Код:
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantine;
ClearQuarantineEx(true);
QuarantineFile('C:\Users\gavrilini\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk', '');
QuarantineFile('C:\ProgramData\iuZpQF\nLvAMX4.bat', '');
QuarantineFileF('C:\ProgramData\iuZpQF', '*', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\SFK', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\03DE0294-1450617222-057A-D706-630700080009', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\03DE0294-1450608995-057A-D706-630700080009', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\03DE0294-1450629630-057A-D706-630700080009', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\03DE0294-1450634301-057A-D706-630700080009', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\03DE0294-1451133273-057A-D706-630700080009', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\SwiftSearch_1.10.0.25', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Program Files (x86)\gmsd_ru_005010187', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\TimeTasks', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\mntemp', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\Tmp0x0x', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Users\gavrilini\AppData\Local\gmsd_ru_005010187', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Users\gavrilini\AppData\Local\03DE0294-1451144675-057A-D706-630700080009', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Users\gavrilini\AppData\Roaming\istartpageing', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Users\gavrilini\AppData\Roaming\yoursearching', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js, *.tmp*', true, '', 0, 0);
DeleteFile('C:\ProgramData\iuZpQF\nLvAMX4.bat', '');
DeleteFileMask('C:\ProgramData\iuZpQF', '*', true);
DeleteFileMask('C:\Program Files (x86)\SFK', '*', true);
DeleteFileMask('C:\Program Files (x86)\03DE0294-1450617222-057A-D706-630700080009', '*', true);
DeleteFileMask('C:\Program Files (x86)\03DE0294-1450608995-057A-D706-630700080009', '*', true);
DeleteFileMask('C:\Program Files (x86)\03DE0294-1450629630-057A-D706-630700080009', '*', true);
DeleteFileMask('C:\Program Files (x86)\03DE0294-1450634301-057A-D706-630700080009', '*', true);
DeleteFileMask('C:\Program Files (x86)\03DE0294-1451133273-057A-D706-630700080009', '*', true);
DeleteFileMask('C:\Program Files (x86)\SwiftSearch_1.10.0.25', '*', true);
DeleteFileMask('C:\Program Files (x86)\gmsd_ru_005010187', '*', true);
DeleteFileMask('C:\ProgramData\TimeTasks', '*', true);
DeleteFileMask('C:\ProgramData\mntemp', '*', true);
DeleteFileMask('C:\ProgramData\Tmp0x0x', '*', true);
DeleteFileMask('C:\Users\gavrilini\AppData\Local\gmsd_ru_005010187', '*', true);
DeleteFileMask('C:\Users\gavrilini\AppData\Local\03DE0294-1451144675-057A-D706-630700080009', '*', true);
DeleteFileMask('C:\Users\gavrilini\AppData\Roaming\istartpageing', '*', true);
DeleteFileMask('C:\Users\gavrilini\AppData\Roaming\yoursearching', '*', true);
DeleteDirectory('C:\ProgramData\iuZpQF');
DeleteDirectory('C:\Program Files (x86)\SFK');
DeleteDirectory('C:\Program Files (x86)\03DE0294-1450617222-057A-D706-630700080009');
DeleteDirectory('C:\Program Files (x86)\03DE0294-1450608995-057A-D706-630700080009');
DeleteDirectory('C:\Program Files (x86)\03DE0294-1450629630-057A-D706-630700080009');
DeleteDirectory('C:\Program Files (x86)\03DE0294-1450634301-057A-D706-630700080009');
DeleteDirectory('C:\Program Files (x86)\03DE0294-1451133273-057A-D706-630700080009');
DeleteDirectory('C:\Program Files (x86)\SwiftSearch_1.10.0.25');
DeleteDirectory('C:\Program Files (x86)\gmsd_ru_005010187');
DeleteDirectory('C:\ProgramData\TimeTasks');
DeleteDirectory('C:\ProgramData\mntemp');
DeleteDirectory('C:\ProgramData\Tmp0x0x');
DeleteDirectory('C:\Users\gavrilini\AppData\Local\gmsd_ru_005010187');
DeleteDirectory('C:\Users\gavrilini\AppData\Local\03DE0294-1451144675-057A-D706-630700080009');
DeleteDirectory('C:\Users\gavrilini\AppData\Roaming\istartpageing');
DeleteDirectory('C:\Users\gavrilini\AppData\Roaming\yoursearching');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
RebootWindows(true);
end.
- Файл