Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\windows\temp\271f.tmp.exe');
TerminateProcessByName('c:\program files\ciplus-4.5vv19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-1-6.exe');
TerminateProcessByName('c:\program files\ciplus-4.5vv19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-6.exe');
TerminateProcessByName('c:\program files\crossbrowse\crossbrowse\application\crossbrowse.exe');
TerminateProcessByName('c:\program files\gmsd_ru_005010035\gmsd_ru_005010035.exe');
TerminateProcessByName('c:\program files\00000000-1435087657-0000-0000-00bb00002168\knst9e9a.tmp');
StopService('rotufone');
QuarantineFileF('c:\program files\ciplus', '*', true, '', 0 , 0);
QuarantineFileF('c:\program files\crossbrowse', '*', true, '', 0 , 0);
QuarantineFileF('C:\ProgramData\TomorrowGames', '*', true, '', 0 , 0);
QuarantineFileF('C:\Program Files\globalUpdate', '*', true, '', 0 , 0);
QuarantineFileF('C:\Program Files\rec_ru', '*', true, '', 0 , 0);
QuarantineFileF('C:\Users\света\AppData\Local\Kometa', '*', true, '', 0 , 0);
QuarantineFileF('C:\Users\света\AppData\Local\SmartWe', '*', true, '', 0 , 0);
QuarantineFileF('C:\Program Files\AnyProtectEx', '*', true, '', 0 , 0);
QuarantineFileF('C:\Program Files\WordSurfer', '*', true, '', 0 , 0);
QuarantineFileF('C:\Users\света\AppData\Roaming\mystartsearch', '*', true, '', 0 , 0);
QuarantineFileF('C:\Users\света\AppData\Roaming\istartsurf', '*', true, '', 0 , 0);
QuarantineFile('c:\windows\temp\271f.tmp.exe', '');
QuarantineFile('c:\program files\ciplus-4.5vv19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-1-6.exe', '');
QuarantineFile('c:\program files\ciplus-4.5vv19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-6.exe', '');
QuarantineFile('c:\program files\crossbrowse\crossbrowse\application\crossbrowse.exe', '');
QuarantineFile('c:\program files\gmsd_ru_005010035\gmsd_ru_005010035.exe', '');
QuarantineFile('c:\program files\00000000-1435087657-0000-0000-00bb00002168\knst9e9a.tmp', '');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\chrome_elf.dll', '');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\chrome_child.dll', '');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libglesv2.dll', '');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libegl.dll', '');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\chrome.dll', '');
QuarantineFile('C:\ProgramData\TomorrowGames\TomorrowGames32.dll', '');
QuarantineFile('C:\Program Files\globalUpdate\Update\globalupdate.exe', '');
QuarantineFile('C:\windows\system32\drivers\innfd_1_10_0_14.sys', '');
QuarantineFile('C:\Program Files\Internet Explorer\iexplore.bat', '');
QuarantineFile('C:\Program Files\rec_ru_45\rec_ru_45.exe', '');
QuarantineFile('C:\Users\света\AppData\Local\Kometa\kometaup.exe', '');
QuarantineFile('C:\Users\света\AppData\Local\SmartWeb\SmartWebHelper.exe', '');
QuarantineFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-1-7.exe', '');
QuarantineFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-10.exe', '');
QuarantineFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-3.exe', '');
QuarantineFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-5.exe', '');
QuarantineFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-7.exe', '');
QuarantineFile('C:\Program Files\AnyProtectEx\AnyProtect.exe', '');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe', '');
QuarantineFile('C:\Program Files\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe', '');
QuarantineFile('C:\Users\света\AppData\Roaming\mystartsearch\UninstallManager.exe', '');
QuarantineFile('C:\Users\света\AppData\Roaming\istartsurf\UninstallManager.exe', '');
QuarantineFile('c:\users\f238~1\appdata\local\temp\nsi716c.tmp', '');
QuarantineFile('c:\users\f238~1\appdata\local\temp\nsodf36.tmp', '');
QuarantineFile('C:\Users\света\appdata\local\smartweb\__u.exe', '');
DeleteFile('c:\windows\temp\271f.tmp.exe', '32');
DeleteFile('c:\program files\ciplus-4.5vv19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-1-6.exe', '32');
DeleteFile('c:\program files\ciplus-4.5vv19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-6.exe', '32');
DeleteFile('c:\program files\crossbrowse\crossbrowse\application\crossbrowse.exe', '32');
DeleteFile('c:\program files\gmsd_ru_005010035\gmsd_ru_005010035.exe', '32');
DeleteFile('c:\program files\00000000-1435087657-0000-0000-00bb00002168\knst9e9a.tmp', '32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\chrome_elf.dll', '32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\chrome_child.dll', '32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libglesv2.dll', '32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libegl.dll', '32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\chrome.dll', '32');
DeleteFile('C:\ProgramData\TomorrowGames\TomorrowGames32.dll', '32');
DeleteFile('C:\Program Files\globalUpdate\Update\globalupdate.exe', '32');
DeleteFile('C:\windows\system32\drivers\innfd_1_10_0_14.sys', '32');
DeleteFile('C:\Program Files\Internet Explorer\iexplore.bat', '32');
DeleteFile('C:\Program Files\rec_ru_45\rec_ru_45.exe', '32');
DeleteFile('C:\Users\света\AppData\Local\Kometa\kometaup.exe', '32');
DeleteFile('C:\Users\света\AppData\Local\SmartWeb\SmartWebHelper.exe', '32');
DeleteFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-1-7.exe', '32');
DeleteFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-10.exe', '32');
DeleteFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-3.exe', '32');
DeleteFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-5.exe', '32');
DeleteFile('C:\Program Files\CiPlus-4.5vV19.07\4c932842-d972-4abd-bee3-f3d2f371ef93-7.exe', '32');
DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe', '32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe', '32');
DeleteFile('C:\Program Files\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe', '32');
DeleteFile('C:\Users\света\AppData\Roaming\mystartsearch\UninstallManager.exe', '32');
DeleteFile('C:\Users\света\AppData\Roaming\istartsurf\UninstallManager.exe', '32');
DeleteFile('c:\users\f238~1\appdata\local\temp\nsi716c.tmp', '32');
DeleteFile('c:\users\f238~1\appdata\local\temp\nsodf36.tmp', '32');
DeleteFile('C:\Users\света\appdata\local\smartweb\__u.exe', '32');
DeleteService('rotufone');
DeleteService('globalUpdate');
DeleteService('globalUpdatem');
DeleteService('innfd_1_10_0_14');
DeleteFileMask('c:\program files\ciplus', '*', true);
DeleteFileMask('c:\program files\crossbrowse', '*', true);
DeleteFileMask('C:\ProgramData\TomorrowGames', '*', true);
DeleteFileMask('C:\Program Files\globalUpdate', '*', true);
DeleteFileMask('C:\Program Files\rec_ru', '*', true);
DeleteFileMask('C:\Users\света\AppData\Local\Kometa', '*', true);
DeleteFileMask('C:\Users\света\AppData\Local\SmartWe', '*', true);
DeleteFileMask('C:\Program Files\AnyProtectEx', '*', true);
DeleteFileMask('C:\Program Files\WordSurfer', '*', true);
DeleteFileMask('C:\Users\света\AppData\Roaming\mystartsearch', '*', true);
DeleteFileMask('C:\Users\света\AppData\Roaming\istartsurf', '*', true);
DeleteDirectory('c:\program files\ciplus');
DeleteDirectory('c:\program files\crossbrowse');
DeleteDirectory('C:\ProgramData\TomorrowGames');
DeleteDirectory('C:\Program Files\globalUpdate');
DeleteDirectory('C:\Program Files\rec_ru');
DeleteDirectory('C:\Users\света\AppData\Local\Kometa');
DeleteDirectory('C:\Users\света\AppData\Local\SmartWe');
DeleteDirectory('C:\Program Files\AnyProtectEx');
DeleteDirectory('C:\Program Files\WordSurfer');
DeleteDirectory('C:\Users\света\AppData\Roaming\mystartsearch');
DeleteDirectory('C:\Users\света\AppData\Roaming\istartsurf');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4c932842-d972-4abd-bee3-f3d2f371ef93-1-6.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4c932842-d972-4abd-bee3-f3d2f371ef93-1-7.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4c932842-d972-4abd-bee3-f3d2f371ef93-10_user.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4c932842-d972-4abd-bee3-f3d2f371ef93-3.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4c932842-d972-4abd-bee3-f3d2f371ef93-5.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4c932842-d972-4abd-bee3-f3d2f371ef93-5_user.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4c932842-d972-4abd-bee3-f3d2f371ef93-6.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4c932842-d972-4abd-bee3-f3d2f371ef93-7.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP1.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP2.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP3.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Crossbrowse.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "globalUpdateUpdateTaskMachineCore.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "globalUpdateUpdateTaskMachineUA.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4c932842-d972-4abd-bee3-f3d2f371ef93-1-6" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4c932842-d972-4abd-bee3-f3d2f371ef93-1-7" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4c932842-d972-4abd-bee3-f3d2f371ef93-3" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4c932842-d972-4abd-bee3-f3d2f371ef93-5" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4c932842-d972-4abd-bee3-f3d2f371ef93-6" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4c932842-d972-4abd-bee3-f3d2f371ef93-7" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP1" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP3" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Crossbrowse" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "globalUpdateUpdateTaskMachineCore" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "globalUpdateUpdateTaskMachineUA" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "SmartWeb Upgrade Trigger Task" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "WordSurfer Auto Updater 1.10.0.19 Core" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "WordSurfer Auto Updater 1.10.0.19 Pending Update" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{4A0B8F67-057A-4F75-8772-8D4DBC7FF6C1}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{6689C622-B194-48A8-A677-B8DC62C7FE19}" /F', 0, 15000, true);
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'GoogleChromeAutoLaunch_2CFF6D50AD98B6189A27FC6EAB3882DC');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'gmsd_ru_005010035');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'rec_ru_45');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kometaup', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'SmartWeb');
BC_ImportALL;
ExecuteSysClean;
ExecuteRepair(2);
ExecuteRepair(4);
ExecuteRepair(3);
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.