Код:
begin
StopService('FirefoxU');
StopService('ed2kidle');
QuarantineFile('C:\ProgramData\wintools\WintoolUprI.exe', '');
QuarantineFile('C:\ProgramData\vCore\VCore.exe', '');
QuarantineFile('C:\Program Files (x86)\Aterishwerwi\nobent.exe', '');
QuarantineFile('C:\Users\Abars\AppData\Roaming\bestsalesprofit\updater.py', '');
QuarantineFile('C:\Program Files (x86)\Clokisevuboly Reports\local64spl.dll', '');
QuarantineFile('C:\Users\Abars\AppData\Roaming\WinSnare\WinSnare.dll', '');
QuarantineFile('C:\Users\Abars\AppData\Roaming\bestsalesprofit\ml.py', '');
QuarantineFile('C:\ProgramData\TimeTasks\timetasks.exe', '');
QuarantineFileF('C:\ProgramData\TimeTasks', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('C:\Program Files (x86)\Aterishwerwi', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('C:\Users\Abars\AppData\Roaming\bestsalesprofit', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('C:\Program Files (x86)\Clokisevuboly Reports', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFile('C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe', '');
QuarantineFile('C:\Program Files (x86)\amuleC3\ed2k.exe', '');
DeleteFile('C:\Program Files (x86)\amuleC3\ed2k.exe', '32');
DeleteFile('C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe', '32');
DeleteFile('C:\ProgramData\TimeTasks\timetasks.exe', '32');
DeleteFile('C:\Users\Abars\AppData\Roaming\bestsalesprofit\ml.py', '32');
DeleteFile('C:\Users\Abars\AppData\Roaming\WinSnare\WinSnare.dll', '32');
DeleteFile('C:\Program Files (x86)\Clokisevuboly Reports\local64spl.dll', '32');
DeleteFile('C:\Users\Abars\AppData\Roaming\bestsalesprofit\updater.py', '32');
DeleteFile('C:\Program Files (x86)\Aterishwerwi\nobent.exe', '32');
DeleteFile('C:\ProgramData\vCore\VCore.exe', '32');
DeleteFile('C:\ProgramData\wintools\WintoolUprI.exe', '32');
DeleteService('FirefoxU');
DeleteService('ed2kidle');
DeleteFileMask('C:\ProgramData\TimeTasks', '*', true);
DeleteFileMask('C:\Users\Abars\AppData\Roaming\bestsalesprofit', '*', true);
DeleteFileMask('C:\Users\Abars\AppData\Roaming\WinSnare', '*', true);
DeleteFileMask('C:\Program Files (x86)\Clokisevuboly Reports', '*', true);
DeleteFileMask('C:\Program Files (x86)\Aterishwerwi', '*', true);
DeleteFileMask('C:\ProgramData\vCore', '*', true);
DeleteFileMask('C:\ProgramData\wintools', '*', true);
DeleteDirectory('C:\ProgramData\TimeTasks');
DeleteDirectory('C:\Users\Abars\AppData\Roaming\bestsalesprofit');
DeleteDirectory('C:\Users\Abars\AppData\Roaming\WinSnare');
DeleteDirectory('C:\Program Files (x86)\Clokisevuboly Reports');
DeleteDirectory('C:\Program Files (x86)\Aterishwerwi');
DeleteDirectory('C:\ProgramData\vCore');
DeleteDirectory('C:\ProgramData\wintools');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Timestasks');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'bestsalesprofit');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\WinSnare\Parameters', 'ServiceDll');
ExecuteSysClean;
ExecuteRepair(2);
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteWizard('SCU', 2, 2, true);
ExecuteStdScr(6);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
RebootWindows(true);
end.
Компьютер будет перезагружен.