Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon','UserInit', GetEnvironmentVariable ('WinDir')+'\System32\userinit.exe,');
QuarantineFile('C:\WINDOWS\system32\33.exe','');
QuarantineFile('C:\WINDOWS\system32\16.exe','');
QuarantineFile('C:\WINDOWS\system32\64.exe','');
QuarantineFile('C:\WINDOWS\system32\57.exe','');
QuarantineFile('C:\WINDOWS\system32\53.exe','');
QuarantineFile('C:\Documents and Settings\Костя\Application Data\ltzqai.exe','');
QuarantineFile('C:\DDR\Setup.exe','');
QuarantineFile('C:\WINDOWS\system32\msvmiode.exe','');
QuarantineFile('C:\WINDOWS\system32\21.exe','');
QuarantineFile('C:\WINDOWS\jjdrive32.exe','');
QuarantineFile('C:\WINDOWS\dagxcjd.exe','');
QuarantineFile('C:\WINDOWS\cfdrive32.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-2252849960-9630373137-134391003-8260\mcssc.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe','');
QuarantineFile('C:\Documents and Settings\Костя\Application Data\erhfdgc.exe','');
QuarantineFile('C:\Documents and Settings\Костя\Application Data\aqvtd.exe','');
QuarantineFile('C:\Documents and Settings\NetworkService\Application Data\fsbanku.exe','');
DeleteService('msupdate');
QuarantineFile('c:\windows\system32\..\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\fci.exe','');
DeleteService('FCI');
QuarantineFile('c:\windows\system32\msvmiode.exe','');
TerminateProcessByName('c:\windows\system32\msvmiode.exe');
QuarantineFile('c:\windows\cfdrive32.exe','');
TerminateProcessByName('c:\windows\cfdrive32.exe');
DeleteFile('c:\windows\cfdrive32.exe');
DeleteFile('c:\windows\system32\msvmiode.exe');
DeleteFile('C:\WINDOWS\system32\fci.exe');
DeleteFile('C:\Documents and Settings\NetworkService\Application Data\fsbanku.exe');
DeleteFile('C:\Documents and Settings\Костя\Application Data\aqvtd.exe');
DeleteFile('C:\Documents and Settings\Костя\Application Data\erhfdgc.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','msnmsgs');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','msnmsg');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','msnmsgs');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','msnmsgs');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','msnmsgs');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','VGA');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','msnmsgs');
DeleteFile('C:\RECYCLER\S-1-5-21-2252849960-9630373137-134391003-8260\mcssc.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','12CFG214-K641-12SF-N85P');
DeleteFile('C:\WINDOWS\cfdrive32.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Driver Setup');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Driver Setup');
DeleteFile('C:\WINDOWS\dagxcjd.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Driversys');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','VGA');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Driversys');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','Driversys');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','Driversys');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Driversys');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','VGA');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Update Setup');
DeleteFile('C:\WINDOWS\jjdrive32.exe');
DeleteFile('C:\WINDOWS\system32\21.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','VGA');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','VGA');
DeleteFile('C:\WINDOWS\system32\msvmiode.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','MSODESNV7');
DeleteFile('C:\DDR\Setup.exe');
DeleteFile('C:\Documents and Settings\Костя\Application Data\ltzqai.exe');
DeleteFile('C:\WINDOWS\system32\53.exe');
DeleteFile('C:\WINDOWS\system32\14.exe');
DeleteFile('C:\WINDOWS\system32\57.exe');
DeleteFile('C:\WINDOWS\system32\64.exe');
DeleteFile('C:\WINDOWS\system32\87.exe');
DeleteFile('C:\WINDOWS\system32\16.exe');
DeleteFile('C:\WINDOWS\system32\33.exe');
QuarantineFile('C:\RECYCLER\S-1-5-21-2252849960-9630373137-134391003-8260\mcssc.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0600213486-3156639385-031483174-6925\syscr.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-8780970170-8562002554-418091316-6575\mcssc.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-6392323421-8228005788-180496471-6005\syscr.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-2252849960-9630373137-134391003-8260\mcssc.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0600213486-3156639385-031483174-6925\syscr.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-8780970170-8562002554-418091316-6575\mcssc.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-6392323421-8228005788-180496471-6005\syscr.exe');
QuarantineFile('C:\RECYCLER\S-1-5-21-5341969240-5139669803-380221537-2430\mcssc.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-6361562108-5647609225-658635548-2429\syscr.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-3595990144-2476808425-498890411-2478\syscr.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-4810676872-4487900073-109253144-2124\syscr.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-5341969240-5139669803-380221537-2430\mcssc.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-6361562108-5647609225-658635548-2429\syscr.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-3595990144-2476808425-498890411-2478\syscr.exe');
QuarantineFile('C:\RECYCLER\S-1-5-21-4810676872-4487900073-109253144-2124\syscr.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-4810676872-4487900073-109253144-2124\syscr.exe');
QuarantineFile('C:\RECYCLER\S-1-5-21-4810676872-4487900073-109253144-2124\syscr.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-4810676872-4487900073-109253144-2124\syscr.exe');
QuarantineFile('C:\Documents and Settings\Костя\Application Data\ltzqai.exe','');
DeleteFile('C:\Documents and Settings\Костя\Application Data\ltzqai.exe');
QuarantineFile('C:\RECYCLER\S-1-5-21-6676555271-9619383420-792318266-2151\syscr.exe','');
DeleteFile('C:\RECYCLER\S-1-5-21-6676555271-9619383420-792318266-2151\syscr.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman ');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(11);
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun',221);
BC_Activate;
RebootWindows(true);
end.
После перезагрузки: