Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon','UserInit', GetEnvironmentVariable ('WinDir')+'\System32\userinit.exe,');
QuarantineFile('c:\program files\mg-soft\mib browser\bin\mgwtrap3.exe','');
QuarantineFile('c:\program files\nvision group\ultravnc\winvnc.exe','');
QuarantineFile('C:\WINDOWS\WindowsUpdate.log:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\VPNInstall.MIF:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\wpa.dbl:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\wmp.ocx:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\tcpmon.ini:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\pschdprf.ini:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\pcl.sep:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\oembios.dat:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\ntmsmgr.msc:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\msadds32.ax:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\mcastmib.mib:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\wstrendr.ax:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\wscui.cpl:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\winime.ime:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\sam.sdf:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\quick.ime:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\prcp.nls:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\oembios.bin:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\msn9.cat:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\c_870.nls:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\c_858.nls:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\c_28597.nls:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\c_21025.nls:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\c_1145.nls:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\dllcache\c_10021.nls:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\C_28595.NLS:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\C_28594.NLS:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\c_28593.nls:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system32\$winnt$.inf:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\system.ini:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Q307419.log:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Layout2.INI:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\KB978706.log:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\KB973507.log:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\KB961260-IE7.log:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\KB960803.log:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\inf\nvct.inf:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\inf\netrsvp.inf:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\inf\netex10.inf:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\inf\msmouse.inf:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\inf\mdmrpci.inf:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\inf\mdmetech.PNF:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\inf\mdmadc.inf:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\inf\hal.inf:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\inf\banshee.PNF:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Help\wscript.hlp:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Help\tapi.chm:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Help\reskit.chm:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Help\remasst.chm:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Help\mmc_dlg.hlp:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Help\lpe.chm:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Help\drvvfp.chm:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Help\colormgt.chm:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Help\agt0419.hlp:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Help\agt040b.hlp:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Fonts\UPCW.TTF:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Fonts\LHANDW.TTF:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Fonts\GILB____.TTF:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Fonts\BOD_CR.TTF:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Cursors\up_m.cur:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Cursors\size4_rm.cur:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Cursors\no_i.cur:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Cursors\move_il.cur:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Cursors\busy_im.cur:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Cursors\beam_rl.cur:Wxjp4VnFVD:$DATA','');
QuarantineFile('C:\WINDOWS\Cursors\beam_m.cur:Wxjp4VnFVD:$DATA','');
DeleteFile('C:\WINDOWS\Cursors\beam_m.cur:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Cursors\beam_rl.cur:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Cursors\busy_im.cur:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Cursors\move_il.cur:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Cursors\no_i.cur:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Cursors\size4_rm.cur:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Cursors\up_m.cur:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Fonts\BOD_CR.TTF:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Fonts\GILB____.TTF:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Fonts\LHANDW.TTF:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Fonts\UPCW.TTF:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Help\agt040b.hlp:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Help\agt0419.hlp:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Help\colormgt.chm:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Help\drvvfp.chm:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Help\lpe.chm:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Help\mmc_dlg.hlp:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Help\remasst.chm:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Help\reskit.chm:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Help\sr_ui.chm:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Help\tapi.chm:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Help\wscript.hlp:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\inf\banshee.PNF:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\inf\hal.inf:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\inf\mdmadc.inf:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\inf\mdmetech.PNF:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\inf\mdmrock5.inf:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\inf\mdmrpci.inf:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\inf\msmouse.inf:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\inf\netex10.inf:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\inf\netrsvp.inf:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\inf\nvct.inf:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\KB960803.log:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\KB961260-IE7.log:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\KB973507.log:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\KB978706.log:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Layout2.INI:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\Q307419.log:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system.ini:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\$winnt$.inf:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\c_28593.nls:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\C_28594.NLS:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\C_28595.NLS:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\c_10021.nls:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\c_1145.nls:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\c_21025.nls:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\c_28597.nls:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\c_858.nls:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\c_870.nls:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\msn9.cat:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\oembios.bin:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\prcp.nls:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\quick.ime:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\sam.sdf:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\winime.ime:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\wscui.cpl:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\dllcache\wstrendr.ax:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\mcastmib.mib:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\msadds32.ax:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\ntmsmgr.msc:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\oembios.dat:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\pcl.sep:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\pschdprf.ini:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\tcpmon.ini:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\wmp.ocx:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\system32\wpa.dbl:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\VPNInstall.MIF:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\WindowsUpdate.log:Wxjp4VnFVD:$DATA');
DeleteFile('C:\WINDOWS\wmp11.log:Wxjp4VnFVD:$DATA');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(11);
ExecuteRepair(17);
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
BC_Activate;
RebootWindows(true);
end.
После перезагрузки: