Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\programdata\hwdsmanproh\wdsmanpro.exe');
TerminateProcessByName('c:\program files (x86)\sfk\ssfk.exe');
TerminateProcessByName('C:\Program Files (x86)\SFK\SFKEX64.exe');
TerminateProcessByName('c:\program files (x86)\gamexpservice\gamexpsvc.exe');
StopService('WdsManPro');
StopService('SSFK');
QuarantineFile('C:\Users\Dima\AppData\Roaming\ufMFMs7HGPS4T3jNU8oQ.exe','');
QuarantineFile('C:\Users\Dima\AppData\Roaming\ARzH9YcCI7WcntrZA1RVkj.exe','');
QuarantineFile('C:\Windows\system32\drivers\wsafd_1_10_0_19.sys','');
QuarantineFile('C:\Program Files (x86)\32444335-1442136823-4B34-4C33-80C16E5C829B\knst7DAC.tmp','');
QuarantineFile('C:\Program Files (x86)\32444335-1442136823-4B34-4C33-80C16E5C829B\jnso989B.tmp','');
QuarantineFile('C:\Program Files (x86)\32444335-1442136823-4B34-4C33-80C16E5C829B\hnsyB1D7.tmp','');
QuarantineFile('c:\programdata\hwdsmanproh\wdsmanpro.exe','');
QuarantineFile('c:\program files (x86)\sfk\ssfk.exe','');
QuarantineFile('C:\Program Files (x86)\SFK\SFKEX64.exe','');
QuarantineFile('c:\program files (x86)\gamexpservice\gamexpsvc.exe','');
DeleteFile('C:\Users\Dima\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk');
DeleteFile('C:\Users\Dima\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Коmеtа.lnk');
DeleteFile('C:\Users\Dima\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Вконтакте.lnk');
DeleteFile('C:\Users\Dima\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Амиго.lnk');
DeleteFile('C:\Program Files (x86)\SFK\SFKEX64.exe','32');
DeleteFile('C:\Program Files (x86)\SFK\SSFK.exe','32');
DeleteFile('C:\ProgramData\HWdsManProH\WdsManPro.exe','32');
DeleteFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe','32');
DeleteFile('C:\Program Files (x86)\32444335-1442136823-4B34-4C33-80C16E5C829B\hnsyB1D7.tmp','32');
DeleteFile('C:\Program Files (x86)\32444335-1442136823-4B34-4C33-80C16E5C829B\jnso989B.tmp','32');
DeleteFile('C:\Program Files (x86)\32444335-1442136823-4B34-4C33-80C16E5C829B\knst7DAC.tmp','32');
DeleteFile('C:\Windows\system32\drivers\wsafd_1_10_0_19.sys','32');
DeleteFile('C:\Users\Dima\AppData\Local\Amigo\Application\amigo.exe','32');
DeleteFile('C:\Users\Dima\AppData\Roaming\daemon.exe','32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010086\gmsd_ru_005010086.exe','32');
DeleteFile('C:\Users\Dima\AppData\Local\Kometa\Application\kometa.exe','32');
DeleteFile('C:\Users\Dima\AppData\Local\Amigo\Application\vk.exe','32');
DeleteFile('C:\Users\Dima\AppData\Local\Kometa\Application\kometa.bat','32');
DeleteFile('C:\Users\Dima\AppData\Local\Amigo\Application\ok.exe','32');
DeleteFile('C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','32');
DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','32');
DeleteFile('C:\Users\Dima\AppData\Roaming\ARzH9YcCI7WcntrZA1RVkj.exe','32');
DeleteFile('C:\Windows\Tasks\ARzH9YcCI7WcntrZA1RVkj.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.09\ed6a7513-1494-41cb-a12c-eae1559d75b9-1-6.exe','32');
DeleteFile('C:\Windows\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-1-6.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.09\ed6a7513-1494-41cb-a12c-eae1559d75b9-1-7.exe','32');
DeleteFile('C:\Windows\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-1-7.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.09\ed6a7513-1494-41cb-a12c-eae1559d75b9-10.exe','32');
DeleteFile('C:\Windows\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-10_user.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.09\ed6a7513-1494-41cb-a12c-eae1559d75b9-11.exe','32');
DeleteFile('C:\Windows\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-11.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.09\ed6a7513-1494-41cb-a12c-eae1559d75b9-3.exe','32');
DeleteFile('C:\Windows\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-3.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.09\ed6a7513-1494-41cb-a12c-eae1559d75b9-4.exe','32');
DeleteFile('C:\Windows\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-4.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.09\ed6a7513-1494-41cb-a12c-eae1559d75b9-5.exe','32');
DeleteFile('C:\Windows\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-5.job','32');
DeleteFile('C:\Windows\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-5_user.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.09\ed6a7513-1494-41cb-a12c-eae1559d75b9-6.exe','32');
DeleteFile('C:\Windows\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-6.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV14.09\ed6a7513-1494-41cb-a12c-eae1559d75b9-7.exe','32');
DeleteFile('C:\Windows\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-7.job','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job','32');
DeleteFile('C:\Users\Dima\AppData\Roaming\ufMFMs7HGPS4T3jNU8oQ.exe','32');
DeleteFile('C:\Windows\Tasks\ufMFMs7HGPS4T3jNU8oQ.job','32');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP1','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP2','64');
DeleteFile('C:\Windows\system32\Tasks\APSnotifierPP3','64');
DeleteFile('C:\Windows\system32\Tasks\ARzH9YcCI7WcntrZA1RVkj','64');
DeleteFile('C:\Windows\system32\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-1-6','64');
DeleteFile('C:\Windows\system32\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-1-7','64');
DeleteFile('C:\Windows\system32\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-10_user','64');
DeleteFile('C:\Windows\system32\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-11','64');
DeleteFile('C:\Windows\system32\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-3','64');
DeleteFile('C:\Windows\system32\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-4','64');
DeleteFile('C:\Windows\system32\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-5','64');
DeleteFile('C:\Windows\system32\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-5_user','64');
DeleteFile('C:\Windows\system32\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-6','64');
DeleteFile('C:\Windows\system32\Tasks\ed6a7513-1494-41cb-a12c-eae1559d75b9-7','64');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineCore','64');
DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineUA','64');
DeleteFile('C:\Windows\system32\Tasks\ufMFMs7HGPS4T3jNU8oQ','64');
DelBHO('{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}');
DelBHO('{0633EE93-D776-472f-A0FF-E1416B8B2E3D}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babakan','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\amigo','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Daemon','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010086','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KometaAutoLaunch_654BA8B964942D6F97399186D89A2C99','command');
DeleteService('wsafd_1_10_0_19');
DeleteService('nokobuzo');
DeleteService('lehicewu');
DeleteService('gyvixodu');
DeleteService('globalUpdatem');
DeleteService('globalUpdate');
DeleteService('WdsManPro');
DeleteService('SSFK');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(4);
ExecuteWizard('SCU',2,2,true);
RebootWindows(true);
end.
После перезагрузки выполните скрипт: