begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantineEx(true);
TerminateProcessByName('c:\program files\gvekltxujie\jhuvmlxcmb.exe');
TerminateProcessByName('c:\windows\system32\appframehost.exe');
StopService('AppFrameHost');
StopService('netfilter2');
QuarantineFile('c:\program files\gvekltxujie\jhuvmlxcmb.exe', '');
QuarantineFile('C:\Program Files\gVEKLTxUjIE\kQhKsit.dll', '');
QuarantineFile('C:\Program Files\OGqwJxyzdjgEZIvrFER\GsWMsha.dll', '');
QuarantineFile('C:\Program Files\Tortoise SVN\TortoiseSVN.dll', '');
QuarantineFile('C:\Users\User\AppData\Local\yc\Application\yc.exe', '');
QuarantineFile('C:\Users\User\AppData\LocalLow\DuckGo\duckgo.dll', '');
QuarantineFile('C:\Users\User\AppData\Roaming\curl\curl.exe', '');
QuarantineFile('C:\Users\User\AppData\Roaming\curl\curl_7_54.exe', '');
QuarantineFile('c:\windows\system32\appframehost.exe', '');
QuarantineFile('C:\Windows\system32\drivers\r17behtKYXxF.sys', '');
ExecuteFile('schtasks.exe', '/delete /TN "{E97E5BDE-3B97-45BA-8045-54B176474039}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "boQbXxbEJPaDgWztw" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "boQbXxbEJPaDgWztw2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "curl" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "curls" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "DuckGo Task" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "jVVcebPoCjhHKmi" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "jVVcebPoCjhHKmi2" /F', 0, 15000, true);
DeleteFile('c:\program files\gvekltxujie\jhuvmlxcmb.exe', '32');
DeleteFile('C:\Program Files\gVEKLTxUjIE\kQhKsit.dll', '32');
DeleteFile('C:\Program Files\OGqwJxyzdjgEZIvrFER\GsWMsha.dll', '32');
DeleteFile('C:\Program Files\Tortoise SVN\TortoiseSVN.dll', '32');
DeleteFile('C:\Users\User\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.ico');
DeleteFile('C:\Users\User\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk');
DeleteFile('C:\Users\User\AppData\Local\yc\Application\yc.exe', '32');
DeleteFile('C:\Users\User\AppData\LocalLow\DuckGo\duckgo.dll', '32');
DeleteFile('C:\Users\User\AppData\Roaming\curl\curl.exe', '32');
DeleteFile('C:\Users\User\AppData\Roaming\curl\curl_7_54.exe', '32');
DeleteFile('c:\windows\system32\appframehost.exe', '32');
DeleteFile('C:\Windows\system32\drivers\r17behtKYXxF.sys', '32');
DeleteService('AppFrameHost');
DeleteService('netfilter2');
DelBHO('{96AF5545-BC30-4E5D-8E36-836D000A1455}');
DelBHO('{C0D38E5A-7CF8-4105-8FE8-31B81443A114}');
DelBHO('{E4625B55-9401-4B40-B5BA-9134A41BFAA0}');
DelCLSID('{CBF88FC2-F150-4F29-BC80-CE30EFD1B62C}');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'dzjjhmnsjn');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ycAutoLaunch_E945EC6410C7CE86DF55E29C29AFA8B8');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved', '{CBF88FC2-F150-4F29-BC80-CE30EFD1B62C}');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
BC_ImportALL;
ExecuteSysClean;
ExecuteRepair(3);
ExecuteWizard('SCU', 2, 3, true);
BC_Activate;
RebootWindows(true);
end.