Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\gwdrive32.exe','');
QuarantineFile('C:\WINDOWS\cwdrive32.exe','');
QuarantineFile('C:\WINDOWS\cfdrive32.exe','');
QuarantineFile('C:\WINDOWS\system32\msvmiode.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-4208889884-8292909155-762773990-5059\cwuoc.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\system.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\sy5tm.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\8850923.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\817694.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\76717.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\689.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\61710.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\553207.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\54261.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\425450.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\4037.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\371.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\359.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\3562463.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\340133.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\30576.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\276.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\25643.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\25522.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\135.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\1205417.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\0392232.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\02205.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\0304683.exe','');
QuarantineFile('C:\WINDOWS\ggdrive32.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1391\wdni.exe','');
QuarantineFile('C:\Documents and Settings\User.COMP\Application Data\bowcav.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\etrunqragl.sys','');
DeleteService('wkbisrnslmstfyw');
QuarantineFile('C:\WINDOWS\system32\drivers\lgmmnhjcsjjmojt.sys','');
DeleteService('qkjptjeuq');
DeleteFile('C:\WINDOWS\system32\drivers\lgmmnhjcsjjmojt.sys');
DeleteFile('C:\WINDOWS\system32\drivers\etrunqragl.sys');
DeleteFile('C:\Documents and Settings\User.COMP\Application Data\bowcav.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1391\wdni.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe');
DeleteFile('C:\WINDOWS\ggdrive32.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Driver Setup');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\0304683.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\02205.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\0392232.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\1205417.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\135.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\25522.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\25643.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\276.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\30576.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\340133.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\3562463.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\359.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\371.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\4037.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\425450.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\54261.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\553207.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\61710.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\76717.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\817694.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\8850923.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\sy5tm.exe');
DeleteFile('C:\Documents and Settings\User.COMP\DoctorWeb\Quarantine\system.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-4208889884-8292909155-762773990-5059\cwuoc.exe');
DeleteFile('C:\WINDOWS\system32\41.exe');
DeleteFile('C:\WINDOWS\system32\msvmiode.exe');
DeleteFile('C:\WINDOWS\cfdrive32.exe');
DeleteFile('C:\WINDOWS\cwdrive32.exe');
DeleteFile('C:\WINDOWS\gwdrive32.exe'); QuarantineFile('','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1417\systm.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1404\winitm.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1404\winitm.exe');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1453\sy5tm.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1453\sy5tm.exe');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1457\system.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1457\system.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1417\systm.exe');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp2g.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp2g.exe');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe');
QuarantineFile('C:\Documents and Settings\User.COMP\Application Data\ltzqai.exe','');
DeleteFile('C:\Documents and Settings\User.COMP\Application Data\ltzqai.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman ');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(11);
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun',221);
BC_Activate;
RebootWindows(true);
end.
После перезагрузки: