Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('c:\windows\explorer.exe:userini.exe:$DATA','');
QuarantineFile('C:\WINDOWS\explorer.exe:userini.exe:$DATA','');
QuarantineFile('C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VPMOED89\n22[2].exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VPMOED89\n22[1].exe','');
QuarantineFile('C:\WINDOWS\system32\SSVICHOSST.exe','');
QuarantineFile('C:\WINDOWS\system32\userini.exe','');
QuarantineFile('C:\WINDOWS\system32\regedit.exe','');
QuarantineFile('C:\WINDOWS\SYSTEM32\Userinit.exe','');
QuarantineFile('C:\Documents and Settings\Admin\epowmlxx.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\szdx.exe','');
QuarantineFile('C:\WINDOWS\System32\Drivers\rrpmwauj.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\spzkwyiw.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\sxbsvyvu.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\tftqipdn.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\xfntzjdc.sys','');
DeleteService('xfntzjdc');
DeleteService('wkxgtmts');
DeleteService('umxbflpi');
DeleteService('tftqipdn');
DeleteService('sxbsvyvu');
DeleteService('rrpmwauj');
DeleteService('rrgwsbxa');
QuarantineFile('C:\WINDOWS\System32\Drivers\nzyfckxi.sys','');
DeleteService('nzyfckxi');
QuarantineFile('C:\WINDOWS\System32\Drivers\buzosqox.sys','');
DeleteService('buzosqox');
DeleteFile('C:\WINDOWS\System32\Drivers\buzosqox.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\nzyfckxi.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\umxbflpi.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\wkxgtmts.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\xfntzjdc.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\tftqipdn.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\sxbsvyvu.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\spzkwyiw.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\rrpmwauj.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\rrgwsbxa.sys');
DeleteFile('C:\Documents and Settings\Admin\Application Data\szdx.exe');
DeleteFile('C:\Documents and Settings\Admin\epowmlxx.exe');
DeleteFile('C:\WINDOWS\system32\regedit.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Regedit32');
DeleteFile('C:\WINDOWS\system32\userini.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','userini');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','userini');
DeleteFile('C:\WINDOWS\system32\SSVICHOSST.exe');
DeleteFile('C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VPMOED89\n22[1].exe');
DeleteFile('C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VPMOED89\n22[2].exe');
DeleteFile('C:\WINDOWS\explorer.exe:userini.exe:$DATA');
DeleteFile('c:\windows\explorer.exe:userini.exe:$DATA'); RegKeyStrParamWrite('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon','UserInit', GetEnvironmentVariable ('WinDir')+'\System32\userinit.exe,');
QuarantineFile('C:\RECYCLER\S-1-5-21-8098828502-8720696402-735743312-1033\yv8g67.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-6635248760-7639212996-153820303-4126\yv8g67.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0274267618-0875010321-241081364-1025\yv8g67.exe','');
QuarantineFile('C:\Documents and Settings\Admin\ctfmon.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-8767913456-8276490433-173297513-8339\yv8g67.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\sjlp.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\ozzfhv.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\lbisov.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-8098828502-8720696402-735743312-1033\yv8g67.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-6635248760-7639212996-153820303-4126\yv8g67.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0274267618-0875010321-241081364-1025\yv8g67.exe');
DeleteFile('C:\Documents and Settings\Admin\ctfmon.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-8767913456-8276490433-173297513-8339\yv8g67.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\sjlp.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\ozzfhv.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\lbisov.exe');
QuarantineFile('C:\WINDOWS\explorer.exe:userini.exe','');
DeleteFile('C:\WINDOWS\explorer.exe:userini.exe');
DeleteFileMask('C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5', '*.*', true);
DeleteFile('%windir%\Tasks\At1.job');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman ');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(11);
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.
После перезагрузки: