Код:
begin
TerminateProcessByName('c:\windows\temp\2aa0.tmp');
TerminateProcessByName('c:\program files (x86)\87861940-1476615433-9920-05f2-002007011606\knsw731.tmpfs');
TerminateProcessByName('c:\users\user\appdata\local\87861940-1476626310-9920-05f2-002007011606\qnsw3780.tmp');
StopService('hycybumi');
StopService('zigipyro');
StopService('acdev');
QuarantineFileF('c:\program files (x86)\win_en_77', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('c:\program files\spacesoundpro', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('c:\program files (x86)\zaxar', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFile('c:\windows\temp\2aa0.tmp', '');
QuarantineFile('c:\program files (x86)\87861940-1476615433-9920-05f2-002007011606\knsw731.tmpfs', '');
QuarantineFile('c:\users\user\appdata\local\87861940-1476626310-9920-05f2-002007011606\qnsw3780.tmp', '');
QuarantineFile('c:\programdata\sun\java\extension.dll', '');
QuarantineFile('c:\program files (x86)\ghetspplzgh\gerwigeconfiguration.dll', '');
QuarantineFile('C:\Program Files (x86)\MSBuild\EAGAMESMSBuild.exe', '');
QuarantineFile('C:\ProgramData\service.exe', '');
QuarantineFile('C:\Program Files (x86)\Mozilla Firefox\MozillaFirefoxhhh.exe', '');
QuarantineFile('C:\Program Files (x86)\87861940-1476528966-9920-05F2-002007011606\knsaEE7D.tmpfs', '');
QuarantineFile('E:\Program Files (x86)\ProgramFilesxHearthstone.exe', '');
QuarantineFile('C:\Program Files (x86)\StartIsBack\StartIsBackMicrosoftWorks.exe', '');
QuarantineFile('C:\Program Files (x86)\win_en_77\winenMSBuild.exe', '');
QuarantineFile('C:\Users\User\AppData\Local\Temp\Rar$EXa0.926\myAC\acdev64.sys', '');
QuarantineFile('C:\Users\User\AppData\Roaming\ContentPush\ContentPush.exe', '');
QuarantineFile('C:\Program Files\SpaceSoundPro\i_network.exe', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '');
QuarantineFile('C:\Windows\winstart.bat', '');
QuarantineFile('C:\Users\User\AppData\Roaming\Adobe\Manager.exe', '');
QuarantineFile('C:\ProgramData\ocep\Qvo-Lex.reg', '');
QuarantineFile('C:\Users\User\appdata\roaming\cpuminer\cpm.exe', '');
QuarantineFile('C:\Program Files\spacesoundpro\uninstaller.exe', '');
DeleteFile('c:\windows\temp\2aa0.tmp', '32');
DeleteFile('c:\program files (x86)\87861940-1476615433-9920-05f2-002007011606\knsw731.tmpfs', '32');
DeleteFile('c:\users\user\appdata\local\87861940-1476626310-9920-05f2-002007011606\qnsw3780.tmp', '32');
DeleteFile('c:\programdata\sun\java\extension.dll', '32');
DeleteFile('c:\program files (x86)\ghetspplzgh\gerwigeconfiguration.dll', '32');
DeleteFile('C:\Program Files (x86)\MSBuild\EAGAMESMSBuild.exe', '32');
DeleteFile('C:\ProgramData\service.exe', '32');
DeleteFile('C:\Program Files (x86)\Mozilla Firefox\MozillaFirefoxhhh.exe', '32');
DeleteFile('C:\Program Files (x86)\87861940-1476528966-9920-05F2-002007011606\knsaEE7D.tmpfs', '32');
DeleteFile('E:\Program Files (x86)\ProgramFilesxHearthstone.exe', '32');
DeleteFile('C:\Program Files (x86)\StartIsBack\StartIsBackMicrosoftWorks.exe', '32');
DeleteFile('C:\Program Files (x86)\win_en_77\winenMSBuild.exe', '32');
DeleteFile('C:\Users\User\AppData\Local\Temp\Rar$EXa0.926\myAC\acdev64.sys', '32');
DeleteFile('C:\Users\User\AppData\Roaming\ContentPush\ContentPush.exe', '32');
DeleteFile('C:\Program Files\SpaceSoundPro\i_network.exe', '32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '32');
DeleteFile('C:\Windows\winstart.bat', '32');
DeleteFile('C:\Users\User\AppData\Roaming\Adobe\Manager.exe', '32');
DeleteFile('C:\ProgramData\ocep\Qvo-Lex.reg', '32');
DeleteFile('C:\Users\User\appdata\roaming\cpuminer\cpm.exe', '32');
DeleteFile('C:\Program Files\spacesoundpro\uninstaller.exe', '32');
DeleteService('hycybumi');
DeleteService('zigipyro');
DeleteService('EAGAMESMSBuild');
DeleteService('GoogleChromeUpService');
DeleteService('MozillaFirefoxhhh');
DeleteService('popecuxy');
DeleteService('ProgramFilesxHearthstone');
DeleteService('StartIsBackMicrosoftWorks');
DeleteService('winenMSBuild');
DeleteService('acdev');
DeleteFileMask('c:\program files (x86)\87861940-1476615433-9920-05f2-002007011606', '*', true);
DeleteFileMask('c:\users\user\appdata\local\87861940-1476626310-9920-05f2-002007011606', '*', true);
DeleteFileMask('c:\program files (x86)\ghetspplzgh', '*', true);
DeleteFileMask('c:\program files (x86)\msbuild', '*', true);
DeleteFileMask('c:\program files (x86)\87861940-1476528966-9920-05f2-002007011606', '*', true);
DeleteFileMask('c:\program files (x86)\startisback', '*', true);
DeleteFileMask('c:\program files (x86)\win_en_77', '*', true);
DeleteFileMask('c:\users\user\appdata\roaming\contentpush', '*', true);
DeleteFileMask('c:\program files\spacesoundpro', '*', true);
DeleteFileMask('c:\program files (x86)\zaxar', '*', true);
DeleteFileMask('c:\programdata\ocep', '*', true);
DeleteFileMask('c:\users\user\appdata\roaming\cpuminer', '*', true);
DeleteDirectory('c:\program files (x86)\87861940-1476615433-9920-05f2-002007011606');
DeleteDirectory('c:\users\user\appdata\local\87861940-1476626310-9920-05f2-002007011606');
DeleteDirectory('c:\program files (x86)\ghetspplzgh');
DeleteDirectory('c:\program files (x86)\msbuild');
DeleteDirectory('c:\program files (x86)\87861940-1476528966-9920-05f2-002007011606');
DeleteDirectory('c:\program files (x86)\startisback');
DeleteDirectory('c:\program files (x86)\win_en_77');
DeleteDirectory('c:\users\user\appdata\roaming\contentpush');
DeleteDirectory('c:\program files\spacesoundpro');
DeleteDirectory('c:\program files (x86)\zaxar');
DeleteDirectory('c:\programdata\ocep');
DeleteDirectory('c:\users\user\appdata\roaming\cpuminer');
ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\Multimedia\Manager" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "psv_Bioing" /F', 0, 15000, true);
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'Update');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\Plveiedolerpy\Parameters', 'ServiceDll');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\W3PCC\Parameters', 'ServiceDll');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'IDSCPRODUCT');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteRepair(3);
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(true);
end.
Компьютер перезагрузится.