Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('c:\program files\contentprotector\contentprotector.exe');
TerminateProcessByName('c:\program files\contentprotector\contentprotectorupdate.exe');
SetServiceStart('pricemeterliveUpdate', 4);
SetServiceStart('groover280220160906 Updater', 4);
StopService('WajaNetEn Monitor');
StopService('Util Mega Browse');
StopService('solozebizbt');
StopService('pricemeterliveUpdate');
StopService('groover280220160906 Updater');
StopService('ContentProtector');
StopService('ContentProtectorUpdate');
StopService('ContentProtectorDrv');
QuarantineFileF('C:\Program Files\groover280220160906\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\PriceMeterLiveUpdate\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\Mega Browse\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\2201B6A0-1456564599-11B2-8000-AFF35F63BED9\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Users\123\AppData\Local\2201B6A0-1456663927-11B2-8000-AFF35F63BED9\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files\WajaNetEn\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFile('C:\Program Files\Mega Browse\bin\utilMegaBrowse.exe', '');
QuarantineFile('C:\Program Files\WajaNetEn\2173a4aa0e6e60dac171a42535097a41.exe', '');
QuarantineFile('C:\Program Files\groover280220160906\Waakeoj.exe', '');
QuarantineFileF('c:\program files\contentprotector', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('c:\program files\spacesoundpro', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFile('c:\program files\contentprotector\contentprotector.exe', '');
QuarantineFile('c:\program files\contentprotector\contentprotectorupdate.exe', '');
QuarantineFile('C:\Program Files\ContentProtector\SSLEAY32.dll', '');
QuarantineFile('C:\Program Files\ContentProtector\LIBEAY32.dll', '');
QuarantineFile('C:\Program Files\2201B6A0-1456564599-11B2-8000-AFF35F63BED9\knse6044.tmp', '');
QuarantineFile('C:\Program Files\2201B6A0-1456564599-11B2-8000-AFF35F63BED9\hnsa41B4.tmp', '');
QuarantineFile('C:\Users\123\AppData\Local\2201B6A0-1456663927-11B2-8000-AFF35F63BED9\qnsxEB69.tmp', '');
QuarantineFile('C:\Windows\system32\drivers\ContentProtectorDrv.sys', '');
QuarantineFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe', '');
QuarantineFile('C:\Users\123\AppData\Local\Temp\is-A7A34.tmp\downloader.exe', '');
QuarantineFile('C:\Program Files\contentprotector\conprotsetup.exe', '');
DeleteFile('C:\Program Files\groover280220160906\Waakeoj.exe', '32');
DeleteFile('C:\Program Files\WajaNetEn\2173a4aa0e6e60dac171a42535097a41.exe', '32');
DeleteFile('C:\Program Files\Mega Browse\bin\utilMegaBrowse.exe', '32');
DeleteFile('c:\program files\contentprotector\contentprotector.exe', '32');
DeleteFile('c:\program files\contentprotector\contentprotectorupdate.exe', '32');
DeleteFile('C:\Program Files\ContentProtector\SSLEAY32.dll', '32');
DeleteFile('C:\Program Files\ContentProtector\LIBEAY32.dll', '32');
DeleteFile('C:\Program Files\2201B6A0-1456564599-11B2-8000-AFF35F63BED9\knse6044.tmp', '32');
DeleteFile('C:\Program Files\2201B6A0-1456564599-11B2-8000-AFF35F63BED9\hnsa41B4.tmp', '32');
DeleteFile('C:\Users\123\AppData\Local\2201B6A0-1456663927-11B2-8000-AFF35F63BED9\qnsxEB69.tmp', '32');
DeleteFile('C:\Windows\system32\drivers\ContentProtectorDrv.sys', '32');
DeleteFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe', '32');
DeleteFile('C:\Users\123\AppData\Local\Temp\is-A7A34.tmp\downloader.exe', '32');
DeleteFile('C:\Program Files\contentprotector\conprotsetup.exe', '32');
ExecuteFile('schtasks.exe', '/delete /TN "{54661165-C603-4C85-8BE9-B6F0A76D16D6}" /F', 0, 15000, true);
DeleteService('WajaNetEn Monitor');
DeleteService('Util Mega Browse');
DeleteService('pricemeterliveUpdate');
DeleteService('groover280220160906 Updater');
DeleteService('ContentProtector');
DeleteService('ContentProtectorUpdate');
DeleteService('solozebizbt');
DeleteService('wucotusy');
DeleteService('zigipyro');
DeleteService('ContentProtectorDrv');
DeleteFileMask('C:\Program Files\groover280220160906\', '*', true);
DeleteFileMask('C:\Program Files\PriceMeterLiveUpdate\', '*', true);
DeleteFileMask('C:\Program Files\Mega Browse\', '*', true);
DeleteFileMask('C:\Program Files\2201B6A0-1456564599-11B2-8000-AFF35F63BED9\', '*', true);
DeleteFileMask('C:\Users\123\AppData\Local\2201B6A0-1456663927-11B2-8000-AFF35F63BED9\', '*', true);
DeleteFileMask('C:\Program Files\WajaNetEn\', '*', true);
DeleteFileMask('c:\program files\contentprotector', '*', true);
DeleteFileMask('c:\program files\spacesoundpro', '*', true);
DeleteDirectory('C:\Program Files\groover280220160906\');
DeleteDirectory('C:\Program Files\PriceMeterLiveUpdate\');
DeleteDirectory('C:\Program Files\Mega Browse\');
DeleteDirectory('C:\Program Files\2201B6A0-1456564599-11B2-8000-AFF35F63BED9\');
DeleteDirectory('C:\Users\123\AppData\Local\2201B6A0-1456663927-11B2-8000-AFF35F63BED9\');
DeleteDirectory('C:\Program Files\WajaNetEn\');
DeleteDirectory('c:\program files\contentprotector');
DeleteDirectory('c:\program files\spacesoundpro');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpaceSoundPro', 'command');
ClearHostsFile;
BC_ImportALL;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
BC_Activate;
RebootWindows(true);
end.