Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\Temp\system32\wbem\grpconv.exe','');
DeleteFile('C:\WINDOWS\Temp\system32\wbem\grpconv.exe');
QuarantineFile('C:\WINDOWS\Temp\wpv541276706474.exe','');
DeleteFile('C:\WINDOWS\Temp\wpv541276706474.exe');
QuarantineFile('C:\WINDOWS\Temp\wpv291276717903.exe','');
DeleteFile('C:\WINDOWS\Temp\wpv291276717903.exe');
QuarantineFile('C:\WINDOWS\Temp\wpv461276716863.exe','');
DeleteFile('C:\WINDOWS\Temp\wpv461276716863.exe');
QuarantineFile('C:\WINDOWS\Temp\wpv161276706163.exe','');
DeleteFile('C:\WINDOWS\Temp\wpv161276706163.exe');
QuarantineFile('C:\WINDOWS\system32\userini.exe','');
QuarantineFile('C:\WINDOWS\system32\sdra64.exe','');
QuarantineFile('C:\WINDOWS\system32\oo3qrmm6i.exe','');
QuarantineFile('C:\WINDOWS\system32\fwwriijz0al.exe','');
QuarantineFile('C:\WINDOWS\system32\86dezk3.exe','');
QuarantineFile('C:\WINDOWS\system32\36ittjk.exe','');
QuarantineFile('C:\WINDOWS\services.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\vogan.exe','');
QuarantineFile('C:\S-1-5-21-1482476501-1644491937-682003330-1013\Mars1.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-8148125935-9342107602-532444701-0354\nissan.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\cpq.exe','');
QuarantineFile('C:\WINDOWS\system32\0471.tmp','');
DeleteService('vpahuevr');
QuarantineFile('C:\WINDOWS\System32\Drivers\ujihycjf.sys','');
DeleteService('ujihycjf');
QuarantineFile('C:\WINDOWS\system32\01.tmp','');
DeleteService('qcwlhx');
DeleteService('mpmxpc');
DeleteService('ifzybdky');
QuarantineFile('C:\WINDOWS\System32\DRIVERS\aecj.sys','');
QuarantineFile('C:\WINDOWS\System32\DRIVERS\aecq.sys','');
QuarantineFile('C:\WINDOWS\System32\DRIVERS\aecr.sys','');
DeleteService('aecr');
DeleteService('aecq');
DeleteService('aecj');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\vifo.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\jyboogav.exe','');
DeleteService('o5ubo5abe2iua');
DeleteService('iocgswuw8zeol');
TerminateProcessByName('c:\docume~1\9335~1\locals~1\temp\winxss.exe');
QuarantineFile('c:\docume~1\9335~1\locals~1\temp\winxss.exe','');
TerminateProcessByName('c:\documents and settings\Администратор\application data\microsoft\wassoo.exe');
QuarantineFile('c:\documents and settings\Администратор\application data\microsoft\wassoo.exe','');
DeleteFile('c:\documents and settings\Администратор\application data\microsoft\wassoo.exe');
DeleteFile('c:\docume~1\9335~1\locals~1\temp\winxss.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\jyboogav.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\vifo.exe');
DeleteFile('C:\WINDOWS\System32\DRIVERS\aecr.sys');
DeleteFile('C:\WINDOWS\System32\DRIVERS\aecq.sys');
DeleteFile('C:\WINDOWS\System32\DRIVERS\aecj.sys');
DeleteFile('C:\WINDOWS\system32\03.tmp');
DeleteFile('C:\WINDOWS\system32\01.tmp');
DeleteFile('C:\WINDOWS\System32\Drivers\ujihycjf.sys');
DeleteFile('C:\WINDOWS\system32\0471.tmp');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Windows Firewall');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Windows Firewall');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','bataz');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','roolimy');
DeleteFile('C:\Documents and Settings\Администратор\cpq.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-8148125935-9342107602-532444701-0354\nissan.exe');
DeleteFile('C:\S-1-5-21-1482476501-1644491937-682003330-1013\Mars1.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','InternetServics1');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\Microsoft\vogan.exe');
DeleteFile('C:\WINDOWS\services.exe');
DeleteFile('C:\WINDOWS\system32\36ittjk.exe');
DeleteFile('C:\WINDOWS\system32\86dezk3.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','ioezav7');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','wxxne1');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','services');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','cyytkk');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','cyyukql');
DeleteFile('C:\WINDOWS\system32\fwwriijz0al.exe');
DeleteFile('C:\WINDOWS\system32\oo3qrmm6i.exe');
DeleteFile('C:\WINDOWS\system32\sdra64.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','userinit');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','userinit');
DeleteFile('C:\WINDOWS\system32\userini.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','userini');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','userini');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','userini');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.