Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\program files\t_201601251439\201601251439\auds.exe');
TerminateProcessByName('c:\users\user\appdata\roaming\daemon2.exe');
TerminateProcessByName('c:\program files\wajaneten\f287344a085e16936d7edd5221578b15.exe');
TerminateProcessByName('c:\program files\tencent\qqpcmgr\11.1.16908.217\qqpcrtp.exe');
TerminateProcessByName('c:\windows\system32\searchprotectservice.exe');
TerminateProcessByName('c:\program files\tdata\tdata.exe');
TerminateProcessByName('c:\program files\t_201601251439\201601251439\tslog.exe');
StopService('QQPCRTP');
StopService('SPS');
StopService('TDataSvr');
StopService('WajaNetEn Monitor');
StopService('QMIEProtect');
StopService('QMUdisk');
StopService('QQSysMon');
StopService('softaal');
StopService('TAOKernelDriver');
StopService('TFsFlt');
StopService('TsFltMgr');
StopService('TSKSP');
StopService('tsnethlp');
StopService('TSSysKit');
QuarantineFileF('c:\program files\t_201601251439\201601251439', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0 , 0);
QuarantineFileF('c:\program files\wajaneten', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0 , 0);
QuarantineFileF('c:\program files\tdata', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0 , 0);
QuarantineFileF('C:\Program Files\MTV20151125', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0 , 0);
QuarantineFileF('C:\ProgramData\UpService', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js', true, '', 0 , 0);
QuarantineFile('c:\program files\t_201601251439\201601251439\auds.exe', '');
QuarantineFile('c:\users\user\appdata\roaming\daemon2.exe', '');
QuarantineFile('c:\program files\wajaneten\f287344a085e16936d7edd5221578b15.exe', '');
QuarantineFile('c:\program files\tencent\qqpcmgr\11.1.16908.217\qqpcrtp.exe', '');
QuarantineFile('c:\windows\system32\searchprotectservice.exe', '');
QuarantineFile('c:\program files\tdata\tdata.exe', '');
QuarantineFile('c:\program files\t_201601251439\201601251439\tslog.exe', '');
QuarantineFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\softaal.sys', '');
QuarantineFile('C:\Windows\system32\Drivers\TAOKernel.sys', '');
QuarantineFile('C:\Windows\system32\Drivers\TFsFlt.sys', '');
QuarantineFile('C:\Windows\system32\drivers\TsFltMgr.sys', '');
QuarantineFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\TSKsp.sys', '');
QuarantineFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\TsNetHlp.sys', '');
QuarantineFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\TSSysKit.sys', '');
QuarantineFile('C:\Program Files\MTV20151125\MTView.exe', '');
QuarantineFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QQPCTRAY.EXE', '');
QuarantineFile('C:\Program Files\t_201601251439\201601251439\lsas.exe', '');
QuarantineFile('C:\Windows\system32\GroupPolicy\Machine\Registry.pol', '');
QuarantineFile('C:\Windows\system32\GroupPolicy\Machine\R', '');
QuarantineFile('C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll', '');
QuarantineFile('C:\Users\user\AppData\Local\28756\Updater.exe', '');
QuarantineFile('C:\ProgramData\UpService\UpService.exe', '');
QuarantineFile('C:\Users\user\AppData\Roaming\MicrosoftUpdater\MicrosoftUpdater.exe', '');
QuarantineFile('C:\Users\user\AppData\Local\Hostinstaller\3362795540_installcube.exe', '');
QuarantineFile('\??\C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\TSKsp.sys', '');
DeleteFile('C:\Windows\Tasks\AmiUpdXp.job', '32');
DeleteFile('c:\program files\t_201601251439\201601251439\auds.exe', '32');
DeleteFile('c:\users\user\appdata\roaming\daemon2.exe', '32');
DeleteFile('c:\program files\wajaneten\f287344a085e16936d7edd5221578b15.exe', '32');
DeleteFile('c:\program files\tencent\qqpcmgr\11.1.16908.217\qqpcrtp.exe', '32');
DeleteFile('c:\windows\system32\searchprotectservice.exe', '32');
DeleteFile('c:\program files\tdata\tdata.exe', '32');
DeleteFile('c:\program files\t_201601251439\201601251439\tslog.exe', '32');
DeleteFile('C:\Program Files\t_201601251439\201601251439\MSVCP100.dll', '32');
DeleteFile('C:\Program Files\t_201601251439\201601251439\MSVCR100.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\exnscan.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMGCShellExt.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMContextUninstall.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMContextScan.dll', '32');
DeleteFile('C:\Users\user\AppData\Local\Temp\tinyxml2.dll', '32');
DeleteFile('C:\Users\user\AppData\Local\Temp\mslog.dll', '32');
DeleteFile('C:\Users\user\AppData\Local\Temp\Low\tinyxml2.dll', '32');
DeleteFile('C:\Users\user\AppData\Local\Temp\Low\mslog.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMCommon.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\dr.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\ptrate.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\sqlite.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMIpc.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMTrayPlugin\QMPerfCtrl\QMPerf.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\scc.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMNetworkMgr.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\TSSysKitProxy.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\TAVEng.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\plugins\QMHipsEngine.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMHIPSHeart.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMHIPSService.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMEmMat.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\TAVUpload.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMHIPSPolicyEng.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\plugins\QMBDScanner.dat', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMAssocScan.dll', '32');
DeleteFile('c:\program files\tencent\qqpcmgr\11.1.16908.217\qmsysrepprov.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QQFileFlt.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMExt.dll', '32');
DeleteFile('c:\program files\tencent\qqpcmgr\11.1.16908.217\qmscripthost.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\TAVCache.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\oDayProtect.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\SoftMgr\processlogdll.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMRtpCheck.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMFileMon.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\communic.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMUl.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\plugins\QMRepairPlugin.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMDns.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\tave.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMAVProxy.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMRtpDLL.dll', '32');
DeleteFile('c:\program files\tencent\qqpcmgr\11.1.16908.217\qmrtpcontroller.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMSafeBoxHelperDll.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\TAVInterface.dll', '32');
DeleteFile('c:\program files\tencent\qqpcmgr\11.1.16908.217\sxcombase.dll', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\TAOFrame.exe', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMIEProtect.sys', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QMUdisk.sys', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QQSysMon.sys', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\softaal.sys', '32');
DeleteFile('C:\Windows\system32\Drivers\TAOKernel.sys', '32');
DeleteFile('C:\Windows\system32\Drivers\TFsFlt.sys', '32');
DeleteFile('C:\Windows\system32\drivers\TsFltMgr.sys', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\TSKsp.sys', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\TsNetHlp.sys', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\TSSysKit.sys', '32');
DeleteFile('C:\Program Files\MTV20151125\MTView.exe', '32');
DeleteFile('C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\QQPCTRAY.EXE', '32');
DeleteFile('C:\Program Files\t_201601251439\201601251439\lsas.exe', '32');
DeleteFile('C:\Windows\system32\GroupPolicy\Machine\Registry.pol', '32');
DeleteFile('C:\Windows\system32\GroupPolicy\Machine\R', '32');
DeleteFile('C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll', '32');
DeleteFile('C:\Users\user\AppData\Local\28756\Updater.exe', '32');
DeleteFile('C:\ProgramData\UpService\UpService.exe', '32');
DeleteFile('C:\Users\user\AppData\Roaming\MicrosoftUpdater\MicrosoftUpdater.exe', '32');
DeleteFile('C:\Users\user\AppData\Local\Hostinstaller\3362795540_installcube.exe', '32');
DeleteFile('\??\C:\Program Files\Tencent\QQPCMgr\11.1.16908.217\TSKsp.sys', '32');
DeleteService('QQPCRTP');
DeleteService('SPS');
DeleteService('TDataSvr');
DeleteService('WajaNetEn Monitor');
DeleteService('TAOFrame');
DeleteService('QMIEProtect');
DeleteService('QMUdisk');
DeleteService('QQSysMon');
DeleteService('softaal');
DeleteService('TAOKernelDriver');
DeleteService('TFsFlt');
DeleteService('TsFltMgr');
DeleteService('TSKSP');
DeleteService('tsnethlp');
DeleteService('TSSysKit');
DeleteFileMask('c:\program files\t_201601251439\201601251439', '*', true);
DeleteFileMask('c:\program files\wajaneten', '*', true);
DeleteFileMask('c:\program files\tencent', '*', true);
DeleteFileMask('c:\program files\tdata', '*', true);
DeleteFileMask('C:\Program Files\MTV20151125', '*', true);
DeleteFileMask('C:\Program Files\IObit', '*', true);
DeleteFileMask('C:\Users\user\AppData\Local\28756', '*', true);
DeleteFileMask('C:\ProgramData\UpService', '*', true);
DeleteFileMask('C:\Users\user\AppData\Roaming\MicrosoftUpdater', '*', true);
DeleteFileMask('C:\Users\user\AppData\Local\Hostinstaller', '*', true);
DeleteFileMask('\??\C:\Program Files\Tencent', '*', true);
DeleteDirectory('c:\program files\t_201601251439\201601251439');
DeleteDirectory('c:\program files\wajaneten');
DeleteDirectory('c:\program files\tencent');
DeleteDirectory('c:\program files\tdata');
DeleteDirectory('C:\Program Files\MTV20151125');
DeleteDirectory('C:\Program Files\IObit');
DeleteDirectory('C:\Users\user\AppData\Local\28756');
DeleteDirectory('C:\ProgramData\UpService');
DeleteDirectory('C:\Users\user\AppData\Roaming\MicrosoftUpdater');
DeleteDirectory('C:\Users\user\AppData\Local\Hostinstaller');
DeleteDirectory('\??\C:\Program Files\Tencent');
DelBHO('{10921475-03CE-4E04-90CE-E2E7EF20C814}');
ExecuteFile('schtasks.exe', '/delete /TN "AmiUpdXp" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "UpService" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "MicrosoftUpdater" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Soft installer" /F', 0, 15000, true);
DelCLSID('{63332668-8CE1-445D-A5EE-25929176714E}');
DelCLSID('{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'MTview');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', ' QQPCTray');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'lsas');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'C');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Daemon');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved', '{63332668-8CE1-445D-A5EE-25929176714E}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved', '{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
BC_ImportALL;
ExecuteSysClean;
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.