Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\users\8fee~1\appdata\local\temp\nscff8f.tmp');
TerminateProcessByName('c:\users\8fee~1\appdata\local\temp\nswcab1.tmp');
TerminateProcessByName('c:\users\Михаил\appdata\roaming\03000200-1433345837-0500-0006-000700080009\nse9557.tmp');
QuarantineFile('C:\Users\Михаил\appdata\local\smartweb\swhk.dll', '');
QuarantineFile('C:\Users\Михаил\appdata\local\smartweb\smartwebapp.exe', '');
QuarantineFile('c:\users\8fee~1\appdata\local\temp\nscff8f.tmp', '');
QuarantineFile('c:\users\8fee~1\appdata\local\temp\nswcab1.tmp', '');
QuarantineFile('C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe', '');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe', '');
QuarantineFile('C:\Users\Михаил\AppData\Roaming\3cfReY0DUdUFc4Ygc.exe', '');
QuarantineFile('C:\Windows\system32\drivers\etc\hosts', '');
QuarantineFile('C:\Users\Михаил\AppData\Local\gmsd_ru_274\upgmsd_ru_274.exe', '');
QuarantineFile('C:\Users\Михаил\AppData\Local\SmartWeb\SmartWebHelper.exe', '');
QuarantineFile('C:\Program Files\gmsd_ru_274\gmsd_ru_274.exe', '');
QuarantineFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe', '');
QuarantineFile('C:\Windows\Tasks\3cfReY0DUdUFc4Ygc.job', '');
QuarantineFile('c:\users\Михаил\appdata\roaming\03000200-1433345837-0500-0006-000700080009\nse9557.tmp', '');
DeleteFile('C:\Users\Михаил\AppData\Roaming\03000200-1433345837-0500-0006-000700080009\nse9557.tmp', '32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe', '32');
DeleteFile('C:\Program Files\gmsd_ru_274\gmsd_ru_274.exe', '32');
DeleteFile('C:\Users\Михаил\AppData\Local\gmsd_ru_274\upgmsd_ru_274.exe', '32');
DeleteFile('C:\Users\Михаил\AppData\Roaming\3cfReY0DUdUFc4Ygc.exe', '32');
DeleteFile('C:\Windows\Tasks\3cfReY0DUdUFc4Ygc.job', '32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job', '32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job', '32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job', '32');
DeleteFile('C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe', '32');
DeleteFile('C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe', '32');
DeleteFile('c:\users\8fee~1\appdata\local\temp\nswcab1.tmp', '32');
DeleteFile('c:\users\8fee~1\appdata\local\temp\nscff8f.tmp', '32');
DeleteFile('C:\Users\Михаил\appdata\local\smartweb\smartwebapp.exe', '32');
DeleteFile('C:\Users\Михаил\appdata\local\smartweb\smartwebhelper.exe', '32');
DeleteFile('C:\Users\Михаил\appdata\local\smartweb\swhk.dll', '32');
DeleteService('TS888');
DeleteService('scfd_1_10_0_16');
DeleteService('QMUdisk');
DeleteService('innfd_1_10_0_14');
DeleteService('focepiti');
DeleteFileMask('C:\Users\Михаил\appdata\local\smartweb', '*', true);
DeleteFileMask('C:\Program Files\Reimage\Reimage Repair', '*', true);
DeleteFileMask('C:\Program Files\Crossbrowse\Crossbrowse', '*', true);
DeleteFileMask('C:\Program Files\gmsd_ru_274', '*', true);
DeleteFileMask('c:\users\Михаил\appdata\roaming\03000200-1433345837-0500-0006-000700080009', '*', true);
DeleteDirectory('C:\Users\Михаил\appdata\local\smartweb');
DeleteDirectory('C:\Program Files\Reimage\Reimage Repair');
DeleteDirectory('C:\Program Files\Crossbrowse\Crossbrowse');
DeleteDirectory('C:\Program Files\gmsd_ru_274');
DeleteDirectory('c:\users\Михаил\appdata\roaming\03000200-1433345837-0500-0006-000700080009');
DelBHO('{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}');
DelBHO('{10921475-03CE-4E04-90CE-E2E7EF20C814}');
ExecuteFile('schtasks.exe', '/delete /TN "At1" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Crossbrowse" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Reimage Reminder" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "SmartWeb Upgrade Trigger Task" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Soft installer" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{1858C7D0-85AA-4544-8931-DD761DE85EEF}" /F', 0, 15000, true);
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'jraxu');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.