Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('c:\windows\system32\wuaucldt.exe','');
QuarantineFile('c:\documents and settings\user\wuaucldt.exe','');
QuarantineFile('C:\WINDOWS\system32\userinit.exe','');
QuarantineFile('C:\Documents and Settings\User\arwsssnhи.exe','');
QuarantineFile('C:\Documents and Settings\User\arwsssnhШ.exe','');
QuarantineFile('C:\Documents and Settings\User\arwsssnh№.exe','');
QuarantineFile('C:\Documents and Settings\User\arwsssnhЇ.exe','');
QuarantineFile('C:\Documents and Settings\User\arwsssnhЌ.exe','');
QuarantineFile('C:\Documents and Settings\User\arwsssnhЃ.exe','');
QuarantineFile('C:\Documents and Settings\User\arwsssnh}.exe','');
QuarantineFile('C:\Documents and Settings\User\arwsssnho.exe','');
QuarantineFile('C:\Documents and Settings\User\arwsssnhb.exe','');
QuarantineFile('C:\DOCUME~1\User\LOCALS~1\Temp\pj9q4.exe','');
QuarantineFile('C:\DOCUME~1\User\LOCALS~1\Temp\5mtrzw.exe','');
QuarantineFile('C:\WINDOWS\system32\Drivers\NDIS.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\cdrom.sys','');
QuarantineFile('c:\windows\fonts\services.exe','');
TerminateProcessByName('c:\windows\fonts\services.exe');
QuarantineFile('c:\docume~1\user\locals~1\temp\pj9q4.exe','');
TerminateProcessByName('c:\docume~1\user\locals~1\temp\pj9q4.exe');
QuarantineFile('c:\docume~1\user\locals~1\temp\5mtrzw.exe','');
TerminateProcessByName('c:\docume~1\user\locals~1\temp\5mtrzw.exe');
QuarantineFile('C:\WINDOWS\system32\wuaucldt.exe','');
QuarantineFile('C:\Documents and Settings\User\wuaucldt.exe','');
QuarantineFile('C:\WINDOWS\Fonts\services.exe','');
DeleteFile('C:\WINDOWS\Fonts\services.exe');
DeleteFile('C:\Documents and Settings\User\wuaucldt.exe');
DeleteFile('C:\WINDOWS\system32\wuaucldt.exe');
DeleteFile('c:\docume~1\user\locals~1\temp\5mtrzw.exe');
DeleteFile('c:\docume~1\user\locals~1\temp\pj9q4.exe');
DeleteFile('c:\windows\fonts\services.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','lta9a');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','jt2qcp');
DeleteFile('C:\DOCUME~1\User\LOCALS~1\Temp\5mtrzw.exe');
DeleteFile('C:\DOCUME~1\User\LOCALS~1\Temp\pj9q4.exe');
DeleteFile('C:\Documents and Settings\User\arwsssnhb.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnhb');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnhb');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnhj');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnhj');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnho');
DeleteFile('C:\Documents and Settings\User\arwsssnho.exe');
DeleteFile('C:\Documents and Settings\User\arwsssnh}.exe');
DeleteFile('C:\Documents and Settings\User\arwsssnhЃ.exe');
DeleteFile('C:\Documents and Settings\User\arwsssnhЌ.exe');
DeleteFile('C:\Documents and Settings\User\arwsssnhЇ.exe');
DeleteFile('C:\Documents and Settings\User\arwsssnh№.exe');
DeleteFile('C:\Documents and Settings\User\arwsssnhШ.exe');
DeleteFile('C:\Documents and Settings\User\arwsssnhи.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnhи');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnhи');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnhШ');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnhШ');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnh№');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnh№');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnhЇ');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnhЇ');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnhЌ');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnhЌ');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnhЃ');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnhЃ');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnh}');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','arwsssnho');
DeleteFile('c:\documents and settings\user\wuaucldt.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','wuaucldt');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','wuaucldt');
DeleteFile('c:\windows\system32\wuaucldt.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','wuaucldt');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
BC_Activate;
RebootWindows(true);
end.
После перезагрузки: