Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\users\Администратор\appdata\local\03de0294-1445344666-05d5-da06-cb0700080009\qnsrfa09.tmp');
TerminateProcessByName('c:\program files (x86)\03de0294-1444405508-05d5-da06-cb0700080009\knsoa2c1.tmp');
TerminateProcessByName('c:\program files (x86)\crossbrowse\crossbrowse\application\crossbrowse.exe');
StopService('Privacy Content Firewall');
StopService('kiwinite');
QuarantineFile('C:\Program Files (x86)\MyBrowser 1.0.2V16.10\923e3987-fd93-4b4a-a604-4f25e3eba6fc-1-6.exe','');
QuarantineFile('C:\Users\Администратор\AppData\Local\KRwXps\bjlsTSORZ1.bat','');
QuarantineFile('C:\ProgramData\TimeTasks\timetasks.exe','');
QuarantineFile('C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe','');
QuarantineFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libglesv2.dll','');
QuarantineFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libegl.dll','');
QuarantineFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\chrome_elf.dll','');
QuarantineFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\chrome_child.dll','');
QuarantineFile('c:\users\Администратор\appdata\local\03de0294-1445344666-05d5-da06-cb0700080009\qnsrfa09.tmp','');
QuarantineFile('C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogService.exe','');
QuarantineFile('c:\program files (x86)\03de0294-1444405508-05d5-da06-cb0700080009\knsoa2c1.tmp','');
QuarantineFile('c:\program files (x86)\crossbrowse\crossbrowse\application\crossbrowse.exe','');
DeleteFile('C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogService.exe','32');
DeleteFile('c:\users\Администратор\appdata\local\03de0294-1445344666-05d5-da06-cb0700080009\qnsrfa09.tmp','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\chrome_child.dll','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\chrome_elf.dll','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libegl.dll','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libglesv2.dll','32');
DeleteFile('C:\Program Files (x86)\03DE0294-1444405508-05D5-DA06-CB0700080009\knsoA2C1.tmp','32');
DeleteFile('C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe','32');
DeleteFile('C:\ProgramData\TimeTasks\timetasks.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010109\gmsd_ru_005010109.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010111\gmsd_ru_005010111.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010116\gmsd_ru_005010116.exe','32');
DeleteFile('C:\Users\Администратор\AppData\Local\SmartWeb\SmartWebHelper.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010119\gmsd_ru_005010119.exe','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe','32');
DeleteFile('C:\Users\Администратор\AppData\Local\KRwXps\bjlsTSORZ1.bat','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-1-6.job','32');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-1-7.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-1-7.exe','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.10\04aa17d4-99a1-4c18-98f6-287c91af2617-10.exe','32');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-10_user.job','32');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-11.job','32');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-5.job','32');
DeleteFile('C:\Windows\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-5_user.job','32');
DeleteFile('C:\Windows\Tasks\41de1558-c31d-4526-82cc-d9b15ea35392-1-6.job','32');
DeleteFile('C:\Windows\Tasks\41de1558-c31d-4526-82cc-d9b15ea35392-1-7.job','32');
DeleteFile('C:\Windows\Tasks\41de1558-c31d-4526-82cc-d9b15ea35392-10_user.job','32');
DeleteFile('C:\Windows\Tasks\41de1558-c31d-4526-82cc-d9b15ea35392-11.job','32');
DeleteFile('C:\Windows\Tasks\41de1558-c31d-4526-82cc-d9b15ea35392-5.job','32');
DeleteFile('C:\Windows\Tasks\41de1558-c31d-4526-82cc-d9b15ea35392-5_user.job','32');
DeleteFile('C:\Windows\Tasks\4400da14-844c-4bed-8497-14b8ffdbcf7d-1-6.job','32');
DeleteFile('C:\Windows\Tasks\4400da14-844c-4bed-8497-14b8ffdbcf7d-1-7.job','32');
DeleteFile('C:\Windows\Tasks\4400da14-844c-4bed-8497-14b8ffdbcf7d-10_user.job','32');
DeleteFile('C:\Windows\Tasks\4400da14-844c-4bed-8497-14b8ffdbcf7d-11.job','32');
DeleteFile('C:\Windows\Tasks\4400da14-844c-4bed-8497-14b8ffdbcf7d-5.job','32');
DeleteFile('C:\Windows\Tasks\4400da14-844c-4bed-8497-14b8ffdbcf7d-5_user.job','32');
DeleteFile('C:\Windows\Tasks\61f39b4e-f409-4640-b07f-71d3a3f13224-1-6.job','32');
DeleteFile('C:\Windows\Tasks\61f39b4e-f409-4640-b07f-71d3a3f13224-1-7.job','32');
DeleteFile('C:\Windows\Tasks\61f39b4e-f409-4640-b07f-71d3a3f13224-10_user.job','32');
DeleteFile('C:\Windows\Tasks\61f39b4e-f409-4640-b07f-71d3a3f13224-11.job','32');
DeleteFile('C:\Windows\Tasks\61f39b4e-f409-4640-b07f-71d3a3f13224-5_user.job','32');
DeleteFile('C:\Windows\Tasks\753342fd-2b68-46ed-8f2c-5099203e72e6-1-6.job','32');
DeleteFile('C:\Windows\Tasks\753342fd-2b68-46ed-8f2c-5099203e72e6-1-7.job','32');
DeleteFile('C:\Windows\Tasks\753342fd-2b68-46ed-8f2c-5099203e72e6-10_user.job','32');
DeleteFile('C:\Windows\Tasks\753342fd-2b68-46ed-8f2c-5099203e72e6-11.job','32');
DeleteFile('C:\Windows\Tasks\753342fd-2b68-46ed-8f2c-5099203e72e6-5.job','32');
DeleteFile('C:\Windows\Tasks\753342fd-2b68-46ed-8f2c-5099203e72e6-5_user.job','32');
DeleteFile('C:\Windows\Tasks\923e3987-fd93-4b4a-a604-4f25e3eba6fc-1-6.job','32');
DeleteFile('C:\Program Files (x86)\MyBrowser 1.0.2V16.10\923e3987-fd93-4b4a-a604-4f25e3eba6fc-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\923e3987-fd93-4b4a-a604-4f25e3eba6fc-1-7.job','32');
DeleteFile('C:\Program Files (x86)\MyBrowser 1.0.2V16.10\923e3987-fd93-4b4a-a604-4f25e3eba6fc-1-7.exe','32');
DeleteFile('C:\Program Files (x86)\MyBrowser 1.0.2V16.10\923e3987-fd93-4b4a-a604-4f25e3eba6fc-10.exe','32');
DeleteFile('C:\Windows\Tasks\923e3987-fd93-4b4a-a604-4f25e3eba6fc-10_user.job','32');
DeleteFile('C:\Program Files (x86)\MyBrowser 1.0.2V16.10\923e3987-fd93-4b4a-a604-4f25e3eba6fc-11.exe','32');
DeleteFile('C:\Windows\Tasks\923e3987-fd93-4b4a-a604-4f25e3eba6fc-11.job','32');
DeleteFile('C:\Windows\Tasks\923e3987-fd93-4b4a-a604-4f25e3eba6fc-5.job','32');
DeleteFile('C:\Program Files (x86)\MyBrowser 1.0.2V16.10\923e3987-fd93-4b4a-a604-4f25e3eba6fc-5.exe','32');
DeleteFile('C:\Users\Администратор\AppData\Local\31254\Updater.exe','32');
DeleteFile('C:\Windows\Tasks\AmiUpdXp.job','32');
DeleteFile('C:\Windows\Tasks\c3961c62-1963-4aee-a1b9-47aa7e455440-1-6.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV15.10\c3961c62-1963-4aee-a1b9-47aa7e455440-1-6.exe','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV15.10\c3961c62-1963-4aee-a1b9-47aa7e455440-1-7.exe','32');
DeleteFile('C:\Windows\Tasks\c3961c62-1963-4aee-a1b9-47aa7e455440-1-7.job','32');
DeleteFile('C:\Windows\Tasks\c3961c62-1963-4aee-a1b9-47aa7e455440-10_user.job','32');
DeleteFile('C:\Windows\Tasks\c3961c62-1963-4aee-a1b9-47aa7e455440-11.job','32');
DeleteFile('C:\Windows\Tasks\c3961c62-1963-4aee-a1b9-47aa7e455440-5.job','32');
DeleteFile('C:\Windows\Tasks\c3961c62-1963-4aee-a1b9-47aa7e455440-5_user.job','32');
DeleteFile('C:\Windows\Tasks\Crossbrowse.job','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe','32');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\d574a3ee-a1dc-46c7-b5b8-72bc65036ae5-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\d574a3ee-a1dc-46c7-b5b8-72bc65036ae5-1-6.job','32');
DeleteFile('C:\Windows\Tasks\d574a3ee-a1dc-46c7-b5b8-72bc65036ae5-1-7.job','32');
DeleteFile('c:\task.vbs','32');
DeleteFile('C:\Windows\system32\Tasks\updateTask','64');
DeleteFile('C:\Windows\system32\Tasks\SmartWeb Upgrade Trigger Task','64');
DeleteFile('C:\Users\836D~1\AppData\Local\Temp\Updater.exe','32');
DeleteFile('C:\Windows\system32\Tasks\runTask','64');
DeleteFile('C:\Program Files (x86)\MyBrowser 1.0.2V13.10\eddc3811-a817-46b3-94cd-a510c8d4a873-5.exe','32');
DeleteFile('C:\Windows\system32\Tasks\eddc3811-a817-46b3-94cd-a510c8d4a873-5','64');
DeleteFile('C:\Program Files (x86)\MyBrowser 1.0.2V13.10\eddc3811-a817-46b3-94cd-a510c8d4a873-1-7.exe','32');
DeleteFile('C:\Windows\system32\Tasks\eddc3811-a817-46b3-94cd-a510c8d4a873-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\eddc3811-a817-46b3-94cd-a510c8d4a873-1-6','64');
DeleteFile('C:\Program Files (x86)\MyBrowser 1.0.2V13.10\eddc3811-a817-46b3-94cd-a510c8d4a873-1-6.exe','32');
DeleteFile('C:\Program Files (x86)\Shop and Save Up\d574a3ee-a1dc-46c7-b5b8-72bc65036ae5-5.exe','32');
DeleteFile('C:\Windows\system32\Tasks\d574a3ee-a1dc-46c7-b5b8-72bc65036ae5-5','64');
DeleteFile('C:\Windows\system32\Tasks\d574a3ee-a1dc-46c7-b5b8-72bc65036ae5-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\d574a3ee-a1dc-46c7-b5b8-72bc65036ae5-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\Crossbrowse','64');
DeleteFile('C:\Windows\system32\Tasks\c3961c62-1963-4aee-a1b9-47aa7e455440-5','64');
DeleteFile('C:\Windows\system32\Tasks\c3961c62-1963-4aee-a1b9-47aa7e455440-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\c3961c62-1963-4aee-a1b9-47aa7e455440-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\AmiUpdXp','64');
DeleteFile('C:\Windows\system32\Tasks\923e3987-fd93-4b4a-a604-4f25e3eba6fc-5','64');
DeleteFile('C:\Windows\system32\Tasks\923e3987-fd93-4b4a-a604-4f25e3eba6fc-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\923e3987-fd93-4b4a-a604-4f25e3eba6fc-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\753342fd-2b68-46ed-8f2c-5099203e72e6-5','64');
DeleteFile('C:\Windows\system32\Tasks\753342fd-2b68-46ed-8f2c-5099203e72e6-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\753342fd-2b68-46ed-8f2c-5099203e72e6-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\61f39b4e-f409-4640-b07f-71d3a3f13224-5','64');
DeleteFile('C:\Windows\system32\Tasks\61f39b4e-f409-4640-b07f-71d3a3f13224-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\61f39b4e-f409-4640-b07f-71d3a3f13224-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\4400da14-844c-4bed-8497-14b8ffdbcf7d-5','64');
DeleteFile('C:\Windows\system32\Tasks\4400da14-844c-4bed-8497-14b8ffdbcf7d-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\4400da14-844c-4bed-8497-14b8ffdbcf7d-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\41de1558-c31d-4526-82cc-d9b15ea35392-5','64');
DeleteFile('C:\Windows\system32\Tasks\41de1558-c31d-4526-82cc-d9b15ea35392-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\41de1558-c31d-4526-82cc-d9b15ea35392-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-5','64');
DeleteFile('C:\Windows\system32\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\04aa17d4-99a1-4c18-98f6-287c91af2617-1-6','64');
DeleteFile('C:\Windows\Tasks\eddc3811-a817-46b3-94cd-a510c8d4a873-5_user.job','32');
DeleteFile('C:\Windows\Tasks\eddc3811-a817-46b3-94cd-a510c8d4a873-5.job','32');
DeleteFile('C:\Windows\Tasks\eddc3811-a817-46b3-94cd-a510c8d4a873-11.job','32');
DeleteFile('C:\Windows\Tasks\eddc3811-a817-46b3-94cd-a510c8d4a873-10_user.job','32');
DeleteFile('C:\Windows\Tasks\eddc3811-a817-46b3-94cd-a510c8d4a873-1-7.job','32');
DeleteFile('C:\Windows\Tasks\eddc3811-a817-46b3-94cd-a510c8d4a873-1-6.job','32');
DeleteFile('C:\Windows\Tasks\d574a3ee-a1dc-46c7-b5b8-72bc65036ae5-10_user.job','32');
DeleteFile('C:\Windows\Tasks\d574a3ee-a1dc-46c7-b5b8-72bc65036ae5-11.job','32');
DeleteFile('C:\Windows\Tasks\d574a3ee-a1dc-46c7-b5b8-72bc65036ae5-5.job','32');
DeleteFile('C:\Windows\Tasks\d574a3ee-a1dc-46c7-b5b8-72bc65036ae5-5_user.job','32');
DeleteFile('C:\Users\Администратор\appdata\local\smartweb\smartwebapp.exe','32');
DeleteFile('C:\Users\Администратор\appdata\local\smartweb\swhk.dll','32');
DeleteFile('C:\Users\Администратор\appdata\local\smartweb\__u.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ComodoFSChrome');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Timestasks');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010109');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010111');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010116');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SmartWeb');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gmsd_ru_005010119');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','GoogleChromeAutoLaunch_2E97E79495C2EE918393804007FA94E4');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
DeleteService('Privacy Content Firewall');
DeleteService('kiwinite');
DeleteFileMask('C:\Program Files (x86)\CiPlus-4.5vV12.10', '*', true);
DeleteFileMask('C:\Program Files (x86)\Shop and Save Up', '*', true);
DeleteFileMask('C:\Program Files (x86)\MyBrowser 1.0.2V13.10', '*', true);
DeleteDirectory('C:\Program Files (x86)\CiPlus-4.5vV12.10');
DeleteDirectory('C:\Program Files (x86)\Shop and Save Up');
DeleteDirectory('C:\Program Files (x86)\MyBrowser 1.0.2V13.10');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU',2,2,true);
ExecuteWizard('TSW',2,2,true);
RebootWindows(true);
end.
После перезагрузки выполните скрипт: