Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('WinCtrl32.dll','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('C:\WINDOWS\system32\WinCtrl32.dll','');
QuarantineFile('C:\WINDOWS\system32\lphc9m2j0e567.exe','');
QuarantineFile('c:\windows\system32\lphc9m2j0e567.exe','');
QuarantineFile('C:\WINDOWS\system32\karina.dat','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winxq02.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winwy04.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winwn43.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winvf14.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wintr77.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winsj21.sys','');
QuarantineFile('C:\WINDOWS\system32\Drivers\Winsj21.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winqg80.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmq72.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winmk44.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winkr67.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjy80.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjy67.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjp58.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjo12.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winji41.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winjc48.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winhw20.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winhq60.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winhn55.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winhe42.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wingk05.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winei50.sys','');
QuarantineFile('C:\WINDOWS\system32\Drivers\Winei50.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wineh61.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Windc38.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Wincn10.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winbo45.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winbe04.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\Winba23.sys','');
QuarantineFile('C:\WINDOWS\system32\Drivers\Beep.sys','');
QuarantineFile('C:\WINDOWS\system32\buritos.exe','');
QuarantineFile('C:\WINDOWS\system32\braviax.exe','');
QuarantineFile('C:\WINDOWS\system32\blphc9m2j0e567.scr','');
DeleteService('Winxq02');
DeleteService('Winwy04');
DeleteService('Winwn43');
DeleteService('Winvf14');
DeleteService('Wintr77');
DeleteService('Winsj21');
DeleteService('Winqg80');
DeleteService('Winmq72');
DeleteService('Winmk44');
DeleteService('Winkt11');
DeleteService('Winkr67');
DeleteService('Winjy80');
DeleteService('Winjy67');
DeleteService('Winjp58');
DeleteService('Winjo12');
DeleteService('Winji41');
DeleteService('Winjc48');
DeleteService('Winhw20');
DeleteService('Winhq60');
DeleteService('Winhn55');
DeleteService('Winhe42');
DeleteService('Wingk05');
DeleteService('Winei50');
DeleteService('Wineh61');
DeleteService('Windc38');
DeleteService('Wincr78');
DeleteService('Wincn10');
DeleteService('Winbo45');
DeleteService('Winbe04');
DeleteService('Winba23');
DeleteService('VSSlanmanworkstationSharedAccessNetDDE');
DeleteService('upnphostTuneUp.Defrag');
DeleteService('TuneUp.DefragSchedule');
DeleteService('TlntSvrHTTPFilter');
DeleteService('TlntSvrCOMSysAppTuneUp.Defrag');
DeleteService('SysmonLoglanmanworkstationSharedAccessNetDDE');
DeleteService('SSScsiSVDcomLaunchVSSlanmanworkstationSharedAccessNetDDE');
DeleteService('SSScsiSVDcomLaunch');
DeleteService('SSDPSRVSNDSrvc');
DeleteService('SSDPSRVALG');
DeleteService('SPTISRVRasMan');
DeleteService('ScheduleCiSvc');
DeleteService('SBServiceClipSrv');
DeleteService('RasManwuauservRSVP');
DeleteService('RasManRasAutoMSIServer');
DeleteService('RasManRasAuto');
DeleteService('PACSPTISVRAppMgmtHidServFastUserSwitchingCompatibilityMSCSPTISRVose');
DeleteService('PACSPTISVRAppMgmtHidServ');
DeleteService('PACSPTISVRAppMgmt');
DeleteService('oseSSDPSRVSNDSrvcSPTISRVRasMan');
DeleteService('oseSSDPSRVSNDSrvc');
DeleteService('oseEhttpSrv');
DeleteService('NVSvcseclogon');
DeleteService('NVSvcPACSPTISVR');
DeleteService('NtmsSvcodserv');
DeleteService('NtLmSspRpcSs');
DeleteService('NetlogonMessengerFastUserSwitchingCompatibilityWebClientEventlog');
DeleteService('NetlogonMessengerFastUserSwitchingCompatibilityWebClient');
DeleteService('NetlogonMessengerFastUserSwitchingCompatibilityaawservice');
DeleteService('NetlogonMessengerFastUserSwitchingCompatibility');
DeleteService('NetlogonMessenger');
DeleteService('Netlogonlanmanworkstationekrn');
DeleteService('Netlogonlanmanworkstation');
DeleteService('NetlogonFastUserSwitchingCompatibilityMSCSPTISRV');
DeleteService('MSCSPTISRVPACSPTISVRAppMgmt');
DeleteService('MessengerRemoteRegistryr_server');
DeleteService('MessengerRemoteRegistry');
DeleteService('MessengerEventlog');
DeleteService('LmHostsTlntSvrHTTPFilter');
DeleteService('LmHostsCiSvc');
DeleteService('lanmanworkstationSharedAccessNetDDE');
DeleteService('lanmanworkstationSharedAccess');
DeleteService('HTTPFilterr_server');
DeleteService('FastUserSwitchingCompatibilityMSCSPTISRVose');
DeleteService('FastUserSwitchingCompatibilityMSCSPTISRV');
DeleteService('EventlogSchedule');
DeleteService('ERSvcr_serverSPTISRV');
DeleteService('ERSvcr_server');
DeleteService('ERSvcNetDDE');
DeleteService('ERSvcMSCSPTISRVPACSPTISVRAppMgmtEventlog');
DeleteService('ERSvcMSCSPTISRVPACSPTISVRAppMgmt');
DeleteService('EhttpSrvSwPrv');
DeleteService('EhttpSrvCOMSysApp');
DeleteService('CryptSvcNla');
DeleteService('CryptSvclanmanworkstationSharedAccess');
DeleteService('COMSysAppTuneUp.Defrag');
DeleteService('CCALib8NetlogonMessengerFastUserSwitchingCompatibilityWebClientEventlog');
DeleteService('ALGHidServ');
DeleteService('aawserviceoseSSDPSRVSNDSrvc');
DeleteFile('WinCtrl32.dll');
DeleteFile('F:\autorun.inf');
DeleteFile('C:\WINDOWS\system32\WinCtrl32.dll');
DeleteFile('c:\windows\system32\lphc9m2j0e567.exe');
DeleteFile('C:\WINDOWS\system32\lphc9m2j0e567.exe');
DeleteFile('C:\WINDOWS\system32\karina.dat');
DeleteFile('C:\WINDOWS\System32\Drivers\Winxq02.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winwy04.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winwn43.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winvf14.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wintr77.sys');
DeleteFile('C:\WINDOWS\system32\Drivers\Winsj21.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winsj21.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winqg80.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmq72.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winmk44.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkt11.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winkr67.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjy80.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjy67.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjp58.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjo12.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winji41.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winjc48.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winhw20.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winhq60.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winhn55.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winhe42.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wingk05.sys');
DeleteFile('C:\WINDOWS\system32\Drivers\Winei50.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winei50.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wineh61.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Windc38.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wincr78.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Wincn10.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winbo45.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winbe04.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\Winba23.sys');
DeleteFile('C:\WINDOWS\system32\Drivers\Beep.sys');
DeleteFile('C:\WINDOWS\system32\buritos.exe');
DeleteFile('C:\WINDOWS\system32\braviax.exe');
DeleteFile('C:\WINDOWS\system32\blphc9m2j0e567.scr');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('Winxq02');
BC_DeleteSvc('Winwy04');
BC_DeleteSvc('Winwn43');
BC_DeleteSvc('Winvf14');
BC_DeleteSvc('Wintr77');
BC_DeleteSvc('Winsj21');
BC_DeleteSvc('Winqg80');
BC_DeleteSvc('Winmq72');
BC_DeleteSvc('Winmk44');
BC_DeleteSvc('Winkt11');
BC_DeleteSvc('Winkr67');
BC_DeleteSvc('Winjy80');
BC_DeleteSvc('Winjy67');
BC_DeleteSvc('Winjp58');
BC_DeleteSvc('Winjo12');
BC_DeleteSvc('Winji41');
BC_DeleteSvc('Winjc48');
BC_DeleteSvc('Winhw20');
BC_DeleteSvc('Winhq60');
BC_DeleteSvc('Winhn55');
BC_DeleteSvc('Winhe42');
BC_DeleteSvc('Wingk05');
BC_DeleteSvc('Winei50');
BC_DeleteSvc('Wineh61');
BC_DeleteSvc('Windc38');
BC_DeleteSvc('Wincr78');
BC_DeleteSvc('Wincn10');
BC_DeleteSvc('Winbo45');
BC_DeleteSvc('Winbe04');
BC_DeleteSvc('Winba23');
BC_DeleteSvc('VSSlanmanworkstationSharedAccessNetDDE');
BC_DeleteSvc('upnphostTuneUp.Defrag');
BC_DeleteSvc('TuneUp.DefragSchedule');
BC_DeleteSvc('TlntSvrHTTPFilter');
BC_DeleteSvc('TlntSvrCOMSysAppTuneUp.Defrag');
BC_DeleteSvc('SysmonLoglanmanworkstationSharedAccessNetDDE');
BC_DeleteSvc('SSScsiSVDcomLaunchVSSlanmanworkstationSharedAccessNetDDE');
BC_DeleteSvc('SSScsiSVDcomLaunch');
BC_DeleteSvc('SSDPSRVSNDSrvc');
BC_DeleteSvc('SSDPSRVALG');
BC_DeleteSvc('SPTISRVRasMan');
BC_DeleteSvc('ScheduleCiSvc');
BC_DeleteSvc('SBServiceClipSrv');
BC_DeleteSvc('RasManwuauservRSVP');
BC_DeleteSvc('RasManRasAutoMSIServer');
BC_DeleteSvc('RasManRasAuto');
BC_DeleteSvc('PACSPTISVRAppMgmtHidServFastUserSwitchingCompatibilityMSCSPTISRVose');
BC_DeleteSvc('PACSPTISVRAppMgmtHidServ');
BC_DeleteSvc('PACSPTISVRAppMgmt');
BC_DeleteSvc('oseSSDPSRVSNDSrvcSPTISRVRasMan');
BC_DeleteSvc('oseSSDPSRVSNDSrvc');
BC_DeleteSvc('oseEhttpSrv');
BC_DeleteSvc('NVSvcseclogon');
BC_DeleteSvc('NVSvcPACSPTISVR');
BC_DeleteSvc('NtmsSvcodserv');
BC_DeleteSvc('NtLmSspRpcSs');
BC_DeleteSvc('NetlogonMessengerFastUserSwitchingCompatibilityWebClientEventlog');
BC_DeleteSvc('NetlogonMessengerFastUserSwitchingCompatibilityWebClient');
BC_DeleteSvc('NetlogonMessengerFastUserSwitchingCompatibilityaawservice');
BC_DeleteSvc('NetlogonMessengerFastUserSwitchingCompatibility');
BC_DeleteSvc('NetlogonMessenger');
BC_DeleteSvc('Netlogonlanmanworkstationekrn');
BC_DeleteSvc('Netlogonlanmanworkstation');
BC_DeleteSvc('NetlogonFastUserSwitchingCompatibilityMSCSPTISRV');
BC_DeleteSvc('MSCSPTISRVPACSPTISVRAppMgmt');
BC_DeleteSvc('MessengerRemoteRegistryr_server');
BC_DeleteSvc('MessengerRemoteRegistry');
BC_DeleteSvc('MessengerEventlog');
BC_DeleteSvc('LmHostsTlntSvrHTTPFilter');
BC_DeleteSvc('LmHostsCiSvc');
BC_DeleteSvc('lanmanworkstationSharedAccessNetDDE');
BC_DeleteSvc('lanmanworkstationSharedAccess');
BC_DeleteSvc('HTTPFilterr_server');
BC_DeleteSvc('FastUserSwitchingCompatibilityMSCSPTISRVose');
BC_DeleteSvc('FastUserSwitchingCompatibilityMSCSPTISRV');
BC_DeleteSvc('EventlogSchedule');
BC_DeleteSvc('ERSvcr_serverSPTISRV');
BC_DeleteSvc('ERSvcr_server');
BC_DeleteSvc('ERSvcNetDDE');
BC_DeleteSvc('ERSvcMSCSPTISRVPACSPTISVRAppMgmtEventlog');
BC_DeleteSvc('ERSvcMSCSPTISRVPACSPTISVRAppMgmt');
BC_DeleteSvc('EhttpSrvSwPrv');
BC_DeleteSvc('EhttpSrvCOMSysApp');
BC_DeleteSvc('CryptSvcNla');
BC_DeleteSvc('CryptSvclanmanworkstationSharedAccess');
BC_DeleteSvc('COMSysAppTuneUp.Defrag');
BC_DeleteSvc('CCALib8NetlogonMessengerFastUserSwitchingCompatibilityWebClientEventlog');
BC_DeleteSvc('ALGHidServ');
BC_DeleteSvc('aawserviceoseSSDPSRVSNDSrvc');
BC_Activate;
RebootWindows(true);
end.
После перезагрузки: