Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\users\Евгений1\appdata\local\amigo\application\amigo.exe');
TerminateProcessByName('c:\users\Евгений1\appdata\local\amigo\application\44.4.2403.3\amigo_cr.exe');
TerminateProcessByName('c:\users\Евгений1\appdata\local\mail.ru\mailruupdater.exe');
TerminateProcessByName('c:\program files\mail.ru\mailruupdater\mailruupdater.exe');
TerminateProcessByName('c:\users\Евгений1\appdata\local\zetagamesnews\zeta.exe');
TerminateProcessByName('c:\users\Евгений1\appdata\local\zetagamesviewer\zetaviewer.exe');
StopService('Updater.Mail.Ru');
StopService('861FDC1D');
QuarantineFile('c:\users\Евгений1\appdata\local\amigo\application\amigo.exe', '');
QuarantineFile('c:\users\Евгений1\appdata\local\amigo\application\44.4.2403.3\amigo_cr.exe', '');
QuarantineFile('c:\users\Евгений1\appdata\local\mail.ru\mailruupdater.exe', '');
QuarantineFile('c:\program files\mail.ru\mailruupdater\mailruupdater.exe', '');
QuarantineFile('c:\users\Евгений1\appdata\local\zetagamesnews\zeta.exe', '');
QuarantineFile('c:\users\Евгений1\appdata\local\zetagamesviewer\zetaviewer.exe', '');
QuarantineFile('C:\Users\Евгений1\AppData\Local\Amigo\Application\44.4.2403.3\chrome_elf.dll', '');
QuarantineFile('C:\Users\Евгений1\AppData\Local\Amigo\Application\44.4.2403.3\chrome.dll', '');
QuarantineFile('C:\Users\Евгений1\AppData\Local\Amigo\Application\44.4.2403.3\chrome_child.dll', '');
QuarantineFile('C:\Users\Евгений1\AppData\Local\Amigo\Application\44.4.2403.3\libglesv2.dll', '');
QuarantineFile('C:\Users\Евгений1\AppData\Local\Amigo\Application\44.4.2403.3\libegl.dll', '');
QuarantineFile('C:\Users\Евгений1\AppData\Local\ZetaGamesViewer\libcef.dll', '');
QuarantineFile('C:\Users\Евгений1\AppData\Local\ZetaGamesViewer\libglesv2.dll', '');
QuarantineFile('C:\Users\Евгений1\AppData\Local\ZetaGamesViewer\libegl.dll', '');
QuarantineFile('c:\users\евгений\appdata\local\temp\861FDC1D.sys', '');
QuarantineFile('C:\Windows\system32\drivers\innfd_1_10_0_14.sys', '');
QuarantineFile('C:\Program Files\YTDownloader\YTDownloader.exe', '');
QuarantineFile('C:\Windows\system32\GroupPolicy\Machine\Registry.pol', '');
QuarantineFile('C:\Windows\system32\GroupPolicy\Machine\R', '');
QuarantineFile('c:\users\17cdf~1\appdata\local\linkey\ieexte~1\iedll.dll', '');
QuarantineFile('C:\Program Files\Ask.com\Updater\Updater.exe', '');
QuarantineFile('C:\Users\Евгений\AppData\Local\Mail.Ru\GameCenter\[email protected]', '');
QuarantineFile('C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight32.dll', '');
QuarantineFile('C:\Users\Евгений1\AppData\Local\ErbtdeubK1.bat', '');
QuarantineFile('C:\Program Files\AnyProtectEx\AnyProtect.exe', '');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe', '');
QuarantineFile('c:\programdata\{e8ef79ba-f2b2-4630-e8ef-f79baf2be6eb}\5931487184898588689c.exe', '');
QuarantineFile('c:\programdata\{07eed44e-a6f8-7270-07ee-ed44ea6f513a}\6821355097134496001c.exe', '');
QuarantineFile('C:\Program Files\IObit\Driver', '');
QuarantineFile('C:\Users\B7E3~1\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE', '');
QuarantineFile('C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe', '');
QuarantineFile('C:\Program Files\shopperpro\updater.exe', '');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job', '32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job', '32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job', '32');
DeleteFile('C:\Windows\Tasks\Crossbrowse.job', '32');
DeleteFile('C:\Windows\Tasks\FreezeYourWork.job', '32');
DeleteFile('C:\Windows\Tasks\GymGeek.job', '32');
DeleteFile('c:\users\Евгений1\appdata\local\amigo\application\amigo.exe', '32');
DeleteFile('c:\users\Евгений1\appdata\local\amigo\application\44.4.2403.3\amigo_cr.exe', '32');
DeleteFile('c:\users\Евгений1\appdata\local\mail.ru\mailruupdater.exe', '32');
DeleteFile('c:\program files\mail.ru\mailruupdater\mailruupdater.exe', '32');
DeleteFile('c:\users\Евгений1\appdata\local\zetagamesnews\zeta.exe', '32');
DeleteFile('c:\users\Евгений1\appdata\local\zetagamesviewer\zetaviewer.exe', '32');
DeleteFile('C:\Users\Евгений1\AppData\Local\Amigo\Application\44.4.2403.3\chrome_elf.dll', '32');
DeleteFile('C:\Users\Евгений1\AppData\Local\Amigo\Application\44.4.2403.3\chrome.dll', '32');
DeleteFile('C:\Users\Евгений1\AppData\Local\Amigo\Application\44.4.2403.3\chrome_child.dll', '32');
DeleteFile('C:\Users\Евгений1\AppData\Local\Amigo\Application\44.4.2403.3\libglesv2.dll', '32');
DeleteFile('C:\Users\Евгений1\AppData\Local\Amigo\Application\44.4.2403.3\libegl.dll', '32');
DeleteFile('C:\Users\Евгений1\AppData\Local\ZetaGamesViewer\libcef.dll', '32');
DeleteFile('C:\Users\Евгений1\AppData\Local\ZetaGamesViewer\libglesv2.dll', '32');
DeleteFile('C:\Users\Евгений1\AppData\Local\ZetaGamesViewer\libegl.dll', '32');
DeleteFile('c:\users\евгений\appdata\local\temp\861FDC1D.sys', '32');
DeleteFile('C:\Windows\system32\drivers\innfd_1_10_0_14.sys', '32');
DeleteFile('C:\Program Files\YTDownloader\YTDownloader.exe', '32');
DeleteFile('C:\Windows\system32\GroupPolicy\Machine\Registry.pol', '32');
DeleteFile('C:\Windows\system32\GroupPolicy\Machine\R', '32');
DeleteFile('c:\users\17cdf~1\appdata\local\linkey\ieexte~1\iedll.dll', '32');
DeleteFile('C:\Program Files\Ask.com\Updater\Updater.exe', '32');
DeleteFile('C:\Users\Евгений\AppData\Local\Mail.Ru\GameCenter\[email protected]', '32');
DeleteFile('C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight32.dll', '32');
DeleteFile('C:\Users\Евгений1\AppData\Local\ErbtdeubK1.bat', '32');
DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe', '32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe', '32');
DeleteFile('c:\programdata\{e8ef79ba-f2b2-4630-e8ef-f79baf2be6eb}\5931487184898588689c.exe', '32');
DeleteFile('c:\programdata\{07eed44e-a6f8-7270-07ee-ed44ea6f513a}\6821355097134496001c.exe', '32');
DeleteFile('C:\Program Files\IObit\Driver', '32');
DeleteFile('C:\Users\B7E3~1\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE', '32');
DeleteFile('C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe', '32');
DeleteFile('C:\Program Files\shopperpro\updater.exe', '32');
DeleteService('Updater.Mail.Ru');
DeleteService('861FDC1D');
DeleteService('innfd_1_10_0_14');
DeleteFileMask('c:\users\Евгений1\appdata\local\amigo', '*', true);
DeleteFileMask('c:\users\Евгений1\appdata\local\mail.ru', '*', true);
DeleteFileMask('c:\program files\mail.ru', '*', true);
DeleteFileMask('c:\users\Евгений1\appdata\local\zetagamesnews', '*', true);
DeleteFileMask('c:\users\Евгений1\appdata\local\zetagamesviewer', '*', true);
DeleteFileMask('C:\Program Files\YTDownloader', '*', true);
DeleteFileMask('c:\users\17cdf~1\appdata\local\linkey', '*', true);
DeleteFileMask('C:\Program Files\Ask.com', '*', true);
DeleteFileMask('C:\Users\Евгений\AppData\Local\Mail.Ru', '*', true);
DeleteFileMask('C:\Program Files\IObit', '*', true);
DeleteFileMask('C:\Program Files\AnyProtectEx', '*', true);
DeleteFileMask('C:\Program Files\Crossbrowse', '*', true);
DeleteFileMask('c:\programdata\{e8ef79ba-f2b2-4630-e8ef-f79baf2be6eb}', '*', true);
DeleteFileMask('c:\programdata\{07eed44e-a6f8-7270-07ee-ed44ea6f513a}', '*', true);
DeleteFileMask('C:\Users\B7E3~1\AppData\Roaming\Funmoods', '*', true);
DeleteFileMask('C:\Program Files\shopperpro', '*', true);
DeleteDirectory('c:\users\Евгений1\appdata\local\amigo');
DeleteDirectory('c:\users\Евгений1\appdata\local\mail.ru');
DeleteDirectory('c:\program files\mail.ru');
DeleteDirectory('c:\users\Евгений1\appdata\local\zetagamesnews');
DeleteDirectory('c:\users\Евгений1\appdata\local\zetagamesviewer');
DeleteDirectory('C:\Program Files\YTDownloader');
DeleteDirectory('c:\users\17cdf~1\appdata\local\linkey');
DeleteDirectory('C:\Program Files\Ask.com');
DeleteDirectory('C:\Users\Евгений\AppData\Local\Mail.Ru');
DeleteDirectory('C:\Program Files\IObit');
DeleteDirectory('C:\Program Files\AnyProtectEx');
DeleteDirectory('C:\Program Files\Crossbrowse');
DeleteDirectory('c:\programdata\{e8ef79ba-f2b2-4630-e8ef-f79baf2be6eb}');
DeleteDirectory('c:\programdata\{07eed44e-a6f8-7270-07ee-ed44ea6f513a}');
DeleteDirectory('C:\Users\B7E3~1\AppData\Roaming\Funmoods');
DeleteDirectory('C:\Program Files\shopperpro');
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP1" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP3" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Driver Booster SkipUAC (Евгений1)" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "FreezeYourWork" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Funmoods" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Uninstaller_SkipUac_Евгений1" /F', 0, 15000, true);
DelCLSID('{B19ED566-D419-470b-B111-3C89040BC027}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'YTDownloader');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'MailRuUpdater');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'YTDownloader');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'C');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZetaGamesNews');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZetaGamesViewer');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'amigo');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GameCenterMailRu', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved', '{B19ED566-D419-470b-B111-3C89040BC027}');
BC_ImportALL;
ExecuteSysClean;
ExecuteRepair(1);
ExecuteRepair(4);
ExecuteRepair(23);
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.