Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('iSafeNetFilter');
QuarantineFile('C:\ProgramData\Logic Handler\set.exe', '');
QuarantineFile('C:\Program Files\Firefox\bin\FirefoxCommand.exe', '');
QuarantineFile('C:\Program Files\Firefox\bin\FirefoxUpdate.exe', '');
QuarantineFile('C:\Program Files\Elex-tech\YAC\iSafeSvc.exe', '');
QuarantineFile('C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe', '');
QuarantineFile('C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe', '');
QuarantineFile('C:\Program Files\9BAF3BD8-1472843743-11DF-BCB9-4D8928C23720\knsFFF2.tmp', '');
QuarantineFile('C:\Program Files\WeatherChickn\WeatherChickn.exe', '');
QuarantineFile('C:\Windows\system32\DRIVERS\iSafeNetFilter.sys', '');
QuarantineFile('C:\Program Files\LuDaShi\LuDaShi\ComputerZ.sys', '');
QuarantineFile('C:\Program Files\LuDaShi\LuDaShi\ComputerZLock.sys', '');
QuarantineFile('C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys', '');
QuarantineFile('C:\Windows\system32\DRIVERS\iSafeKrnlBoot.sys', '');
QuarantineFile('C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys', '');
QuarantineFile('C:\Windows\System32\drivers\MPCBase.sys', '');
QuarantineFile('C:\Windows\system32\DRIVERS\MPCKpt.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{26e7a941-8230-485f-9c8f-bbb52122397d}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{2bcba3cd-3f79-4713-80cf-d88d8503ce2c}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{2deec1ea-1f1e-4323-98ec-9519ce101482}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{4a17b2a1-9a19-4f33-9c1a-453c32556d00}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{53ae7c5b-0e52-4196-9a9d-2c51b013ff96}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{577c9831-4bc5-4b0a-b4d6-b01b9554d4f1}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{5e58d02b-6bcf-4282-80e0-3181dfa24f06}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{6a47960c-60ce-4d4d-aaa3-049fd1818a2f}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{70a46c4d-926f-4f91-ae41-4fb899cfc1c1}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{872abe95-7d23-4f50-9415-5193de618462}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{90b6a102-782f-4c36-a3a9-17de29ea9425}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{b054ca2a-b52e-4dce-852f-fc425b1df036}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{b12062b1-c716-4bf0-812d-5a4d0f9c82d8}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{b7ef6559-ecf4-497a-81ce-d499dec7003c}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{c6668848-f711-4cee-a50d-56921dafa05a}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{d10d8391-a983-41c7-a2e0-9d9dc74b9859}w.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{f3b1ce6e-966f-4e02-9823-a536326d2dfc}w.sys', '');
QuarantineFile('C:\ProgramData\hdtask\hdtask.exe', '');
QuarantineFile('C:\Program Files\AdAnti\AdAnti.exe', '');
QuarantineFile('C:\Program Files\LuDaShi\LuDaShi\ComputerZTray.exe', '');
QuarantineFile('c:\program files\ludashi\ludashi\lpi\HpSvc.dll', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QQAccels.exe', '');
QuarantineFile('C:\Users\Innabg\AppData\Local\Yandex\browser.bat', '');
QuarantineFile('C:\Users\Innabg\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll', '');
QuarantineFile('C:\ProgramData\RenewalService\Renewal.exe', '');
QuarantineFile('C:\Users\Innabg\AppData\Local\MailruSetup\MailruSetup.exe', '');
QuarantineFile('C:\Users\Innabg\AppData\Roaming\Adobe\Manager.exe', '');
QuarantineFile('C:\ProgramData\Tampstring\Lotstrong.reg', '');
QuarantineFile('C:\Program Files\ttwifi\tiantianwifi.exe', '');
DeleteFile('C:\ProgramData\Logic Handler\set.exe', '32');
DeleteFile('C:\Program Files\Firefox\bin\FirefoxCommand.exe', '32');
DeleteFile('C:\Program Files\Firefox\bin\FirefoxUpdate.exe', '32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeSvc.exe', '32');
DeleteFile('C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe', '32');
DeleteFile('C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe', '32');
DeleteFile('C:\Program Files\9BAF3BD8-1472843743-11DF-BCB9-4D8928C23720\knsFFF2.tmp', '32');
DeleteFile('C:\Program Files\WeatherChickn\WeatherChickn.exe', '32');
DeleteFile('C:\Windows\system32\DRIVERS\iSafeNetFilter.sys', '32');
DeleteFile('C:\Program Files\LuDaShi\LuDaShi\ComputerZ.sys', '32');
DeleteFile('C:\Program Files\LuDaShi\LuDaShi\ComputerZLock.sys', '32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys', '32');
DeleteFile('C:\Windows\system32\DRIVERS\iSafeKrnlBoot.sys', '32');
DeleteFile('C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys', '32');
DeleteFile('C:\Windows\System32\drivers\MPCBase.sys', '32');
DeleteFile('C:\Windows\system32\DRIVERS\MPCKpt.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{26e7a941-8230-485f-9c8f-bbb52122397d}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{2bcba3cd-3f79-4713-80cf-d88d8503ce2c}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{2deec1ea-1f1e-4323-98ec-9519ce101482}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{4a17b2a1-9a19-4f33-9c1a-453c32556d00}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{53ae7c5b-0e52-4196-9a9d-2c51b013ff96}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{577c9831-4bc5-4b0a-b4d6-b01b9554d4f1}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{5e58d02b-6bcf-4282-80e0-3181dfa24f06}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{6a47960c-60ce-4d4d-aaa3-049fd1818a2f}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{70a46c4d-926f-4f91-ae41-4fb899cfc1c1}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{872abe95-7d23-4f50-9415-5193de618462}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{90b6a102-782f-4c36-a3a9-17de29ea9425}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{b054ca2a-b52e-4dce-852f-fc425b1df036}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{b12062b1-c716-4bf0-812d-5a4d0f9c82d8}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{b7ef6559-ecf4-497a-81ce-d499dec7003c}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{c6668848-f711-4cee-a50d-56921dafa05a}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{d10d8391-a983-41c7-a2e0-9d9dc74b9859}w.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{f3b1ce6e-966f-4e02-9823-a536326d2dfc}w.sys', '32');
DeleteFile('C:\ProgramData\hdtask\hdtask.exe', '32');
DeleteFile('C:\Program Files\AdAnti\AdAnti.exe', '32');
DeleteFile('C:\Program Files\LuDaShi\LuDaShi\ComputerZTray.exe', '32');
DeleteFile('c:\program files\ludashi\ludashi\lpi\HpSvc.dll', '32');
DeleteFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QQAccels.exe', '32');
DeleteFile('C:\Users\Innabg\AppData\Local\Yandex\browser.bat', '32');
DeleteFile('C:\Users\Innabg\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll', '32');
DeleteFile('C:\ProgramData\RenewalService\Renewal.exe', '32');
DeleteFile('C:\Users\Innabg\AppData\Local\MailruSetup\MailruSetup.exe', '32');
DeleteFile('C:\Users\Innabg\AppData\Roaming\Adobe\Manager.exe', '32');
DeleteFile('C:\ProgramData\Tampstring\Lotstrong.reg', '32');
DeleteFile('C:\Program Files\ttwifi\tiantianwifi.exe', '32');
DeleteService('backlh');
DeleteService('CommandHandler');
DeleteService('FirefoxU');
DeleteService('iSafeService');
DeleteService('LiveUpdateSvc');
DeleteService('mrupdsrv');
DeleteService('qufiqenuzbt');
DeleteService('WeatherChiknSrvr');
DeleteService('iSafeNetFilter');
DeleteService('ComputerZ');
DeleteService('ComputerZLock');
DeleteService('iSafeKrnl');
DeleteService('iSafeKrnlBoot');
DeleteService('iSafeKrnlR3');
DeleteService('MPCBase');
DeleteService('MPCKpt');
DeleteService('{26e7a941-8230-485f-9c8f-bbb52122397d}w');
DeleteService('{2bcba3cd-3f79-4713-80cf-d88d8503ce2c}w');
DeleteService('{2deec1ea-1f1e-4323-98ec-9519ce101482}w');
DeleteService('{4a17b2a1-9a19-4f33-9c1a-453c32556d00}w');
DeleteService('{53ae7c5b-0e52-4196-9a9d-2c51b013ff96}w');
DeleteService('{577c9831-4bc5-4b0a-b4d6-b01b9554d4f1}w');
DeleteService('{5e58d02b-6bcf-4282-80e0-3181dfa24f06}w');
DeleteService('{6a47960c-60ce-4d4d-aaa3-049fd1818a2f}w');
DeleteService('{70a46c4d-926f-4f91-ae41-4fb899cfc1c1}w');
DeleteService('{872abe95-7d23-4f50-9415-5193de618462}w');
DeleteService('{90b6a102-782f-4c36-a3a9-17de29ea9425}w');
DeleteService('{b054ca2a-b52e-4dce-852f-fc425b1df036}w');
DeleteService('{b12062b1-c716-4bf0-812d-5a4d0f9c82d8}w');
DeleteService('{b7ef6559-ecf4-497a-81ce-d499dec7003c}w');
DeleteService('{b99c8534-7800-48fa-bd71-519a46cdc7e1}w');
DeleteService('{c6668848-f711-4cee-a50d-56921dafa05a}w');
DeleteService('{d10d8391-a983-41c7-a2e0-9d9dc74b9859}w');
DeleteService('{f3b1ce6e-966f-4e02-9823-a536326d2dfc}w');
DeleteFileMask('c:\programdata\logic handler', '*', true);
DeleteFileMask('c:\program files\elex-tech', '*', true);
DeleteFileMask('c:\program files\iobit', '*', true);
DeleteFileMask('c:\program files\mail.ru', '*', true);
DeleteFileMask('c:\program files\weatherchickn', '*', true);
DeleteFileMask('c:\program files\ludashi', '*', true);
DeleteFileMask('c:\programdata\hdtask', '*', true);
DeleteFileMask('c:\program files\adanti', '*', true);
DeleteFileMask('c:\users\innabg\appdata\local\mail.ru', '*', true);
DeleteFileMask('c:\programdata\renewalservice', '*', true);
DeleteFileMask('c:\users\innabg\appdata\local\mailrusetup', '*', true);
DeleteFileMask('c:\programdata\tampstring', '*', true);
DeleteFileMask('c:\program files\ttwifi', '*', true);
DeleteDirectory('c:\programdata\logic handler');
DeleteDirectory('c:\program files\elex-tech');
DeleteDirectory('c:\program files\iobit');
DeleteDirectory('c:\program files\mail.ru');
DeleteDirectory('c:\program files\weatherchickn');
DeleteDirectory('c:\program files\ludashi');
DeleteDirectory('c:\programdata\hdtask');
DeleteDirectory('c:\program files\adanti');
DeleteDirectory('c:\users\innabg\appdata\local\mail.ru');
DeleteDirectory('c:\programdata\renewalservice');
DeleteDirectory('c:\users\innabg\appdata\local\mailrusetup');
DeleteDirectory('c:\programdata\tampstring');
DeleteDirectory('c:\program files\ttwifi');
DelBHO('{8E8F97CD-60B5-456F-A201-73065652D099}');
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\Application Experience\RenewalService" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\Multimedia\MailruSetup" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\Multimedia\Manager" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "psv_TonSaotrax" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "ttwifi" /F', 0, 15000, true);
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'hdtask');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdAnti', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ComputerZ-Tray', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\HpSvc\Parameters', 'ServiceDll');
BC_ImportALL;
ExecuteSysClean;
ExecuteRepair(13);
AutoFixSPI;
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.