Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Users\Бухгалтер\AppData\Local\Amigo\Application\amigo.exe','');
QuarantineFile('c:\task.vbs','');
QuarantineFile('C:\Users\A95B~1\AppData\Local\Temp\Updater.exe','');
QuarantineFile('C:\Users\?????????\AppData\Roaming\PRUe9hXp09vfY5giN20.exe ','');
QuarantineFile('C:\Users\?????????\AppData\Roaming\MQ84vX38cRj2hd1zJt.exe','');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe','');
QuarantineFile('C:\Users\?????????\AppData\Roaming\6mfbuW4lkYdQ.exe ','');
QuarantineFile('C:\Users\Бухгалтер\AppData\Local\Amigo\Application\vk.exe','');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','');
QuarantineFile('C:\Program Files\gmsd_ru_005010117\gmsd_ru_005010117.exe','');
QuarantineFile('C:\Program Files\gmsd_ru_005010116\gmsd_ru_005010116.exe','');
QuarantineFile('C:\Program Files\WordWizard_1.10.0.24\Service\wwsvc.exe','');
DeleteFile('C:\Users\?????????\AppData\Roaming\PRUe9hXp09vfY5giN20.exe ');
DeleteFile('C:\Users\?????????\AppData\Roaming\MQ84vX38cRj2hd1zJt.exe');
DeleteFile('C:\Users\?????????\AppData\Roaming\6mfbuW4lkYdQ.exe ');
DeleteFile('C:\Users\Бухгалтер\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk');
DeleteFile('C:\Users\Бухгалтер\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Вконтакте.lnk');
DeleteFile('C:\Program Files\WordWizard_1.10.0.24\Service\wwsvc.exe','32');
DeleteFile('C:\Program Files\gmsd_ru_005010116\gmsd_ru_005010116.exe','32');
DeleteFile('C:\Program Files\gmsd_ru_005010117\gmsd_ru_005010117.exe','32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','32');
DeleteFile('C:\Users\Бухгалтер\AppData\Local\Amigo\Application\vk.exe','32');
DeleteFile('C:\Users\Бухгалтер\AppData\Local\Amigo\Application\vk.exe http://r.mail.ru/n137257923','32');
DeleteFile('C:\Users\Бухгалтер\AppData\Local\Amigo\Application\ok.exe http://r.mail.ru/n137257727','32');
DeleteFile('C:\Users\Бухгалтер\AppData\Local\Amigo\Application\ok.exe','32');
DeleteFile('C:\Windows\Tasks\6mfbuW4lkYdQ.job','32');
DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV24.09\cfcd9296-92d4-4d34-a587-15534559cb50-1-6.exe','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV24.09\cfcd9296-92d4-4d34-a587-15534559cb50-1-7.exe','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV24.09\cfcd9296-92d4-4d34-a587-15534559cb50-10.exe','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV24.09\cfcd9296-92d4-4d34-a587-15534559cb50-11.exe','32');
DeleteFile('C:\Windows\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-11.job','32');
DeleteFile('C:\Windows\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-10_user.job','32');
DeleteFile('C:\Windows\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-1-7.job','32');
DeleteFile('C:\Windows\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-1-6.job','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV24.09\cfcd9296-92d4-4d34-a587-15534559cb50-3.exe','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV24.09\cfcd9296-92d4-4d34-a587-15534559cb50-5.exe','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV24.09\cfcd9296-92d4-4d34-a587-15534559cb50-6.exe','32');
DeleteFile('C:\Program Files\CiPlus-4.5vV24.09\cfcd9296-92d4-4d34-a587-15534559cb50-7.exe','32');
DeleteFile('C:\Windows\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-7.job','32');
DeleteFile('C:\Windows\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-6.job','32');
DeleteFile('C:\Windows\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-5_user.job','32');
DeleteFile('C:\Windows\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-5.job','32');
DeleteFile('C:\Windows\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-3.job','32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe','32');
DeleteFile('C:\Program Files\globalUpdate\Update\globalupdate.exe','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\Windows\Tasks\Crossbrowse.job','32');
DeleteFile('C:\Windows\Tasks\MQ84vX38cRj2hd1zJt.job','32');
DeleteFile('C:\Windows\Tasks\PRUe9hXp09vfY5giN20.job','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','32');
DeleteFile('C:\Windows\system32\Tasks\Crossbrowse','32');
DeleteFile('C:\Windows\system32\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-7','32');
DeleteFile('C:\Windows\system32\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-6','32');
DeleteFile('C:\Windows\system32\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-5','32');
DeleteFile('C:\Windows\system32\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-3','32');
DeleteFile('C:\Windows\system32\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-11','32');
DeleteFile('C:\Windows\system32\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-1-7','32');
DeleteFile('C:\Windows\system32\Tasks\cfcd9296-92d4-4d34-a587-15534559cb50-1-6','32');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineUA','32');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineCore','32');
DeleteFile('C:\Program Files\PhraseProfessor_1.10.0.24\Update\PhraseProfessorAutoUpdateClient.exe','32');
DeleteFile('C:\Windows\system32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Core','32');
DeleteFile('C:\Windows\system32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Pending Update','32');
DeleteFile('C:\Users\A95B~1\AppData\Local\Temp\Updater.exe','32');
DeleteFile('C:\Program Files\WordWizard_1.10.0.24\Update\WordwizardAutoUpdateClient.exe','32');
DeleteFile('C:\Windows\system32\Tasks\WordWizard Auto Updater 1.10.0.24 Core','32');
DeleteFile('C:\Windows\system32\Tasks\WordWizard Auto Updater 1.10.0.24 Pending Update','32');
DeleteFile('c:\task.vbs','32');
DeleteFile('C:\Windows\system32\Tasks\updateTask','32');
DeleteFile('C:\Users\Бухгалтер\AppData\Local\Amigo\Application\amigo.exe','32');
DelBHO('{8E8F97CD-60B5-456F-A201-73065652D099}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010116');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010117');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','amigo');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
После перезагрузки выполните скрипт: