Код:
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('c:\users\user\appdata\local\3d963b80-1431793169-81e1-2b6b-5404a63f7a63\cnsx71f1.tmp');
TerminateProcessByName('c:\users\user\appdata\roaming\3d963b80-1431781859-81e1-2b6b-5404a63f7a63\hnsgb44b.tmp');
StopService('tygixyzy');
StopService('xygefuzu');
StopService('25D2D1C4');
StopService('qrjatyd');
QuarantineFile('c:\users\user\appdata\local\3d963b80-1431793169-81e1-2b6b-5404a63f7a63\cnsx71f1.tmp', '');
QuarantineFile('c:\users\user\appdata\roaming\3d963b80-1431781859-81e1-2b6b-5404a63f7a63\hnsgb44b.tmp', '');
QuarantineFile('C:\Windows\TEMP\25D2D1C4.sys', '');
QuarantineFile('C:\Users\User\AppData\Local\Temp\RarSFX0\updater\antiban.sys', '');
QuarantineFile('C:\Users\User\AppData\Roaming\cppredistx86.exe', '');
DeleteFile('c:\users\user\appdata\local\3d963b80-1431793169-81e1-2b6b-5404a63f7a63\cnsx71f1.tmp', '32');
DeleteFile('c:\users\user\appdata\roaming\3d963b80-1431781859-81e1-2b6b-5404a63f7a63\hnsgb44b.tmp', '32');
DeleteFile('C:\Users\User\AppData\Local\Temp\RarSFX0\updater\antiban.sys', '32');
DeleteFile('C:\Users\User\AppData\Roaming\cppredistx86.exe', '32');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
DeleteService('tygixyzy');
DeleteService('xygefuzu');
DeleteService('qrjatyd');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Adobe Flash Player SU');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iytgyvcqeo', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IObit Malware Fighter', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrowserUid', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ChromeExtensionUpdater', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Visual C++ 2010', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PriceMeterW', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpeedUpMyComputer', 'command');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.