Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
TerminateProcessByName('c:\documents and settings\all users\application data\srtserv\playboyxxx.exe');
TerminateProcessByName('c:\docume~1\86c2~1\locals~1\temp\rtkbtmnt.exe');
QuarantineFile('C:\WINDOWS\system32\Drivers\NDIS.sys','');
QuarantineFile('C:\DOCUME~1\86C2~1\LOCALS~1\Temp\egl1ds.exe','');
QuarantineFile('C:\DOCUME~1\86C2~1\LOCALS~1\Temp\kfxg2c9.exe','');
QuarantineFile('C:\DOCUME~1\86C2~1\LOCALS~1\Temp\s92r.exe','');
QuarantineFile('C:\DOCUME~1\86C2~1\LOCALS~1\Temp\ydut.exe','');
QuarantineFile('C:\DOCUME~1\86C2~1\LOCALS~1\Temp\yjsagnr.exe','');
QuarantineFile('C:\Documents and Settings\Пользователь\Application Data\ygmdrm.exe','');
QuarantineFile('C:\Documents and Settings\Пользователь\jshodnpf~.exe','');
QuarantineFile('C:\Documents and Settings\Пользователь\Главное меню\Программы\Автозагрузка\PowerReg SchedulerV2.exe','');
QuarantineFile('C:\WINDOWS\System32\userinit.exe','');
QuarantineFile('C:\WINDOWS\TEMP\qytda.exe','');
QuarantineFile('C:\WINDOWS\fonts\services.exe','');
QuarantineFile('c:\documents and settings\all users\application data\srtserv\playboyxxx.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\zcbgoqxpp7.sys','');
QuarantineFile('\SystemRoot\system32\drivers\zcbgoqxpp7.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\zbraqckwedmfa9.sys','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\srtserv\sdata.dll','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('G:\autorun.inf','');
DeleteFile('G:\autorun.inf');
DeleteFile('E:\autorun.inf');
DeleteFile('C:\autorun.inf');
DeleteFile('C:\Documents and Settings\All Users\Application Data\srtserv\sdata.dll');
DeleteFile('C:\WINDOWS\system32\drivers\zbraqckwedmfa9.sys');
DeleteFile('\SystemRoot\system32\drivers\zcbgoqxpp7.sys');
DeleteFile('C:\WINDOWS\system32\drivers\zcbgoqxpp7.sys');
DeleteFile('c:\documents and settings\all users\application data\srtserv\playboyxxx.exe');
DeleteFile('C:\WINDOWS\fonts\services.exe');
DeleteFile('C:\WINDOWS\TEMP\qytda.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run-','apps');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run-','85gblp');
DeleteFile('C:\Documents and Settings\Пользователь\jshodnpf~.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-','jshodnpf~');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run-','jshodnpf~');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run-','jshodnpf~');
DeleteFile('C:\Documents and Settings\Пользователь\Application Data\ygmdrm.exe');
DeleteFile('C:\DOCUME~1\86C2~1\LOCALS~1\Temp\yjsagnr.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','srtserv');
DeleteFile('C:\Documents and Settings\All Users\Application Data\srtserv\PlayboyXXX.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run-','0q6l4');
DeleteFile('C:\DOCUME~1\86C2~1\LOCALS~1\Temp\ydut.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run-','e5u1');
DeleteFile('C:\DOCUME~1\86C2~1\LOCALS~1\Temp\s92r.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run-','w8d6');
DeleteFile('C:\DOCUME~1\86C2~1\LOCALS~1\Temp\kfxg2c9.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run-','mmbsp');
DeleteFile('C:\DOCUME~1\86C2~1\LOCALS~1\Temp\egl1ds.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run-','ccemf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW',2,2,true);
BC_Activate;
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.