Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\program files\common files\yandex\yupdate\yupdate .exe');
TerminateProcessByName('c:\program files\internet explorer\wmpscfgs .exe');
TerminateProcessByName('c:\windows\system32\userini.exe');
QuarantineFile('c:\program files\internet explorer\wmpscfgs .exe','');
QuarantineFile('c:\program files\common files\yandex\yupdate\yupdate .exe','');
QuarantineFile('c:\windows\explorer.exe:userini.exe:$DATA','');
QuarantineFile('C:\WINDOWS\system32\megepudo.exe','');
QuarantineFile('C:\WINDOWS\system32\gavuku.exe','');
QuarantineFile('C:\WINDOWS\system32\cehoow.exe','');
QuarantineFile('C:\Documents and Settings\ЖЕНЯиДИМА\tgo.exe','');
QuarantineFile('C:\Documents and Settings\ЖЕНЯиДИМА\Application Data\gkewzr.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\megepudo.exe','');
QuarantineFile('C:\DOCUME~1\AD22~1\LOCALS~1\Temp\qumhyem.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\protect.sys','');
QuarantineFile('C:\DOCUME~1\AD22~1\LOCALS~1\Temp\bjwlj.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\kzvolixl.sys','');
QuarantineFile('C:\WINDOWS\system32\gyvy.exe','');
QuarantineFile('C:\WINDOWS\system32\jotourysib.exe','');
QuarantineFile('C:\WINDOWS\system32\licoofoucoo.exe','');
QuarantineFile('C:\WINDOWS\system32\app_dll.dll','');
QuarantineFile('c:\windows\system32\userini.exe','');
DeleteFile('c:\windows\system32\userini.exe');
DeleteFile('c:\program files\internet explorer\wmpscfgs .exe');
DeleteFile('c:\program files\common files\yandex\yupdate\yupdate .exe');
DeleteFile('C:\WINDOWS\system32\app_dll.dll');
DeleteFile('C:\WINDOWS\system32\licoofoucoo.exe');
DeleteFile('C:\WINDOWS\system32\jotourysib.exe');
DeleteFile('C:\WINDOWS\system32\gyvy.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\kzvolixl.sys');
DeleteFile('C:\DOCUME~1\AD22~1\LOCALS~1\Temp\bjwlj.sys');
DeleteFile('C:\WINDOWS\system32\drivers\protect.sys');
DeleteFile('C:\WINDOWS\system32\megepudo.exe');
DeleteFile('c:\windows\explorer.exe:userini.exe:$DATA');
DeleteFile('C:\DOCUME~1\AD22~1\LOCALS~1\Temp\qumhyem.sys');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\megepudo.exe');
DeleteFile('C:\Documents and Settings\ЖЕНЯиДИМА\Application Data\gkewzr.exe');
DeleteFile('C:\Documents and Settings\ЖЕНЯиДИМА\tgo.exe');
DeleteFile('C:\WINDOWS\system32\cehoow.exe');
DeleteFile('C:\WINDOWS\system32\gavuku.exe');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','louzovew');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','louzovew');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','MSConfig');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','jycyb');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','louzovew');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','hoofouzy');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','userini');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','userini');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','userini');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','userini');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Adobe_Reader');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
DeleteService('protect');
DeleteService('usacnlx');
DeleteService('ooiztm');
DeleteService('kzvolixl');
DeleteService('uuyajlaryeycbll');
DeleteService('oyxaakeoyiv');
DeleteService('ju9dni7aiebuea');
DeleteFileMask('%windir%\Tasks', 'At*.job', true);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(13);
ExecuteRepair(17);
RebootWindows(true);
end.
Компьютер перезагрузится.