Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\program files\wordsurfer_1.10.0.19\service\wsasvc.exe');
TerminateProcessByName('c:\programdata\rwdsmanpror\wdsmanpro.exe');
TerminateProcessByName('c:\program files\sfk\ssfk.exe');
TerminateProcessByName('c:\users\user\appdata\local\smartweb\smartwebhelper.exe');
TerminateProcessByName('c:\users\user\appdata\local\smartweb\smartwebapp.exe');
TerminateProcessByName('c:\program files\phraseprofessor_1.10.0.24\service\ppsvc.exe');
TerminateProcessByName('c:\program files\03d40274-1441192825-0542-ac06-740700080009\knsf7abe.tmp');
TerminateProcessByName('c:\program files\03d40274-1441192825-0542-ac06-740700080009\hnsi278f.tmp');
StopService('wsafd_1_10_0_19');
StopService('ppfd_vt_1_10_0_24');
StopService('wsasvc_1.10.0.19');
StopService('WdsManPro');
StopService('totyseku');
StopService('SSFK');
StopService('ppsvc_1.10.0.24');
QuarantineFile('C:\Users\user\appdata\local\smartweb\__u.exe','');
QuarantineFile('c:\task.vbs','');
QuarantineFile('C:\Users\user\AppData\Local\Temp\Updater.exe','');
QuarantineFile('C:\Users\user\AppData\Local\Junimong\Bin\Junimong.dll','');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','');
QuarantineFile('C:\Users\user\AppData\Roaming\ASPackage\ASPackage.exe','');
QuarantineFile('C:\Users\user\AppData\Local\gmsd_ru_005010087\upgmsd_ru_005010087.exe','');
QuarantineFile('C:\Program Files\gmsd_ru_005010087\gmsd_ru_005010087.exe','');
QuarantineFile('C:\Users\user\AppData\Roaming\cpuminer\sgminer\start.cmd','');
QuarantineFile('C:\Windows\system32\drivers\wsafd_1_10_0_19.sys','');
QuarantineFile('C:\Windows\system32\drivers\ppfd_vt_1_10_0_24.sys','');
QuarantineFile('C:\Users\user\AppData\Local\SmartWeb\swhk.dll','');
QuarantineFile('c:\program files\wordsurfer_1.10.0.19\service\wsasvc.exe','');
QuarantineFile('c:\programdata\rwdsmanpror\wdsmanpro.exe','');
QuarantineFile('c:\program files\sfk\ssfk.exe','');
QuarantineFile('c:\users\user\appdata\local\smartweb\smartwebhelper.exe','');
QuarantineFile('c:\users\user\appdata\local\smartweb\smartwebapp.exe','');
QuarantineFile('c:\program files\phraseprofessor_1.10.0.24\service\ppsvc.exe','');
QuarantineFile('c:\program files\03d40274-1441192825-0542-ac06-740700080009\knsf7abe.tmp','');
QuarantineFile('c:\program files\03d40274-1441192825-0542-ac06-740700080009\hnsi278f.tmp','');
DeleteFile('C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk');
DeleteFile('C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Вконтакте.lnk');
DeleteFile('C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Crossbrowse.lnk');
DeleteFile('c:\program files\03d40274-1441192825-0542-ac06-740700080009\knsf7abe.tmp','32');
DeleteFile('C:\Program Files\PhraseProfessor_1.10.0.24\Service\ppsvc.exe','32');
DeleteFile('C:\Program Files\SFK\SSFK.exe','32');
DeleteFile('C:\Program Files\03D40274-1441192825-0542-AC06-740700080009\hnsi278F.tmp','32');
DeleteFile('C:\ProgramData\rWdsManPror\WdsManPro.exe','32');
DeleteFile('C:\Program Files\WordSurfer_1.10.0.19\Service\wsasvc.exe','32');
DeleteFile('C:\Program Files\globalUpdate\Update\globalupdate.exe','32');
DeleteFile('C:\Windows\system32\drivers\ppfd_vt_1_10_0_24.sys','32');
DeleteFile('C:\Users\user\AppData\Roaming\cpuminer\sgminer\start.cmd','32');
DeleteFile('C:\Program Files\gmsd_ru_005010087\gmsd_ru_005010087.exe','32');
DeleteFile('C:\Users\user\AppData\Local\gmsd_ru_005010087\upgmsd_ru_005010087.exe','32');
DeleteFile('C:\Users\user\AppData\Roaming\ASPackage\ASPackage.exe','32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','32');
DeleteFile('C:\Users\user\AppData\Local\Amigo\Application\vk.exe','32');
DeleteFile('C:\Users\user\AppData\Local\Amigo\Application\ok.exe','32');
DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe','32');
DeleteFile('C:\Windows\Tasks\Crossbrowse.job','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','32');
DeleteFile('C:\Windows\system32\Tasks\Crossbrowse','32');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineCore','32');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineUA','32');
DeleteFile('C:\Program Files\PhraseProfessor_1.10.0.24\Update\PhraseProfessorAutoUpdateClient.exe','32');
DeleteFile('C:\Windows\system32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Core','32');
DeleteFile('C:\Windows\system32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Pending Update','32');
DeleteFile('C:\Users\user\AppData\Local\Temp\Updater.exe','32');
DeleteFile('C:\Windows\system32\Tasks\runTask','32');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task','32');
DeleteFile('c:\task.vbs','32');
DeleteFile('C:\Windows\system32\Tasks\updateTask','32');
DeleteFile('C:\Program Files\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe','32');
DeleteFile('C:\Windows\system32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core','32');
DeleteFile('C:\Windows\system32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update','32');
DeleteFile('C:\Windows\system32\Drivers\wsafd_1_10_0_19.sys','32');
DeleteFile('C:\Users\user\appdata\local\smartweb\smartwebapp.exe','32');
DeleteFile('C:\Users\user\appdata\local\smartweb\smartwebhelper.exe','32');
DeleteFile('C:\Users\user\appdata\local\smartweb\swhk.dll','32');
DeleteFile('C:\Users\user\appdata\local\smartweb\__u.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gpuminer');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SmartWeb');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010087');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','upgmsd_ru_005010087.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunOnce','Update');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','GoogleChromeAutoLaunch_100535F106431A9BDA15E8895BE69FFB');
DeleteService('wsafd_1_10_0_19');
DeleteService('ppfd_vt_1_10_0_24');
DeleteService('globalUpdatem');
DeleteService('globalUpdate');
DeleteService('wsasvc_1.10.0.19');
DeleteService('WdsManPro');
DeleteService('totyseku');
DeleteService('SSFK');
DeleteService('ppsvc_1.10.0.24');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(4);
ExecuteWizard('SCU',2,2,true);
RebootWindows(true);
end.
После перезагрузки выполните скрипт: