Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\cKYAL.dll','');
DeleteFile('C:\WINDOWS\system32\cKYAL.dll');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('G:\nice\\little.exe','');
QuarantineFile('C:\WINDOWS\system32\sdra64.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-2326943260-3374151740-039171076-6900\djwi2kcew.exe,C:\Documents and Settings\Администратор\Application Data\mzrp.exe,C:\Documents and Settings\Администратор\Application Data\yaptm.exe,explorer.exe,C:\Documents and Settings\Администратор\fxmdk.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\yaptm.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\zimmacuhi.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\wivouraku.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\vicyvoov.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\vaquydi.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\vapooqueka.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\tousou.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\tooroloo.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\pymurywo.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\pyboob.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\mysov.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\mounnipoogyn.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\moucoocoo.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\motton.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\lufounoug.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\koulooqui.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\kiry.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\gajesoo.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\fepoze.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\dadouz.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\bocamyp.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\bissu.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\zimmacuhi.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\zajip.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\vapooqueka.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\ruzoulof.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\pyboob.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\mysov.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\motton.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\lufounoug.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\koulooqui.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\dadouz.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\coobuw.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\bocamyp.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\bissu.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\soroz.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\newojawuk.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\voobah.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\pifugoz.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\riquy.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\quowoopegoo.exe','');
DeleteService('w6ybawao35ei7q');
DeleteService('oeaiauy64ajeyyii');
DeleteService('ocezoiua4jdgo');
DeleteService('eti8bwmoa');
DeleteService('aaypnnayst9oauuo');
DeleteService('aakyiazoafadiytr');
TerminateProcessByName('c:\documents and settings\Администратор\application data\microsoft\vapooqueka.exe');
QuarantineFile('c:\documents and settings\Администратор\application data\microsoft\vapooqueka.exe','');
TerminateProcessByName('c:\documents and settings\Администратор\application data\microsoft\newojawuk.exe');
QuarantineFile('c:\documents and settings\Администратор\application data\microsoft\newojawuk.exe','');
DeleteFile('c:\documents and settings\Администратор\application data\microsoft\newojawuk.exe');
DeleteFile('c:\documents and settings\Администратор\application data\microsoft\vapooqueka.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\quowoopegoo.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\riquy.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\pifugoz.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\voobah.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\newojawuk.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\soroz.exe');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\bissu.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','nounulo');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\bocamyp.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','nygouc');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','nounulo');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\coobuw.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','cehi');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','cehi');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','nygouc');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\dadouz.exe');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\koulooqui.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','kodu');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','dimmizoug');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','dimmizoug');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\lufounoug.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','zooquy');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','kodu');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','zooquy');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\motton.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','livapu');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','livapu');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\mysov.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','quounnocas');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','quounnocas');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\pyboob.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','soobouli');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','soobouli');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\ruzoulof.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','toofu');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','toofu');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\vapooqueka.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','hebuve');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','hebuve');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\zajip.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','cipow');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','cipow');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\zimmacuhi.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','fukity');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','fukity');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\bissu.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','nounulo');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\bocamyp.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','cehi');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','cipow');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\dadouz.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\fepoze.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','wybahe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','dimmizoug');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\gajesoo.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\kiry.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\koulooqui.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','kodu');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','poutti');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','josiz');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','toofu');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\lufounoug.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\motton.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','livapu');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','zooquy');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\moucoocoo.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','loguk');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','nygouc');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\mounnipoogyn.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\mysov.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\pyboob.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','soobouli');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','quounnocas');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','lajal');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\pymurywo.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\tooroloo.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\tousou.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','pannoo');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','tecoogoos');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','noolem');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\vapooqueka.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\vaquydi.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\vicyvoov.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','hufek');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','bezirik');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','hebuve');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\wivouraku.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\zimmacuhi.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','fukity');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','rougy');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\yaptm.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-2326943260-3374151740-039171076-6900\djwi2kcew.exe,C:\Documents and Settings\Администратор\Application Data\mzrp.exe,C:\Documents and Settings\Администратор\Application Data\yaptm.exe,explorer.exe,C:\Documents and Settings\Администратор\fxmdk.exe');
DeleteFile('C:\WINDOWS\system32\sdra64.exe');
DeleteFile('G:\nice\\little.exe');
DeleteFile('G:\autorun.inf');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
RegKeyIntParamWrite('HKLM', 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum', '{BDEADF00-C265-11D0-BCED-00A0C90AB50F}', 1);
ExecuteRepair(11);
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
RebootWindows(true);
end.
Компьютер перезагрузится.