Код:
begin
TerminateProcessByName('C:\Windows\csrss.exe');
TerminateProcessByName('C:\Windows\svchost.exe');
StopService('Windows');
QuarantineFileF('c:\programdata\tmp0x0x', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFile('C:\Windows\csrss.exe', '');
QuarantineFile('C:\Windows\svchost.exe', '');
QuarantineFile('C:\Windows\system32\DRIVERS\MPCKpt.sys', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMUdisk64.sys', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys', '');
QuarantineFile('C:\ProgramData\Tmp0x0x\P', '');
QuarantineFile('C:\Users\Admin\AppData\Local\Amigo\Application\amigo.exe', '');
QuarantineFile('C:\Users\Admin\AppData\Roaming\daemon2.exe', '');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010190\gmsd_ru_005010190.exe', '');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010195\gmsd_ru_005010195.exe', '');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010197\gmsd_ru_005010197.exe', '');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010200\gmsd_ru_005010200.exe', '');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010209\gmsd_ru_005010209.exe', '');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010213\gmsd_ru_005010213.exe', '');
QuarantineFile('C:\Users\Admin\AppData\Local\Mail.Ru\MailRuUpdater.exe', '');
QuarantineFile('C:\Program Files (x86)\rec_ru_150\rec_ru_150.exe', '');
QuarantineFile('C:\Program Files (x86)\rec_ru_159\rec_ru_159.exe', '');
QuarantineFile('C:\Program Files (x86)\rec_ru_161\rec_ru_161.exe', '');
QuarantineFile('C:\Program Files (x86)\rec_ru_172\rec_ru_172.exe', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarGameBrowser.exe', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '');
QuarantineFile('C:\Users\Admin\AppData\Local\Amigo\Application\vk.exe', '');
QuarantineFile('C:\Users\Admin\AppData\Local\Amigo\Application\ok.exe', '');
QuarantineFile('C:\Users\Admin\AppData\Roaming\Adobe\Manager.exe', '');
QuarantineFile('C:\Program Files (x86)\UCBrowser\Application\5.5.6743.207\Installer\chrmstp.exe', '');
DeleteFile('C:\Windows\csrss.exe', '32');
DeleteFile('C:\Windows\svchost.exe', '32');
DeleteFile('C:\Windows\system32\DRIVERS\MPCKpt.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMUdisk64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys', '32');
DeleteFile('C:\ProgramData\Tmp0x0x\P', '32');
DeleteFile('C:\Users\Admin\AppData\Local\Amigo\Application\amigo.exe', '32');
DeleteFile('C:\Users\Admin\AppData\Roaming\daemon2.exe', '32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010190\gmsd_ru_005010190.exe', '32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010195\gmsd_ru_005010195.exe', '32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010197\gmsd_ru_005010197.exe', '32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010200\gmsd_ru_005010200.exe', '32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010209\gmsd_ru_005010209.exe', '32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010213\gmsd_ru_005010213.exe', '32');
DeleteFile('C:\Users\Admin\AppData\Local\Mail.Ru\MailRuUpdater.exe', '32');
DeleteFile('C:\Program Files (x86)\rec_ru_150\rec_ru_150.exe', '32');
DeleteFile('C:\Program Files (x86)\rec_ru_159\rec_ru_159.exe', '32');
DeleteFile('C:\Program Files (x86)\rec_ru_161\rec_ru_161.exe', '32');
DeleteFile('C:\Program Files (x86)\rec_ru_172\rec_ru_172.exe', '32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarGameBrowser.exe', '32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '32');
DeleteFile('C:\Users\Admin\AppData\Local\Amigo\Application\vk.exe', '32');
DeleteFile('C:\Users\Admin\AppData\Local\Amigo\Application\ok.exe', '32');
DeleteFile('C:\Users\Admin\AppData\Roaming\Adobe\Manager.exe', '32');
DeleteFile('C:\Program Files (x86)\UCBrowser\Application\5.5.6743.207\Installer\chrmstp.exe', '32');
DeleteService('Windows');
DeleteService('MPCKpt');
DeleteService('QMUdisk');
DeleteService('softaal');
DeleteFileMask('c:\program files (x86)\tencent', '*', true);
DeleteFileMask('c:\programdata\tmp0x0x', '*', true);
DeleteFileMask('c:\users\admin\appdata\local\amigo', '*', true);
DeleteFileMask('c:\program files (x86)\gmsd_ru_005010190', '*', true);
DeleteFileMask('c:\program files (x86)\gmsd_ru_005010195', '*', true);
DeleteFileMask('c:\program files (x86)\gmsd_ru_005010197', '*', true);
DeleteFileMask('c:\program files (x86)\gmsd_ru_005010200', '*', true);
DeleteFileMask('c:\program files (x86)\gmsd_ru_005010209', '*', true);
DeleteFileMask('c:\program files (x86)\gmsd_ru_005010213', '*', true);
DeleteFileMask('c:\users\admin\appdata\local\mail.ru', '*', true);
DeleteFileMask('c:\program files (x86)\rec_ru_150', '*', true);
DeleteFileMask('c:\program files (x86)\rec_ru_159', '*', true);
DeleteFileMask('c:\program files (x86)\rec_ru_161', '*', true);
DeleteFileMask('c:\program files (x86)\rec_ru_172', '*', true);
DeleteFileMask('c:\program files (x86)\zaxar', '*', true);
DeleteFileMask('c:\program files (x86)\ucbrowser', '*', true);
DeleteDirectory('c:\program files (x86)\tencent');
DeleteDirectory('c:\programdata\tmp0x0x');
DeleteDirectory('c:\users\admin\appdata\local\amigo');
DeleteDirectory('c:\program files (x86)\gmsd_ru_005010190');
DeleteDirectory('c:\program files (x86)\gmsd_ru_005010195');
DeleteDirectory('c:\program files (x86)\gmsd_ru_005010197');
DeleteDirectory('c:\program files (x86)\gmsd_ru_005010200');
DeleteDirectory('c:\program files (x86)\gmsd_ru_005010209');
DeleteDirectory('c:\program files (x86)\gmsd_ru_005010213');
DeleteDirectory('c:\users\admin\appdata\local\mail.ru');
DeleteDirectory('c:\program files (x86)\rec_ru_150');
DeleteDirectory('c:\program files (x86)\rec_ru_159');
DeleteDirectory('c:\program files (x86)\rec_ru_161');
DeleteDirectory('c:\program files (x86)\rec_ru_172');
DeleteDirectory('c:\program files (x86)\zaxar');
DeleteDirectory('c:\program files (x86)\ucbrowser');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\Multimedia\Manager" /F', 0, 15000, true);
DelCLSID('{65122CB0-EA0F-47DF-A953-017170ED12F9}');
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
RebootWindows(true);
end.
Компьютер перезагрузится.