Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
DeleteFileMask(GetAVZDirectory + 'Quarantine', '*.*', true);
TerminateProcessByName('c:\windows\system32\msvmiode.exe');
TerminateProcessByName('c:\windows\cfdrive32.exe');
QuarantineFile('06.exe','');
QuarantineFile('C:\Documents and Settings\Valera\Application Data\rdrmi.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-3282960392-8487675190-306321011-2906\syscr.exe','');
QuarantineFile('C:\WINDOWS\cpctd.exe','');
QuarantineFile('C:\WINDOWS\hnbvl.exe','');
QuarantineFile('C:\WINDOWS\system32\334TDcf3.exe','');
QuarantineFile('C:\Documents and Settings\Valera\Application Data\ltzqai.exe','');
QuarantineFile('C:\WINDOWS\system32\msvmiode.exe','');
QuarantineFile('C:\WINDOWS\cfdrive32.exe','');
DeleteFile('C:\WINDOWS\cfdrive32.exe');
DeleteFile('C:\WINDOWS\system32\msvmiode.exe');
DeleteFile('C:\Documents and Settings\Valera\Application Data\ltzqai.exe');
DeleteFile('C:\WINDOWS\system32\334TDcf3.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','MSODESNV7');
DeleteFile('C:\WINDOWS\hnbvl.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Driversys32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Driversys32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Driversys32');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','Driversys32');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','Driversys32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Driver Setup');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Driver Setup');
DeleteFile('C:\WINDOWS\cpctd.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-3282960392-8487675190-306321011-2906\syscr.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','VGAResolution');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','VGAResolution');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','VGAResolution');
DeleteFile('C:\Documents and Settings\Valera\Application Data\rdrmi.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','msnmsg');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','msnmsg');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','msnmsg');
DeleteFile('06.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','VGAResolution');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','VGAResolution');
DeleteFile('C:\WINDOWS\Tasks\At*.job');
QuarantineFile('C:\DOCUME~1\Valera\LOCALS~1\Temp\867.exe','');
DeleteFile('C:\DOCUME~1\Valera\LOCALS~1\Temp\867.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW',2,2,true);
BC_Activate;
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.