C:\Program Files\gmsd_ru_005010152\gmsd_ru_005010152.exe', '32');
DeleteFile('C:\Windows\system32\GroupPolicy\Machine\Registry.pol', '32');
DeleteFile('C:\Windows\system32\GroupPolicy\Machine\R', '32');
DeleteFile('C:\Program Files\Lucky Bright\Extensions\d47f39c7-2f7f-43e5-ba53-faffe2da42af.dll', '32');
DeleteFile('C:\Program Files\PlusHD_1.02mV09.08\59acf12a-3c64-4be8-ad9c-16dd07bba4c4-1-6.exe', '32');
DeleteFile('C:\Program Files\PlusHD_1.02mV09.08\59acf12a-3c64-4be8-ad9c-16dd07bba4c4-1-7.exe', '32');
DeleteFile('C:\Program Files\PlusHD_1.02mV09.08\59acf12a-3c64-4be8-ad9c-16dd07bba4c4-10.exe', '32');
DeleteFile('C:\Program Files\PlusHD_1.02mV09.08\59acf12a-3c64-4be8-ad9c-16dd07bba4c4-3.exe', '32');
DeleteFile('C:\Program Files\PlusHD_1.02mV09.08\59acf12a-3c64-4be8-ad9c-16dd07bba4c4-5.exe', '32');
DeleteFile('C:\Program Files\PlusHD_1.02mV09.08\59acf12a-3c64-4be8-ad9c-16dd07bba4c4-6.exe', '32');
DeleteFile('C:\Program Files\PlusHD_1.02mV09.08\59acf12a-3c64-4be8-ad9c-16dd07bba4c4-7.exe', '32');
DeleteFile('C:\PROGRA~1\GROOVE~1\Zhpus.bat', '32');
DeleteFile('C:\PROGRA~1\GROOVE~1\Tongowbo.bat', '32');
DeleteFile('C:\Users\user\AppData\Local\Temp\Updater.exe', '32');
DeleteFile('C:\Users\user\AppData\Local\Hostinstaller\3335849046_monster.exe', '32');
DeleteFile('C:\Program Files\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe', '32');
DeleteFile('c:\task.vbs', '32');
DeleteFile('C:\Users\user\AppData\Local\Temp\nss4A63.tmp\blowfish.dll', '32');
DeleteFile('C:\Users\user\appdata\local\smartweb\smartwebapp.exe', '32');
DeleteFile('C:\Users\user\appdata\local\smartweb\swhk.dll', '32');
DeleteFile('C:\Users\user\appdata\local\smartweb\__u.exe', '32');
DeleteFile('C:\Users\user\AppData\Local\44124716-1448375291-486A-3FA8-B8763F12D57B\qnscC00A.tmp', '32');
DeleteFile('C:\Program Files\baidu\ppt.exe', '32');
DeleteService('Dripkix');
DeleteService('ginoquci');
DeleteService('lewyxuro');
DeleteService('SSFK');
DeleteService('WdsManPro');
DeleteService('zemyjemo');
DeleteService('Zitenop');
DeleteService('bsdriver');
DeleteFileMask('c:\program files\dripkix', '*', true);
DeleteFileMask('c:\program files\sfk', '*', true);
DeleteFileMask('c:\programdata\ewminiproe', '*', true);
DeleteFileMask('c:\programdata\zitenop', '*', true);
DeleteFileMask('C:\Users\user\AppData\Local\SmartWeb', '*', true);
DeleteFileMask('C:\Program Files\Lucky Bright\Extensions', '*', true);
DeleteFileMask('C:\Program Files\PlusHD_1.02mV09.08', '*', true);
DeleteFileMask('C:\Users\user\AppData\Local\Hostinstaller', '*', true);
DeleteFileMask('C:\Program Files\SwiftSearch_1.10.0.25', '*', true);
DeleteFileMask('C:\Program Files\baidu', '*', true);
DeleteDirectory('c:\program files\dripkix');
DeleteDirectory('c:\program files\sfk');
DeleteDirectory('c:\programdata\ewminiproe');
DeleteDirectory('c:\programdata\zitenop');
DeleteDirectory('C:\Users\user\AppData\Local\SmartWeb');
DeleteDirectory('C:\Program Files\Lucky Bright\Extensions');
DeleteDirectory('C:\Program Files\PlusHD_1.02mV09.08');
DeleteDirectory('C:\Users\user\AppData\Local\Hostinstaller');
DeleteDirectory('C:\Program Files\SwiftSearch_1.10.0.25');
DeleteDirectory('C:\Program Files\baidu');
DelSPIByFileName('C:\Windows\system32\Asaibe.dll', true);
DelSPIByFileName('C:\Windows\system32\Asaibe.dll', false);
DelBHO('{d47f39c7-2f7f-43e5-ba53-faffe2da42af}');
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-1-6" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-1-7" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-10_user" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-3" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-5" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-5_user" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-6" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-7" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-1-6" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-1-7" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-10_user" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-3" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-5" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-5_user" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-6" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "59acf12a-3c64-4be8-ad9c-16dd07bba4c4-7" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Bipsoecl" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Dirkif" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "runTask" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "SmartWeb Upgrade Trigger Task" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Soft installer" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "SwiftSearch Auto Updater 1.10.0.25 Core" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "SwiftSearch Auto Updater 1.10.0.25 Pending Update" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "updateTask" /F', 0, 15000, true);
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'SmartWeb');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'gmsd_ru_005010152');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'upgmsd_ru_005010152.exe');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'C');
BC_ImportALL;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.