Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
QuarantineFile('J:\recycle.{645FF040-5081-101B-9F08-00AA002F954E}\Ghost.exe','');
QuarantineFile('J:\autorun.inf','');
QuarantineFile('C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\FMGXFWKV\mxsTT[1].exe','');
QuarantineFile('C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4UZ7S1IW\ztTT[1].exe','');
QuarantineFile('C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\13EUVLOS\wmgjTT[1].exe','');
QuarantineFile('C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\13EUVLOS\qqhxTT[1].exe','');
QuarantineFile('C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O9O8HULQ\ztTT[1].exe','');
QuarantineFile('C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\N0BXEIE4\mxsTT[1].exe','');
QuarantineFile('C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\FX501NDO\wmgjTT[1].exe','');
QuarantineFile('C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\FX501NDO\qqhxTT[1].exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\pcidump.sys','');
DeleteService('Ndisflt');
QuarantineFile('C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf','');
QuarantineFile('C:\WINDOWS\Tasks\txPsQUxAThX8QTR6s6Yn.inf','');
QuarantineFile('C:\WINDOWS\Tasks\JJX5r8wnsqUnNxGwpwn.inf','');
QuarantineFile('C:\WINDOWS\Tasks\EfEPEaD4ZpVMUXrDbS.inf','');
QuarantineFile('C:\WINDOWS\system32\z6FVkEF47huPzgaXee.inf','');
QuarantineFile('C:\WINDOWS\system32\uV4kFmSjPK7eKfenjpv9Ct.inf','');
QuarantineFile('C:\WINDOWS\system32\SCEVFJRCmaB7.dll','');
QuarantineFile('C:\WINDOWS\system32\S5kSrtwDf35EW9f2kBDF.inf','');
QuarantineFile('C:\WINDOWS\system32\rpgina.dll','');
QuarantineFile('C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll','');
QuarantineFile('C:\WINDOWS\system32\Je9hR9NedWPyAckEN42c.inf','');
QuarantineFile('C:\WINDOWS\system32\EMQzJJURMfVkrkEx9GJ.inf','');
QuarantineFile('C:\WINDOWS\system32\dhDhwS7fFW.dll','');
QuarantineFile('C:\WINDOWS\system32\BPRBASgvesMzHRfu3AfB.inf','');
QuarantineFile('C:\WINDOWS\system32\aR5azFSWstNWktJjswK5.inf','');
QuarantineFile('C:\Program Files\Runpad Pro Shell\rsexhook.dll','');
QuarantineFile('C:\WINDOWS\Downloaded Program Files\qvSPdARs5PQNKAzvezTuPcs.cur','');
QuarantineFile('C:\WINDOWS\fonts\A97CRaCB.fon','');
QuarantineFile('C:\WINDOWS\system32\122B901E.dll','');
QuarantineFile('c:\windows\system32\appmgmts.dll','');
QuarantineFile('C:\WINDOWS\system32\704C3595.dll','');
QuarantineFile('C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll','');
QuarantineFile('C:\DOCUME~1\User\LOCALS~1\Temp\tmp.tmp','');
DeleteFile('C:\DOCUME~1\User\LOCALS~1\Temp\tmp.tmp');
DeleteFile('C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll');
DeleteFile('C:\WINDOWS\system32\704C3595.dll');
DeleteFile('C:\WINDOWS\system32\122B901E.dll');
DeleteFile('C:\WINDOWS\fonts\A97CRaCB.fon');
DeleteFile('C:\WINDOWS\Downloaded Program Files\qvSPdARs5PQNKAzvezTuPcs.cur');
DeleteFile('C:\WINDOWS\system32\aR5azFSWstNWktJjswK5.inf');
DeleteFile('C:\WINDOWS\system32\BPRBASgvesMzHRfu3AfB.inf');
DeleteFile('C:\WINDOWS\system32\dhDhwS7fFW.dll');
DeleteFile('C:\WINDOWS\system32\EMQzJJURMfVkrkEx9GJ.inf');
DeleteFile('C:\WINDOWS\system32\Je9hR9NedWPyAckEN42c.inf');
DeleteFile('C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll');
DeleteFile('C:\WINDOWS\system32\rpgina.dll');
DeleteFile('C:\WINDOWS\system32\S5kSrtwDf35EW9f2kBDF.inf');
DeleteFile('C:\WINDOWS\system32\SCEVFJRCmaB7.dll');
DeleteFile('C:\WINDOWS\system32\uV4kFmSjPK7eKfenjpv9Ct.inf');
DeleteFile('C:\WINDOWS\system32\z6FVkEF47huPzgaXee.inf');
DeleteFile('C:\WINDOWS\Tasks\EfEPEaD4ZpVMUXrDbS.inf');
DeleteFile('C:\WINDOWS\Tasks\JJX5r8wnsqUnNxGwpwn.inf');
DeleteFile('C:\WINDOWS\Tasks\txPsQUxAThX8QTR6s6Yn.inf');
DeleteFile('C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf');
DeleteFile('Ndisflt.sys');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{7488E47D-E8F3-41C0-B2DA-9B2BD8803A80}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{A2BCFCEE-C939-433F-A32A-7353A6E720DB}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{B6C3510F-2666-496B-A46F-6EEFD6328C2B}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{6049BC02-7EDA-4C41-B4AB-D5398607C39E}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{87DE8A1A-96C5-4420-B222-EF998F697CE7}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{704C3595-DB85-40F6-A601-8D6F346907BD}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{C07B914B-C164-42D2-9838-1422C3F70D99}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{D36A1DF7-6582-4160-B925-59A34E39FE30}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{20CFDC59-228C-481F-80B6-404BCFA16B13}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{51716C09-6B08-4CCF-B526-718E912C0573}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{C20C5A13-4DD7-40D9-90B4-700BAB0BBBE9}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{3F86C1E9-E95A-41AF-AD72-7D9A1742232D}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{36AC68E6-0C26-4D39-B98E-54B49DAB6BAA}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{9C20D654-5AF8-4DB7-A125-1A17D7065C73}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks','{74DA2FEC-F68F-4DC7-9A45-9174AC044427}');
DeleteFile('C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\FX501NDO\qqhxTT[1].exe');
DeleteFile('C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\FX501NDO\wmgjTT[1].exe');
DeleteFile('C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\N0BXEIE4\mxsTT[1].exe');
DeleteFile('C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O9O8HULQ\ztTT[1].exe');
DeleteFile('C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\13EUVLOS\qqhxTT[1].exe');
DeleteFile('C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\13EUVLOS\wmgjTT[1].exe');
DeleteFile('C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4UZ7S1IW\ztTT[1].exe');
DeleteFile('C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\FMGXFWKV\mxsTT[1].exe');
DeleteFile('J:\autorun.inf');
DeleteFile('J:\recycle.{645FF040-5081-101B-9F08-00AA002F954E}\Ghost.exe');
DeleteFileMask('C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5', '*.*', true);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.