Код:
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('c:\program files (x86)\sfk\ssfk.exe');
StopService('SSFK');
QuarantineFileF('c:\program files (x86)\sfk', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('c:\users\appelsin\appdata\local\smartweb', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('c:\users\appelsin\appdata\local\hostinstaller', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFile('c:\program files (x86)\sfk\ssfk.exe', '');
QuarantineFile('C:\Program Files (x86)\00000000-1451605339-0000-0000-448A5B58797B\knsp8927.tmpfs', '');
QuarantineFile('C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe', '');
QuarantineFileF('C:\Program Files (x86)\Zaxar\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\ProgramData\TimeTasks\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarGameBrowser.exe', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '');
QuarantineFile('C:\ProgramData\TimeTasks\timetasks.exe', '');
QuarantineFile('C:\Users\Appelsin\AppData\Local\00000000-1451616194-0000-0000-448A5B58797B\snsz450D.tmp', '');
QuarantineFile('C:\Program Files (x86)\00000000-1451605339-0000-0000-448A5B58797B\hnskB628.tmp', '');
QuarantineFile('C:\Users\Appelsin\AppData\Local\00000000-1451616851-0000-0000-448A5B58797B\qnse4C10.tmp', '');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010193\gmsd_ru_005010193.exe', '');
QuarantineFile('C:\ProgramData\RKnmDUcNc\hzsbwyMoEZmdhUG0.bat', '');
QuarantineFile('C:\ProgramData\wTTpzQRSHF\KlOWzopEldQjHTL5.bat', '');
QuarantineFile('C:\Users\Appelsin\AppData\Local\SmartWeb\SmartWebHelper.exe', '');
QuarantineFile('C:\Users\Appelsin\AppData\Local\Hostinstaller\3908176762_installcube.exe', '');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarGameBrowser.exe');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe');
DeleteFile('C:\ProgramData\TimeTasks\timetasks.exe');
DeleteFile('c:\program files (x86)\sfk\ssfk.exe', '32');
DeleteFile('C:\Program Files (x86)\00000000-1451605339-0000-0000-448A5B58797B\knsp8927.tmpfs', '32');
DeleteFile('C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe', '32');
DeleteFile('C:\Users\Appelsin\AppData\Local\00000000-1451616194-0000-0000-448A5B58797B\snsz450D.tmp', '32');
DeleteFile('C:\Program Files (x86)\00000000-1451605339-0000-0000-448A5B58797B\hnskB628.tmp', '32');
DeleteFile('C:\Users\Appelsin\AppData\Local\00000000-1451616851-0000-0000-448A5B58797B\qnse4C10.tmp', '32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010193\gmsd_ru_005010193.exe', '32');
DeleteFile('C:\ProgramData\RKnmDUcNc\hzsbwyMoEZmdhUG0.bat', '32');
DeleteFile('C:\ProgramData\wTTpzQRSHF\KlOWzopEldQjHTL5.bat', '32');
DeleteFile('C:\Users\Appelsin\AppData\Local\SmartWeb\SmartWebHelper.exe', '32');
DeleteFile('C:\Users\Appelsin\AppData\Local\Hostinstaller\3908176762_installcube.exe', '32');
ExecuteFile('schtasks.exe', '/delete /TN "SmartWeb Upgrade Trigger Task" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Soft installer" /F', 0, 15000, true);
DeleteService('SSFK');
DeleteService('mowihehuzbt');
DeleteService('WindowsMangerProtect');
DeleteService('woforemu');
DeleteService('wucotusy');
DeleteService('zigipyro');
DeleteFileMask('C:\Program Files (x86)\Zaxar\', '*', true);
DeleteFileMask('C:\ProgramData\TimeTasks\', '*', true);
DeleteFileMask('c:\program files (x86)\sfk', '*', true);
DeleteFileMask('c:\users\appelsin\appdata\local\smartweb', '*', true);
DeleteFileMask('c:\users\appelsin\appdata\local\hostinstaller', '*', true);
DeleteDirectory('C:\Program Files (x86)\Zaxar\');
DeleteDirectory('C:\ProgramData\TimeTasks\');
DeleteDirectory('c:\program files (x86)\sfk');
DeleteDirectory('c:\users\appelsin\appdata\local\smartweb');
DeleteDirectory('c:\users\appelsin\appdata\local\hostinstaller');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZaxarGameBrowser');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZaxarLoader');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010193', 'command');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.