Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\Temp\iframestat.exe','');
QuarantineFile('C:\WINDOWS\svchost.exe','');
DelBHO('{826A5ED9-1316-4EFD-87F8-AA400C5D551A}');
DelBHO('{3348D07C-7C5C-D2C4-CFBA-A47F82347C8B}');
QuarantineFile('C:\WINDOWS\system32\qtplugin.exe','');
QuarantineFile('C:\WINDOWS\system32\maxpaynow1.exe','');
QuarantineFile('C:\Program Files\antiviirus.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\cftmon.exe','');
QuarantineFile('C:\Documents and Settings\All Users\Документы\Settings\partnership.dll','');
QuarantineFile('C:\Documents and Settings\3лой_Админ\cftmon.exe','');
BC_DeleteSvc('qtprot');
QuarantineFile('C:\WINDOWS\system32\qtprot.sys','');
BC_DeleteSvc('Hllv68');
BC_DeleteSvc('hdport');
QuarantineFile('C:\WINDOWS\system32\hdport.sys','');
BC_DeleteSvc('Yrk46');
BC_DeleteSvc('Schedule');
BC_DeleteSvc('msupdate');
QuarantineFile('c:\windows\system32\mssrv32.exe','');
BC_DeleteSvc('Google Online Services');
QuarantineFile('C:\Documents and Settings\3лой_Админ\ie_updates3r.exe','');
QuarantineFile('C:\WINDOWS\system32\Drivers\Yrk46.sys','');
QuarantineFile('C:\WINDOWS\Help\oqtxde.chm','');
QuarantineFile('C:\WINDOWS\testdll_f.dll','');
QuarantineFile('C:\WINDOWS\system32\wjcstd32.dll','');
QuarantineFile('C:\WINDOWS\system32\wind32.exe','');
QuarantineFile('C:\WINDOWS\system32\vedxg6ame4.exe','');
QuarantineFile('C:\WINDOWS\system32\rqRKCrSK.dll','');
QuarantineFile('C:\WINDOWS\system32\drivers\spools.exe','');
QuarantineFile('C:\WINDOWS\system32\dllgh8jkd1q7.exe','');
QuarantineFile('C:\WINDOWS\system32\alt.exe.exe','');
QuarantineFile('C:\WINDOWS\system32\dllgh8jkd1q6.exe','');
QuarantineFile('C:\WINDOWS\mrofinu27.exe','');
QuarantineFile('C:\WINDOWS\Installer\{596f3a7a-5d09-46ec-b3b6-9cad6c35d3d4}\RomRom.dll','');
QuarantineFile('c:\windows\system32\wind32.exe','');
QuarantineFile('c:\windows\system32\vedxg6ame4.exe','');
QuarantineFile('c:\program files\tmp3.exe','');
QuarantineFile('c:\program files\tmp2.exe','');
QuarantineFile('c:\program files\tmp1.exe','');
QuarantineFile('c:\program files\tmp0.exe','');
QuarantineFile('c:\windows\system32\drivers\spools.exe','');
QuarantineFile('c:\windows\mrofinu27.exe','');
QuarantineFile('c:\windows\system32\maxpaynow1.exe','');
QuarantineFile('c:\documents and settings\3лой_Админ\ie_updates3r.exe','');
QuarantineFile('c:\windows\system32\dllgh8jkd1q7.exe','');
QuarantineFile('c:\windows\system32\dllgh8jkd1q6.exe','');
QuarantineFile('c:\windows\aromis.exe','');
QuarantineFile('c:\program files\antiviirus.exe','');
QuarantineFile('c:\windows\system32\alt.exe.exe','');
DeleteFile('c:\program files\antiviirus.exe');
DeleteFile('c:\windows\aromis.exe');
DeleteFile('c:\windows\system32\dllgh8jkd1q6.exe');
DeleteFile('c:\windows\system32\dllgh8jkd1q7.exe');
DeleteFile('c:\documents and settings\3лой_Админ\ie_updates3r.exe');
DeleteFile('c:\windows\system32\maxpaynow1.exe');
DeleteFile('c:\windows\mrofinu27.exe');
DeleteFile('c:\windows\system32\drivers\spools.exe');
DeleteFile('c:\program files\tmp0.exe');
DeleteFile('c:\program files\tmp1.exe');
DeleteFile('c:\program files\tmp2.exe');
DeleteFile('c:\program files\tmp3.exe');
DeleteFile('c:\windows\system32\vedxg6ame4.exe');
DeleteFile('c:\windows\system32\wind32.exe');
DeleteFile('C:\WINDOWS\Installer\{596f3a7a-5d09-46ec-b3b6-9cad6c35d3d4}\RomRom.dll');
DeleteFile('C:\WINDOWS\mrofinu27.exe');
DeleteFile('C:\WINDOWS\system32\dllgh8jkd1q6.exe');
DeleteFile('C:\WINDOWS\system32\alt.exe.exe');
DeleteFile('C:\WINDOWS\system32\dllgh8jkd1q7.exe');
DeleteFile('C:\WINDOWS\system32\drivers\spools.exe');
DeleteFile('C:\WINDOWS\system32\rqRKCrSK.dll');
DeleteFile('C:\WINDOWS\system32\vedxg6ame4.exe');
DeleteFile('C:\WINDOWS\system32\wind32.exe');
DeleteFile('C:\WINDOWS\system32\wjcstd32.dll');
DeleteFile('C:\WINDOWS\testdll_f.dll');
DeleteFile('C:\WINDOWS\Help\oqtxde.chm');
DeleteFile('C:\WINDOWS\system32\Drivers\Yrk46.sys');
DeleteFile('C:\Documents and Settings\3лой_Админ\ie_updates3r.exe');
DeleteFile('c:\windows\system32\mssrv32.exe');
DeleteFile('C:\WINDOWS\system32\hdport.sys');
DeleteFile('Hllv68.sys');
DeleteFile('C:\WINDOWS\system32\qtprot.sys');
DeleteFile('C:\Documents and Settings\3лой_Админ\cftmon.exe');
DeleteFile('C:\Documents and Settings\All Users\Документы\Settings\partnership.dll');
DeleteFile('C:\Documents and Settings\LocalService\cftmon.exe');
DeleteFile('C:\Program Files\antiviirus.exe');
DeleteFile('C:\WINDOWS\system32\maxpaynow1.exe');
DeleteFile('C:\WINDOWS\system32\qtplugin.exe');
DeleteFile('wowfx.dll');
DeleteFile('rqRKCrSK.dll');
DeleteFile('WLCtrl32.dll');
DeleteFile('C:\WINDOWS\svchost.exe');
DeleteFile('C:\WINDOWS\Temp\iframestat.exe');
ExecuteRepair(1);
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(16);
ExecuteRepair(11);
ExecuteRepair(17);
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
пришлите карантин согласно приложения 3 правил ....