Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon','UserInit', GetEnvironmentVariable ('WinDir')+'\System32\userinit.exe,');
QuarantineFile('C:\WINDOWS\system32\msvmiode.exe','');
QuarantineFile('C:\WINDOWS\system32\86.exe','');
QuarantineFile('C:\WINDOWS\system32\84.exe','');
QuarantineFile('C:\WINDOWS\system32\50.exe','');
QuarantineFile('C:\WINDOWS\system32\45.exe','');
QuarantineFile('C:\WINDOWS\system32\42.exe','');
QuarantineFile('C:\WINDOWS\system32\36.exe','');
QuarantineFile('C:\WINDOWS\system32\35.exe','');
QuarantineFile('C:\WINDOWS\system32\28.exe','');
QuarantineFile('C:\WINDOWS\system32\25.exe','');
QuarantineFile('C:\WINDOWS\system32\16.exe','');
QuarantineFile('C:\WINDOWS\system32\15.exe','');
QuarantineFile('C:\WINDOWS\system32\04.exe','');
QuarantineFile('C:\WINDOWS\system32\01.exe','');
QuarantineFile('C:\Documents and Settings\Ultra\Local Settings\Temp\~DF4732.tmp','');
QuarantineFile('c:\docume~1\ultra\locals~1\temp\kui2898.tmp','');
QuarantineFile('\\?\globalroot\systemroot\system32\0jngnx1.exe','');
QuarantineFile('C:\WINDOWS\cfdrive32.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-8264818471-7184596402-475602160-6684\winmap.exe','');
QuarantineFile('C:\DOCUME~1\Ultra\LOCALS~1\Temp\w_wEC0.tmp','');
QuarantineFile('C:\WINDOWS\System32\drivers\ati8dmxx.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\ati7tsxx.sys','');
QuarantineFile('C:\WINDOWS\System32\drivers\ati5lkxx.sys','');
DeleteService('ati5lkxx');
DeleteService('ati7tsxx');
DeleteService('ati8dmxx');
QuarantineFile('C:\DOCUME~1\Ultra\LOCALS~1\Temp\2rq7kn6B.sys','');
TerminateProcessByName('c:\windows\system32\xvze18.exe@');
QuarantineFile('c:\windows\system32\xvze18.exe@','');
DeleteFile('c:\windows\system32\xvze18.exe@');
DeleteFile('C:\DOCUME~1\Ultra\LOCALS~1\Temp\2rq7kn6B.sys');
DeleteFile('C:\WINDOWS\System32\drivers\ati5lkxx.sys');
DeleteFile('C:\WINDOWS\System32\drivers\ati7tsxx.sys');
DeleteFile('C:\WINDOWS\System32\drivers\ati8dmxx.sys');
DeleteFile('C:\DOCUME~1\Ultra\LOCALS~1\Temp\w_wEC0.tmp');
DeleteFile('C:\RECYCLER\S-1-5-21-8264818471-7184596402-475602160-6684\winmap.exe');
DeleteFile('C:\WINDOWS\cfdrive32.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Driver Setup');
DeleteFile('\\?\globalroot\systemroot\system32\0jngnx1.exe');
DeleteFile('c:\docume~1\ultra\locals~1\temp\kui2898.tmp');
DeleteFile('C:\Documents and Settings\Ultra\Local Settings\Temp\~DF4732.tmp');
DeleteFile('C:\WINDOWS\system32\01.exe');
DeleteFile('C:\WINDOWS\system32\04.exe');
DeleteFile('C:\WINDOWS\system32\15.exe');
DeleteFile('C:\WINDOWS\system32\16.exe');
DeleteFile('C:\WINDOWS\system32\25.exe');
DeleteFile('C:\WINDOWS\system32\28.exe');
DeleteFile('C:\WINDOWS\system32\35.exe');
DeleteFile('C:\WINDOWS\system32\36.exe');
DeleteFile('C:\WINDOWS\system32\42.exe');
DeleteFile('C:\WINDOWS\system32\45.exe');
DeleteFile('C:\WINDOWS\system32\50.exe');
DeleteFile('C:\WINDOWS\system32\84.exe');
DeleteFile('C:\WINDOWS\system32\86.exe');
DeleteFile('C:\WINDOWS\system32\msvmiode.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman ');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(11);
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun',221);
BC_Activate;
RebootWindows(true);
end.
После перезагрузки: