Код:
begin
TerminateProcessByName('c:\program files (x86)\filter\2\cppwindowsservice.exe');
TerminateProcessByName('c:\program files (x86)\1f001da0-1448476481-1000-e289-f46d042c1b0a\hnse6f8e.tmp');
TerminateProcessByName('c:\program files (x86)\1f001da0-1448476481-1000-e289-f46d042c1b0a\jnsu56a0.tmp');
TerminateProcessByName('c:\program files (x86)\1f001da0-1448476481-1000-e289-f46d042c1b0a\knsp3f53.tmpfs');
TerminateProcessByName('c:\program files (x86)\mail.ru\mailruupdater\mailruupdater.exe');
TerminateProcessByName('c:\users\noizless\appdata\local\mail.ru\mailruupdater.exe');
TerminateProcessByName('c:\users\noizless\appdata\roaming\nssm.exe');
TerminateProcessByName('c:\program files (x86)\filter\2\pfhttpcontentfilter.exe');
TerminateProcessByName('c:\users\noizless\appdata\local\1f001da0-1448487323-1000-e289-f46d042c1b0a\snspd5cf.tmp');
TerminateProcessByName('c:\programdata\rwminipror\wminipro.exe');
StopService('CppWindowsService');
StopService('cuzihece');
StopService('mucifyfy');
StopService('rehurizy');
StopService('Updater.Mail.Ru');
StopService('vuvidivi');
StopService('WdsManPro');
StopService('netfilter2');
StopService('rsutils');
StopService('sysmon');
StopService('TAOKernelDriver');
QuarantineFile('c:\program files (x86)\filter\2\cppwindowsservice.exe', '');
QuarantineFile('c:\program files (x86)\1f001da0-1448476481-1000-e289-f46d042c1b0a\hnse6f8e.tmp', '');
QuarantineFile('c:\program files (x86)\1f001da0-1448476481-1000-e289-f46d042c1b0a\jnsu56a0.tmp', '');
QuarantineFile('c:\program files (x86)\1f001da0-1448476481-1000-e289-f46d042c1b0a\knsp3f53.tmpfs', '');
QuarantineFile('c:\program files (x86)\mail.ru\mailruupdater\mailruupdater.exe', '');
QuarantineFile('c:\users\noizless\appdata\local\mail.ru\mailruupdater.exe', '');
QuarantineFile('c:\users\noizless\appdata\roaming\nssm.exe', '');
QuarantineFile('c:\program files (x86)\filter\2\pfhttpcontentfilter.exe', '');
QuarantineFile('c:\users\noizless\appdata\local\1f001da0-1448487323-1000-e289-f46d042c1b0a\snspd5cf.tmp', '');
QuarantineFile('c:\programdata\rwminipror\wminipro.exe', '');
QuarantineFile('C:\Program Files (x86)\filter\2\nfapi.dll', '');
QuarantineFile('C:\Program Files (x86)\filter\2\ProtocolFilters.dll', '');
QuarantineFile('C:\Program Files (x86)\filter\2\SSLEAY32.dll', '');
QuarantineFile('C:\Program Files (x86)\filter\2\LIBEAY32.dll', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe', '');
QuarantineFile('C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe', '');
QuarantineFile('C:\Program Files (x86)\Rising\RAV\ravmond.exe', '');
QuarantineFile('C:\Windows\system32\drivers\netfilter2.sys', '');
QuarantineFile('C:\Windows\system32\DRIVERS\rsutils.sys', '');
QuarantineFile('C:\Windows\system32\DRIVERS\sysmon.sys', '');
QuarantineFile('C:\Windows\system32\Drivers\TAOKernel64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\dvzqzivf.sys', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMUdisk64.sys', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQSysMonX64.sys', '');
QuarantineFile('C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2439\jsdrv.sys', '');
QuarantineFile('C:\Windows\system32\Drivers\TFsFltX64.sys', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TS888x64.sys', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSDefenseBT64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\tsskx64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\wsafd_1_10_0_19.sys', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarGameBrowser.exe', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '');
QuarantineFile('C:\ProgramData\TimeTasks\timetasks.exe', '');
QuarantineFile('C:\Windows\system32\GroupPolicy\Machine\Registry.pol', '');
QuarantineFile('C:\Windows\system32\GroupPolicy\Machine\R', '');
QuarantineFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe', '');
QuarantineFile('C:\Users\Noizless\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll', '');
QuarantineFile('C:\Program Files (x86)\Torrent Search\zDYLp6s.exe', '');
QuarantineFile('C:\PROGRA~1\COMMON~1\System\SysMenu.dll', '');
QuarantineFile('C:\Users\Noizless\AppData\Local\Hostinstaller\2867086544_monster.exe', '');
DeleteFile('c:\program files (x86)\filter\2\cppwindowsservice.exe', '32');
DeleteFile('c:\program files (x86)\1f001da0-1448476481-1000-e289-f46d042c1b0a\hnse6f8e.tmp', '32');
DeleteFile('c:\program files (x86)\1f001da0-1448476481-1000-e289-f46d042c1b0a\jnsu56a0.tmp', '32');
DeleteFile('c:\program files (x86)\1f001da0-1448476481-1000-e289-f46d042c1b0a\knsp3f53.tmpfs', '32');
DeleteFile('c:\program files (x86)\mail.ru\mailruupdater\mailruupdater.exe', '32');
DeleteFile('c:\users\noizless\appdata\local\mail.ru\mailruupdater.exe', '32');
DeleteFile('c:\users\noizless\appdata\roaming\nssm.exe', '32');
DeleteFile('c:\program files (x86)\filter\2\pfhttpcontentfilter.exe', '32');
DeleteFile('c:\users\noizless\appdata\local\1f001da0-1448487323-1000-e289-f46d042c1b0a\snspd5cf.tmp', '32');
DeleteFile('c:\programdata\rwminipror\wminipro.exe', '32');
DeleteFile('C:\Program Files (x86)\filter\2\nfapi.dll', '32');
DeleteFile('C:\Program Files (x86)\filter\2\ProtocolFilters.dll', '32');
DeleteFile('C:\Program Files (x86)\filter\2\SSLEAY32.dll', '32');
DeleteFile('C:\Program Files (x86)\filter\2\LIBEAY32.dll', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe', '32');
DeleteFile('C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe', '32');
DeleteFile('C:\Program Files (x86)\Rising\RAV\ravmond.exe', '32');
DeleteFile('C:\Windows\system32\drivers\netfilter2.sys', '32');
DeleteFile('C:\Windows\system32\DRIVERS\rsutils.sys', '32');
DeleteFile('C:\Windows\system32\DRIVERS\sysmon.sys', '32');
DeleteFile('C:\Windows\system32\Drivers\TAOKernel64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\dvzqzivf.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMUdisk64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQSysMonX64.sys', '32');
DeleteFile('C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2439\jsdrv.sys', '32');
DeleteFile('C:\Windows\system32\Drivers\TFsFltX64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TS888x64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSDefenseBT64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\tsskx64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\wsafd_1_10_0_19.sys', '32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarGameBrowser.exe', '32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '32');
DeleteFile('C:\ProgramData\TimeTasks\timetasks.exe', '32');
DeleteFile('C:\Windows\system32\GroupPolicy\Machine\Registry.pol', '32');
DeleteFile('C:\Windows\system32\GroupPolicy\Machine\R', '32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe', '32');
DeleteFile('C:\Users\Noizless\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll', '32');
DeleteFile('C:\Program Files (x86)\Torrent Search\zDYLp6s.exe', '32');
DeleteFile('C:\PROGRA~1\COMMON~1\System\SysMenu.dll', '32');
DeleteFile('C:\Users\Noizless\AppData\Local\Hostinstaller\2867086544_monster.exe', '32');
DeleteService('clr_optimization_v1.02');
DeleteService('CppWindowsService');
DeleteService('cuzihece');
DeleteService('mucifyfy');
DeleteService('rehurizy');
DeleteService('Updater.Mail.Ru');
DeleteService('vuvidivi');
DeleteService('WdsManPro');
DeleteService('QQPCRTP');
DeleteService('RsMgrSvc');
DeleteService('RsRavMon');
DeleteService('netfilter2');
DeleteService('rsutils');
DeleteService('sysmon');
DeleteService('TAOKernelDriver');
DeleteService('dvzqzivf');
DeleteService('QMUdisk');
DeleteService('QQSysMonX64');
DeleteService('SPDRIVER_1.42.1.2439');
DeleteService('TFsFlt');
DeleteService('TS888x64');
DeleteService('TSDefenseBt');
DeleteService('TSSKX64');
DeleteService('wsafd_1_10_0_19');
DeleteFileMask('c:\program files (x86)\filter', '*', true);
DeleteFileMask('c:\program files (x86)\mail.ru', '*', true);
DeleteFileMask('c:\users\noizless\appdata\local\mail.ru', '*', true);
DeleteFileMask('c:\programdata\rwminipror', '*', true);
DeleteFileMask('C:\Program Files (x86)\Tencent', '*', true);
DeleteFileMask('C:\Program Files (x86)\Rising', '*', true);
DeleteFileMask('C:\Program Files (x86)\ShopperPro', '*', true);
DeleteFileMask('C:\Program Files (x86)\Zaxar', '*', true);
DeleteFileMask('C:\Program Files (x86)\Crossbrowse', '*', true);
DeleteFileMask('C:\Program Files (x86)\Torrent Search', '*', true);
DeleteFileMask('C:\Users\Noizless\AppData\Local\Hostinstaller', '*', true);
DeleteDirectory('c:\program files (x86)\filter');
DeleteDirectory('c:\program files (x86)\mail.ru');
DeleteDirectory('c:\users\noizless\appdata\local\mail.ru');
DeleteDirectory('c:\programdata\rwminipror');
DeleteDirectory('C:\Program Files (x86)\Tencent');
DeleteDirectory('C:\Program Files (x86)\Rising');
DeleteDirectory('C:\Program Files (x86)\ShopperPro');
DeleteDirectory('C:\Program Files (x86)\Zaxar');
DeleteDirectory('C:\Program Files (x86)\Crossbrowse');
DeleteDirectory('C:\Program Files (x86)\Torrent Search');
DeleteDirectory('C:\Users\Noizless\AppData\Local\Hostinstaller');
DelBHO('{8E8F97CD-60B5-456F-A201-73065652D099}');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Update Service for Torrent Search.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Update Service for Torrent Search2.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "SMupdate2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "SMupdate3" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "MS" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Soft installer" /F', 0, 15000, true);
DelCLSID('{63332668-8CE1-445D-A5EE-25929176714E}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZaxarGameBrowser');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZaxarLoader');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Timestasks');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'C');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'MailRuUpdater');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\Eventlog\Application\NSSM', 'EventMessageFile');
ExecuteSysClean;
ExecuteRepair(4);
ExecuteRepair(3);
ExecuteRepair(23);
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(true);
end.
Компьютер перезагрузится.