Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
executerepair(11);
executerepair(17);
QuarantineFile('rdpclip','');
QuarantineFile('mailKmd.sys','');
QuarantineFile('C:\Users\baks\AppData\Local\Temp\winpidn.exe','');
QuarantineFile('D:\Program Files\need\power strip\PStrip.exe','');
QuarantineFile('C:\Windows\system32\wmdrtc32.dll','');
QuarantineFile('C:\Windows\System32\wmdrtc32.bak','');
QuarantineFile('C:\Windows\system32\msiexec','');
QuarantineFile('C:\Windows\system32\IoctlSvc.exe','');
QuarantineFile('c:\users\baks\appdata\local\temp\winpidn.exe','');
QuarantineFile('C:\Users\baks\AppData\Local\Temp\winpffod.exe','');
QuarantineFile('C:\Users\baks\AppData\Local\Temp\winjxrgs.exe','');
QuarantineFile('C:\Users\baks\AppData\Local\Temp\winiyrlet.exe','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Documents and Settings\All Users\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\ProgramData\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\ProgramData\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\ProgramData\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Users\All Users\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Users\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
QuarantineFile('C:\Users\All Users\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp','');
DeleteFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Documents and Settings\All Users\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\ProgramData\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\ProgramData\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\ProgramData\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Users\All Users\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Users\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteFile('C:\Users\All Users\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2ECC.tmp');
DeleteService('PLFlash DeviceIoControl Service');
DeleteService('mailKmd');
DeleteFile('C:\Windows\system32\drivers\mailKmd.sys');
DeleteFile('C:\Users\baks\AppData\Local\Temp\winpidn.exe');
DeleteFile('C:\Windows\system32\wmdrtc32.dll');
DeleteFile('C:\Windows\System32\wmdrtc32.bak');
DeleteFile('C:\Windows\system32\IoctlSvc.exe');
DeleteFile('c:\users\baks\appdata\local\temp\winpidn.exe');
DeleteFile('C:\Users\baks\AppData\Local\Temp\winpffod.exe');
DeleteFile('C:\Users\baks\AppData\Local\Temp\winjxrgs.exe');
DeleteFile('C:\Users\baks\AppData\Local\Temp\winiyrlet.exe');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('PLFlash DeviceIoControl Service');
BC_DeleteSvc('mailKmd');
BC_Activate;
RebootWindows(true);
end.
После перезагрузки: