Код:
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('Интернет-браузер.exe');
TerminateProcessByName('c:\program files (x86)\vk downloader\ieef\us6klugees.exe');
TerminateProcessByName('c:\users\user\appdata\local\40acb58a-1433280536-e011-a6d8-db7790530751\snskff7c.tmp');
TerminateProcessByName('c:\users\user\appdata\roaming\40acb58a-1433269424-e011-a6d8-db7790530751\jnsj4e64.tmp');
TerminateProcessByName('c:\users\user\appdata\roaming\40acb58a-1433269424-e011-a6d8-db7790530751\hnsjc930.tmp');
TerminateProcessByName('c:\program files (x86)\plushd_5.1v08.07\b7672d65-0301-436a-804f-3ab3fc98c9af-6.exe');
TerminateProcessByName('c:\program files (x86)\cinemaplus-4.5vv03.06\b7316054-d839-4eee-b46d-6b62477bdeed-6.exe');
TerminateProcessByName('c:\program files (x86)\plushd_video 3.4v15.06\a8fa42c5-3280-4f8c-8c85-15b5ce706c30-6.exe');
TerminateProcessByName('c:\program files (x86)\cinemaplus-4.5vv02.06\869fb6be-31cc-4b91-92b4-31de145066df-6.exe');
TerminateProcessByName('c:\program files (x86)\plushd-1.2v20.07\6c64da53-b139-49e8-a37a-ae13b1fb86da-6.exe');
TerminateProcessByName('c:\program files (x86)\plushd-1.2v20.07\6c64da53-b139-49e8-a37a-ae13b1fb86da-1-6.exe');
SetServiceStart('bd0002', 4);
SetServiceStart('BDArKit', 4);
SetServiceStart('storegidfilter', 4);
SetServiceStart('pricemeterliveUpdate', 4);
SetServiceStart('pricemeterliveUpdatem', 4);
StopService('timuneqi');
StopService('xycufyvy');
StopService('bd0002');
StopService('BDArKit');
StopService('innfd_1_10_0_14');
StopService('storegidfilter');
StopService('pricemeterliveUpdate');
StopService('pricemeterliveUpdatem');
StopService('fuwykory');
QuarantineFile('C:\Users\user\AppData\Roaming\E6VtS9dXuE6.exe', '');
QuarantineFile('C:\Users\user\AppData\Roaming\KpGbBJ262uKTWl.exe', '');
QuarantineFile('C:\Users\user\appdata\roaming\lsass.exe', '');
QuarantineFile('C:\Program Files (x86)\PlusHD-1.2V20.07\6c64da53-b139-49e8-a37a-ae13b1fb86da-3.exe', '');
QuarantineFile('C:\Program Files (x86)\PlusHD-1.2V20.07\6c64da53-b139-49e8-a37a-ae13b1fb86da-4.exe', '');
QuarantineFile('C:\Program Files (x86)\PlusHD-1.2V20.07\6c64da53-b139-49e8-a37a-ae13b1fb86da-5.exe', '');
QuarantineFile('C:\Users\user\AppData\Roaming\Browsers\exe.resworbooca.bat', '');
QuarantineFile('C:\Users\user\AppData\Local\Kometa\Application\kometa.exe', '');
QuarantineFile('C:\Program Files (x86)\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll', '');
QuarantineFile('C:\Users\user\AppData\Local\storegid\storegidup.exe', '');
QuarantineFile('C:\Users\user\AppData\Local\storegid\storegid.exe', '');
QuarantineFile('C:\Program Files (x86)\baidu\baidu.exe', '');
QuarantineFile('C:\Users\user\AppData\Local\Apps\2.0\PG8C73O2.M4Z\DTY5COGE.DJG\cash..tion_ffc2816857f35aa9_0001.0000_3cf4d07a6b3924b7\Informer\CashCloudsInformer.exe', '');
QuarantineFile('C:\Users\user\AppData\Local\PriceMeter\pricemeterw.exe', '');
QuarantineFile('C:\Users\user\AppData\Local\SmartWeb\SmartWebHelper.exe', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\timetasks.exe', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarGameBrowser.exe', '');
QuarantineFile('C:\ProgramData\Schedule\timetasks.exe', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '');
QuarantineFile('C:\Program Files (x86)\Mobogenie\DaemonProcess.exe', '');
QuarantineFile('C:\Windows\system32\DRIVERS\BDArKit.sys', '');
QuarantineFile('C:\Windows\system32\DRIVERS\bd0002.sys', '');
QuarantineFile('C:\Windows\system32\drivers\innfd_1_10_0_14.sys', '');
QuarantineFile('C:\Windows\storegidfilter.sys', '');
QuarantineFile('C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe', '');
QuarantineFile('J:\IQIYI Video\Common\Accelerator\IEHelper.dll', '');
QuarantineFile('C:\Program Files (x86)\VK Downloader\IEEF\Interfaces32.dll', '');
QuarantineFile('C:\Program Files (x86)\VK Downloader\IEEF\c9pPYtag0O.dll', '');
QuarantineFile('Интернет-браузер.exe', '');
QuarantineFile('c:\program files (x86)\vk downloader\ieef\us6klugees.exe', '');
QuarantineFile('c:\users\user\appdata\local\40acb58a-1433280536-e011-a6d8-db7790530751\snskff7c.tmp', '');
QuarantineFile('c:\users\user\appdata\roaming\40acb58a-1433269424-e011-a6d8-db7790530751\jnsj4e64.tmp', '');
QuarantineFile('c:\users\user\appdata\roaming\40acb58a-1433269424-e011-a6d8-db7790530751\hnsjc930.tmp', '');
QuarantineFile('c:\program files (x86)\plushd_5.1v08.07\b7672d65-0301-436a-804f-3ab3fc98c9af-6.exe', '');
QuarantineFile('c:\program files (x86)\cinemaplus-4.5vv03.06\b7316054-d839-4eee-b46d-6b62477bdeed-6.exe', '');
QuarantineFile('c:\program files (x86)\plushd_video 3.4v15.06\a8fa42c5-3280-4f8c-8c85-15b5ce706c30-6.exe', '');
QuarantineFile('c:\program files (x86)\cinemaplus-4.5vv02.06\869fb6be-31cc-4b91-92b4-31de145066df-6.exe', '');
QuarantineFile('c:\program files (x86)\plushd-1.2v20.07\6c64da53-b139-49e8-a37a-ae13b1fb86da-6.exe', '');
QuarantineFile('c:\program files (x86)\plushd-1.2v20.07\6c64da53-b139-49e8-a37a-ae13b1fb86da-1-6.exe', '');
DeleteFile('C:\Users\user\AppData\Roaming\E6VtS9dXuE6.exe', '32');
DeleteFile('C:\Users\user\AppData\Roaming\KpGbBJ262uKTWl.exe', '32');
DeleteFile('c:\program files (x86)\plushd-1.2v20.07\6c64da53-b139-49e8-a37a-ae13b1fb86da-6.exe', '32');
DeleteFile('c:\program files (x86)\cinemaplus-4.5vv02.06\869fb6be-31cc-4b91-92b4-31de145066df-6.exe', '32');
DeleteFile('c:\program files (x86)\plushd_video 3.4v15.06\a8fa42c5-3280-4f8c-8c85-15b5ce706c30-6.exe', '32');
DeleteFile('c:\program files (x86)\cinemaplus-4.5vv03.06\b7316054-d839-4eee-b46d-6b62477bdeed-6.exe', '32');
DeleteFile('c:\program files (x86)\plushd_5.1v08.07\b7672d65-0301-436a-804f-3ab3fc98c9af-6.exe', '32');
DeleteFile('c:\users\user\appdata\roaming\40acb58a-1433269424-e011-a6d8-db7790530751\hnsjc930.tmp', '32');
DeleteFile('c:\users\user\appdata\roaming\40acb58a-1433269424-e011-a6d8-db7790530751\jnsj4e64.tmp', '32');
DeleteFile('c:\program files (x86)\vk downloader\ieef\us6klugees.exe', '32');
DeleteFile('C:\Program Files (x86)\VK Downloader\IEEF\c9pPYtag0O.dll', '32');
DeleteFile('C:\Program Files (x86)\VK Downloader\IEEF\Interfaces32.dll', '32');
DeleteFile('C:\Users\user\AppData\Local\40ACB58A-1433280536-E011-A6D8-DB7790530751\snskFF7C.tmp', '32');
DeleteFile('C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe', '32');
DeleteFile('C:\Windows\storegidfilter.sys', '32');
DeleteFile('C:\Windows\system32\drivers\innfd_1_10_0_14.sys', '32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0002.sys', '32');
DeleteFile('C:\Windows\system32\DRIVERS\BDArKit.sys', '32');
DeleteFile('C:\Program Files (x86)\Mobogenie\DaemonProcess.exe', '32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '32');
DeleteFile('C:\ProgramData\Schedule\timetasks.exe', '32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarGameBrowser.exe', '32');
DeleteFile('C:\Program Files (x86)\Zaxar\timetasks.exe', '32');
DeleteFile('C:\Users\user\AppData\Local\SmartWeb\SmartWebHelper.exe', '32');
DeleteFile('C:\Users\user\AppData\Local\PriceMeter\pricemeterw.exe', '32');
DeleteFile('C:\Program Files (x86)\baidu\baidu.exe', '32');
DeleteFile('C:\Users\user\AppData\Local\storegid\storegid.exe', '32');
DeleteFile('C:\Users\user\AppData\Local\storegid\storegidup.exe', '32');
DeleteFile('C:\Program Files (x86)\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll', '32');
DeleteFile('C:\Users\user\AppData\Local\Kometa\Application\kometa.exe', '32');
DeleteFile('C:\Users\user\AppData\Roaming\Browsers\exe.resworbooca.bat', '32');
DeleteFile('C:\Program Files (x86)\PlusHD-1.2V20.07\6c64da53-b139-49e8-a37a-ae13b1fb86da-1-6.exe', '32');
DeleteFile('C:\Users\user\appdata\roaming\lsass.exe', '32');
ExecuteFile('schtasks.exe', '/delete /TN "E6VtS9dXuE6.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "KpGbBJ262uKTWl.job" /F', 0, 15000, true);
DeleteService('timuneqi');
DeleteService('xycufyvy');
DeleteService('bd0002');
DeleteService('BDArKit');
DeleteService('innfd_1_10_0_14');
DeleteService('storegidfilter');
DeleteService('pricemeterliveUpdate');
DeleteService('pricemeterliveUpdatem');
DeleteService('fuwykory');
DelBHO('{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'mobilegeni daemon');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZaxarLoader');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Schedule');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZaxarGameBrowser');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Timestasks');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'SmartWeb');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'baidu');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'storegidUpdater');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved', '{00890530-6A9F-4be2-B1BB-73F01E2BB986}');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteRepair(2);
ExecuteRepair(14);
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.