[boyets]

SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('c:\windows\system32\drivers\ov530vid.sys','');
QuarantineFile('c:\windows\system32\45fd78c4.exe','');
QuarantineFile('c:\windows\system32\ynbxne.exe','');
QuarantineFile('c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{38ff9ba7-6c0b-4259-bf95-13e06a09681a}\mpengine.dll','');
DeleteFile('c:\windows\system32\drivers\ov530vid.sys');
DeleteFile('c:\windows\system32\45fd78c4.exe');
DeleteFile('c:\windows\system32\ynbxne.exe');
RegKeyStrParamWrite('HKLM', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'UserInit', GetEnvironmentVariable('WinDir')+'\system32\userinit.exe,');
DeleteService('ovt530');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(20);


1. Что это за файлы ov530vid.sys, ynbxne.exe, mpengine.dll ?
2. Что делает скрипт тут? RegKeyStrParamWrite('HKLM', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'UserInit', GetEnvironmentVariable('WinDir')+'\system32\userinit.exe,');
DeleteService('ovt530');