Код:
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('c:\program files (x86)\30464336-1465671427-4631-4633-4335ffffffff\knsf1255.tmp');
TerminateProcessByName('c:\program files (x86)\30464336-1465671427-4631-4633-4335ffffffff\knsgd852.tmp');
SetServiceStart('TSSysKit', 4);
SetServiceStart('tsnethlpx64', 4);
SetServiceStart('TAOKernelDriver', 4);
SetServiceStart('TAOAccelerator', 4);
SetServiceStart('softaal', 4);
SetServiceStart('QQSysMonX64', 4);
SetServiceStart('QMUdisk', 4);
SetServiceStart('cherimoya', 4);
StopService('lhkhvonv');
StopService('tsnethlpx64');
StopService('TFsFlt');
StopService('TAOKernelDriver');
StopService('TAOAccelerator');
StopService('SRepairDrv');
StopService('softaal');
StopService('QQSysMonX64');
StopService('QMUdisk');
StopService('cherimoya');
StopService('Saoiix');
StopService('hucodonezbt');
StopService('xysujukozbt');
StopService('zigipyro');
QuarantineFile('C:\Program Files (x86)\Qifiryplohele\QifiryplohelebuilderTsk.exe', '');
QuarantineFile('C:\Program Files (x86)\mpck\wincom_VQ3.exe', '');
QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe', '');
QuarantineFile('C:\Users\Синхрофазатрон\AppData\Roaming\UPUpdata\msiql.exe', '');
QuarantineFile('C:\Users\Синхрофазатрон\AppData\Roaming\UPUpdata\service72564.exe', '');
QuarantineFile('C:\Users\Синхрофазатрон\AppData\Roaming\UPUpdata\service90132.exe', '');
QuarantineFile('C:\WINDOWS\system32\drivers\lhkhvonv.sys', '');
QuarantineFile('C:\WINDOWS\system32\drivers\cherimoya.sys', '');
QuarantineFile('C:\Program Files (x86)\badu\uc.exe', '');
QuarantineFileF('C:\Program Files (x86)\UCBrowser\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.tmp*', true, '', 0, 0);
QuarantineFileF('C:\Users\Синхрофазатрон\AppData\Roaming\UPUpdata\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('c:\users\синхрофазатрон\appdata\roaming\pabninto\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('c:\users\синхрофазатрон\appdata\roaming\kabxeykeaq\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0, 0);
QuarantineFileF('c:\users\синхрофазатрон\appdata\local\hostinstaller', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFile('c:\program files (x86)\30464336-1465671427-4631-4633-4335ffffffff\knsf1255.tmp', '');
QuarantineFile('c:\program files (x86)\30464336-1465671427-4631-4633-4335ffffffff\knsgd852.tmp', '');
QuarantineFile('C:\Program Files (x86)\30464336-1465671427-4631-4633-4335FFFFFFFF\jnsx422B.tmp', '');
QuarantineFile('C:\Users\Синхрофазатрон\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk', '');
QuarantineFile('C:\Users\Синхрофазатрон\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk', '');
QuarantineFile('C:\Users\Синхрофазатрон\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk', '');
QuarantineFile('C:\Users\Синхрофазатрон\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk', '');
QuarantineFile('C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk', '');
QuarantineFile('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk', '');
QuarantineFile('C:\Program Files (x86)\30464336-1465671427-4631-4633-4335FFFFFFFF\hnsm5B52.tmp', '');
QuarantineFile('C:\Users\Синхрофазатрон\AppData\Local\30464336-1465689553-4631-4633-4335FFFFFFFF\qnslD697.tmp', '');
QuarantineFile('C:\Users\Синхрофазатрон\AppData\Local\Hostinstaller\1523589610_123.exe', '');
QuarantineFile('C:\Users\Синхрофазатрон\AppData\Local\SystemMonitor2016\1523589610.exe', '');
DeleteFile('C:\WINDOWS\system32\drivers\cherimoya.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQSysMonX64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv', '32');
DeleteFile('C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys', '32');
DeleteFile('C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys', '32');
DeleteFile('C:\WINDOWS\system32\Drivers\TFsFltX64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSSysKit64.sys', '32');
DeleteFile('C:\WINDOWS\system32\drivers\lhkhvonv.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTRAY.EXE', '32');
DeleteFile('C:\Users\Синхрофазатрон\AppData\Roaming\UPUpdata\service90132.exe', '32');
DeleteFile('C:\Users\Синхрофазатрон\AppData\Roaming\UPUpdata\service72564.exe', '32');
DeleteFile('C:\Users\Синхрофазатрон\AppData\Roaming\UPUpdata\msiql.exe', '32');
DeleteFile('C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe', '32');
DeleteFile('C:\Program Files (x86)\badu\uc.exe', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMContextScan.dll', '32');
DeleteFile('C:\Program Files (x86)\badu\uc.exe');
DeleteFile('c:\program files (x86)\30464336-1465671427-4631-4633-4335ffffffff\knsf1255.tmp', '32');
DeleteFile('c:\program files (x86)\30464336-1465671427-4631-4633-4335ffffffff\knsgd852.tmp', '32');
DeleteFile('C:\Program Files (x86)\30464336-1465671427-4631-4633-4335FFFFFFFF\jnsx422B.tmp', '32');
DeleteFile('C:\Program Files (x86)\30464336-1465671427-4631-4633-4335FFFFFFFF\hnsm5B52.tmp', '32');
DeleteFile('C:\Users\Синхрофазатрон\AppData\Local\30464336-1465689553-4631-4633-4335FFFFFFFF\qnslD697.tmp', '32');
DeleteFile('C:\Users\Синхрофазатрон\AppData\Local\Hostinstaller\1523589610_123.exe', '32');
DeleteFile('C:\Users\Синхрофазатрон\AppData\Local\SystemMonitor2016\1523589610.exe', '32');
ExecuteFile('schtasks.exe', '/delete /TN "Soft installer" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "SystemMonitor2016" /F', 0, 15000, true);
DeleteService('lhkhvonv');
DeleteService('TSSysKit');
DeleteService('tsnethlpx64');
DeleteService('TAOKernelDriver');
DeleteService('TAOAccelerator');
DeleteService('SRepairDrv');
DeleteService('softaal');
DeleteService('QQSysMonX64');
DeleteService('QMUdisk');
DeleteService('cherimoya');
DeleteService('Saoiix');
DeleteService('hucodonezbt');
DeleteService('xysujukozbt');
DeleteService('dowidoly');
DeleteService('rijufoze');
DeleteService('zigipyro');
DeleteFileMask('C:\Users\Синхрофазатрон\AppData\Roaming\KabxeYkeaq\', '*', true);
DeleteFileMask('c:\users\синхрофазатрон\appdata\local\hostinstaller', '*', true);
DeleteDirectory('C:\Users\Синхрофазатрон\AppData\Roaming\KabxeYkeaq\');
DeleteDirectory('c:\users\синхрофазатрон\appdata\local\hostinstaller');
DelCLSID('{63332668-8CE1-445D-A5EE-25929176714E}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'QQPCTray');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'QGuan10in12');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'QGuan10in1');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'msiql');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'svchost0');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'apphide2');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved', '{63332668-8CE1-445D-A5EE-25929176714E}');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'WINCOMVQ3');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
BC_DeleteSvc('Saoiix');
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.