Код:
begin
TerminateProcessByName('c:\users\star\appdata\roaming\vopackage\nsz1f3e.tmpfs');
TerminateProcessByName('c:\users\star\appdata\roaming\vopackage\josrv.exe');
QuarantineFile('C:\ProgramData\Kbupdater Utility\kbupdater-utility.exe', '');
QuarantineFile('C:\Windows\SysWOW64\AudioEngg.dll', '');
QuarantineFile('C:\Windows\SysWOW64\mmcc.exe', '');
QuarantineFile('C:\Windows\SysWow64\msaaaaaatext.dll', '');
QuarantineFile('C:\Windows\system32\drivers\{e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{949aba83-1d7f-4d0b-b0ba-203450825231}Gw64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{46a147d8-5171-42d8-b8a8-6a187525781d}Gw64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{4096aedf-3f28-4c8e-aebe-00255138fa8a}Gw64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{3b808196-ff63-49ee-b33b-efdf51723eca}Gw64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\{00aec75d-051f-41a9-9837-e94ac4f56303}Gw64.sys', '');
QuarantineFile('c:\users\star\appdata\roaming\vopackage\nsz1f3e.tmpfs', '');
QuarantineFile('c:\users\star\appdata\roaming\vopackage\josrv.exe', '');
DeleteFile('c:\users\star\appdata\roaming\vopackage\josrv.exe', '32');
DeleteFile('c:\users\star\appdata\roaming\vopackage\nsz1f3e.tmpfs', '32');
DeleteFile('C:\Windows\system32\drivers\{00aec75d-051f-41a9-9837-e94ac4f56303}Gw64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{3b808196-ff63-49ee-b33b-efdf51723eca}Gw64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{4096aedf-3f28-4c8e-aebe-00255138fa8a}Gw64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{46a147d8-5171-42d8-b8a8-6a187525781d}Gw64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{949aba83-1d7f-4d0b-b0ba-203450825231}Gw64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\{e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64.sys', '32');
DeleteFile('C:\Windows\SysWow64\msaaaaaatext.dll', '32');
DeleteFile('C:\Windows\system32\Tasks\appdistrib', '64');
DeleteFile('C:\ProgramData\Kbupdater Utility\kbupdater-utility.exe', '32');
DeleteFile('C:\Windows\system32\Tasks\Kbupdater Utility', '64');
DeleteService('{e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64');
DeleteService('{949aba83-1d7f-4d0b-b0ba-203450825231}Gw64');
DeleteService('{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64');
DeleteService('{46a147d8-5171-42d8-b8a8-6a187525781d}Gw64');
DeleteService('{4096aedf-3f28-4c8e-aebe-00255138fa8a}Gw64');
DeleteService('{3b808196-ff63-49ee-b33b-efdf51723eca}Gw64');
DeleteService('{336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64');
DeleteService('{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64');
DeleteService('{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64');
DeleteService('{00aec75d-051f-41a9-9837-e94ac4f56303}Gw64');
DeleteFileMask('C:\ProgramData\Kbupdater Utility', '*', true);
DeleteFileMask('c:\users\star\appdata\roaming\vopackage', '*', true);
DeleteDirectory('C:\ProgramData\Kbupdater Utility');
DeleteDirectory('c:\users\star\appdata\roaming\vopackage');
DelBHO('{0633EE93-D776-472f-A0FF-E1416B8B2E3D}');
DelBHO('{5AF16DF1-1649-5F90-6952-72AE2CD63D6C}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Green Christmas Tree', 'command');
RegKeyParamWrite('HKEY_CURRENT_USER', 'Software\Microsoft\Internet Explorer\Main', 'Start Page', 'REG_SZ', 'http://yandex.ru/?clid=2101081');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(true);
end.
Компьютер перезагрузится.