Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
QuarantineFileF('c:\users\serj\appdata\roaming\newsi_1799\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('c:\users\serj\appdata\roaming\newsi_4196\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFile('C:\Users\serj\AppData\Local\Temp\1d2903470.exe', '');
QuarantineFile('C:\Users\serj\AppData\Local\Temp\2d2903470.exe', '');
QuarantineFile('C:\Users\serj\0.17190848947274817.exe', '');
QuarantineFile('C:\Users\serj\0.7563937295515425.exe', '');
QuarantineFile('C:\Users\serj\AppData\Local\Temp\t7f07ib.exe', '');
QuarantineFile('C:\ProgramData\lNXyOKy\xKoMiSiPD5.bat', '');
QuarantineFile('C:\Users\serj\AppData\Roaming\newSI_1799\s_inst.exe', '');
QuarantineFile('C:\Users\serj\AppData\Roaming\newSI_4196\s_inst.exe', '');
DeleteFile('C:\Windows\Tasks\newSI_1799.job', '32');
DeleteFile('C:\Windows\Tasks\newSI_4196.job', '32');
DeleteFile('C:\Users\serj\AppData\Local\Temp\1d2903470.exe', '32');
DeleteFile('C:\Users\serj\AppData\Local\Temp\2d2903470.exe', '32');
DeleteFile('C:\Users\serj\0.17190848947274817.exe', '32');
DeleteFile('C:\Users\serj\0.7563937295515425.exe', '32');
DeleteFile('C:\Users\serj\AppData\Local\Temp\t7f07ib.exe', '32');
DeleteFile('C:\ProgramData\lNXyOKy\xKoMiSiPD5.bat', '32');
DeleteFile('C:\Users\serj\AppData\Roaming\newSI_1799\s_inst.exe', '32');
DeleteFile('C:\Users\serj\AppData\Roaming\newSI_4196\s_inst.exe', '32');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "newSI_1799" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "newSI_4196" /F', 0, 15000, true);
DeleteFileMask('c:\users\serj\appdata\roaming\newsi_1799\', '*', true);
DeleteFileMask('c:\users\serj\appdata\roaming\newsi_4196\', '*', true);
DeleteDirectory('c:\users\serj\appdata\roaming\newsi_1799\');
DeleteDirectory('c:\users\serj\appdata\roaming\newsi_4196\');
DelBHO('{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} ');
DelBHO('{ad708c09-d51b-45b3-9d28-4eba2681febf}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S10984155', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S1113731', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S112128163', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S1414122', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S143097', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S145165132', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S177188173', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S1819275', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S18618972', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S187062', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S7115233', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S8388116', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VKSaver', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VKSaverUpdater', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\1d2903470.exe', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\2d2903470.exe', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S1062287', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S142152113', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\t7f07ib.exe', 'command');
BC_ImportALL;
ExecuteSysClean;
ExecuteRepair(1);
ExecuteWizard('SCU', 2, 3, true);
BC_Activate;
RebootWindows(true);
end.