Код:
begin
QuarantineFile('C:\Users\x\AppData\Local\клиент.exe','');
QuarantineFile('c:\programdata\{267dab05-7f14-af13-267d-dab057f1ac15}\mirillis','');
QuarantineFile('c:\programdata\{6181699b-909b-29e0-6181-1699b909a66e}\655608488535213727c.exe','');
QuarantineFile('C:\Users\x\AppData\Roaming\cpuminer\sgminer\sgminer.cmd','');
QuarantineFile('C:\Users\x\AppData\Roaming\cppredistx86.exe','');
QuarantineFile('C:\Users\x\AppData\Roaming\Intel\Services\msvc.exe','');
QuarantineFile('C:\Users\x\AppData\Local\Untmedia\wdtganxd.dll','');
QuarantineFile('C:\Users\x\AppData\Local\Untmedia\8A490BEB.exe','');
QuarantineFile('C:\Users\x\AppData\Local\Ottfics\xwklushn.dll','');
QuarantineFile('C:\ProgramData\Zontone\zhdy4ltl.dll','');
QuarantineFile('C:\ProgramData\Zontone\lp5wbf40.dll','');
StopService('OCNJ10');
StopService('gykoruqo');
DeleteService('OCNJ10');
DeleteService('gykoruqo');
TerminateProcessByName('C:\Program Files\Windows Firewall Control\wfcs.exe');
QuarantineFile('C:\Program Files\Windows Firewall Control\wfcs.exe','');
TerminateProcessByName('C:\Users\x\AppData\Local\группировка.exe');
QuarantineFile('C:\Users\x\AppData\Local\группировка.exe','');
TerminateProcessByName('c:\users\x\appdata\roaming\ssleas.exe');
QuarantineFile('c:\users\x\appdata\roaming\ssleas.exe','');
TerminateProcessByName('c:\users\x\appdata\roaming\1c3f1f54-1432232878-7d39-9c14-d850e64c9009\hnsg2313.tmp');
QuarantineFile('c:\users\x\appdata\roaming\1c3f1f54-1432232878-7d39-9c14-d850e64c9009\hnsg2313.tmp','');
TerminateProcessByName('c:\programdata\drivers\csrss.exe');
QuarantineFile('c:\programdata\drivers\csrss.exe','');
TerminateProcessByName('c:\programdata\windows\csrss.exe');
QuarantineFile('c:\programdata\windows\csrss.exe','');
TerminateProcessByName('c:\users\x\appdata\local\untmedia\8a490beb.exe');
QuarantineFile('c:\users\x\appdata\local\untmedia\8a490beb.exe','');
DeleteFile('c:\users\x\appdata\local\untmedia\8a490beb.exe','32');
DeleteFile('c:\programdata\windows\csrss.exe','32');
DeleteFile('c:\programdata\drivers\csrss.exe','32');
DeleteFile('c:\users\x\appdata\roaming\1c3f1f54-1432232878-7d39-9c14-d850e64c9009\hnsg2313.tmp','32');
DeleteFile('c:\users\x\appdata\roaming\ssleas.exe','32');
DeleteFile('C:\Users\x\AppData\Local\группировка.exe','32');
DeleteFile('C:\Program Files\Windows Firewall Control\wfcs.exe','32');
DeleteFile('C:\Users\x\AppData\Roaming\1C3F1F54-1432232878-7D39-9C14-D850E64C9009\hnsg2313.tmp','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','CSRSS');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Client Server Runtime Subsystem');
DeleteFile('C:\ProgramData\Zontone\lp5wbf40.dll','32');
DeleteFile('C:\ProgramData\Zontone\zhdy4ltl.dll','32');
DeleteFile('C:\Users\x\AppData\Local\Kometa\kometaup.exe','32');
DeleteFile('C:\Users\x\AppData\Local\Ottfics\xwklushn.dll','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Ottfics');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Untmedia');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','YsddPack');
DeleteFile('C:\Users\x\AppData\Local\Untmedia\8A490BEB.exe','32');
DeleteFile('C:\Users\x\AppData\Local\Untmedia\wdtganxd.dll','32');
DeleteFile('C:\Users\x\AppData\Roaming\Browsers\exe.resworb.bat','32');
DeleteFile('C:\Users\x\AppData\Roaming\cppredistx86.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Visual C++ 2010');
DeleteFile('C:\Users\x\AppData\Roaming\cpuminer\sgminer\sgminer.cmd','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gpuminer','command');
DeleteFile('C:\Windows\Tasks\MixItUp.job','64');
DeleteFile('C:\Windows\Tasks\ProgEdit.job','64');
DeleteFile('C:\Windows\system32\Tasks\MixItUp','64');
DeleteFile('c:\programdata\{6181699b-909b-29e0-6181-1699b909a66e}\655608488535213727c.exe','32');
DeleteFile('c:\programdata\{267dab05-7f14-af13-267d-dab057f1ac15}\mirillis','32');
DeleteFile('C:\Windows\system32\Tasks\ProgEdit','64');
DeleteFile('C:\Windows\system32\Tasks\{53FFB6C5-DD13-4C40-ABB7-ED42E4A18C45}','64');
DeleteFile('C:\Users\x\AppData\Local\клиент.exe','32');
DeleteFile('C:\Windows\system32\Tasks\Клиент отслеживания изменившихся связей 1.0.3','64');
ExecuteSysClean;
RebootWindows(true);
end.