Код:
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\programdata\windowsmenu\westat.exe');
StopService('MPCBase');
StopService('MPCKpt');
QuarantineFile('C:\Program Files\picexa\curlpp.dll', '');
QuarantineFile('C:\Program Files\picexa\zlib1.dll', '');
QuarantineFile('C:\ProgramData\Voyasollam\Donfresh.reg', '');
QuarantineFile('C:\ProgramData\Voyasollam\Driptop.reg', '');
QuarantineFile('C:\ProgramData\Voyasollam\Freshdom.reg', '');
QuarantineFile('C:\ProgramData\Voyasollam\Light-Top.reg', '');
QuarantineFile('C:\ProgramData\Voyasollam\Redredtax.reg', '');
QuarantineFile('C:\ProgramData\Voyasollam\StringString.reg', '');
QuarantineFile('C:\ProgramData\Voyasollam\Tresplus.reg', '');
QuarantineFile('C:\ProgramData\Voyasollam\Vivatamsoft.reg', '');
QuarantineFile('c:\programdata\windowsmenu\westat.exe', '');
QuarantineFile('C:\Users\admin\appdata\roaming\curl\curl.exe', '');
QuarantineFile('C:\Users\admin\AppData\Roaming\istartpageing\UninstallManager.exe', '');
QuarantineFile('C:\Windows\system32\bstreamsvc.dll', '');
QuarantineFile('C:\Windows\system32\drivers\7i1B3MCnOPPL.sys', '');
QuarantineFile('C:\Windows\System32\drivers\MPCBase.sys', '');
QuarantineFile('C:\Windows\system32\DRIVERS\MPCKpt.sys', '');
QuarantineFile('C:\Windows\system32\optsatadc.dll', '');
QuarantineFileF('c:\program files\picexa', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
DeleteFile('C:\Program Files\AVG\Browser\Application\AVGBrowser.exe', '32');
DeleteFile('C:\Program Files\picexa\curlpp.dll', '');
DeleteFile('C:\Program Files\picexa\zlib1.dll', '');
DeleteFile('C:\ProgramData\Tmp0x0x\P', '32');
DeleteFile('C:\ProgramData\Voyasollam\Donfresh.reg', '');
DeleteFile('C:\ProgramData\Voyasollam\Driptop.reg', '');
DeleteFile('C:\ProgramData\Voyasollam\Freshdom.reg', '');
DeleteFile('C:\ProgramData\Voyasollam\Light-Top.reg', '');
DeleteFile('C:\ProgramData\Voyasollam\Redredtax.reg', '');
DeleteFile('C:\ProgramData\Voyasollam\StringString.reg', '');
DeleteFile('C:\ProgramData\Voyasollam\Tresplus.reg', '');
DeleteFile('C:\ProgramData\Voyasollam\Vivatamsoft.reg', '');
DeleteFile('c:\programdata\windowsmenu\westat.exe', '');
DeleteFile('C:\Users\admin\appdata\roaming\curl\curl.exe', '');
DeleteFile('C:\Users\admin\AppData\Roaming\istartpageing\UninstallManager.exe', '');
DeleteFile('C:\Windows\system32\bstreamsvc.dll', '');
DeleteFile('C:\Windows\system32\bstreamsvc.dll', '32');
DeleteFile('C:\Windows\system32\drivers\7i1B3MCnOPPL.sys', '32');
DeleteFile('C:\Windows\System32\drivers\MPCBase.sys', '');
DeleteFile('C:\Windows\system32\DRIVERS\MPCKpt.sys', '');
DeleteFile('C:\Windows\system32\optsatadc.dll', '');
DeleteFile('C:\Windows\system32\optsatadc.dll', '32');
DeleteFile('C:\Users\admin\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk');
DeleteFile('C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Вoйти в Интeрнeт.lnk');
DeleteFile('C:\Windows\system32\Tasks\{2C6F57DB-73C3-4090-BA6F-86F8AA5FB318}', '32');
ExecuteFile('schtasks.exe', '/delete /TN "{7134620B-110D-4658-9A2F-9D76F8E9333C}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\QuickLaunch" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\Starter" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "psv_Freshfax" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "psv_Goodtip" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "psv_Joy-Sing" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "psv_Medit" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "psv_TonStock" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "psv_Trustex" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "psv_Via-Warm" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "psv_Zathdom" /F', 0, 15000, true);
DeleteService('MPCBase');
DeleteService('MPCKpt');
DeleteFileMask('c:\program files\picexa', '*', true);
DeleteFileMask('c:\programdata\voyasollam', '*', true);
DeleteFileMask('c:\programdata\windowsmenu', '*', true);
DeleteFileMask('c:\users\admin\appdata\roaming\curl', '*', true);
DeleteFileMask('c:\users\admin\appdata\roaming\istartpageing', '*', true);
DeleteDirectory('c:\program files\picexa');
DeleteDirectory('c:\programdata\voyasollam');
DeleteDirectory('c:\programdata\windowsmenu');
DeleteDirectory('c:\users\admin\appdata\roaming\curl');
DeleteDirectory('c:\users\admin\appdata\roaming\istartpageing');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\amigo', 'command');
BC_ImportALL;
ExecuteSysClean;
BC_DeleteSvc('MPCBase');
BC_DeleteSvc('MPCKpt');
BC_DeleteSvc('MPCProtectService');
BC_DeleteSvc('netfilter2');
ExecuteRepair(2);
ExecuteRepair(4);
ExecuteRepair(3);
ExecuteWizard('SCU', 3, 3, true);
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.