Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DelBHO('{22CB0BB1-F2A4-4c04-8916-2052C3DC6941}');
DelCLSID('{67KLN5J0-4OPM-01WE-AAX5-314CCA553177}');
DelCLSID('{28ABC5C0-4FCB-11CF-AAX5-22CX3C644241}');
DelCLSID('{28ABC5C0-4FCB-11CF-AAX5-21CX1C987892}');
DelCLSID('{23KLN5J0-4OPM-11WE-AAX5-24EF1F387232}');
DelCLSID('{08B0E5C0-4FCB-11CF-AAX5-00401C608512}');
QuarantineFile('C:\WINDOWS\system32\MSImg32.dll','');
QuarantineFile('c:\rEdNuht\sEliF\ReDNuHt.exe','');
QuarantineFile('C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Perfume.exe','');
QuarantineFile('C:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe','');
QuarantineFile('C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\Wins.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Fragmem.exe','');
QuarantineFile('C:\WINDOWS\system32\0b15.dll','');
QuarantineFile('c:\windows\fonts\kb0209525.dll','');
QuarantineFile('c:\windows\fonts\kb0208455.dll','');
QuarantineFile('C:\WINDOWS\system32\z6FVkEF47huPzgaXee.inf','');
QuarantineFile('C:\WINDOWS\system32\t5SNSsxGp75apRFtS5Pkuajx.inf','');
QuarantineFile('C:\WINDOWS\system32\rb37sCqvGmszGJ3aQYB5qRczx.inf','');
QuarantineFile('C:\WINDOWS\system32\qzp3jTZCSfSh.dll','');
QuarantineFile('C:\WINDOWS\system32\qfK6YS52MyExkxpwMDmHq.inf','');
QuarantineFile('C:\WINDOWS\system32\ndxq9awMc.dll','');
QuarantineFile('C:\WINDOWS\system32\nXe2grrKNzF9dxYKmqg.inf','');
QuarantineFile('C:\WINDOWS\system32\jY8sGUnWqbZb3x2BPhY.dll','');
QuarantineFile('C:\WINDOWS\system32\dhDhwS7fFW.dll','');
QuarantineFile('C:\WINDOWS\system32\SCEVFJRCmaB7.dll','');
QuarantineFile('C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll','');
QuarantineFile('C:\WINDOWS\system32\Je9hR9NedWPyAckEN42c.inf','');
QuarantineFile('C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf','');
QuarantineFile('C:\WINDOWS\system32\CWcQnWxHjWqtE6PsYyEe.inf','');
QuarantineFile('C:\WINDOWS\system32\CDuAUVkGy9.dll','');
QuarantineFile('C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf','');
QuarantineFile('C:\WINDOWS\system32\BPRBASgvesMzHRfu3AfB.inf','');
QuarantineFile('C:\WINDOWS\system32\AMNCZw74h8gwd6CpYGkrZDy8.inf','');
QuarantineFile('C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.inf','');
QuarantineFile('C:\WINDOWS\system32\2EF0D734.dll','');
QuarantineFile('C:\WINDOWS\system32\122B901E.dll','');
QuarantineFile('C:\WINDOWS\system32\08223B03.dll','');
QuarantineFile('C:\WINDOWS\fonts\acCjngH97w.fon','');
QuarantineFile('C:\WINDOWS\fonts\A97CRaCB.fon','');
QuarantineFile('C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf','');
QuarantineFile('C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf','');
QuarantineFile('C:\WINDOWS\Tasks\TQupe3tz9FGwu56yjWvyY4t.inf','');
QuarantineFile('C:\WINDOWS\Tasks\TDz5y2TEAKw2z7xkPhf9Sqj.inf','');
QuarantineFile('C:\WINDOWS\Tasks\SbrmpxjdCrgRAFhz4gHh.inf','');
QuarantineFile('C:\WINDOWS\Tasks\RMjFwVNTbh7TnJJyXgnEVDuxw.inf','');
QuarantineFile('C:\WINDOWS\Tasks\JJX5r8wnsqUnNxGwpwn.inf','');
QuarantineFile('C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf','');
QuarantineFile('C:\WINDOWS\Tasks\4H5HJTHFZkxrCpehBpx4TmR.inf','');
QuarantineFile('C:\WINDOWS\Fonts\kb022184811.dll','');
QuarantineFile('C:\WINDOWS\Downloaded Program Files\WUstNjhyfQfpv8PQbC.cur','');
QuarantineFile('C:\WINDOWS\Downloaded Program Files\SjRjQgREDp3P8B4rEEg.cur','');
QuarantineFile('C:\WINDOWS\Downloaded Program Files\sZaeAC74EzXJeVeJu6p.cur','');
QuarantineFile('C:\WINDOWS\winsccoo.exe','');
DeleteService('WinSCCOM');
QuarantineFile('C:\WINDOWS\system32\s.exe','');
DeleteService('OSEvent');
QuarantineFile('C:\WINDOWS\system32\drivers\NirCmd.exe','');
DeleteService('NirSoft Service Controler');
QuarantineFile('C:\WINDOWS\system32\kspoold.exe','');
DeleteService('kspooldaemon');
QuarantineFile('C:\WINDOWS\lsass.exe','');
DeleteService('kkdc');
QuarantineFile('C:\WINDOWS\system32\hraq.exe','');
DeleteService('hraq');
QuarantineFile('C:\WINDOWS\system32\di8d.exe','');
QuarantineFile('C:\WINDOWS\Fonts\995AB180.EXE','');
DeleteService('90616DE8');
QuarantineFile('C:\WINDOWS\system32\drivers\aprdgejo.sys','');
QuarantineFile('C:\WINDOWS\system32\msinet32d.dll','');
DeleteFile('C:\WINDOWS\Fonts\995AB180.EXE');
DeleteFile('C:\WINDOWS\system32\di8d.exe');
DeleteFile('C:\WINDOWS\system32\hraq.exe');
DeleteFile('C:\WINDOWS\lsass.exe');
DeleteFile('C:\WINDOWS\system32\kspoold.exe');
DeleteFile('C:\WINDOWS\system32\drivers\NirCmd.exe');
DeleteFile('C:\WINDOWS\system32\s.exe');
DeleteFile('C:\WINDOWS\winsccoo.exe');
DeleteFile('C:\WINDOWS\Downloaded Program Files\SjRjQgREDp3P8B4rEEg.cur');
DeleteFile('C:\WINDOWS\Downloaded Program Files\WUstNjhyfQfpv8PQbC.cur');
DeleteFile('C:\WINDOWS\Downloaded Program Files\sZaeAC74EzXJeVeJu6p.cur');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{84639C2D-CD75-4081-B515-329AFCECBF19}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{526EB425-7F56-4773-8D70-B8E45AA8E2B6}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{F181F067-7046-4DCB-993F-200990736305}');
DeleteFile('C:\WINDOWS\Fonts\kb022184811.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{9B1AE382-2647-4c4a-A313-B36B6CA34BD7}');
DeleteFile('C:\WINDOWS\Tasks\4H5HJTHFZkxrCpehBpx4TmR.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{3373CD28-8C35-4A36-8569-672D8CA197F5}');
DeleteFile('C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{11FDB6D4-166A-47BF-A0F8-A09DABA75FC1}');
DeleteFile('C:\WINDOWS\Tasks\JJX5r8wnsqUnNxGwpwn.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{A2BCFCEE-C939-433F-A32A-7353A6E720DB}');
DeleteFile('C:\WINDOWS\Tasks\RMjFwVNTbh7TnJJyXgnEVDuxw.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{21437C0D-96C7-40CB-BD46-CE995947E3D1}');
DeleteFile('C:\WINDOWS\Tasks\SbrmpxjdCrgRAFhz4gHh.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{827E2FB4-1047-43DE-848D-E12BB0C97AAB}');
DeleteFile('C:\WINDOWS\Tasks\TDz5y2TEAKw2z7xkPhf9Sqj.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{81EB905C-EDF8-4033-80BF-E0F4F46733DF}');
DeleteFile('C:\WINDOWS\Tasks\TQupe3tz9FGwu56yjWvyY4t.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{07B2788F-BD22-404E-B617-4ABCA2C0BF94}');
DeleteFile('C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{B9D0F4D7-C809-4C27-9CB4-63201DFB3D05}');
DeleteFile('C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{6049BC02-7EDA-4C41-B4AB-D5398607C39E}');
DeleteFile('C:\WINDOWS\fonts\A97CRaCB.fon');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{8708994F-1758-4C2C-9A3F-FA22D6CCCB41}');
DeleteFile('C:\WINDOWS\fonts\acCjngH97w.fon');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{594EFEFB-4932-421C-9C83-A6BEB868E52D}');
DeleteFile('C:\WINDOWS\system32\08223B03.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}');
DeleteFile('C:\WINDOWS\system32\122B901E.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}');
DeleteFile('C:\WINDOWS\system32\2EF0D734.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{2EF0D734-21FD-4225-A1A2-BCD296182AAF}');
DeleteFile('C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{87DE8A1A-96C5-4420-B222-EF998F697CE7}');
DeleteFile('C:\WINDOWS\system32\AMNCZw74h8gwd6CpYGkrZDy8.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{C4BD9D5C-04CA-45E6-8539-98B07D99B6BC}');
DeleteFile('C:\WINDOWS\system32\BPRBASgvesMzHRfu3AfB.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{C07B914B-C164-42D2-9838-1422C3F70D99}');
DeleteFile('C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{1719B301-B494-4185-9379-242461F9CF02}');
DeleteFile('C:\WINDOWS\system32\CDuAUVkGy9.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{93DA1E7D-7C46-4F90-8674-EC90511FCA72}');
DeleteFile('C:\WINDOWS\system32\CWcQnWxHjWqtE6PsYyEe.inf');
DeleteFile('C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C}');
DeleteFile('C:\WINDOWS\system32\Je9hR9NedWPyAckEN42c.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{20CFDC59-228C-481F-80B6-404BCFA16B13}');
DeleteFile('C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{51716C09-6B08-4CCF-B526-718E912C0573}');
DeleteFile('C:\WINDOWS\system32\SCEVFJRCmaB7.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{CD478099-014D-4B3A-A4BB-B518F1019BC7}');
DeleteFile('C:\WINDOWS\system32\dhDhwS7fFW.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{36AC68E6-0C26-4D39-B98E-54B49DAB6BAA}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Eventlog\Application\encyp','EventMessageFile');
DeleteFile('C:\WINDOWS\system32\jY8sGUnWqbZb3x2BPhY.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{8E6D4583-0FA1-41B2-BAAA-63352E6333CA}');
DeleteFile('C:\WINDOWS\system32\nXe2grrKNzF9dxYKmqg.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{8A6A5B34-D995-4C5D-9338-B5E264B4A87}');
DeleteFile('C:\WINDOWS\system32\ndxq9awMc.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{23DA65D2-C696-4EE4-BEE8-B4841DEC3E30}');
DeleteFile('C:\WINDOWS\system32\qfK6YS52MyExkxpwMDmHq.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{335A9BAE-19FA-42F2-AFD2-20C3275EF392}');
DeleteFile('C:\WINDOWS\system32\qzp3jTZCSfSh.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{4F5EEDE5-1687-49D2-8A17-FF0B454FB37B}');
DeleteFile('C:\WINDOWS\system32\rb37sCqvGmszGJ3aQYB5qRczx.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{30E05169-5E63-4038-9709-5FAD6E488ED2}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Eventlog\Application\OSEvent','EventMessageFile');
DeleteFile('C:\WINDOWS\system32\t5SNSsxGp75apRFtS5Pkuajx.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{612A87C6-33C3-4CCF-9F65-55FFC9C83860}');
DeleteFile('C:\WINDOWS\system32\z6FVkEF47huPzgaXee.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{74DA2FEC-F68F-4DC7-9A45-9174AC044427}');
DeleteFile('c:\windows\fonts\kb0208130.dll');
DeleteFile('c:\windows\fonts\kb0208455.dll');
DeleteFile('c:\windows\fonts\kb0209525.dll');
DeleteFile('C:\WINDOWS\system32\0b15.dll');
DeleteFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Fragmem.exe');
DeleteFile('C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\Wins.exe');
DeleteFile('C:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe');
DeleteFile('C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Perfume.exe');
DeleteFile('c:\rEdNuht\sEliF\ReDNuHt.exe');
DeleteFileMask('c:\rEdNuht', '*.*', true);
DeleteDirectory('c:\rEdNuht')
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
RebootWindows(true);
end.
ПК перезагрузится.