Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('nnjqmlvv');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','xlpnncjd.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','vxsvbxcz.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','services');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','nujhtvrz.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','AntiSpyware Service');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','services');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','xlpnncjd.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','vxsvbxcz.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','services');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','nujhtvrz.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','AntiSpyware Service');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','services');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad','pajeyurus');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad','mokefevas');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad','lorapamas');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','rimafajub');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler','{1c0efff2-e40b-49c3-bd2c-ea30042a0ccc}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler','{018ead3f-7850-463c-b423-f4b52a485f48}');
QuarantineFile('C:\WINDOWS\xlpnncjd.exe','');
QuarantineFile('C:\WINDOWS\vxsvbxcz.exe','');
QuarantineFile('C:\WINDOWS\TEMP\b0kmxcx.exe','');
QuarantineFile('C:\WINDOWS\system32\zukumuha.dll','');
QuarantineFile('C:\WINDOWS\system32\yovinumo.dll','');
QuarantineFile('C:\WINDOWS\system32\vssvc.exe','');
QuarantineFile('C:\WINDOWS\system32\userinit.exe','');
QuarantineFile('c:\windows\system32\tpkmpsvc.exe','');
QuarantineFile('C:\WINDOWS\system32\TpKmpSVC.exe','');
QuarantineFile('C:\WINDOWS\system32\svchost.exe','');
QuarantineFile('c:\windows\system32\sujomifo.dll','');
QuarantineFile('C:\WINDOWS\system32\rundll32.exe','');
QuarantineFile('c:\windows\system32\jezohefo.dll','');
QuarantineFile('c:\windows\system32\hizawizu.dll','');
QuarantineFile('C:\WINDOWS\system32\drivers\nnjqmlvv.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\nchssvad.sys','');
QuarantineFile('c:\windows\system32\binatoko.dll','');
QuarantineFile('C:\WINDOWS\services.exe','');
QuarantineFile('C:\WINDOWS\nujhtvrz.exe','');
QuarantineFile('c:\program files\thinkvantage\systemupdate\uclauncherservice.exe','');
QuarantineFile('bedigoje.dll','');
DeleteService('nnjqmlvv');
BC_DeleteSvc('nnjqmlvv');
DeleteFile('Explorer.exe logon.exe');
DeleteFile('C:\WINDOWS\xlpnncjd.exe');
DeleteFile('C:\WINDOWS\vxsvbxcz.exe');
DeleteFile('C:\WINDOWS\TEMP\b0kmxcx.exe');
DeleteFile('C:\WINDOWS\system32\zukumuha.dll');
DeleteFile('C:\WINDOWS\system32\yovinumo.dll');
DeleteFile('c:\windows\system32\sujomifo.dll');
DeleteFile('c:\windows\system32\jezohefo.dll');
DeleteFile('c:\windows\system32\hizawizu.dll');
DeleteFile('C:\WINDOWS\system32\drivers\nnjqmlvv.sys');
DeleteFile('c:\windows\system32\binatoko.dll');
DeleteFile('C:\WINDOWS\services.exe');
DeleteFile('C:\WINDOWS\nujhtvrz.exe');
DeleteFile('bedigoje.dll');
DeleteFile('C:\WINDOWS\system32\bedigoje.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
After reboot: