Код:
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('c:\program files (x86)\2dbe7760-1442743242-11dd-b27c-e03f49a66959\knsw46d.tmpfs');
StopService('pyhisylo');
QuarantineFileF('C:\Users\Рома\AppData\Local\SystemDir', '*.exe, *.dll, *.sys, *.bat, *.vbs', true, '', 0, 0);
QuarantineFile('c:\program files (x86)\2dbe7760-1442743242-11dd-b27c-e03f49a66959\knsw46d.tmpfs', '');
QuarantineFile('C:\ProgramData\Browsers\browser0.bat', '');
QuarantineFile('C:\Users\Рома\AppData\Roaming\newSI_650\s_inst.exe', '');
QuarantineFile('C:\Users\Рома\AppData\Local\SystemDir\nethost.exe', '');
QuarantineFileF('C:\Users\Рома\AppData\Roaming\newSI_650\', '*.exe, *.dll, *.sys, *.bat, *.vbs', true, '', 0, 0);
QuarantineFileF('c:\program files (x86)\2dbe7760-1442743242-11dd-b27c-e03f49a66959\', '*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\Browsers\', '*', true, '', 0, 0);
QuarantineFile('C:\ProgramData\LolliScan\LolliScan32.dll', '');
QuarantineFile('C:\ProgramData\LolliScan\LolliScan64.dll', '');
QuarantineFile('C:\ProgramData\Kbupdater Utility\kbupdater-utility.exe', '');
QuarantineFileF('C:\ProgramData\Kbupdater Utility\', '*.exe, *.dll, *.sys, *.bat, *.vbs', true, '', 0, 0);
DeleteFile('c:\program files (x86)\2dbe7760-1442743242-11dd-b27c-e03f49a66959\knsw46d.tmpfs', '32');
DeleteFile('C:\ProgramData\Browsers\browser0.bat', '32');
DeleteFile('C:\Users\Рома\AppData\Roaming\newSI_650\s_inst.exe', '32');
DeleteFile('C:\Users\Рома\AppData\Local\SystemDir\nethost.exe', '32');
ExecuteFile('schtasks.exe', '/delete /TN "newSI_650.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "nethost task" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "newSI_650" /F', 0, 15000, true);
DeleteService('pyhisylo');
DeleteFileMask('C:\Users\Рома\AppData\Local\SystemDir', '*', true);
DeleteFileMask('C:\Users\Рома\AppData\Roaming\newSI_650\', '*', true);
DeleteFileMask('c:\program files (x86)\2dbe7760-1442743242-11dd-b27c-e03f49a66959\', '*', true);
DeleteDirectory('C:\Users\Рома\AppData\Local\SystemDir');
DeleteDirectory('C:\Users\Рома\AppData\Roaming\newSI_650\');
DeleteDirectory('c:\program files (x86)\2dbe7760-1442743242-11dd-b27c-e03f49a66959\');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
RebootWindows(true);
end.