Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('D:\WINDOWS\system32\81.exe','');
QuarantineFile('D:\WINDOWS\system32\80.exe','');
QuarantineFile('D:\WINDOWS\system32\77.exe','');
QuarantineFile('D:\WINDOWS\system32\73.exe','');
QuarantineFile('D:\WINDOWS\system32\66.exe','');
QuarantineFile('D:\WINDOWS\system32\65.exe','');
QuarantineFile('D:\WINDOWS\system32\64.exe','');
QuarantineFile('D:\WINDOWS\system32\63.exe','');
QuarantineFile('D:\WINDOWS\system32\60.exe','');
QuarantineFile('D:\WINDOWS\system32\58.exe','');
QuarantineFile('D:\WINDOWS\system32\57.exe','');
QuarantineFile('D:\WINDOWS\system32\56.exe','');
QuarantineFile('D:\WINDOWS\system32\55.exe','');
QuarantineFile('D:\WINDOWS\system32\54.exe','');
QuarantineFile('D:\WINDOWS\system32\53.exe','');
QuarantineFile('D:\WINDOWS\system32\50.exe','');
QuarantineFile('D:\WINDOWS\system32\48.exe','');
QuarantineFile('D:\WINDOWS\system32\46.exe','');
QuarantineFile('D:\WINDOWS\system32\44.exe','');
QuarantineFile('D:\WINDOWS\system32\43.exe','');
QuarantineFile('D:\WINDOWS\system32\42.exe','');
QuarantineFile('D:\WINDOWS\system32\41.exe','');
QuarantineFile('D:\WINDOWS\system32\37.exe','');
QuarantineFile('D:\WINDOWS\system32\36.exe','');
QuarantineFile('D:\WINDOWS\system32\35.exe','');
QuarantineFile('D:\WINDOWS\system32\33.exe','');
QuarantineFile('D:\WINDOWS\system32\31.exe','');
QuarantineFile('D:\WINDOWS\system32\25.exe','');
QuarantineFile('D:\WINDOWS\system32\24.exe','');
QuarantineFile('D:\WINDOWS\system32\21.exe','');
QuarantineFile('D:\WINDOWS\system32\20.exe','');
QuarantineFile('D:\WINDOWS\system32\18.exe','');
QuarantineFile('D:\WINDOWS\system32\17.exe','');
QuarantineFile('D:\WINDOWS\system32\16.exe','');
QuarantineFile('D:\WINDOWS\system32\13.exe','');
QuarantineFile('D:\WINDOWS\system32\12.exe','');
QuarantineFile('D:\WINDOWS\system32\08.exe','');
QuarantineFile('D:\WINDOWS\system32\06.exe','');
QuarantineFile('D:\WINDOWS\system32\05.exe','');
QuarantineFile('D:\WINDOWS\system32\03.exe','');
QuarantineFile('D:\WINDOWS\system32\02.exe','');
QuarantineFile('D:\WINDOWS\system32\00.exe','');
QuarantineFile('D:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla\livbefg.exe','');
QuarantineFile('D:\Documents and Settings\Moroshka\Local Settings\Application Data\PhoenixBrowserUpdater\PhoenixBrowserUpdater.exe','');
QuarantineFile('D:\Documents and Settings\Moroshka\Application Data\Microsoft\Internet Explorer\Quick Launch\????????? ???????????? Internet Explorer.lnk','');
QuarantineFile('D:\Program Files\Total Recorder Editor Pro\ae.exe','');
QuarantineFile('D:\Program Files\Twilight Tech\Pretty Search\dummyDlg.exe','');
QuarantineFile('D:\Documents and Settings\Moroshka\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk','');
QuarantineFile('D:\Documents and Settings\Moroshka\Application Data\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk','');
QuarantineFile('D:\Documents and Settings\Moroshka\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk','');
QuarantineFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe','');
QuarantineFile('D:\Documents and Settings\Moroshka\Application Data\Aimumu.exe','');
QuarantineFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\hostsv.exe','');
DeleteFile('D:\Documents and Settings\Moroshka\Application Data\Microsoft\Internet Explorer\Quick Launch\????????? ???????????? Internet Explorer.lnk');
DeleteFile('D:\Documents and Settings\Moroshka\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk');
DeleteFile('D:\Documents and Settings\Moroshka\Application Data\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk');
DeleteFile('D:\Documents and Settings\Moroshka\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk');
DeleteFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\hostsv.exe','32');
DeleteFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe','32');
DeleteFile('D:\WINDOWS\Tasks\ynuwpia.job','32');
DeleteFile('D:\WINDOWS\system32\00.exe','32');
DeleteFile('D:\WINDOWS\system32\02.exe','32');
DeleteFile('D:\WINDOWS\system32\03.exe','32');
DeleteFile('D:\WINDOWS\system32\05.exe','32');
DeleteFile('D:\WINDOWS\system32\06.exe','32');
DeleteFile('D:\WINDOWS\system32\08.exe','32');
DeleteFile('D:\WINDOWS\system32\12.exe','32');
DeleteFile('D:\WINDOWS\system32\13.exe','32');
DeleteFile('D:\WINDOWS\system32\16.exe','32');
DeleteFile('D:\WINDOWS\system32\17.exe','32');
DeleteFile('D:\WINDOWS\system32\18.exe','32');
DeleteFile('D:\WINDOWS\system32\20.exe','32');
DeleteFile('D:\WINDOWS\system32\21.exe','32');
DeleteFile('D:\WINDOWS\system32\24.exe','32');
DeleteFile('D:\WINDOWS\system32\25.exe','32');
DeleteFile('D:\WINDOWS\system32\31.exe','32');
DeleteFile('D:\WINDOWS\system32\33.exe','32');
DeleteFile('D:\WINDOWS\system32\35.exe','32');
DeleteFile('D:\WINDOWS\system32\36.exe','32');
DeleteFile('D:\WINDOWS\system32\37.exe','32');
DeleteFile('D:\WINDOWS\system32\41.exe','32');
DeleteFile('D:\WINDOWS\system32\42.exe','32');
DeleteFile('D:\WINDOWS\system32\43.exe','32');
DeleteFile('D:\WINDOWS\system32\44.exe','32');
DeleteFile('D:\WINDOWS\system32\46.exe','32');
DeleteFile('D:\WINDOWS\system32\48.exe','32');
DeleteFile('D:\WINDOWS\system32\50.exe','32');
DeleteFile('D:\WINDOWS\system32\53.exe','32');
DeleteFile('D:\WINDOWS\system32\54.exe','32');
DeleteFile('D:\WINDOWS\system32\55.exe','32');
DeleteFile('D:\WINDOWS\system32\56.exe','32');
DeleteFile('D:\WINDOWS\system32\57.exe','32');
DeleteFile('D:\WINDOWS\system32\58.exe','32');
DeleteFile('D:\WINDOWS\system32\60.exe','32');
DeleteFile('D:\WINDOWS\system32\63.exe','32');
DeleteFile('D:\WINDOWS\system32\64.exe','32');
DeleteFile('D:\WINDOWS\system32\65.exe','32');
DeleteFile('D:\WINDOWS\system32\66.exe','32');
DeleteFile('D:\WINDOWS\system32\73.exe','32');
DeleteFile('D:\WINDOWS\system32\77.exe','32');
DeleteFile('D:\WINDOWS\system32\80.exe','32');
DeleteFile('D:\WINDOWS\system32\81.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Firewall Security Service','command');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('TSW',2,2,true);
RebootWindows(true);
end.
После перезагрузки выполните скрипт: