Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('d:\iqiyi video\common\qykernel.exe');
TerminateProcessByName('d:\iqiyi video\common\qyfragment.exe');
TerminateProcessByName('d:\iqiyi video\lstyle\qyclient.exe');
TerminateProcessByName('c:\users\user\appdata\local\kometa\kometaup.exe');
TerminateProcessByName('d:\iqiyi video\common\mobile\androidservice.exe');
QuarantineFile('C:\Program Files (x86)\Pay-By-Ads\Yahoo! Search\1.3.25.0\dsrlte.exe','');
QuarantineFile('C:\Program Files (x86)\Pay-By-Ads\Yahoo! Search\1.3.25.0\dsrsetup.exe','');
QuarantineFile('C:\Users\User\local settings\application data\ExtensionInstaller_13\extinst.exe','');
QuarantineFile('C:\Users\User\local settings\application data\ExtensionInstaller_13\config.json','');
QuarantineFile('C:\Users\User\AppData\Local\avabvyxvdy\avabvyxvdy.exe','');
QuarantineFile('C:\Users\User\AppData\Roaming\VSVDZ.exe','');
QuarantineFile('C:\Users\User\AppData\Roaming\QTKLBVSN.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-7.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-6.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-5.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-3.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-11.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-10.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-1-7.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-1-6.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-7.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-6.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-5.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-3.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-11.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-10.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-1-7.exe','');
QuarantineFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-1-6.exe','');
QuarantineFile('D:\IQIYI Video\Common\Accelerator\IEHelper.dll','');
QuarantineFile('C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll','');
QuarantineFile('C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll','');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16061.214\TS888x64.sys','');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16061.214\QMUdisk64.sys','');
QuarantineFile('D:\IQIYI Video\LStyle\zlib1.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\WebBrowserCtrl.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\utility.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\UI.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\SSLEAY32.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\QyUpdate.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\Qylogger.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\QYDownLoadProxy.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\pumaplayer.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\playerface.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\PHM.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\OnlineList.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\nslookup-netdoctor.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\LIBEAY32.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\libcurl.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\global.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\GBase.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\CrashReport.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\AppNotice.dll','');
QuarantineFile('D:\IQIYI Video\LStyle\app.dll','');
QuarantineFile('D:\IQIYI Video\Common\UI.dll','');
QuarantineFile('D:\IQIYI Video\Common\TrayMgr.dll','');
QuarantineFile('D:\IQIYI Video\Common\swscale.dll','');
QuarantineFile('D:\IQIYI Video\Common\swresample.dll','');
QuarantineFile('D:\IQIYI Video\Common\SSLEAY32.dll','');
QuarantineFile('D:\IQIYI Video\Common\QyPopWndDll.dll','');
QuarantineFile('D:\IQIYI Video\Common\QYDownLoadProxy.dll','');
QuarantineFile('D:\IQIYI Video\Common\QuiLib.dll','');
QuarantineFile('D:\IQIYI Video\Common\puma.dll','');
QuarantineFile('D:\IQIYI Video\Common\pthreadVC2.dll','');
QuarantineFile('D:\IQIYI Video\Common\PopupWndProxy.dll','');
QuarantineFile('D:\IQIYI Video\Common\MobileProxy.dll','');
QuarantineFile('D:\IQIYI Video\Common\Mobile\QServProvider.dll','');
QuarantineFile('D:\IQIYI Video\Common\Mobile\AdbWinUsbApi.dll','');
QuarantineFile('D:\IQIYI Video\Common\Mobile\AdbWinApi.DLL','');
QuarantineFile('D:\IQIYI Video\Common\Livenet5.dll','');
QuarantineFile('D:\IQIYI Video\Common\LIBEAY32.dll','');
QuarantineFile('D:\IQIYI Video\Common\libass.dll','');
QuarantineFile('D:\IQIYI Video\Common\HCDNProxy.dll','');
QuarantineFile('D:\IQIYI Video\Common\HCDNClientNet.dll','');
QuarantineFile('D:\IQIYI Video\Common\fp2xh.dll','');
QuarantineFile('D:\IQIYI Video\Common\avutil.dll','');
QuarantineFile('D:\IQIYI Video\Common\avformat.dll','');
QuarantineFile('D:\IQIYI Video\Common\avcodec.dll','');
QuarantineFile('D:\IQIYI Video\Common\AppNet.dll','');
QuarantineFile('D:\IQIYI Video\Common\Accelerator\VideoInfoExtract.dll','');
QuarantineFile('D:\IQIYI Video\Common\Accelerator\StrikeWing.dll','');
QuarantineFile('D:\IQIYI Video\Common\Accelerator\browserhook.dll','');
QuarantineFile('D:\IQIYI Video\Common\Accelerator\browseradapter.dll','');
QuarantineFile('d:\iqiyi video\common\qykernel.exe','');
QuarantineFile('d:\iqiyi video\common\qyfragment.exe','');
QuarantineFile('d:\iqiyi video\lstyle\qyclient.exe','');
QuarantineFile('c:\users\user\appdata\local\kometa\kometaup.exe','');
QuarantineFile('d:\iqiyi video\common\mobile\androidservice.exe','');
DeleteFile('d:\iqiyi video\common\mobile\androidservice.exe','32');
DeleteFile('d:\iqiyi video\lstyle\qyclient.exe','32');
DeleteFile('d:\iqiyi video\common\qyfragment.exe','32');
DeleteFile('D:\IQIYI Video\Common\QyKernel.exe','32');
DeleteFile('D:\IQIYI Video\Common\Accelerator\browseradapter.dll','32');
DeleteFile('D:\IQIYI Video\Common\Accelerator\browserhook.dll','32');
DeleteFile('D:\IQIYI Video\Common\Accelerator\StrikeWing.dll','32');
DeleteFile('D:\IQIYI Video\Common\Accelerator\VideoInfoExtract.dll','32');
DeleteFile('D:\IQIYI Video\Common\AppNet.dll','32');
DeleteFile('D:\IQIYI Video\Common\avcodec.dll','32');
DeleteFile('D:\IQIYI Video\Common\avformat.dll','32');
DeleteFile('D:\IQIYI Video\Common\avutil.dll','32');
DeleteFile('D:\IQIYI Video\Common\fp2xh.dll','32');
DeleteFile('D:\IQIYI Video\Common\HCDNClientNet.dll','32');
DeleteFile('D:\IQIYI Video\Common\HCDNProxy.dll','32');
DeleteFile('D:\IQIYI Video\Common\libass.dll','32');
DeleteFile('D:\IQIYI Video\Common\LIBEAY32.dll','32');
DeleteFile('D:\IQIYI Video\Common\Livenet5.dll','32');
DeleteFile('D:\IQIYI Video\Common\Mobile\AdbWinApi.DLL','32');
DeleteFile('D:\IQIYI Video\Common\Mobile\AdbWinUsbApi.dll','32');
DeleteFile('D:\IQIYI Video\Common\Mobile\QServProvider.dll','32');
DeleteFile('D:\IQIYI Video\Common\MobileProxy.dll','32');
DeleteFile('D:\IQIYI Video\Common\PopupWndProxy.dll','32');
DeleteFile('D:\IQIYI Video\Common\pthreadVC2.dll','32');
DeleteFile('D:\IQIYI Video\Common\puma.dll','32');
DeleteFile('D:\IQIYI Video\Common\QuiLib.dll','32');
DeleteFile('D:\IQIYI Video\Common\QYDownLoadProxy.dll','32');
DeleteFile('D:\IQIYI Video\Common\QyPopWndDll.dll','32');
DeleteFile('D:\IQIYI Video\Common\SSLEAY32.dll','32');
DeleteFile('D:\IQIYI Video\Common\swresample.dll','32');
DeleteFile('D:\IQIYI Video\Common\swscale.dll','32');
DeleteFile('D:\IQIYI Video\Common\TrayMgr.dll','32');
DeleteFile('D:\IQIYI Video\Common\UI.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\app.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\AppNotice.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\CrashReport.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\GBase.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\global.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\libcurl.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\LIBEAY32.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\nslookup-netdoctor.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\OnlineList.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\PHM.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\playerface.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\pumaplayer.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\QYDownLoadProxy.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\Qylogger.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\QyUpdate.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\SSLEAY32.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\UI.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\utility.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\WebBrowserCtrl.dll','32');
DeleteFile('D:\IQIYI Video\LStyle\zlib1.dll','32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16061.214\QMUdisk64.sys','32');
DeleteFile('C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll','32');
DeleteFile('C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll','32');
DeleteFile('D:\IQIYI Video\Common\Accelerator\IEHelper.dll','32');
DeleteFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-1-6.job','64');
DeleteFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-1-7.exe','32');
DeleteFile('C:\Windows\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-1-7.job','64');
DeleteFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-10.exe','32');
DeleteFile('C:\Windows\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-10_user.job','64');
DeleteFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-11.exe','32');
DeleteFile('C:\Windows\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-11.job','64');
DeleteFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-3.exe','32');
DeleteFile('C:\Windows\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-3.job','64');
DeleteFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-5.exe','32');
DeleteFile('C:\Windows\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-5.job','64');
DeleteFile('C:\Windows\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-5_user.job','64');
DeleteFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-6.exe','32');
DeleteFile('C:\Windows\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-6.job','64');
DeleteFile('C:\Program Files (x86)\Cinema PlusV24.03\8870acf9-da7e-4696-bcc8-94394d773be6-7.exe','32');
DeleteFile('C:\Windows\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-7.job','64');
DeleteFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-1-6.job','64');
DeleteFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-1-7.exe','32');
DeleteFile('C:\Windows\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-1-7.job','64');
DeleteFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-10.exe','32');
DeleteFile('C:\Windows\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-10_user.job','64');
DeleteFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-11.exe','32');
DeleteFile('C:\Windows\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-11.job','64');
DeleteFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-3.exe','32');
DeleteFile('C:\Windows\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-3.job','64');
DeleteFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-5.exe','32');
DeleteFile('C:\Windows\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-5.job','64');
DeleteFile('C:\Windows\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-5_user.job','64');
DeleteFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-6.exe','32');
DeleteFile('C:\Windows\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-6.job','64');
DeleteFile('C:\Program Files (x86)\Cinema Plus Pro 3.2cV26.03\a2748149-d867-4451-87ca-fc2eb2194145-7.exe','32');
DeleteFile('C:\Windows\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-7.job','64');
DeleteFile('C:\Users\User\AppData\Roaming\QTKLBVSN.exe','32');
DeleteFile('C:\Windows\Tasks\QTKLBVSN.job','64');
DeleteFile('C:\Users\User\AppData\Roaming\VSVDZ.exe','32');
DeleteFile('C:\Windows\Tasks\VSVDZ.job','64');
DeleteFile('C:\Windows\system32\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-11','64');
DeleteFile('C:\Windows\system32\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-3','64');
DeleteFile('C:\Windows\system32\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-5','64');
DeleteFile('C:\Windows\system32\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-6','64');
DeleteFile('C:\Windows\system32\Tasks\8870acf9-da7e-4696-bcc8-94394d773be6-7','64');
DeleteFile('C:\Windows\system32\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-11','64');
DeleteFile('C:\Windows\system32\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-3','64');
DeleteFile('C:\Windows\system32\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-5','64');
DeleteFile('C:\Windows\system32\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-6','64');
DeleteFile('C:\Windows\system32\Tasks\a2748149-d867-4451-87ca-fc2eb2194145-7','64');
DeleteFile('C:\Users\User\AppData\Local\avabvyxvdy\avabvyxvdy.exe','32');
DeleteFile('C:\Windows\system32\Tasks\avabvyxvdy','64');
DeleteFile('C:\Users\User\local settings\application data\ExtensionInstaller_13\config.json','32');
DeleteFile('C:\Windows\system32\Tasks\ExtensionInstallerX_13','64');
DeleteFile('C:\Users\User\local settings\application data\ExtensionInstaller_13\extinst.exe','32');
DeleteFile('C:\Program Files (x86)\Pay-By-Ads\Yahoo! Search\1.3.25.0\dsrsetup.exe','32');
DeleteFile('C:\Windows\system32\Tasks\Yahoo! Search Updater','64');
DeleteFile('C:\Program Files (x86)\Pay-By-Ads\Yahoo! Search\1.3.25.0\dsrlte.exe','32');
DeleteFile('C:\Windows\system32\Tasks\Yahoo! Search','64');
DeleteFile('C:\Users\User\appdata\local\kometa\kometaup.exe','32');
DelBHO('{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}');
DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}');
DelBHO('{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','kometaup');
DeleteService('TS888x64');
DeleteService('QMUdisk');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(4);
ExecuteWizard('TSW',2,2,true);
RebootWindows(true);
end.
После перезагрузки выполните скрипт: