Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\WINDOWS\system32\86.exe','');
QuarantineFile('C:\WINDOWS\system32\75.exe','');
QuarantineFile('C:\WINDOWS\system32\74.exe','');
QuarantineFile('C:\WINDOWS\system32\42.exe','');
QuarantineFile('C:\WINDOWS\system32\38.exe','');
QuarantineFile('C:\WINDOWS\system32\35.exe','');
QuarantineFile('C:\WINDOWS\system32\32.exe','');
QuarantineFile('C:\WINDOWS\system32\05.exe','');
QuarantineFile('C:\WINDOWS\system32\04.exe','');
QuarantineFile('C:\WINDOWS\system32\03.exe','');
QuarantineFile('C:\WINDOWS\system32\01.exe','');
QuarantineFile('C:\WINDOWS\Temp\986398.exe','');
QuarantineFile('C:\WINDOWS\Temp\9836.exe','');
QuarantineFile('C:\WINDOWS\Temp\9606.exe','');
QuarantineFile('C:\WINDOWS\Temp\9329770.exe','');
QuarantineFile('C:\WINDOWS\Temp\884729.exe','');
QuarantineFile('C:\WINDOWS\Temp\8334757.exe','');
QuarantineFile('C:\WINDOWS\Temp\8216.exe','');
QuarantineFile('C:\WINDOWS\Temp\80520.exe','');
QuarantineFile('C:\WINDOWS\Temp\795.exe','');
QuarantineFile('C:\WINDOWS\Temp\6900383.exe','');
QuarantineFile('C:\WINDOWS\Temp\671.exe','');
QuarantineFile('C:\WINDOWS\Temp\68289.exe','');
QuarantineFile('C:\WINDOWS\Temp\597271.exe','');
QuarantineFile('C:\WINDOWS\Temp\5775.exe','');
QuarantineFile('C:\WINDOWS\Temp\56714.exe','');
QuarantineFile('C:\WINDOWS\Temp\4827.exe','');
QuarantineFile('C:\WINDOWS\Temp\4672.exe','');
QuarantineFile('C:\WINDOWS\Temp\358107.exe','');
QuarantineFile('C:\WINDOWS\Temp\3574493.exe','');
QuarantineFile('C:\WINDOWS\Temp\3373.exe','');
QuarantineFile('C:\WINDOWS\Temp\3245933.exe','');
QuarantineFile('C:\WINDOWS\Temp\262680.exe','');
QuarantineFile('C:\WINDOWS\Temp\2263557.exe','');
QuarantineFile('C:\WINDOWS\Temp\1808.exe','');
QuarantineFile('C:\WINDOWS\Temp\1718717.exe','');
QuarantineFile('C:\WINDOWS\Temp\1533473.exe','');
QuarantineFile('C:\WINDOWS\Temp\102.exe','');
QuarantineFile('C:\WINDOWS\Temp\0871.exe','');
QuarantineFile('C:\WINDOWS\Temp\06116.exe','');
QuarantineFile('C:\WINDOWS\Temp\04117.exe','');
QuarantineFile('C:\WINDOWS\Temp\02985.exe','');
QuarantineFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\MC17G4W3\n2[2].exe','');
QuarantineFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\MC17G4W3\n2[1].exe','');
QuarantineFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\MC17G4W3\n1[2].exe','');
QuarantineFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\MC17G4W3\n1[1].exe','');
QuarantineFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\MC17G4W3\dq[1].exe','');
QuarantineFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\GSMTL33Z\n2[1].exe','');
QuarantineFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\GSMTL33Z\n1[2].exe','');
QuarantineFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\GSMTL33Z\dq[2].exe','');
QuarantineFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\GSMTL33Z\dq[1].exe','');
QuarantineFile('C:\Documents and Settings\Olga\Local Settings\Temporary Internet Files\Content.IE5\D4TC778B\n2[1].exe','');
QuarantineFile('C:\Documents and Settings\Olga\Local Settings\Temporary Internet Files\Content.IE5\D4TC778B\dq[1].exe','');
QuarantineFile('C:\Documents and Settings\ADMbIN\Local Settings\Temporary Internet Files\Content.IE5\L29Z0PPF\n2[2].exe','');
QuarantineFile('C:\Documents and Settings\ADMbIN\Local Settings\Temporary Internet Files\Content.IE5\L29Z0PPF\n2[1].exe','');
QuarantineFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe','');
QuarantineFile('C:\WINDOWS\ggdrive32.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,C:\Documents and Settings\ADMbIN\Application Data\bowcav.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Tnaww');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,C:\Documents and Settings\ADMbIN\Application Data\bowcav.exe');
DeleteFile('C:\WINDOWS\ggdrive32.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Driver Setup');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Driver Setup');
DeleteFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe');
DeleteFile('C:\Documents and Settings\ADMbIN\Local Settings\Temporary Internet Files\Content.IE5\L29Z0PPF\n2[1].exe');
DeleteFile('C:\Documents and Settings\ADMbIN\Local Settings\Temporary Internet Files\Content.IE5\L29Z0PPF\n2[2].exe');
DeleteFile('C:\Documents and Settings\Olga\Local Settings\Temporary Internet Files\Content.IE5\D4TC778B\dq[1].exe');
DeleteFile('C:\Documents and Settings\Olga\Local Settings\Temporary Internet Files\Content.IE5\D4TC778B\n2[1].exe');
DeleteFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\GSMTL33Z\dq[1].exe');
DeleteFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\GSMTL33Z\dq[2].exe');
DeleteFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\GSMTL33Z\n1[2].exe');
DeleteFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\GSMTL33Z\n2[1].exe');
DeleteFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\MC17G4W3\dq[1].exe');
DeleteFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\MC17G4W3\n1[1].exe');
DeleteFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\MC17G4W3\n1[2].exe');
DeleteFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\MC17G4W3\n2[1].exe');
DeleteFile('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5\MC17G4W3\n2[2].exe');
DeleteFile('C:\WINDOWS\Temp\02985.exe');
DeleteFile('C:\WINDOWS\Temp\04117.exe');
DeleteFile('C:\WINDOWS\Temp\06116.exe');
DeleteFile('C:\WINDOWS\Temp\0871.exe');
DeleteFile('C:\WINDOWS\Temp\102.exe');
DeleteFile('C:\WINDOWS\Temp\1533473.exe');
DeleteFile('C:\WINDOWS\Temp\1718717.exe');
DeleteFile('C:\WINDOWS\Temp\1808.exe');
DeleteFile('C:\WINDOWS\Temp\2263557.exe');
DeleteFile('C:\WINDOWS\Temp\262680.exe');
DeleteFile('C:\WINDOWS\Temp\3245933.exe');
DeleteFile('C:\WINDOWS\Temp\3373.exe');
DeleteFile('C:\WINDOWS\Temp\3574493.exe');
DeleteFile('C:\WINDOWS\Temp\358107.exe');
DeleteFile('C:\WINDOWS\Temp\4672.exe');
DeleteFile('C:\WINDOWS\Temp\4827.exe');
DeleteFile('C:\WINDOWS\Temp\56714.exe');
DeleteFile('C:\WINDOWS\Temp\5775.exe');
DeleteFile('C:\WINDOWS\Temp\597271.exe');
DeleteFile('C:\WINDOWS\Temp\671.exe');
DeleteFile('C:\WINDOWS\Temp\68289.exe');
DeleteFile('C:\WINDOWS\Temp\6900383.exe');
DeleteFile('C:\WINDOWS\Temp\795.exe');
DeleteFile('C:\WINDOWS\Temp\80520.exe');
DeleteFile('C:\WINDOWS\Temp\8216.exe');
DeleteFile('C:\WINDOWS\Temp\8334757.exe');
DeleteFile('C:\WINDOWS\Temp\884729.exe');
DeleteFile('C:\WINDOWS\Temp\9329770.exe');
DeleteFile('C:\WINDOWS\Temp\9606.exe');
DeleteFile('C:\WINDOWS\Temp\9836.exe');
DeleteFile('C:\WINDOWS\Temp\986398.exe');
DeleteFile('C:\WINDOWS\system32\01.exe');
DeleteFile('C:\WINDOWS\system32\03.exe');
DeleteFile('C:\WINDOWS\system32\04.exe');
DeleteFile('C:\WINDOWS\system32\05.exe');
DeleteFile('C:\WINDOWS\system32\32.exe');
DeleteFile('C:\WINDOWS\system32\35.exe');
DeleteFile('C:\WINDOWS\system32\38.exe');
DeleteFile('C:\WINDOWS\system32\42.exe');
DeleteFile('C:\WINDOWS\system32\74.exe');
DeleteFile('C:\WINDOWS\system32\75.exe');
DeleteFile('C:\WINDOWS\system32\86.exe');
DeleteFileMask('C:\WINDOWS\Temp', '*.*', false);
DeleteFileMask('C:\Documents and Settings\Sasha\Local Settings\Temporary Internet Files\Content.IE5', '*.*', true);
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman ');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW',2,2,true);
BC_Activate;
RebootWindows(true);
end.