begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SetServiceStart('clsid34928', 4);
StopService('clsid34928');
QuarantineFile('C:\Program Files (x86)\JgBxoaZwmZRU2\kAufJbrjkxVpW.dll', '');
QuarantineFile('C:\Program Files (x86)\PieSfXRZU\Afbjxp.dll', '');
QuarantineFile('C:\ProgramData\system64\UsersControlService.exe', '');
QuarantineFile('C:\Program Files (x86)\Miped\QWiget\THIS IS WIIIGET!.exe', '');
QuarantineFile('C:\Program Files (x86)\UUMEfTWNyIE\kbYaKZWvA.dll', '');
QuarantineFile('c:\program files (x86)\zaxar\zaxarloader.exe', '');
QuarantineFile('c:\program files (x86)\zaxar\zaxargamebrowser.exe', '');
QuarantineFile('C:\ProgramData\system32\UsersControl.exe', '');
QuarantineFile('c:\users\Елена\appdata\roaming\mp3tagapp2\mp3tagapp.exe', '');
QuarantineFile('c:\programdata\system32\crashhandlerservice.exe', '');
QuarantineFile('c:\programdata\clsid34928.exe', '');
DeleteFile('c:\programdata\system32\crashhandlerservice.exe', '32');
DeleteFile('C:\ProgramData\system32\UsersControl.exe', '32');
DeleteFile('c:\program files (x86)\zaxar\zaxargamebrowser.exe', '32');
DeleteFile('c:\program files (x86)\zaxar\zaxarloader.exe', '32');
DeleteFile('C:\Program Files (x86)\UUMEfTWNyIE\kbYaKZWvA.dll', '32');
DeleteFile('C:\ProgramData\clsid34928.exe', '32');
DeleteFile('C:\ProgramData\system64\UsersControlService.exe', '32');
DeleteFile('C:\Users\Елена\AppData\Roaming\Mp3tagApp2\Mp3tagApp.exe', '32');
DeleteFile('C:\Program Files (x86)\PieSfXRZU\Afbjxp.dll', '32');
DeleteFile('C:\Windows\system32\Tasks\BYkucKAbLoZInYF', '64');
DeleteFile('C:\Windows\system32\Tasks\BYkucKAbLoZInYF2', '64');
DeleteFile('C:\Windows\system32\Tasks\urlopener', '64');
DeleteFile('C:\Program Files (x86)\JgBxoaZwmZRU2\kAufJbrjkxVpW.dll', '32');
DeleteFile('C:\Windows\system32\Tasks\zXHETIgCcYWbiA', '64');
DeleteService('clsid34928');
DelBHO('{C0D38E5A-7CF8-4105-8FE8-31B81443A114}');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'THIS IS WIIIGET!');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'UsersControl');
BC_ImportALL;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
BC_Activate;
RebootWindows(true);
end.