Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('h:\docume~1\user~1.wor\locals~1\temp\835337.exe');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('H:\WINDOWS\$NtServicePackUninstall$\explorer.exe:userini.exe:$DATA','');
QuarantineFile('h:\windows\explorer.exe:userini.exe:$DATA','');
QuarantineFile('c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isew32.exe','');
QuarantineFile('H:\WINDOWS\system32\userini.exe','');
QuarantineFile('H:\WINDOWS\system32\severe.exe','');
QuarantineFile('H:\WINDOWS\system32\quosevoujooj.exe','');
QuarantineFile('H:\WINDOWS\system32\nhvminb.exe','');
QuarantineFile('H:\WINDOWS\system32\mmlucj.exe','');
QuarantineFile('H:\WINDOWS\system32\buloquooryj.exe','');
QuarantineFile('H:\Documents and Settings\User.WORKSTATION\Application Data\yftza.exe','');
QuarantineFile('H:\Documents and Settings\LocalService\Application Data\Microsoft\quosevoujooj.exe','');
QuarantineFile('H:\DOCUME~1\User\LOCALS~1\Temp\vbewjwddlonckb.sys','');
QuarantineFile('H:\Documents and Settings\LocalService\Application Data\Microsoft\cydez.exe','');
QuarantineFile('H:\WINDOWS\system32\drivers\avipit.exe','');
QuarantineFile('h:\docume~1\user~1.wor\locals~1\temp\835337.exe','');
QuarantineFile('H:\WINDOWS\Temp\wpv281277975838.exe','');
DeleteService('ouejrcbmpmin');
DeleteService('hrvg8udh7o28ei');
DeleteFile('H:\WINDOWS\Temp\wpv281277975838.exe');
DeleteFile('h:\docume~1\user~1.wor\locals~1\temp\835337.exe');
DeleteFile('H:\Documents and Settings\User.WORKSTATION\Application Data\yftza.exe');
DelCLSID('28ABC5C0-4FCB-11CF-AAX5-81CX1C635612');
DeleteFile('H:\Documents and Settings\LocalService\Application Data\Microsoft\cydez.exe');
DeleteFile('H:\WINDOWS\system32\drivers\avipit.exe');
DeleteFile('H:\DOCUME~1\User\LOCALS~1\Temp\vbewjwddlonckb.sys');
DeleteFile('H:\Documents and Settings\LocalService\Application Data\Microsoft\quosevoujooj.exe');
DeleteFile('H:\WINDOWS\system32\buloquooryj.exe');
DeleteFile('H:\WINDOWS\system32\mmlucj.exe');
DeleteFile('H:\WINDOWS\system32\nhvminb.exe');
DeleteFile('H:\WINDOWS\system32\quosevoujooj.exe');
DeleteFile('H:\WINDOWS\system32\severe.exe');
DeleteFile('H:\WINDOWS\system32\userini.exe');
DeleteFile('c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isew32.exe');
DeleteFile('h:\windows\explorer.exe:userini.exe:$DATA');
DeleteFile('H:\WINDOWS\$NtServicePackUninstall$\explorer.exe:userini.exe:$DATA');
DeleteFile('C:\autorun.inf');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','myques');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','avipit');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','waly');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','mmlucj');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','userini');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','userini');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','userini');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','userini');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','userini');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','userini');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','userini');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','userini');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','waly');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','waly');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(9);
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится! Пришлите карантин по ссылке согласно правил