Код:
begin
TerminateProcessByName('c:\program files (x86)\746de380-1458115331-81e0-28e8-5404a60683d9\jnsye4a.tmp');
TerminateProcessByName('c:\program files (x86)\746de380-1458115331-81e0-28e8-5404a60683d9\knsv7767.tmp');
TerminateProcessByName('C:\ProgramData\FWdMF\WdMan.exe');
TerminateProcessByName('c:\program files (x86)\yeaplayer\yeaplayermd.exe');
StopService('gerocyni');
StopService('juwohywyzbt');
StopService('WdMan');
QuarantineFile('c:\program files (x86)\746de380-1458115331-81e0-28e8-5404a60683d9\jnsye4a.tmp', '');
QuarantineFile('c:\program files (x86)\746de380-1458115331-81e0-28e8-5404a60683d9\knsv7767.tmp', '');
QuarantineFile('C:\ProgramData\FWdMF\WdMan.exe', '');
QuarantineFile('c:\program files (x86)\yeaplayer\yeaplayermd.exe', '');
QuarantineFile('C:\Program Files (x86)\Yeaplayer\language\res_en.dll', '');
QuarantineFile('C:\ProgramData\service.exe', '');
QuarantineFile('C:\Program Files (x86)\SFK\SSFK.exe', '');
QuarantineFile('C:\Program Files\UBar\UbarService.exe', '');
QuarantineFile('C:\Program Files\UBar\UbarDriver.sys', '');
QuarantineFile('C:\ProgramData\TimeTasks\timetasks.exe', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarGameBrowser.exe', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '');
QuarantineFile('D:\Documents\systemfile.exe', '');
QuarantineFile('C:\Users\Serhio\AppData\Roaming\UPUpdata\cessrs.exe', '');
QuarantineFile('C:\ProgramData\LightGate.exe', '');
QuarantineFile('C:\ProgramData\HomePage.exe', '');
QuarantineFile('C:\Program Files (x86)\mpck_en_005030268\mpck_en_005030268.exe', '');
QuarantineFile('C:\Program Files (x86)\rec_ua_227\rec_ua_227.exe', '');
QuarantineFile('C:\Users\Serhio\AppData\Roaming\cppredistx86.exe', '');
QuarantineFile('C:\Users\Serhio\AppData\Roaming\eth\cp.exe', '');
QuarantineFile('C:\Users\Serhio\AppData\Roaming\ImageCropResize\ImageEd\ImageEd.exe', '');
QuarantineFile('C:\ProgramData\msiql.exe', '');
QuarantineFile('C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll', '');
QuarantineFile('C:\ProgramData\Windows Update\svrupg.exe', '');
QuarantineFile('C:\Users\Serhio\appdata\roaming\aspackage\aspackage.exe', '');
QuarantineFile('C:\Users\Serhio\appdata\roaming\aspackage\uninstall.exe', '');
QuarantineFile('C:\Users\Serhio\appdata\roaming\eth\a\engine.exe', '');
DeleteFile('c:\program files (x86)\746de380-1458115331-81e0-28e8-5404a60683d9\jnsye4a.tmp', '32');
DeleteFile('c:\program files (x86)\746de380-1458115331-81e0-28e8-5404a60683d9\knsv7767.tmp', '32');
DeleteFile('C:\ProgramData\FWdMF\WdMan.exe', '32');
DeleteFile('c:\program files (x86)\yeaplayer\yeaplayermd.exe', '32');
DeleteFile('C:\Program Files (x86)\Yeaplayer\language\res_en.dll', '32');
DeleteFile('C:\ProgramData\service.exe', '32');
DeleteFile('C:\Program Files (x86)\SFK\SSFK.exe', '32');
DeleteFile('C:\Program Files\UBar\UbarService.exe', '32');
DeleteFile('C:\Program Files\UBar\UbarDriver.sys', '32');
DeleteFile('C:\ProgramData\TimeTasks\timetasks.exe', '32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarGameBrowser.exe', '32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '32');
DeleteFile('D:\Documents\systemfile.exe', '32');
DeleteFile('C:\Users\Serhio\AppData\Roaming\UPUpdata\cessrs.exe', '32');
DeleteFile('C:\ProgramData\LightGate.exe', '32');
DeleteFile('C:\ProgramData\HomePage.exe', '32');
DeleteFile('C:\Program Files (x86)\mpck_en_005030268\mpck_en_005030268.exe', '32');
DeleteFile('C:\Program Files (x86)\rec_ua_227\rec_ua_227.exe', '32');
DeleteFile('C:\Users\Serhio\AppData\Roaming\cppredistx86.exe', '32');
DeleteFile('C:\Users\Serhio\AppData\Roaming\eth\cp.exe', '32');
DeleteFile('C:\Users\Serhio\AppData\Roaming\ImageCropResize\ImageEd\ImageEd.exe', '32');
DeleteFile('C:\ProgramData\msiql.exe', '32');
DeleteFile('C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll', '32');
DeleteFile('C:\ProgramData\Windows Update\svrupg.exe', '32');
DeleteFile('C:\Users\Serhio\appdata\roaming\aspackage\aspackage.exe', '32');
DeleteFile('C:\Users\Serhio\appdata\roaming\aspackage\uninstall.exe', '32');
DeleteFile('C:\Users\Serhio\appdata\roaming\eth\a\engine.exe', '32');
DeleteService('gerocyni');
DeleteService('juwohywyzbt');
DeleteService('WdMan');
DeleteService('GoogleChromeUpService');
DeleteService('SSFK');
DeleteService('UbarPolicyProvider');
DeleteService('UbarCalloutDriver');
DeleteFileMask('C:\ProgramData\FWdMF', '*', true);
DeleteFileMask('c:\program files (x86)\yeaplayer', '*', true);
DeleteFileMask('C:\Program Files (x86)\SFK', '*', true);
DeleteFileMask('C:\Program Files\UBar', '*', true);
DeleteFileMask('C:\Program Files (x86)\Zaxar', '*', true);
DeleteFileMask('C:\Program Files (x86)\mpck_en_005030268', '*', true);
DeleteFileMask('C:\Program Files (x86)\rec_ua_227', '*', true);
DeleteFileMask('C:\Users\Serhio\AppData\Roaming\eth', '*', true);
DeleteFileMask('C:\Users\Serhio\AppData\Roaming\ImageCropResize', '*', true);
DeleteFileMask('C:\ProgramData\WindowsMsg', '*', true);
DeleteFileMask('C:\ProgramData\Windows Update', '*', true);
DeleteFileMask('C:\Users\Serhio\appdata\roaming\aspackage', '*', true);
DeleteDirectory('C:\ProgramData\FWdMF');
DeleteDirectory('c:\program files (x86)\yeaplayer');
DeleteDirectory('C:\Program Files (x86)\SFK');
DeleteDirectory('C:\Program Files\UBar');
DeleteDirectory('C:\Program Files (x86)\Zaxar');
DeleteDirectory('C:\Program Files (x86)\mpck_en_005030268');
DeleteDirectory('C:\Program Files (x86)\rec_ua_227');
DeleteDirectory('C:\Users\Serhio\AppData\Roaming\eth');
DeleteDirectory('C:\Users\Serhio\AppData\Roaming\ImageCropResize');
DeleteDirectory('C:\ProgramData\WindowsMsg');
DeleteDirectory('C:\ProgramData\Windows Update');
DeleteDirectory('C:\Users\Serhio\appdata\roaming\aspackage');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Timestasks');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZaxarGameBrowser');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZaxarLoader');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'SystemClose');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'cessrs.exe -start');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'LightGate');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'HomePageHelper');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'mpck_en_005030268');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'rec_ua_227');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Microsoft Visual C++ 2010');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ATT_Driver');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ImageEd');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'msiql');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'taskhost');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Yeaplayer');
ExecuteSysClean;
ExecuteRepair(3);
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(true);
end.
Компьютер перезагрузится.