Код:
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
QuarantineFileF('C:\Users\rufusbrevett\AppData\Roaming\gleam\','*.exe, *.dll,*.sys', true,'',0 ,0);
QuarantineFile('C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.bat','');
QuarantineFile('C:\Program Files (x86)\Internet Explorer\iexplore.exe.bat','');
QuarantineFile('C:\Users\rufusbrevett\AppData\Local\Yandex\YandexBrowser\Application\browser.exe.bat','');
QuarantineFile('C:\Users\rufusbrevett\AppData\Roaming\Mail.RU NewGamesT\Encrypt.exe','');
QuarantineFile('C:\Users\rufusbrevett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe','');
QuarantineFile('C:\Users\rufusbrevett\AppData\Roaming\runWIN\update.exe','');
QuarantineFile('C:\Users\rufusbrevett\Downloads\VkBot.exe','');
QuarantineFile('C:\Users\rufusbrevett\AppData\Roaming\gleam\nvm.dll','');
DeleteFile('C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.bat','32');
DeleteFile('C:\Users\rufusbrevett\appdata\roaming\mail.ru newgamest\api.dll','32');
DeleteFile('C:\Users\rufusbrevett\AppData\Roaming\runWIN\update.exe','32');
DeleteFile('C:\Users\rufusbrevett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runWIN.exe','32');
DeleteFile('C:\Users\rufusbrevett\AppData\Roaming\Mail.RU NewGamesT\Encrypt.exe','32');
DeleteFile('C:\Users\rufusbrevett\AppData\Local\Yandex\YandexBrowser\Application\browser.exe.bat','32');
DeleteFile('C:\Program Files (x86)\Internet Explorer\iexplore.exe.bat','32');
ExecuteRepair(3);
ExecuteRepair(4);
RegKeyParamDel('HKEY_USERS','S-1-5-21-4113266733-1142510788-3724598881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run','NewLoadSystemWIN32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','NewLoadSystemWIN32');
RegKeyParamDel('HKEY_USERS','S-1-5-21-4113266733-1142510788-3724598881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run','LoaderSystemWIN');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','LoaderSystemWIN');
RegKeyParamDel('HKEY_USERS','S-1-5-21-4113266733-1142510788-3724598881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run','RuningWIN32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','RuningWIN32');
RegKeyParamDel('HKEY_USERS','S-1-5-21-4113266733-1142510788-3724598881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run','Encrypt');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Encrypt');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
RebootWindows(true);
end.