begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\documents and settings\all users\application data\airtostrong\airtostrong.exe');
TerminateProcessByName('c:\program files\amdidx\amdidx.exe');
TerminateProcessByName('c:\documents and settings\all users\application data\dlohn\dlohn.exe');
TerminateProcessByName('c:\program files\de968420-1453041879-11df-b539-e0cb4ea93671\hnsm6b.tmp');
TerminateProcessByName('c:\program files\de968420-1453041879-11df-b539-e0cb4ea93671\jnsi64.tmp');
TerminateProcessByName('c:\documents and settings\admin\local settings\application data\mail.ru\mrkeeper.exe');
TerminateProcessByName('c:\program files\ospd_us_013010208\ospd_us_013010208.exe');
StopService('Airtostrong');
StopService('amdidx');
StopService('dlohn');
StopService('wucotusy');
QuarantineFileF('C:\DOCUME~1\ALLUSE~1\APPLIC~1\dlohn', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('C:\Documents and Settings\Admin\Local Settings\Application Data\ospd_us_013010208', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFile('c:\documents and settings\all users\application data\airtostrong\airtostrong.exe', '');
QuarantineFile('c:\program files\amdidx\amdidx.exe', '');
QuarantineFile('c:\documents and settings\all users\application data\dlohn\dlohn.exe', '');
QuarantineFile('c:\program files\de968420-1453041879-11df-b539-e0cb4ea93671\hnsm6b.tmp', '');
QuarantineFile('c:\program files\de968420-1453041879-11df-b539-e0cb4ea93671\jnsi64.tmp', '');
QuarantineFile('c:\documents and settings\admin\local settings\application data\mail.ru\mrkeeper.exe', '');
QuarantineFile('c:\program files\ospd_us_013010208\ospd_us_013010208.exe', '');
QuarantineFile('C:\DOCUME~1\ALLUSE~1\APPLIC~1\dlohn\Saileco.dll', '');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Nimzatbase.exe', '');
QuarantineFile('C:\WINDOWS\system32\drivers\swsedrvr_vt_1_10_0_25.sys', '');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\ospd_us_013010208\upospd_us_013010208.exe', '');
QuarantineFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe', '');
QuarantineFile('C:\Program Files\gmsd_ru_005010208\gmsd_ru_005010208.exe', '');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\gmsd_ru_005010208\upgmsd_ru_005010208.exe', '');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Extensions\safebrowser.exe', '');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe', '');
QuarantineFile('C:\Program Files\Kinoroom Browser\kinoroom-browser.exe', '');
QuarantineFile('C:\Program Files\advPlugin\Toolbar32.dll', '');
QuarantineFile('C:\Program Files\VK Downloader\Toolbar32.dll', '');
QuarantineFile('C:\Documents and Settings\Admin\Local Settings\Application Data\SystemDir\nethost.exe', '');
DeleteFile('c:\documents and settings\all users\application data\airtostrong\airtostrong.exe', '32');
DeleteFile('c:\program files\amdidx\amdidx.exe', '32');
DeleteFile('c:\documents and settings\all users\application data\dlohn\dlohn.exe', '32');
DeleteFile('c:\program files\de968420-1453041879-11df-b539-e0cb4ea93671\hnsm6b.tmp', '32');
DeleteFile('c:\program files\de968420-1453041879-11df-b539-e0cb4ea93671\jnsi64.tmp', '32');
DeleteFile('c:\documents and settings\admin\local settings\application data\mail.ru\mrkeeper.exe', '32');
DeleteFile('c:\program files\ospd_us_013010208\ospd_us_013010208.exe', '32');
DeleteFile('C:\DOCUME~1\ALLUSE~1\APPLIC~1\dlohn\Saileco.dll', '32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Nimzatbase.exe', '32');
DeleteFile('C:\WINDOWS\system32\drivers\swsedrvr_vt_1_10_0_25.sys', '32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\ospd_us_013010208\upospd_us_013010208.exe', '32');
DeleteFile('C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe', '32');
DeleteFile('C:\Program Files\gmsd_ru_005010208\gmsd_ru_005010208.exe', '32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\gmsd_ru_005010208\upgmsd_ru_005010208.exe', '32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Extensions\safebrowser.exe', '32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe', '32');
DeleteFile('C:\Program Files\Kinoroom Browser\kinoroom-browser.exe', '32');
DeleteFile('C:\Program Files\advPlugin\Toolbar32.dll', '32');
DeleteFile('C:\Program Files\VK Downloader\Toolbar32.dll', '32');
DeleteFile('C:\Documents and Settings\Admin\Local Settings\Application Data\SystemDir\nethost.exe', '32');
DeleteService('Airtostrong');
DeleteService('amdidx');
DeleteService('dlohn');
DeleteService('wucotusy');
DeleteService('dmdattuvpaate');
DeleteService('swsedrvr_vt_1_10_0_25');
DeleteFileMask('c:\documents and settings\all users\application data\airtostrong', '*', true);
DeleteFileMask('c:\program files\amdidx', '*', true);
DeleteFileMask('c:\documents and settings\all users\application data\dlohn', '*', true);
DeleteFileMask('c:\documents and settings\admin\local settings\application data\mail.ru', '*', true);
DeleteFileMask('c:\program files\ospd_us_013010208', '*', true);
DeleteFileMask('C:\DOCUME~1\ALLUSE~1\APPLIC~1\dlohn', '*', true);
DeleteFileMask('C:\Documents and Settings\Admin\Local Settings\Application Data\ospd_us_013010208', '*', true);
DeleteFileMask('C:\Program Files\SpaceSoundPro', '*', true);
DeleteFileMask('C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Extensions', '*', true);
DeleteFileMask('C:\Program Files\Kinoroom Browser', '*', true);
DeleteFileMask('C:\Program Files\advPlugin', '*', true);
DeleteFileMask('C:\Program Files\VK Downloader', '*', true);
DeleteFileMask('C:\Documents and Settings\Admin\Local Settings\Application Data\SystemDir', '*', true);
DeleteDirectory('c:\documents and settings\all users\application data\airtostrong');
DeleteDirectory('c:\program files\amdidx');
DeleteDirectory('c:\documents and settings\all users\application data\dlohn');
DeleteDirectory('c:\documents and settings\admin\local settings\application data\mail.ru');
DeleteDirectory('c:\program files\ospd_us_013010208');
DeleteDirectory('C:\DOCUME~1\ALLUSE~1\APPLIC~1\dlohn');
DeleteDirectory('C:\Documents and Settings\Admin\Local Settings\Application Data\ospd_us_013010208');
DeleteDirectory('C:\Program Files\SpaceSoundPro');
DeleteDirectory('C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Extensions');
DeleteDirectory('C:\Program Files\Kinoroom Browser');
DeleteDirectory('C:\Program Files\advPlugin');
DeleteDirectory('C:\Program Files\VK Downloader');
DeleteDirectory('C:\Documents and Settings\Admin\Local Settings\Application Data\SystemDir');
DelBHO('{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}');
DelBHO('{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6}');
DelBHO('{7CE987D5-11B3-44FC-9C3D-03069360D462}');
DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}');
ExecuteFile('schtasks.exe', '/delete /TN "nethost task" /F', 0, 15000, true);
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ospd_us_013010208');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'upospd_us_013010208.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'SpaceSoundPro');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'gmsd_ru_005010208');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'upgmsd_ru_005010208.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run', 'SafeBrowser');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MailRuUpdater', 'command');
BC_ImportALL;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.