begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SetServiceStart('SvcHost Service Host', 4);
StopService('SvcHost Service Host');
QuarantineFile('C:\Program Files\hola\app\hola_updater.exe', '');
QuarantineFile('C:\Program Files\hola\app\hola.exe', '');
QuarantineFile('C:\Users\Admin\appdata\local\filesystemdriver\filesystemdriver.exe', '');
QuarantineFile('C:\Users\Admin\AppData\Local\xmarin\xmarin.exe', '');
QuarantineFile('C:\Program Files\rempl\remsh.exe', '');
QuarantineFile('C:\Users\Admin\AppData\Roaming\curl\curl.exe', '');
QuarantineFile('C:\Program Files (x86)\kqEuPYMaU\alvmfs.dll', '');
QuarantineFile('C:\Users\Admin\AppData\Roaming\SETUPS~1\python\pythonw.exe', '');
QuarantineFile('C:\Users\Admin\AppData\Roaming\SETUPS~1\ml.py', '');
QuarantineFile('C:\Users\Admin\AppData\Local\yc\Application\yc.exe', '');
QuarantineFile('C:\Users\Admin\AppData\Roaming\setupsk\python\python3.dll', '');
QuarantineFile('C:\Users\Admin\AppData\Roaming\setupsk\python\_ctypes.pyd', '');
QuarantineFile('C:\Program Files (x86)\ZfJRwqLPhIE\k7zVdU1Vp.dll', '');
QuarantineFile('C:\Program Files (x86)\ZfJRwqLPhIE\7ipk0.dll', '');
QuarantineFile('C:\Windows\Microsoft\svchost.exe.exe', '');
QuarantineFile('c:\windows\microsoft\svchost.exe', '');
QuarantineFile('c:\users\admin\appdata\roaming\setupsk\python\pythonw.exe', '');
QuarantineFile('c:\program files (x86)\zfjrwqlphie\dqqxdyufja.exe', '');
DeleteFile('c:\program files (x86)\zfjrwqlphie\dqqxdyufja.exe', '32');
DeleteFile('C:\Windows\Microsoft\svchost.exe.exe', '32');
DeleteFile('C:\Program Files (x86)\ZfJRwqLPhIE\7ipk0.dll', '32');
DeleteFile('C:\Program Files (x86)\ZfJRwqLPhIE\k7zVdU1Vp.dll', '32');
DeleteFile('C:\Users\Admin\AppData\Roaming\setupsk\python\_ctypes.pyd', '32');
DeleteFile('C:\Users\Admin\AppData\Roaming\setupsk\python\python3.dll', '32');
DeleteFile('C:\Windows\Microsoft\svchost.exe', '32');
DeleteFile('C:\Users\Admin\AppData\Local\yc\Application\yc.exe', '32');
DeleteFile('C:\Users\Admin\AppData\Roaming\setupsk\python\pythonw.exe', '32');
DeleteFile('C:\Users\Admin\AppData\Roaming\SETUPS~1\ml.py', '32');
DeleteFile('C:\Users\Admin\AppData\Roaming\SETUPS~1\python\pythonw.exe', '32');
DeleteFile('C:\Windows\Tasks\PjDfytumxbayONn.job', '32');
DeleteFile('C:\Windows\system32\Tasks\curl', '64');
DeleteFile('C:\Program Files (x86)\kqEuPYMaU\alvmfs.dll', '32');
DeleteFile('C:\Users\Admin\AppData\Roaming\curl\curl.exe', '32');
DeleteFile('C:\Windows\system32\Tasks\PjDfytumxbayONn', '64');
DeleteFile('C:\Windows\system32\Tasks\PjDfytumxbayONn2', '64');
DeleteFile('C:\Windows\system32\Tasks\setupsk', '64');
DeleteFile('C:\Users\Admin\AppData\Roaming\setupsk\ml.py', '32');
DeleteFile('C:\Windows\system32\Tasks\setupsk_upd', '64');
DeleteFile('C:\Windows\system32\Tasks\System.2', '64');
DeleteFile('C:\Users\Admin\AppData\Local\xmarin\xmarin.exe', '32');
DeleteFile('C:\Windows\system32\Tasks\xmarin', '64');
DeleteFile('C:\Windows\system32\Tasks\zjwPaeaadZaNwF', '64');
DeleteFile('C:\Users\Admin\appdata\local\filesystemdriver\filesystemdriver.exe', '32');
DelBHO('{C0D38E5A-7CF8-4105-8FE8-31B81443A114}');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ycAutoLaunch_8805AEDEE4378A1CB9BB932D43532D08');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'yqqitsllzl');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'setupsk_upd');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'setupsk');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
BC_ImportALL;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
BC_Activate;
RebootWindows(true);
end.