Код:
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('c:\programdata\awminiproa\wminipro.exe');
TerminateProcessByName('c:\programdata\timetasks\timetasks.exe');
TerminateProcessByName('c:\users\m47n0x\appdata\local\temp\amisetup9189__10017.exe');
SetServiceStart('TSSKX64', 4);
SetServiceStart('QMUdisk', 4);
SetServiceStart('globalUpdate', 4);
SetServiceStart('WdsManPro', 4);
StopService('TSSKX64');
StopService('QMUdisk');
StopService('BDMWrench_x64');
StopService('bd0004');
StopService('bd0002');
StopService('bd0001');
StopService('globalUpdate');
StopService('WdsManPro');
QuarantineFile('C:\Users\m47n0x\AppData\Local\Temp\nsy6623.tmp\blowfish.dll', '');
QuarantineFile('F:\autorun.inf', '');
QuarantineFile('C:\Users\m47n0x\appdata\local\smartweb\__u.exe', '');
QuarantineFile('C:\Users\m47n0x\AppData\Roaming\WindowsUpdater\Updater.exe', '');
QuarantineFile('C:\Users\m47n0x\AppData\Roaming\rFYR0VnPnhwl.exe', '');
QuarantineFile('C:\Program Files (x86)\iWebar\ebfb2b44-02ff-4b76-97d9-ff80b8ea24e0-5.exe', '');
QuarantineFile('C:\Program Files (x86)\Object Browser\97517cee-6c0c-44d1-b0ad-2f72c325843e-5.exe', '');
QuarantineFile('C:\Users\m47n0x\AppData\Roaming\4JYPvF9Glb13ZsF8Ob.exe', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\timetasks.exe', '');
QuarantineFile('C:\Users\m47n0x\AppData\Roaming\MyDesktop\qweeeCL.exe', '');
QuarantineFile('C:\Program Files (x86)\gmsd_ru_005010141\gmsd_ru_005010141.exe', '');
QuarantineFile('C:\Users\m47n0x\AppData\Local\Akamai\netsession_win.exe', '');
QuarantineFile('C:\Program Files (x86)\Baidu\BaiduAn\3.0.0.3971\BaiduAnTray.exe', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarGameBrowser.exe', '');
QuarantineFile('C:\Windows\system32\drivers\tsskx64.sys', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QMUdisk64.sys', '');
QuarantineFile('C:\Windows\system32\DRIVERS\BDMWrench_x64.sys', '');
QuarantineFile('C:\Windows\system32\DRIVERS\bd0002.sys', '');
QuarantineFile('C:\Windows\system32\DRIVERS\bd0001.sys', '');
QuarantineFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe', '');
QuarantineFile('C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll', '');
QuarantineFile('c:\programdata\awminiproa\wminipro.exe', '');
QuarantineFile('c:\programdata\timetasks\timetasks.exe', '');
QuarantineFile('c:\users\m47n0x\appdata\local\temp\amisetup9189__10017.exe', '');
QuarantineFileF('C:\Program Files (x86)\Zaxar\', '*.exe, *.dll, *.sys, *.bat, *.vbs', true, '', 0, 0);
QuarantineFileF('C:\Users\m47n0x\AppData\Roaming\WindowsUpdater\', '*', true, '', 0, 0);
DeleteFile('c:\users\m47n0x\appdata\local\temp\amisetup9189__10017.exe', '32');
DeleteFile('C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll', '32');
DeleteFile('C:\ProgramData\aWMiniProa\WMiniPro.exe', '32');
DeleteFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe', '32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0001.sys', '32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0002.sys', '32');
DeleteFile('C:\Windows\system32\DRIVERS\BDMWrench_x64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16779.224\QMUdisk64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\tsskx64.sys', '32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarGameBrowser.exe', '32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe', '32');
DeleteFile('C:\ProgramData\TimeTasks\timetasks.exe', '32');
DeleteFile('C:\Program Files (x86)\Baidu\BaiduAn\3.0.0.3971\BaiduAnTray.exe', '32');
DeleteFile('C:\Program Files (x86)\Baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe', '32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010141\gmsd_ru_005010141.exe', '32');
DeleteFile('C:\Users\m47n0x\AppData\Roaming\MyDesktop\qweeeCL.exe', '32');
DeleteFile('C:\Program Files (x86)\Zaxar\timetasks.exe', '32');
DeleteFile('C:\Users\m47n0x\AppData\Roaming\4JYPvF9Glb13ZsF8Ob.exe', '32');
DeleteFile('C:\Windows\Tasks\4JYPvF9Glb13ZsF8Ob.job', '32');
DeleteFile('C:\Users\m47n0x\AppData\Roaming\rFYR0VnPnhwl.exe', '32');
DeleteFile('C:\Windows\Tasks\rFYR0VnPnhwl.job', '32');
DeleteFile('C:\Users\m47n0x\AppData\Roaming\WindowsUpdater\Updater.exe', '32');
DeleteFile('C:\Windows\system32\Tasks\WindowsUpdater', '64');
DeleteFile('C:\Users\m47n0x\appdata\local\smartweb\__u.exe', '32');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4JYPvF9Glb13ZsF8Ob.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "rFYR0VnPnhwl.job" /F', 0, 15000, true);
DeleteService('TSSKX64');
DeleteService('QMUdisk');
DeleteService('BDMWrench_x64');
DeleteService('bd0004');
DeleteService('bd0002');
DeleteService('bd0001');
DeleteService('globalUpdate');
DeleteFileMask('C:\Program Files (x86)\Zaxar\', '*', true);
DeleteFileMask('C:\Users\m47n0x\AppData\Roaming\WindowsUpdater\', '*', true);
DeleteDirectory('C:\Program Files (x86)\Zaxar\');
DeleteDirectory('C:\Users\m47n0x\AppData\Roaming\WindowsUpdater\');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZaxarGameBrowser');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZaxarLoader');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Timestasks');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'C');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BaiduAnTray', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\baidusdTray', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\baidu', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Timestasks', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZaxarLoader', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_ru_005010141', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyDesktop', 'command');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.