Код:
begin
TerminateProcessByName('c:\program files (x86)\30464e43-1457451232-4835-5446-60eb6977aa25\knsjc2ef.tmp');
TerminateProcessByName('c:\program files (x86)\sfk\ssfk.exe');
TerminateProcessByName('c:\program files (x86)\30464e43-1457451232-4835-5446-60eb6977aa25\vnsd726e.tmp');
TerminateProcessByName('c:\programdata\hwdmh\wdman.exe');
StopService('nyqiwefizbt');
StopService('SSFK');
StopService('WdMan');
QuarantineFileF('c:\program files (x86)\sfk', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('c:\programdata\hwdmh', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('C:\Program Files (x86)\Winsere', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('C:\Program Files (x86)\Tencent', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('C:\Users\Илья\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('C:\Program Files (x86)\AnyProtectEx', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('C:\Program Files (x86)\IObit', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('C:\Program Files (x86)\WinTaske', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFileF('C:\Program Files\contentprotector', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.js*, *.tmp*', true, '', 0 , 0);
QuarantineFile('c:\program files (x86)\30464e43-1457451232-4835-5446-60eb6977aa25\knsjc2ef.tmp', '');
QuarantineFile('c:\program files (x86)\sfk\ssfk.exe', '');
QuarantineFile('c:\program files (x86)\30464e43-1457451232-4835-5446-60eb6977aa25\vnsd726e.tmp', '');
QuarantineFile('c:\programdata\hwdmh\wdman.exe', '');
QuarantineFile('C:\Users\75BD~1\AppData\Local\Temp\nsl5C25.tmp\IpConfig.dll', '');
QuarantineFile('C:\Program Files (x86)\Winsere\Winsere\Winsere.exe', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUdisk64.sys', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\softaal64.sys', '');
QuarantineFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys', '');
QuarantineFile('C:\Windows\system32\drivers\tsskx64.sys', '');
QuarantineFile('c:\programdata\lightgate.exe', '');
QuarantineFile('C:\ProgramData\service.exe', '');
QuarantineFile('C:\Users\Илья\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4\Shopping Suggestion.dll', '');
QuarantineFile('C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe', '');
QuarantineFile('C:\Program Files (x86)\IObit\IObit', '');
QuarantineFile('C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe', '');
QuarantineFile('C:\Program Files\contentprotector\conprotsetup.exe', '');
DeleteFile('C:\Windows\Tasks\APSnotifierCA.job', '64');
DeleteFile('c:\program files (x86)\30464e43-1457451232-4835-5446-60eb6977aa25\knsjc2ef.tmp', '32');
DeleteFile('c:\program files (x86)\sfk\ssfk.exe', '32');
DeleteFile('c:\program files (x86)\30464e43-1457451232-4835-5446-60eb6977aa25\vnsd726e.tmp', '32');
DeleteFile('c:\programdata\hwdmh\wdman.exe', '32');
DeleteFile('C:\Users\75BD~1\AppData\Local\Temp\nsl5C25.tmp\IpConfig.dll', '32');
DeleteFile('C:\Program Files (x86)\Winsere\Winsere\Winsere.exe', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUdisk64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\softaal64.sys', '32');
DeleteFile('C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys', '32');
DeleteFile('C:\Windows\system32\drivers\tsskx64.sys', '32');
DeleteFile('c:\programdata\lightgate.exe', '32');
DeleteFile('C:\ProgramData\service.exe', '32');
DeleteFile('C:\Users\Илья\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4\Shopping Suggestion.dll', '32');
DeleteFile('C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe', '32');
DeleteFile('C:\Program Files (x86)\IObit\IObit', '32');
DeleteFile('C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe', '32');
DeleteFile('C:\Program Files\contentprotector\conprotsetup.exe', '32');
DeleteService('nyqiwefizbt');
DeleteService('SSFK');
DeleteService('WdMan');
DeleteService('Winsere');
DeleteService('QMUdisk');
DeleteService('softaal');
DeleteService('tsnethlpx64');
DeleteService('TSSKX64');
DeleteService('dojygici');
DeleteFileMask('c:\program files (x86)\sfk', '*', true);
DeleteFileMask('c:\programdata\hwdmh', '*', true);
DeleteFileMask('C:\Program Files (x86)\Winsere', '*', true);
DeleteFileMask('C:\Program Files (x86)\Tencent', '*', true);
DeleteFileMask('C:\Users\Илья\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4', '*', true);
DeleteFileMask('C:\Program Files (x86)\AnyProtectEx', '*', true);
DeleteFileMask('C:\Program Files (x86)\IObit', '*', true);
DeleteFileMask('C:\Program Files (x86)\WinTaske', '*', true);
DeleteFileMask('C:\Program Files\contentprotector', '*', true);
DeleteDirectory('c:\program files (x86)\sfk');
DeleteDirectory('c:\programdata\hwdmh');
DeleteDirectory('C:\Program Files (x86)\Winsere');
DeleteDirectory('C:\Program Files (x86)\Tencent');
DeleteDirectory('C:\Users\Илья\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4');
DeleteDirectory('C:\Program Files (x86)\AnyProtectEx');
DeleteDirectory('C:\Program Files (x86)\IObit');
DeleteDirectory('C:\Program Files (x86)\WinTaske');
DeleteDirectory('C:\Program Files\contentprotector');
DelBHO('{F6C07882-D703-4DD5-905A-2C4E815A5066}');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierCA" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Uninstaller_SkipUac_Илья" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "WinTaske" /F', 0, 15000, true);
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'LightGate');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\Eventlog\Application\GoogleChromeUpService', 'EventMessageFile');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(true);
end.
Компьютер перезагрузится.