Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\TEMP\NtHid.sys','');
QuarantineFile('C:\WINDOWS\System32\CbEvtSvc.exe','');
QuarantineFile('C:\WINDOWS\System32\Drivers\vaxscsi.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\win32x.sys','');
QuarantineFile('C:\WINDOWS\Downloaded Program Files\sZaeAC74EzXJeVeJu6p.cur','');
QuarantineFile('C:\WINDOWS\Tasks\JJX5r8wnsqUnNxGwpwn.inf','');
QuarantineFile('C:\WINDOWS\Tasks\TQupe3tz9FGwu56yjWvyY4t.inf','');
QuarantineFile('C:\WINDOWS\system32\122B901E.dll','');
QuarantineFile('C:\WINDOWS\system32\CDuAUVkGy9.dll','');
QuarantineFile('C:\WINDOWS\system32\CWcQnWxHjWqtE6PsYyEe.inf','');
QuarantineFile('C:\WINDOWS\system32\Je9hR9NedWPyAckEN42c.inf','');
QuarantineFile('C:\WINDOWS\system32\SjQGXVR4VJHtTHeDE75wC.inf','');
QuarantineFile('C:\WINDOWS\system32\W8MvNsbGCCW52XyxV8wQ.inf','');
QuarantineFile('C:\WINDOWS\system32\X5T4kV8DNmMbdRXAUx82K.inf','');
QuarantineFile('C:\WINDOWS\system32\dhDhwS7fFW.dll','');
QuarantineFile('C:\WINDOWS\system32\nXe2grrKNzF9dxYKmqg.inf','');
QuarantineFile('C:\WINDOWS\system32\qfK6YS52MyExkxpwMDmHq.inf','');
QuarantineFile('C:\WINDOWS\system32\t5SNSsxGp75apRFtS5Pkuajx.inf','');
QuarantineFile('C:\WINDOWS\system32\ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf','');
QuarantineFile('C:\WINDOWS\system32\z6FVkEF47huPzgaXee.inf','');
QuarantineFile('c:\TEMP\NEventMessages.dll','');
QuarantineFile('C:\WINDOWS\system32\msnvl.exe','');
QuarantineFile('c:\windows\system32\rb37scqvgmszgj3aqyb5qrczx.inf','');
QuarantineFile('c:\windows\system32\fsmby3kmwnag5grbwggu.inf','');
QuarantineFile('c:\windows\tasks\jjx5r8wnsqunnxgwpwn.inf','');
QuarantineFile('c:\windows\system32\emqzjjurmfvkrkex9gj.inf','');
QuarantineFile('c:\windows\tasks\tdz5y2teakw2z7xkphf9sqj.inf','');
QuarantineFile('c:\windows\system32\122b901e.dll','');
QuarantineFile('c:\windows\system32\amnczw74h8gwd6cpygkrzdy8.inf','');
QuarantineFile('c:\windows\tasks\ygfdvuegeqm9fhy5rnn.inf','');
QuarantineFile('c:\windows\system32\sjqgxvr4vjhtthede75wc.inf','');
QuarantineFile('c:\windows\system32\bwxjaewkdxgrfhkawefa33c36nr.inf','');
QuarantineFile('c:\windows\tasks\tqupe3tz9fgwu56yjwvyy4t.inf','');
QuarantineFile('c:\windows\system32\btmband89jc9pspq5eknj.inf','');
QuarantineFile('c:\windows\tasks\c2nh4numz9kny5zqnc.inf','');
QuarantineFile('c:\windows\system32\w8mvnsbgccw52xyxv8wq.inf','');
QuarantineFile('c:\windows\system32\cwcqnwxhjwqte6psyyee.inf','');
QuarantineFile('C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf','');
QuarantineFile('C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf','');
QuarantineFile('C:\WINDOWS\system32\bWxJAeWKDxgRfhkaWEfA33C36nr.inf','');
QuarantineFile('C:\WINDOWS\system32\08223B03.dll','');
QuarantineFile('C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf','');
QuarantineFile('C:\WINDOWS\system32\AMNCZw74h8gwd6CpYGkrZDy8.inf','');
QuarantineFile('C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll','');
QuarantineFile('C:\WINDOWS\Tasks\TDz5y2TEAKw2z7xkPhf9Sqj.inf','');
QuarantineFile('C:\WINDOWS\system32\EMQzJJURMfVkrkEx9GJ.inf','');
QuarantineFile('C:\WINDOWS\Downloaded Program Files\6HgdgyQ9RqYPdfvgBgHcs9g5m.cur','');
QuarantineFile('C:\WINDOWS\system32\rb37sCqvGmszGJ3aQYB5qRczx.inf','');
QuarantineFile('C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf','');
DeleteFile('C:\WINDOWS\system32\rb37sCqvGmszGJ3aQYB5qRczx.inf');
DeleteFile('C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf');
DeleteFile('C:\WINDOWS\Downloaded Program Files\6HgdgyQ9RqYPdfvgBgHcs9g5m.cur');
DeleteFile('C:\WINDOWS\system32\EMQzJJURMfVkrkEx9GJ.inf');
DeleteFile('C:\WINDOWS\Tasks\TDz5y2TEAKw2z7xkPhf9Sqj.inf');
DeleteFile('C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll');
DeleteFile('C:\WINDOWS\system32\AMNCZw74h8gwd6CpYGkrZDy8.inf');
DeleteFile('C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf');
DeleteFile('C:\WINDOWS\system32\08223B03.dll');
DeleteFile('C:\WINDOWS\system32\bWxJAeWKDxgRfhkaWEfA33C36nr.inf');
DeleteFile('C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf');
DeleteFile('C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf');
DeleteFile('c:\windows\system32\cwcqnwxhjwqte6psyyee.inf');
DeleteFile('c:\windows\system32\w8mvnsbgccw52xyxv8wq.inf');
DeleteFile('c:\windows\tasks\c2nh4numz9kny5zqnc.inf');
DeleteFile('c:\windows\system32\btmband89jc9pspq5eknj.inf');
DeleteFile('c:\windows\tasks\tqupe3tz9fgwu56yjwvyy4t.inf');
DeleteFile('c:\windows\system32\sjqgxvr4vjhtthede75wc.inf');
DeleteFile('c:\windows\tasks\ygfdvuegeqm9fhy5rnn.inf');
DeleteFile('c:\windows\system32\amnczw74h8gwd6cpygkrzdy8.inf');
DeleteFile('c:\windows\system32\122b901e.dll');
DeleteFile('c:\windows\tasks\tdz5y2teakw2z7xkphf9sqj.inf');
DeleteFile('c:\windows\system32\emqzjjurmfvkrkex9gj.inf');
DeleteFile('c:\windows\tasks\jjx5r8wnsqunnxgwpwn.inf');
DeleteFile('c:\windows\system32\fsmby3kmwnag5grbwggu.inf');
DeleteFile('c:\windows\system32\rb37scqvgmszgj3aqyb5qrczx.inf');
DeleteFile('C:\WINDOWS\system32\msnvl.exe');
DeleteFile('c:\TEMP\NEventMessages.dll');
DeleteFile('C:\WINDOWS\system32\z6FVkEF47huPzgaXee.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{74DA2FEC-F68F-4DC7-9A45-9174AC044427}');
DeleteFile('C:\WINDOWS\system32\ujMhyGsS7tRV9gU2HHMkJcu7DPU.inf');
DeleteFile('C:\WINDOWS\system32\t5SNSsxGp75apRFtS5Pkuajx.inf');
DeleteFile('C:\WINDOWS\system32\qfK6YS52MyExkxpwMDmHq.inf');
DeleteFile('C:\WINDOWS\system32\nXe2grrKNzF9dxYKmqg.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{8A6A5B34-D995-4C5D-9338-B5E264B4A87}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{612A87C6-33C3-4CCF-9F65-55FFC9C83860}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{7CC109E5-B2FC-4FEE-AF04-74B2DCBD2540}');
DeleteFile('C:\WINDOWS\system32\dhDhwS7fFW.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{36AC68E6-0C26-4D39-B98E-54B49DAB6BAA}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{05EDDA35-1E5B-4A77-8F68-99AB967CF632}');
DeleteFile('C:\WINDOWS\system32\X5T4kV8DNmMbdRXAUx82K.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{CE38B9E6-AF0C-4B93-AFAB-A20C2311FFD0}');
DeleteFile('C:\WINDOWS\system32\W8MvNsbGCCW52XyxV8wQ.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{3DCB9005-ABA0-47F8-8C40-49ABC04AE5EE}');
DeleteFile('C:\WINDOWS\system32\SjQGXVR4VJHtTHeDE75wC.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{FF9896FF-88E7-4D7F-8839-5A7C5D062F3B}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{51716C09-6B08-4CCF-B526-718E912C0573}');
DeleteFile('C:\WINDOWS\system32\Je9hR9NedWPyAckEN42c.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{20CFDC59-228C-481F-80B6-404BCFA16B13}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-','{D36A1DF7-6582-4160-B925-59A34E39FE30}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{D36A1DF7-6582-4160-B925-59A34E39FE30}');
DeleteFile('C:\WINDOWS\system32\CWcQnWxHjWqtE6PsYyEe.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{CB661471-055A-4C5B-9ED0-497B9908FEF5}');
DeleteFile('C:\WINDOWS\system32\CDuAUVkGy9.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{93DA1E7D-7C46-4F90-8674-EC90511FCA72}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{1719B301-B494-4185-9379-242461F9CF02}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{C4BD9D5C-04CA-45E6-8539-98B07D99B6BC}');
DeleteFile('C:\WINDOWS\system32\122B901E.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-','{6049BC02-7EDA-4C41-B4AB-D5398607C39E}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{6049BC02-7EDA-4C41-B4AB-D5398607C39E}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{B9D0F4D7-C809-4C27-9CB4-63201DFB3D05}');
DeleteFile('C:\WINDOWS\Tasks\TQupe3tz9FGwu56yjWvyY4t.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-','{07B2788F-BD22-404E-B617-4ABCA2C0BF94}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{07B2788F-BD22-404E-B617-4ABCA2C0BF94}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-','{81EB905C-EDF8-4033-80BF-E0F4F46733DF}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{81EB905C-EDF8-4033-80BF-E0F4F46733DF}');
DeleteFile('C:\WINDOWS\Tasks\JJX5r8wnsqUnNxGwpwn.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-','{A2BCFCEE-C939-433F-A32A-7353A6E720DB}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{A2BCFCEE-C939-433F-A32A-7353A6E720DB}');
DeleteFile('C:\WINDOWS\Downloaded Program Files\sZaeAC74EzXJeVeJu6p.cur');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{F181F067-7046-4DCB-993F-200990736305}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{F7D81EAE-34CD-4EC5-9663-37FC799F1B50}');
DeleteFile('C:\WINDOWS\system32\drivers\win32x.sys');
DeleteFile('C:\WINDOWS\System32\CbEvtSvc.exe');
DeleteService('CbEvtSvc');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.