Код:
begin
ExecuteAVUpdate;
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('c:\users\user\appdata\local\temp\is-sedas.tmp\gentlemjmp_irow.exe');
TerminateProcessByName('c:\users\user\appdata\local\temp\is-g6d4f.tmp\gentlemjmp_irow.tmp');
TerminateProcessByName('c:\users\user\appdata\roaming\aaf5f67b-1431792986-a347-badf-5c3eb3dbd424\hnse5265.tmp');
TerminateProcessByName('c:\program files (x86)\aaf5f67b-1446107628-a347-badf-5c3eb3dbd424\hnsq1eb.tmp');
TerminateProcessByName('c:\program files (x86)\aaf5f67b-1446107628-a347-badf-5c3eb3dbd424\jnsqe8d3.tmp');
TerminateProcessByName('c:\program files (x86)\aaf5f67b-1446107628-a347-badf-5c3eb3dbd424\knst57a9.tmp');
TerminateProcessByName('c:\users\user\appdata\local\temp\is-i2kg7.tmp\majmp_gentlerow.tmp');
TerminateProcessByName('c:\users\user\appdata\local\aaf5f67b-1447969451-a347-badf-5c3eb3dbd424\qnsu6b16.tmp');
StopService('fofinine');
StopService('hidekoqe');
StopService('penipoto');
StopService('wyroxowe');
QuarantineFile('c:\users\user\appdata\local\temp\is-sedas.tmp\gentlemjmp_irow.exe', '');
QuarantineFile('c:\users\user\appdata\local\temp\is-g6d4f.tmp\gentlemjmp_irow.tmp', '');
QuarantineFile('c:\users\user\appdata\roaming\aaf5f67b-1431792986-a347-badf-5c3eb3dbd424\hnse5265.tmp', '');
QuarantineFile('c:\program files (x86)\aaf5f67b-1446107628-a347-badf-5c3eb3dbd424\hnsq1eb.tmp', '');
QuarantineFile('c:\program files (x86)\aaf5f67b-1446107628-a347-badf-5c3eb3dbd424\jnsqe8d3.tmp', '');
QuarantineFile('c:\program files (x86)\aaf5f67b-1446107628-a347-badf-5c3eb3dbd424\knst57a9.tmp', '');
QuarantineFile('c:\users\user\appdata\local\temp\is-i2kg7.tmp\majmp_gentlerow.tmp', '');
QuarantineFile('c:\users\user\appdata\local\aaf5f67b-1447969451-a347-badf-5c3eb3dbd424\qnsu6b16.tmp', '');
QuarantineFile('C:\Users\User\AppData\Local\Temp\is-ABPJ2.tmp\w8white.cjstyles', '');
QuarantineFile('C:\Program Files (x86)\Microsoft Data\install_addons.exe', '');
QuarantineFile('C:\Users\User\AppData\Local\SystemDir\nethost.exe', '');
ExecuteFile('schtasks.exe', '/delete /TN "chrome5" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "chrome5_logon" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "nethost task" /F', 0, 15000, true);
DeleteFile('c:\users\user\appdata\local\temp\is-sedas.tmp\gentlemjmp_irow.exe', '32');
DeleteFile('c:\users\user\appdata\local\temp\is-g6d4f.tmp\gentlemjmp_irow.tmp', '32');
DeleteFile('c:\users\user\appdata\roaming\aaf5f67b-1431792986-a347-badf-5c3eb3dbd424\hnse5265.tmp', '32');
DeleteFile('c:\program files (x86)\aaf5f67b-1446107628-a347-badf-5c3eb3dbd424\hnsq1eb.tmp', '32');
DeleteFile('c:\program files (x86)\aaf5f67b-1446107628-a347-badf-5c3eb3dbd424\jnsqe8d3.tmp', '32');
DeleteFile('c:\program files (x86)\aaf5f67b-1446107628-a347-badf-5c3eb3dbd424\knst57a9.tmp', '32');
DeleteFile('c:\users\user\appdata\local\temp\is-i2kg7.tmp\majmp_gentlerow.tmp', '32');
DeleteFile('c:\users\user\appdata\local\aaf5f67b-1447969451-a347-badf-5c3eb3dbd424\qnsu6b16.tmp', '32');
DeleteFile('C:\Users\User\AppData\Local\Temp\is-ABPJ2.tmp\w8white.cjstyles', '32');
DeleteFile('C:\Program Files (x86)\Microsoft Data\install_addons.exe', '32');
DeleteFile('C:\Users\User\AppData\Local\SystemDir\nethost.exe', '32');
DeleteFileMask('C:\Users\User\AppData\Local\SystemDir', '*', true);
DeleteDirectory('C:\Users\User\AppData\Local\SystemDir');
DeleteService('fofinine');
DeleteService('hidekoqe');
DeleteService('penipoto');
DeleteService('wyroxowe');
ExecuteSysClean;
ExecuteRepair(4);
ExecuteRepair(21);
ExecuteWizard('SCU', 2, 3, true);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
RebootWindows(true);
end.
Компьютер