Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('c:\programdata\msike.exe');
TerminateProcessByName('c:\users\таня\appdata\local\temp\e99cd34e-3cd040f8-5d69df6a-5388bfc1\oxtmcejyu3d5.exe');
QuarantineFileF('c:\program files\gmsd_ru_005010228', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFile('c:\programdata\msike.exe', '');
QuarantineFile('c:\users\таня\appdata\local\temp\e99cd34e-3cd040f8-5d69df6a-5388bfc1\oxtmcejyu3d5.exe', '');
QuarantineFile('C:\Program Files\gmsd_ru_005010228\gmsd_ru_005010228.exe', '');
QuarantineFile('c:\programdata\homepage.exe', '');
QuarantineFile('c:\programdata\lightgate.exe', '');
QuarantineFile('C:\ProgramData\service.exe', '');
QuarantineFile('C:\PROGRA~1\GROOVE~1\Kivdir.bat', '');
QuarantineFile('C:\Users\Таня\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I5NLU4LN\DVRWebviewerinstaller[1].exe', '');
QuarantineFile('c:\users\таня\appdata\local\temp\E99CD34E-3CD040F8-5D69DF6A-5388BFC1\111b0645e.sys', '');
QuarantineFile('C:\Users\Таня\AppData\Local\Temp\~DFB4D4.tmp', '');
DeleteFile('c:\programdata\msike.exe', '32');
DeleteFile('c:\users\таня\appdata\local\temp\e99cd34e-3cd040f8-5d69df6a-5388bfc1\oxtmcejyu3d5.exe', '32');
DeleteFile('C:\Program Files\gmsd_ru_005010228\gmsd_ru_005010228.exe', '32');
DeleteFile('c:\programdata\homepage.exe', '32');
DeleteFile('c:\programdata\lightgate.exe', '32');
DeleteFile('C:\ProgramData\service.exe', '32');
DeleteFile('C:\Users\Таня\AppData\Local\Temp\~DFB4D4.tmp', '32');
ExecuteFile('schtasks.exe', '/delete /TN "Jutahuo" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{C5616339-F200-4A63-BB0E-221CC3D5181A}" /F', 0, 15000, true);
DeleteFileMask('c:\program files\gmsd_ru_005010228', '*', true);
DeleteDirectory('c:\program files\gmsd_ru_005010228');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'gmsd_ru_005010228');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'msiql');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HomePageHelper', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightGate', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msiql', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\Eventlog\Application\GoogleChromeUpService', 'EventMessageFile');
BC_ImportALL;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
BC_Activate;
RebootWindows(true);
end.