Код:
begin
QuarantineFile('C:\Users\admin\AppData\Local\Efsvtion\EBC1E6C0.exe','');
QuarantineFile('C:\ProgramData\Windows\csrss.exe','');
QuarantineFile('C:\Users\admin\AppData\Local\Efsvtion\hqlvifpq.dll','');
TerminateProcessByName('c:\users\admin\appdata\local\efsvtion\ebc1e6c0.exe');
QuarantineFile('c:\users\admin\appdata\local\efsvtion\ebc1e6c0.exe','');
DeleteFile('c:\users\admin\appdata\local\efsvtion\ebc1e6c0.exe','32');
DeleteFile('C:\Users\admin\AppData\Local\Efsvtion\hqlvifpq.dll','32');
DeleteFile('C:\ProgramData\Windows\csrss.exe','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Client Server Runtime Subsystem');
DeleteFile('C:\Users\admin\AppData\Roaming\Microsoft\Dzlylb.exe','32');
DeleteFile('C:\Users\admin\AppData\Roaming\Microsoft\Lzlylj.exe','32');
DeleteFile('C:\Users\admin\AppData\Roaming\Microsoft\Fzlyld.exe','32');
DeleteFile('C:\Users\admin\AppData\Roaming\Microsoft\Bzlylz.exe','32');
DeleteFile('C:\Users\admin\AppData\Roaming\Microsoft\Szlylq.exe','32');
DeleteFile('C:\Users\admin\AppData\Local\Temp\Adobe\Reader_sl.exe','32');
DeleteFile('C:\Users\admin\AppData\Roaming\Identities\Izlylg.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Dzlylb');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Lzlylj');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Fzlyld');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Bzlylz');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Szlylq');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Adobe System Incorporated');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Izlylg');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','1ne331');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12653311\eproa121.exe','32');
DeleteFile('C:\RECYCLER\mscinet.exe','32');
DeleteFile('C:\Users\admin\AppData\Local\Temp\windows\winsys.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Windows Update Service');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Windows Security Firewall Manager');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','eproa112');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','xetcwow');
DeleteFile('C:\Users\admin\AppData\Local\Efsvtion\EBC1E6C0.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Efsvtion');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','YhvPack');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Ugpmedia');
DeleteFile('C:\Users\admin\AppData\Local\YhvPack\qdlcirdr.dll','32');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe','32');
ExecuteSysClean;
RebootWindows(true);
end.